Home > Release, Security > Foswiki 1.1.8 released

Foswiki 1.1.8 released

March 1st, 2013

While it’s been quiet in the blog lately, we’re back just in time for the latest release in the Foswiki 1.1 series, with a few general improvements but also a fixed security issue. In other words: you don’t want to miss the new Foswiki version! It’s available right now at http://foswiki.org/Download/FoswikiRelease01x01x08.

Be sure to pay attention to the upgrade instructions there, especially if you’re upgrading from Foswiki 1.1.5 or older.

In case you haven’t been following the release announcements elsewhere, I’ve included a brief description of the other releases you may have missed. If you want to know every last detail about all the changes in recent releases, look at the full release notes for the Foswiki 1.1 series.

Highlights of Foswiki 1.1.8 release

Security Release

Release 1.1.8 fixes a Critical Security Vulnerability. All previous releases of Foswiki are vulnerable to a security issue in Locale::Maketext. It is described further in SecurityAlert-CVE-2013-1666.  If your site runs with Internationalization enabled, you should upgrade to this release.

  • For users: 4 bug fixes relative to 1.1.7
  • For administrators: SSL Email works on newer versions of IO::Socket::SSL. (The prior fix in 1.1.7 was incomplete).

Highlights of Foswiki 1.1.7 release

Release 1.1.7 fixes a Critical Security Vulnerability. All previous releases of Foswiki are vulnerable to a security issue in Locale::Maketext. It is described further in SecurityAlert-CVE-2012-6329. A 2nd vulnerability in the Foswiki %MAKETEXT% macro was also discovered, and is described further in SecurityAlert-CVE-2012-6330 .

For users:

  • 20 bug fixes and 4 improvements relative to 1.1.6
  • WYSIWYG editor improves handling of WikiWord links. Changing the displayed WikiWord also updates the link target.
  • The default font has been restored to the attributes from 1.1.5. This prevents layout differences when upgrading to Foswiki 1.1.7

For administrators:

  • For sites using SSL accelerators and load balancers: A new expert configuration parameter {ForceDefaultUrlHost} can be enabled to force Foswiki to override the user entered URL with the {DefaultUrlHost} setting.
  • SSL Email works again on newer versions of IO::Socket::SSL
  • Pending registration requests now have a separate timer independent from the Session timer.
  • Removed undocumented dependency on updated HTML::TreeBuilder > 4.0

Highlights of Foswiki 1.1.6 release

For users:

  • More than 117 bug fixes and improvements relative to 1.1.5
  • TinyMCE has been updated to release 3.4.9
  • Markup within input fields is no longer rendered
  • The Chili syntax highlighter has been enabled by default

For administrators:

  • Duplicate email checks are applied to pending registrations.
  • Stale pending registrations are removed.
  • Configure makes a backup before saving configuration changes
  • Performance problems with Rename and Log Rotation have been addressed.

Release, Security

  1. No comments yet.
  1. No trackbacks yet.