Official Foswiki Weblog

The Foswiki Association is pleased to announce its 3rd General Assembly and Birthday Celebration, 19th-20th November 2011, at CERN Geneva.

• http://foswiki.org/Community/AgendaThirdGeneralAssembly

This is a great opportunity to meet some of the faces behind the IRC handles, to talk about Foswiki, and an excuse to visit the lovely Geneva area.

All association members are very welcome to attend. We’d love to meet you in person, but if you can’t make it physically we’ll be setting up channels to help you join in virtually. If you’re not a member of the Foswiki association yet, see http://foswiki.org/Community/CurrentFoswikiMembers – all are welcome.

We’re also excited to be holding our first one-day FoswikiCamp on the 18th November 2011 at CERN Geneva (the day before the GA). The plan is to have one or more fun “sprints”to scratch some itches that have been bothering us. See

• http://foswiki.org/Community/FoswikiCamp

The GA is open to all association members, and the camp is open to anyone. Due to access controls at CERN we need to know in advance if you are coming, so please add your name to the relevant lists in the Foswiki topics linked above.

(We might even have a Foswiki release 1.1.4 to celebrate too!)

Update: Every year on the General Assembly people have the opportunity to become a Foswiki Member. This is a great way to help Foswiki to grow and gives you the right to vote on any decisions to be made on a General Assembly as well. To apply for membership add yourself to http://foswiki.org/Community/CurrentFoswikiMembers#Membership_Applications and contact two of the current Foswiki Members to support your application.

Crawford Currie Event

After another round of intense coding Foswiki 1.1.3 has been released this weekend and is available for download at

http://foswiki.org/Download/FoswikiRelease01×01x03

Foswiki 1.1.3 is a release that adds more than 150 bug fixes and improvements making it better than the already stable 1.1.2. Upgrade package is available for upgrading from any earlier 1.1.X version to 1.1.2.

Here is a summarized but still detailed list of the many small fixes and improvements

• Facelift of the history user interface
• Update to the Wysiwyg editor TinyMCE to 3.3.9.3 and further
• improvements of the Wysiwyg editor has been made
• Fatwilly PatternSkin theme has been fixed. This is the skin theme
• we use on foswiki.org.
• Improvement of the UI for managing webs
• Default jQuery is now 1.4.3. JQueryPlugin’s form plugin form is
• upgraded to 2.49 and jquery-ui is upgraded to 1.8
• Code that sends emails is improved
• Fixes in the access controls for renaming attachments
• TablePlugin now handles table row spans and can now initsort even when there is no headerrow
• Improved login screen
• Configure user interface has been further improved
• Improved the use of international characters in attachment names
• Icons have been fixed and added
• Fixed an annoying issue where configure could only install or
• upgrade one extension at a time
• SEARCH order=created and order=formfield(date) now works allowing sorting by dates given in any of the standard Foswiki formats
• Query search using the new =~ regex operator was totally broken and has been fixed
• Improved and fixed the page feature for SEARCH
• SEARCH limit fixed so it again works per web
• New languages added
• CommentPlugin now allows the use of COMMENT inside TML tables
• Scripted update of the “shebang” line for the bin files (important for Windows based server installations)
• Cookies are now forced to be secure when using https connection
• Redirect when renaming fixed
• Fixed bugs in the renaming user interface
• Corrected the documentation for access controls
• Improved how search handles access controlled group topics
• Fixes to the new group user interface
• Extension installers now tries to install the zip file if tgz missing
• Fixed some intermittent rendering issues under FastCGI
• Interwiki links now allows that the destination topic contains parentheses
• Rename topics now updates backlinking inside INCLUDEs
• Split Installation Guide in a part 1 which covers the steps until a basic Foswiki is running and a part 2 which covers how to tailor and setup all the details.
• Fixed TOC rendering of anchors for INCLUDEd content
• Fixed the renaming of webs web so it no longer modifies links within topic starting with old web name
• Fixed a problem with date formats inside EditTablePlugin formats being seen as macros
• Fixed the function of buttons in the FamFamFamContrib toolbar
• Rename will now list children to update even when the topic is not a WikiWord
• First save of files without rcs ,v file now creates a new revision
• Restore a topic to older version now also restores META preferences
• Search with zeroresults=”0″ now prints a 0 when nothing is found
• Fixed the use of default value for FORMFIELD macro
• Better cleanup of LocalSite.cfg when removing a plugin
• Logging improved and more events are now logged
• URLENCODE macro fixed
• Fixed bugs related to adding a form when editing
• Fixed defaults not initialized in persistent perl environments
• Fix for REVINFO format tokens
• When editing a form only, Save and Continue no longer end up showing the topic text
• The 8 char password trunc behavior of the crypt encoding is now clearly added as working in configure info texts
• Fix for WEBLIST macro which wrongly included current web when webs=webtemplate requested
• Added missing Submit button for renaming/deleting a web
• Webnotify now supports wildcard use like ‘Abc*Xyz?’ for sending out news on change
• Fixed a problem where TwistyPlugin crashes Foswiki when topic has a trailing )
• InterwikiPlugin links can now be formatted
• Fixed a problem with operator precedence for queries and IF defined.
• TWiki web is now again hidden if TWikiCompatibilityPlugin is disabled – also for the admin
• Many improvements to the installation documentation.
• Wysiwyg editor now converts less of the international characters to entities which made it impossible to search for the saved text

Michael Daum Release 1.1.x, Development, foswiki, Release

The Foswiki community is doing well.  We are developing and we are releasing and we are supporting and responding.

Task number are now 5 digit numbers and SVN checkins are getting close to 10000. That is an average of around 10-15 per day incl weekends.

The practical household and legal ownership is the responsibility of the Foswiki Association.

It is not the Foswiki Association that develops the software or answers support questions. The Association mainly take care that we have working webservers and software repository. And we ensure the project has a roadmap and that tasks teams are working and empowered. And we own the Foswiki name and the domain names. In every day life the community should not notice the association. Thing should just work. And they do. Very well.

It is a year ago since we had the founding General Assembly. The General Assembly is the higest authority and its main purpose is to elect the executive board and approve accounting and budgets.So we will soon have the 2nd General Assembly. Because of some tax detail in Germany we were not ready for November and December is holiday time so the 2nd General Assembly will be held in the beginning of January.

There is a Doodle vote in progress to find the best date. http://www.doodle.com/h2b5kqm5skyrgtfu

The official invitation will be sent out 6 weeks before the date we decide via the Doodle vote. The general assembly will be a conference call on the phone. You will not need to travel to participate.

We welcome new members.

You do not need to be a member of the association to be a contributor to the project. Anyone can contribute code, proposals, etc. But if you want to support the work and have influence on the executiveboard then we are happy to see you as member. Current membership fee is 10 Euros per year so in practical membership is free.

The rules for membership are described in the articles of the association and they require the following steps

1. You need to contact an existing member of the association and ask him/her to recommend you as member. If you have been visible on IRC or this mailing list, or on the foswiki.org site, we are many that will be happy to recommend you. Any member can recommend a new member incl. board members.
2. The member and yourself will then need to find two other members that will support your membership. The member that recommends you will help finding the additional two supporting members.
3. When you have the 3 names, you contact one of the 5 board members and we will put you on the list. You will be able to participate in the next General Assembly if you are on this list. You can contact Kenneth Lavrsen kenneth@lavrsen.dk.
4. One of the first steps at the General Assembly will be to accept the list of new members. This will normally be a formality. Once passed this point you are a full member and can vote for proposals and for the board and even become a member of the board.

For existing members I need to remind that participation at the next General Assembly requires that you have paid your 10 Euro membership fee. Many of you have wanted to, but could not because we had trouble setting up the needed accounts while waiting for German tax authorities. We are fixing this now. But before the January general assembly membership fees must be paid. You will soon receive an email that tells you how you can pay the 10 Euros. Approx 60% of the members have not been able to pay the fee so don’t feel too bad about it. If you already know now that you are not interested, please email Kenneth Lavrsen.

The resources you need.

To find an existing member of the association look at -http://foswiki.org/Community/CurrentFoswikiMembers

The members of the board to send the application to:http://foswiki.org/Community/Association#Board You can e-mail me at kenneth@lavrsen.dk both to be recommended and for the registration.

The association articles can be found at -http://foswiki.org/Community/AssociationArticles – Note that we are in a ping-pong with the German tax authorities about the exact wording of the purpose of the articles but don’t worry. We are not changing to become a football club. It is minor tax technical details that are discussed. It is this tax discussion that has delayed the 2nd general assembly which was supposed to be in November. Please forgive us but we try to avoid having to have an extraordinary assembly.

Regards

Kenneth Lavrsen

Deputy Chair and Secretary of the Foswiki Board.

klavrsen Event association, community, foswiki, general-assembly

The Foswiki project has just been through one of the rare situations where one of our users discover a serious security issue in our software.

It was one of those moments where many developers were thinking: “Why didn’t I see this?”. Many of us felt embarrassed.

It is a fact of life that when you have humans developing technology, things can and will go wrong. You can do a lot of minimize the risk, and the Foswiki project has conducted serious security reviews on the extensive rewrite of our code that took place from 1.0 to 1.1. And we have found and fixed issues before we even got close to releasing any code to the public, and the Foswiki project has had am impressive security record.

But the 1.1.0 release we missed a small issue where one code line had been moved down a few lines too many and we ended up not authenticating the user properly in a specific situation.

This could be a sad story but it isn’t. This situation showed what difference it makes to have a large and strong community behind an open source project.

First I want to give the timeline of what the events on the 9th and 10th of November.

• 09 Nov 2010 a little before noon CET a user asks a very good question on the Foswiki support web. He could not understand what he did wrong in setting up access rights because no matter how he did it, he was able to edit and save preferences in topics he did not have access rights to.
• Within a few hours a Foswiki developer read the support question. And to his horror the report was correct. The minute he realized the nature of the problem the support question was changed so it could only be viewed by the reporter and the Foswiki Security Task Team
• The next few hours the Foswiki security mailing list, which only the security team has access to, is glowing with emails. Five hours after the issue was reported a code fix has been made and tested by the security team members. The time is now near 18:00.
• At 18:00 I become aware of the situation and the security team quickly assess the issue and conclude that it is a security level 2 issue. This means that we have a goal to respond within 48 hours and will provide a fix and a security alert which will be provided to the people that subscribe to our low traffic announcement mailing list.
• It is decided that we will release a 1.1.2 as fast as we possibly can. We assess which urgent bugs we want to include in addition to the security fix.
• The next 8 hours are amazing. Many members of the security team works all night fixing and testing a short list of important bugs. A test of a new version of the Wysiwyg editor is conducted and merged in. Code is checked in and reviewed and tested at a rapid pace. Code is even thrown out again because it was decided to be too risky. Additional developers are pulled into the IRC channel we have created for the event to get the last review on code fixes.
• At 19:30 I request a CVE number from MITRE. And they are fantastic at MITRE. We have the number already 20:00.
• At 23:00 the security announcement and response plan is written and is being reviewed and agreed by the security team.
• At 02:00 the 10 Nov 2010 the 1.1.2 release is built and uploaded to our servers for download.
• At 02:30 the release announcement is sent to the Foswiki announcement mailing list
• At 02:35 the security announcement is sent to the Foswiki announcement mailing list

So we actually managed to react, assess, fix, finish a release, build release, and announce within 14 hours.

As I write this, I have just sent the the security announcement to the public security sites (48 hours after we did the announcement on the Foswiki mailing lists).

When I think back now on what happened I feel proud.
Proud that we managed to act like professionels even though we all work as volunteers on the project.
Proud because I am part of such a strong development team that care about the security of our users, and care about each other.
Proud because as a release manager located in Denmark I had people in USA, Mexico, Germany, France, UK, Australia, Netherlands being available helping, testing, coding, reviewing, and encouraging. I had a team backing me up getting the release out and getting the announcements out.

It shows the power of open source projects when they are supported by a committed and dedicated community.

Kenneth Lavrsen

Foswiki Release Manager
Leader of the Foswiki Security Task Team
Member of the board of the Foswiki Association

klavrsen Security community, cve, foswiki, Security

On behalf of the entire Foswiki community I can proudly announce that the release of the Foswiki release 1.1.1  is available for download at

Foswiki web site: http://foswiki.org/Download/FoswikiRelease01×01x01

Foswiki 1.1.1 is a release that fixes some important bugs that were introduced in 1.1.0. It is highly recommended that all running 1.1.0 upgrade to 1.1.1.

The entire Foswiki community has been busy the past weeks with very quick responses to the bug reports on 1.1.0. There are always a few bugs in a new “.0″ release but the team has been very committed. The reporters have received quick patches so they could continue their upgrade. The end result is a 1.1.1 which is a very stable and high quality release.

Upgrade package is available for upgrading from 1.1.0 to 1.1.1. so upgrading is quick and easy.

Foswiki 1.1 introduces jQuery Javascript user interface framework, improved topic history display, new QUERY and FORMAT macros, better user interface for group management, much improved WYSIWYG editor, facelift of the default skin, much improved configure tool, and many more enhancements.

Foswiki 1.1 has many improvements that end-users as well as administrators will appreciate. In addition Foswiki 1.1 comes with a lot of “under the hood” improvements to the core code, with the goal of making it easier to plug in work from other projects, such as jQuery, KinoSearch, Solr and others. Work has been made to improve the definition of internal APIs to allow other not-yet-written modules, such as store implementations. Most of these modifications should be invisible to the end user and admin, but are important to position Foswiki for the next generation of plugins.

What’s new – highlights:

• Adoption of the jQuery Javascript user interface framework
• New macros enabled by jQuery
• Powerful new QUERY macro
• SEARCH now has a zeroresults format string and search results pagination
• New FORMAT macro
• WikiGroups have add & remove user interface
• TinyMCEPlugin updates include much better user interface, rowspan support, and autosave feature
• Testing configuration variables in %IF
• “Copy topic” now copies attachments
• Tailoring of user registration made easier
• Easy tailoring of reset/change password and change email forms
• TMPL:DEFs may now access previous (overridden) TMPL:DEF using the new %TMPL:PREV% template token
• Logging of access failures
• configure user interface revamped
• Configure file system checks added
• Newer modern Icon set for Document Graphics
• Table Plugin has been improved
• SlideShowPlugin can now use CSS based templates
• HistoryPlugin and CompareRevisionsAddOn are now included with the default plugin set giving much nicer history/changes features
• AutoViewTemplatePlugin is now included with the default plugin set
• ZonePlugin feature set has been merged to the core Foswiki code
• New page cache feature
• Several API Enhancements for extension writers

Bugs can be reported on http://foswiki.org/Tasks/CreateNewTask

It is a proud release manager that know that you will all enjoy the 1.1.1

Kenneth Lavrsen

klavrsen Release 1.1.x, Development, features, foswiki, Release