Official Foswiki Weblog

It took 8 months and 2 days since the previous one to come out with yet another release of Foswiki, the Open Source Enterprise Wiki. Just in time before people dash off into Christmas holidays. So don’t forget to fetch your copy now available at http://foswiki.org/Download/DownloadFoswiki.

This release of Foswiki comes with quite some new features and more than 160 crunched bugs relative to the previous release. Here are some highlights:

Read up all the details on the full release notes.

The Foswiki team wishes you quiet and relaxing Christmas holidays. See you next year.

Michael Daum Release Development, foswiki, Release

The intrepid Foswiki computer science & engineering team, prepared with appropriate safety gear, about to delve into the core. Boldly seeking new discoveries and features to enhance Foswiki for the benefit of all. More at Sven’s photo stream …

Michael Daum Promo camp, cern, community, foswiki

After another round of intense coding Foswiki 1.1.3 has been released this weekend and is available for download at

http://foswiki.org/Download/FoswikiRelease01×01x03

Foswiki 1.1.3 is a release that adds more than 150 bug fixes and improvements making it better than the already stable 1.1.2. Upgrade package is available for upgrading from any earlier 1.1.X version to 1.1.2.

Here is a summarized but still detailed list of the many small fixes and improvements

• Facelift of the history user interface
• Update to the Wysiwyg editor TinyMCE to 3.3.9.3 and further
• improvements of the Wysiwyg editor has been made
• Fatwilly PatternSkin theme has been fixed. This is the skin theme
• we use on foswiki.org.
• Improvement of the UI for managing webs
• Default jQuery is now 1.4.3. JQueryPlugin’s form plugin form is
• upgraded to 2.49 and jquery-ui is upgraded to 1.8
• Code that sends emails is improved
• Fixes in the access controls for renaming attachments
• TablePlugin now handles table row spans and can now initsort even when there is no headerrow
• Improved login screen
• Configure user interface has been further improved
• Improved the use of international characters in attachment names
• Icons have been fixed and added
• Fixed an annoying issue where configure could only install or
• upgrade one extension at a time
• SEARCH order=created and order=formfield(date) now works allowing sorting by dates given in any of the standard Foswiki formats
• Query search using the new =~ regex operator was totally broken and has been fixed
• Improved and fixed the page feature for SEARCH
• SEARCH limit fixed so it again works per web
• New languages added
• CommentPlugin now allows the use of COMMENT inside TML tables
• Scripted update of the “shebang” line for the bin files (important for Windows based server installations)
• Cookies are now forced to be secure when using https connection
• Redirect when renaming fixed
• Fixed bugs in the renaming user interface
• Corrected the documentation for access controls
• Improved how search handles access controlled group topics
• Fixes to the new group user interface
• Extension installers now tries to install the zip file if tgz missing
• Fixed some intermittent rendering issues under FastCGI
• Interwiki links now allows that the destination topic contains parentheses
• Rename topics now updates backlinking inside INCLUDEs
• Split Installation Guide in a part 1 which covers the steps until a basic Foswiki is running and a part 2 which covers how to tailor and setup all the details.
• Fixed TOC rendering of anchors for INCLUDEd content
• Fixed the renaming of webs web so it no longer modifies links within topic starting with old web name
• Fixed a problem with date formats inside EditTablePlugin formats being seen as macros
• Fixed the function of buttons in the FamFamFamContrib toolbar
• Rename will now list children to update even when the topic is not a WikiWord
• First save of files without rcs ,v file now creates a new revision
• Restore a topic to older version now also restores META preferences
• Search with zeroresults=”0″ now prints a 0 when nothing is found
• Fixed the use of default value for FORMFIELD macro
• Better cleanup of LocalSite.cfg when removing a plugin
• Logging improved and more events are now logged
• URLENCODE macro fixed
• Fixed bugs related to adding a form when editing
• Fixed defaults not initialized in persistent perl environments
• Fix for REVINFO format tokens
• When editing a form only, Save and Continue no longer end up showing the topic text
• The 8 char password trunc behavior of the crypt encoding is now clearly added as working in configure info texts
• Fix for WEBLIST macro which wrongly included current web when webs=webtemplate requested
• Added missing Submit button for renaming/deleting a web
• Webnotify now supports wildcard use like ‘Abc*Xyz?’ for sending out news on change
• Fixed a problem where TwistyPlugin crashes Foswiki when topic has a trailing )
• InterwikiPlugin links can now be formatted
• Fixed a problem with operator precedence for queries and IF defined.
• TWiki web is now again hidden if TWikiCompatibilityPlugin is disabled – also for the admin
• Many improvements to the installation documentation.
• Wysiwyg editor now converts less of the international characters to entities which made it impossible to search for the saved text

Michael Daum Release 1.1.x, Development, foswiki, Release

The Foswiki community is doing well.  We are developing and we are releasing and we are supporting and responding.

Task number are now 5 digit numbers and SVN checkins are getting close to 10000. That is an average of around 10-15 per day incl weekends.

The practical household and legal ownership is the responsibility of the Foswiki Association.

It is not the Foswiki Association that develops the software or answers support questions. The Association mainly take care that we have working webservers and software repository. And we ensure the project has a roadmap and that tasks teams are working and empowered. And we own the Foswiki name and the domain names. In every day life the community should not notice the association. Thing should just work. And they do. Very well.

It is a year ago since we had the founding General Assembly. The General Assembly is the higest authority and its main purpose is to elect the executive board and approve accounting and budgets.So we will soon have the 2nd General Assembly. Because of some tax detail in Germany we were not ready for November and December is holiday time so the 2nd General Assembly will be held in the beginning of January.

There is a Doodle vote in progress to find the best date. http://www.doodle.com/h2b5kqm5skyrgtfu

The official invitation will be sent out 6 weeks before the date we decide via the Doodle vote. The general assembly will be a conference call on the phone. You will not need to travel to participate.

We welcome new members.

You do not need to be a member of the association to be a contributor to the project. Anyone can contribute code, proposals, etc. But if you want to support the work and have influence on the executiveboard then we are happy to see you as member. Current membership fee is 10 Euros per year so in practical membership is free.

The rules for membership are described in the articles of the association and they require the following steps

1. You need to contact an existing member of the association and ask him/her to recommend you as member. If you have been visible on IRC or this mailing list, or on the foswiki.org site, we are many that will be happy to recommend you. Any member can recommend a new member incl. board members.
2. The member and yourself will then need to find two other members that will support your membership. The member that recommends you will help finding the additional two supporting members.
3. When you have the 3 names, you contact one of the 5 board members and we will put you on the list. You will be able to participate in the next General Assembly if you are on this list. You can contact Kenneth Lavrsen kenneth@lavrsen.dk.
4. One of the first steps at the General Assembly will be to accept the list of new members. This will normally be a formality. Once passed this point you are a full member and can vote for proposals and for the board and even become a member of the board.

For existing members I need to remind that participation at the next General Assembly requires that you have paid your 10 Euro membership fee. Many of you have wanted to, but could not because we had trouble setting up the needed accounts while waiting for German tax authorities. We are fixing this now. But before the January general assembly membership fees must be paid. You will soon receive an email that tells you how you can pay the 10 Euros. Approx 60% of the members have not been able to pay the fee so don’t feel too bad about it. If you already know now that you are not interested, please email Kenneth Lavrsen.

The resources you need.

To find an existing member of the association look at -http://foswiki.org/Community/CurrentFoswikiMembers

The members of the board to send the application to:http://foswiki.org/Community/Association#Board You can e-mail me at kenneth@lavrsen.dk both to be recommended and for the registration.

The association articles can be found at -http://foswiki.org/Community/AssociationArticles – Note that we are in a ping-pong with the German tax authorities about the exact wording of the purpose of the articles but don’t worry. We are not changing to become a football club. It is minor tax technical details that are discussed. It is this tax discussion that has delayed the 2nd general assembly which was supposed to be in November. Please forgive us but we try to avoid having to have an extraordinary assembly.

Regards

Kenneth Lavrsen

Deputy Chair and Secretary of the Foswiki Board.

klavrsen Event association, community, foswiki, general-assembly

The Foswiki project has just been through one of the rare situations where one of our users discover a serious security issue in our software.

It was one of those moments where many developers were thinking: “Why didn’t I see this?”. Many of us felt embarrassed.

It is a fact of life that when you have humans developing technology, things can and will go wrong. You can do a lot of minimize the risk, and the Foswiki project has conducted serious security reviews on the extensive rewrite of our code that took place from 1.0 to 1.1. And we have found and fixed issues before we even got close to releasing any code to the public, and the Foswiki project has had am impressive security record.

But the 1.1.0 release we missed a small issue where one code line had been moved down a few lines too many and we ended up not authenticating the user properly in a specific situation.

This could be a sad story but it isn’t. This situation showed what difference it makes to have a large and strong community behind an open source project.

First I want to give the timeline of what the events on the 9th and 10th of November.

• 09 Nov 2010 a little before noon CET a user asks a very good question on the Foswiki support web. He could not understand what he did wrong in setting up access rights because no matter how he did it, he was able to edit and save preferences in topics he did not have access rights to.
• Within a few hours a Foswiki developer read the support question. And to his horror the report was correct. The minute he realized the nature of the problem the support question was changed so it could only be viewed by the reporter and the Foswiki Security Task Team
• The next few hours the Foswiki security mailing list, which only the security team has access to, is glowing with emails. Five hours after the issue was reported a code fix has been made and tested by the security team members. The time is now near 18:00.
• At 18:00 I become aware of the situation and the security team quickly assess the issue and conclude that it is a security level 2 issue. This means that we have a goal to respond within 48 hours and will provide a fix and a security alert which will be provided to the people that subscribe to our low traffic announcement mailing list.
• It is decided that we will release a 1.1.2 as fast as we possibly can. We assess which urgent bugs we want to include in addition to the security fix.
• The next 8 hours are amazing. Many members of the security team works all night fixing and testing a short list of important bugs. A test of a new version of the Wysiwyg editor is conducted and merged in. Code is checked in and reviewed and tested at a rapid pace. Code is even thrown out again because it was decided to be too risky. Additional developers are pulled into the IRC channel we have created for the event to get the last review on code fixes.
• At 19:30 I request a CVE number from MITRE. And they are fantastic at MITRE. We have the number already 20:00.
• At 23:00 the security announcement and response plan is written and is being reviewed and agreed by the security team.
• At 02:00 the 10 Nov 2010 the 1.1.2 release is built and uploaded to our servers for download.
• At 02:30 the release announcement is sent to the Foswiki announcement mailing list
• At 02:35 the security announcement is sent to the Foswiki announcement mailing list

So we actually managed to react, assess, fix, finish a release, build release, and announce within 14 hours.

As I write this, I have just sent the the security announcement to the public security sites (48 hours after we did the announcement on the Foswiki mailing lists).

When I think back now on what happened I feel proud.
Proud that we managed to act like professionels even though we all work as volunteers on the project.
Proud because I am part of such a strong development team that care about the security of our users, and care about each other.
Proud because as a release manager located in Denmark I had people in USA, Mexico, Germany, France, UK, Australia, Netherlands being available helping, testing, coding, reviewing, and encouraging. I had a team backing me up getting the release out and getting the announcements out.

It shows the power of open source projects when they are supported by a committed and dedicated community.

Kenneth Lavrsen

Foswiki Release Manager
Leader of the Foswiki Security Task Team
Member of the board of the Foswiki Association

klavrsen Security community, cve, foswiki, Security