Foswiki 2.1.6 Security Update

| George Clark | ,
We are very pleased to announce the availability of Foswiki 2.1.6.

This release addresses a significant security issue we discovered in Foswiki 1.1.0 - 2.1.5, where under some conditions the User Registration topic can be compromised. During review we tightened up a couple of additional security concerns.

Upgrade to Foswiki 2.1.6 is highly recommended.

You can download it from different locations immediately, see our download page for details. Please use our task tracker to report any issues. Or contact us on IRC or Slack to get live support. For installation information, see the System Requirements and the Installation Guide.

Please note that we are currently unable to upload to the Sourceforge download site. Sourceforge is experiencing datacenter issues and is in read-only mode. The download page on links to the release.

Security related fixes:

  • Corrects a significant vulnerability related to User Registration.
  • Corrects a significant issue where NatEditPlugin would discard ACLs not supported by the Permissions tab.
  • Improves security of the Main and Sandbox operational topics.
  • Improves compatibility with the CaptchaPlugin and User Registration.

There are also a number of fixes that are important for users:

  • Corrects an issue where the EditRowPlugin makes tables “shaky”.
  • Improved documentation of System Macros and Preference Settings.
  • Corrects issues with autocomplete and language translations in NatEditPlugin
  • Corrects an issue where the html language is the server locale and not the user's chosen language

For more details have a look at the complete release notes.

Special thanks to all the developers, translators and testers who have worked to make this release possible.

George Clark
Release Manager, Foswiki 2.1
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License
This page was cached on 24 Mar 2018 - 07:46.