We are very pleased to announce the availability of Foswiki 2.1.6.

This release addresses a significant security issue we discovered in Foswiki 1.1.0 - 2.1.5, where under some conditions the User Registration topic can be compromised. During review we tightened up a couple of additional security concerns.

Upgrade to Foswiki 2.1.6 is highly recommended.

The Foswiki project is very pleased to announce availability of Foswiki 2.1.4.

Everybody is urged to upgrade as this one comes with 31 fixes and also addresses a couple of security related fixes. We thank the many Foswiki users who have taken the time to report issues in our Tasks tracker, and in many cases also suggest fixes. People are welcome to fork Foswiki on Github and contribute fixes using pull requests. We are grateful to everyone who's contributions have made this release possible.

How to get the release?

• Download the Release from either Sourceforge or Github
• Report any issues in our tasks tracker.
• Get Live Support on our IRC Channel or
• Join us on Slack

Installation instructions

For installation information, see the System Requirements and the Installation Guide. Please report issues in the Task Tracker. We are looking forward to an interesting 2017 in the Foswiki space. There are several feature proposals under review which could be quite transforming for the next major Foswiki release.

Mostly it's been a quiet year 2016, as Foswiki 2.1.2 has been running very reliably. But while the project has been quiet, much work has been going on preparing for the next release. And here it is, tada: 2.1.3

In fact, everybody is urged to upgrade as this one comes with a few important fixes, not only cleaning up the code, improving performance, but also addressing a couple of security bugs. We have been working together with Intel who performed dynamic site scans to detect common cross-site scripting attacks as well as static scans of the perl and javascript code base itself. A big “Thank You” from the Foswiki Community to Intel who continue to run security audits on a regular base.

We also thank the many Foswiki users who have taken the time to report issues in our Tasks web, and in many cases also suggest fixes. We also welcome users to fork Foswiki on Github and contribute fixes using pull requests. We are grateful to everyone who's contributions have made this release possible.

How to get the release?

• Download the Release from either Sourceforge or Github
• Report any issues in our tasks tracker.
• Get Live Support on our IRC Channel
• or Join us on Slack

Installation instructions

For installation information, see the System Requirements and the Installation Guide.

Please report issues in the Task Tracker.

We are looking forward to an interesting 2017 in the Foswiki space. There are several feature proposals under review which could be quite transforming for the next major Foswiki release.

Highlights of this release

• Contains 96 fixes relative to 2.1.0 (42 of which are enhancements)
• New release of JQuery
• Fixes several performance issues
• Fixed a few minor security issues.
• An updated Virtual Machine has been built, using the latest Ubuntu LTS release.

See ReleaseNotes02x01 for complete release notes.

Release Statistics

• 272 commits (code changes) since 2.1.2
• 18 Developers and Translators worked on this release
• 98 Tasks had commits in this release
• 7 Security tasks were closed in 2.1.3

Hello Foswiki Community,

We are very pleased to announce that Foswiki 2.0.3 is available for download.

Highlights of this release

• 17 fixes and 1 enhancement
• major performance bug fixed in EditRowPlugin and in Foswiki rendering
• several “Severity 3” security issues fixed, documented in tasks per the Foswiki security process.
• the Ukrainian translation has been greatly improved.

Read the complete release notes here.

See the Release02x00x03 for complete release notes. See the FoswikiRelease02x00x00 for highlights of the 2.0 release.

Security fixes

Item13796: SpreadSheet CALC/CALCULATE macro can insert unencoded < and >. This fix may require setting changes in topics or Web Preferences.

Translation status

As of this release,

• Traditional Chinese, Danish, French, German and Italian are >99% complete.
• Czech is >96% complete.
• Dutch, Norwegian, Portuguese (Brazil) and Ukrainian are 70-88% complete.
• Other languages are 60% complete or lower.

Special thanks to all the developers, translators and testers who have worked to make this release possible.

George Clark
Release Manager, Foswiki 2.0

Hello Foswiki Community,

We are very pleased to announce that Foswiki 2.0.2 is available for download. Nearly 7 years ago, November 19th, 2008, the Foswiki name was announced. Since then, the project has made approximately 22 releases of Foswiki. This release builds upon the collective effort of many developers and sponsors across the 7 year project history. Foswiki 2.0.2 was built on 30 September 2015.

Highlights of this release

• 65 fixes and 5 enhancements
• Major performance bug fixed in Query search. Some sites have seen 350% improvement.
• Several “Severity 3” security issues fixed. Documented in tasks per the Foswiki security process.
• Configuration wizard added to incorporate manually installed extensions and check for configuration errors from the command line.

See the ReleaseNotes02x00 for complete release notes. See the FoswikiRelease02x00x00 for highlights of the 2.0 release.

For users

Several significant compatibility fixes to the EditRowPlugin make it much more viable as a replacement for the EditTablePlugin

For administrators

Security fixes:

• Item13741 addresses URLPARAM encoding. Topic review recommended.
• Item13764 addresses guest commenting. Topic review recommended.
• Item13739 login and registration field encoding.
• Item13772 edit script parameter encoding.

Note that access to these tasks is currently restricted to give sites time to update.

The following actions are recommended. These actions are needed to block possible Cross Site Script (XSS) attacks.

• If your site has enabled Guest commenting (not a default configuration) then after installation of this update, any customized comment templates need to be carefully reviewed. Any instances of encode="off" found in the output templates should be changed to encode="$encodeguest". This fix is available to older releases using the latest CommentPlugin from the Extensions web.
• After installation of 2.0.2. any topics containing %!URLPARAM% macros should be reviewed. We recommend that any broswer input be entity encoded. %!URLPARAM{"somefield" encode="entity"}%. Foswiki 2.0.2 has enhanced this to permit combinations of encodings. %!URLPARAM{"somefield" encode="quote, entity"}%. The Foswiki 2.0.2 SEARCH macro has a new feature to undo any parameter encoding, So when used with SEARCH, we recommend the following: %!SEARCH{"%!URLPARAM{"somefield" encode="quote, entity"}%" decode="entity"}% Used in this way, it permits searching for literal strings containing any characters without introducing any XSS paths.

Caution: The changes to %URLPARAM macro are not backwards compatible with prior versions of Foswiki. JQueryPlugin (not yet uploaded) and TipsContrib will require patches to Foswiki 1.x and 2.0. to be compatible.

Translation status

As of this release,

• Traditional Chinese, Danish, French, German and Italian are >99% complete.
• Czech is >96% complete.
• Dutch, Norwegian, and Portuguese (Brazil) are 70-88% complete.
• Other languages are 60% complete or lower.

For more details on translation status, visit the TranslationTeam and Foswiki’s Weblate translation server. Foswiki is now using continuous translation, so contributions at any time are very helpful. The Foswiki community thanks the Translators for their Herculean efforts. If you are interesting in helping with the translation, please contact foswiki-translations@lists.sourceforge.net.

On behalf of the entire Foswiki project community, special thanks and VirtualBeer to everyone who made this new release possible.

George Clark
Release Manager, Foswiki 2.0