Jspwiki Versions Save

Apache JSPWiki is a leading open source WikiWiki engine, feature-rich and built around standard JEE components (Java, servlets, JSP)

2.12.1

8 months ago

JSPWIKI-1172 - {{jspwiki.workDir}} default should be in {{$javax.servlet.context.tempdir}} previously, this property was set to {{java.io.tmpdir}}, if you need {{jspwiki.workDir}} to continue pointing there please update your {{jspwiki[[-custom].properties}} file accordingly
Fixed Workflow screen, which wasn't working since 2.11.0.M5
Upgraded bundled dependencies
- Commons IO to 2.13.'
- Commons Lang to 3.13.0
- Flexmark to 0.64.8
- Hslqdb to 2.7.2
- JUnit to 5.10.0
- Lucene to 9.7.0
- Mockito to 5.4.0
- Selenide to 6.16.1
- Tika to 2.8.0
- Tomcat to 9.0.78

2.12.0

10 months ago

Breaking change: Java 11 required to compile & run JSPWiki
Breaking change: .html, .htm and .js attachments are now forcibly downloaded by default
- if you want to open them rather than downloading them, set the jspwiki.attachment.forceDownload property to empty on your jspwiki\[-custom\].properties file
ReferenceManager implementation can be set via jspwiki.refManager property on your jspwiki\[-custom\].properties file
- The provided implementation is expected to have a constructor receiving only an Engine
Install.jsp now properly displays its styles
Upgraded bundled dependencies
- Apache parent to 29
- AWS Kendra Java SDK to 1.12.468
- Commons Fileupload to 1.5
- Commons Text to 1.10.0
- Flexmark to 0.64.4
- Gson to 2.10.1
- HSQLDB to 2.7.1
- Jaxen to 2.0.0
- Jetty all to 9.4.51.v20230217
- JUnit to 5.9.3
- Log4j2 to 2.20.0
- Lucene to 9.6.0
- Mockito to 5.3.1
- NekoHTML to 2.1.2
- Selenide to 6.14.0
- Tika to 2.7.0
- Tomcat to 9.0.75
Security Fixes
- CVE-2022-46907

2.11.3

1 year ago

Engine Lifecycle Extensions
JSPWIKI-802 - Markdown support improvements
- Plain editor now understands different wiki syntaxes, with initial support for Markdown
- org.apache.wiki.markdown.migration.WikiSyntaxConverter to convert from JSPWiki syntax to markdown
JSPWIKI-1075 - New CsrfProtectionFilter to protect POST requests from CSRF attacks
- org.apache.wiki.api.core.Session gains new String antiCsrfToken() method
- Custom templates must ensure that all <form> elements and the commonheader.jsp file contain a <wiki:CsrfProtection/> custom tag (like this and this)
JSPWIKI-1171 - Ensure Lucene indexes all pages and attachments, even when they don't fit in the cache
Fixed logout modal dialog not showing up
Add default application name on <title> elements to templates' templates, and Main as default frontpage is none is defined on default template
Upgraded bundled dependencies
- Awaitility to 4.2.0
- JUnit to 5.9.0
- HSQLDB to 2.7.0
- Log4J to 2.18.0
- Lucene to 8.11.2
- Mockito to 4.6.1
- Selenide to 6.6.6
- Tika to 2.4.1
- Tomcat to 9.0.65
- XStream to 1.4.19
Security Fixes
- CVE-2022-27166
- CVE-2022-28730
- CVE-2022-28731
- CVE-2022-28732
- CVE-2022-34158
Devs only
- JSPWiki memory footprint can be established by running mvn test -Dtest=MemoryProfiling on the jspwiki-main module
- TestEngine#shutdown now cleans cache, wiki pages dir and their associated attachments, if any. This allows cleaning up a handful of tests
- TestEngine#emptyWikiDir deletes both page and attachment directories
- TestEngine is able to not clean up directories / ensure they have unique names if jspwiki.test.disable-clean-props wiki property is set to true

2.11.2

2 years ago

Markdown support improvements
- Added support for WYSIWYG editor
- Added Attributes, Definition, Tables and TOC extension extensions
Upgraded bundled dependencies
- Awaitility to 4.1.1
- Log4J to 2.17.1
- Lucene to 8.11.1
- Mockito to 4.3.1
- Selenide to 6.3.3
- SLF4J to 1.7.36
- Tika to 2.3.0
- Tomcat to 9.0.58
Security Fixes
- CVE-2022-24947
- CVE-2022-24948

2.11.1

2 years ago

Fix for Log4J-CVE-2021-44228
Cache management moved to a new maven module, jspwiki-cache
- Cache backend can now be overriden by providing a custom CachingManager via classmappings-extra.xml
- Default cache manager remains ehcache-based, with default configuration file on classpath located at ehcache-jspwiki.xml
- Tests wanting to invalidate cache(s) should call either Engine#shutdown() or Engine#getManager(CachingManager.class).shutdown()
- The jspwiki.cache.config-file setting on the jspwiki[-custom].properties file allows to use a custom ehcache configuration file, located elsewhere on classpath
- Fixed JSPWIKI-873 - AttachmentManager#getAllAttachments() does not return more than exactly 1000 attachments
A few properties from jspwiki[-custom]-properties are being deprecated , they will continue to work, but they'll be removed on a future version
- jspwiki.usePageCache -> jspwiki.cache.enable should be used instead
- jspwiki.attachmentProvider -> jspwiki.attachment.provider should be used instead
- jspwiki.attachmentProvider.adapter.impl -> jspwiki.attachment.provider.adapter.impl should be used instead
Upgraded bundled dependencies
- Awaitility to 4.1.1
- Log4J to 2.16.0
- JUnit to 5.8.2
- Mockito to 4.1.0
- Selenide to 6.1.1
- Tomcat to 9.0.56
Security Fixes
- Log4J-CVE-2021-44228

2.11.0

2 years ago

Added AWS Kendra as a Search Provider, contributed by Julien Masnada, thanks!
Breaking change: New logging facade, Log4J2 (2.14.1), supersedes existing Log4J one
- Although all Log4J (and SLF4J) calls are transparently routed to Log4J2, the log configuration inside jspwiki.properties has changed, so installations with customized logging configuration will need to be set up again.
- Existing 3rd party plugins, filters and providers will continue to work as expected, as Log4J calls will be routed to Log4J2, but the use of Log4J2 should be preferred onwards.
- By default, JSPWiki will configure Log4J2 from the jspwiki[-custom].properties files, expecting log configuration to be there using Log4J2 properties syntax
- jspwiki.use.external.logconfig=true can still be used on jspwiki[-custom].properties files to bypass JSPWiki log re-configuration and rely directly on Log4J2 configuration mechanisms
- IMPORTANT: if you're using a JSPWiki customized .war, please ensure that neither Log4J nor any SLF4J implementation end up in your customized .war.
JSPWIKI-1143 - SpamFilter now accepts the jspwiki.filters.spamfilter.allowedgroups property as a comma separated list of groups that will bypass the filter.
JSPWiki now takes the following properties sources:
1. Default JSPWiki properties
2. System environment
3. JSPWiki custom property files
4. JSPWiki cascading properties
5. System properties
- With the later ones taking precedence over the previous ones. To avoid leaking system information, only System environment and properties beginning with jspwiki (case unsensitive) are taken into account.
- Also, to ease docker integration, System env properties containing _are turned into .. F.ex., ENV jspwiki_fileSystemProvider_pageDir would be loaded as jspwiki.fileSystemProvider.pageDir.
JSPWIKI-1147 - The button "Clear user preferences" doesn't clear user preferences
JSPWIKI-1140 - Autogenerate changenote on page comments
Devs only
- JSPWiki Docker image available on Docker Hub
- JSPWIKI-1160 - JSPWiki is built using JDKs 8, 11 and 17
Upgraded bundled dependencies
- Awaitility to 4.1.0
- Commons IO to 2.11.0
- Commons Lang to 3.12.0
- EhCache to 2.10.9.2
- Gson to 2.8.9
- HSQLDB to 2.6.1
- Jetty-all to 9.4.44.v20210927
- JUnit to 5.8.1
- Lucene to 8.11.0
- Mockito to 4.0.3
- Selenide to 6.0.3
- SLF4J to 1.7.32
- Tika to 2.1.0
- Tomcat to 9.0.55
Security Fixes
- CVE-2021-40369
- CVE-2021-44140