Difference: TWikiReleaseNotes04x03 (2 vs. 3)

Revision 302 Sep 2009 - TWikiContributor

Line: 1 to 1
Changed:
<
<

TWiki Release 4.3.1 (Georgetown), 2009-04-29

>
>

TWiki Release 4.3.2 (Georgetown), 2009-09-02

 
On this page:

Introduction

Changed:
<
<		TWiki 4.3.0 released on 2009-03-30 introduces security enhancements, usability enhancements, feature enhancements, and adds extensions to strengthen TWiki as an enterprise collaboration platform.
>
>		TWiki-4.3.0 released on 2009-03-30 introduces security enhancements, usability enhancements, feature enhancements, and adds extensions to strengthen TWiki as an enterprise collaboration platform.
 
Changed:
<
<		TWiki 4.3.1 released on 2009-04-29 introduces security enhancements. This release also introduces use of ISO date format by default.
>
>		TWiki-4.3.1 released on 2009-04-29 introduces security enhancements. This release also introduces use of ISO date format by default.
 
Changed:
<
<		It is highly recommended to upgrade to TWiki 4.3.1. Users will find this release much more stable and secure in daily use.
>
>		TWiki-4.3.2 released on 2009-09-02 introduces security enhancements (CSRF fix). WYSIWYG editing is enhanced as well, the TinyMCEPlugin is upgraded with latest tinyMCE Javascript library.
 
Added:
>
>		It is highly recommended to upgrade to TWiki-4.3.2. Users will find this release much more stable and secure in daily use.
 

Pre-installed Extensions

Changed:
<
<		TWiki 4.3.1 is ships with:
>
>		TWiki-4.3.2 ships with:
 
  • Plugins: CommentPlugin, EditTablePlugin, EmptyPlugin, HeadlinesPlugin, InterwikiPlugin, PreferencesPlugin, RenderListPlugin, SlideShowPlugin, SmiliesPlugin, SpreadSheetPlugin, TablePlugin, TinyMCEPlugin, TWikiNetSkinPlugin, TwistyPlugin, WysiwygPlugin
  • Contribs: BehaviourContrib, JSCalendarContrib, MailerContrib, TipsContrib, TWikiUserMappingContrib, TwistyContrib
  • Skins: ClassicSkin, PatternSkin, TWikiNetSkin,
Added:
>
>		Note: HeadlinesPlugin, TWikiNetSkin and TWikiNetSkinPlugin are new in TWiki-4.3.0.
 

New Features Highlights

  • Security Enhancements
Changed:
<
<
>
>
 
    • S/MIME support to sign administrative e-mails
  • Usability Enhancements
    • Replace question mark links with red-links to point to non-existing topics
Changed:
<
<
    • Use ISO date dormat by default
>
>
    • Use ISO date format by default - added in TWiki-4.3.1
 
  • Enterprise Collaboration Enhancements
    • Pre-installed HeadlinesPlugin to show headline newsfeeds in TWiki topics
    • Pre-installed TWikiNetSkin, TWikiNetSkinPlugin for corporate look and feel
Line: 43 to 48
  See the full list of bug fixes at the bottom of this topic.
Added:
>
>

Important Changes

1. Added protection against CSRF (cross-site request forgery) in TWiki 4.3.2 patch release

TWiki protects content updates with a one-time-use crypt token to guard against CSRF exploits. This means that it is no longer possible to hit the browser back button to fix a typo; you get an "invalid crypt token" error message if you try to save again. Workaround: Instead of browser back button, hit the "Edit" button to fix a typo.

There is a balance between security and user convenience. A TWiki administrator can enable and disable the crypt token based CSRF protection with the {CryptToken}{Enable} configure setting. For mission critical public TWiki sites it is recommended to enable the crypt token; for firewalled TWiki sites it is usually OK to disable it.

 

Deprecation Notices

The %MAINWEB% and %TWIKIWEB% variables have been deprecated. For compatibility reasons they are unlikely to ever be removed completely, but you should use the %USERSWEB% and %SYSTEMWEB% variables instead.

Line: 82 to 95
 

Enhancements

Added:
>
>
Item2927 Topic moved message too visible
Item6283 upgrade tinyMCE to latest version in TinyMCEPlugin
 
Item3647 Usability: Control over variable expansion in topic templates
Item5025 InterwikiPlugin: Allow special characters in "Page" of Site:Page
Item6148 HeadlinesPlugin: Support for {PROXY}{HOST} and {PROXY}{PORT} configure settings
Line: 100 to 115
 

Fixes

Added:
>
>
Item6253 $WORKINGDAYS is returning invalid results
Item6259 Prevent GUI-based rename of TWiki web and Main web
Item6267 FORMFIELD expands $title to field name if $title exists in field value
Item6295 Preferences For Raw Edit or Wysiwyg Edit
 
Item1607 %TOC% does not distinguish two headlines that have the same text
Item2525 TablePlugin produces bad links for sorting when using "short" URLs
Item4835 SpreadSheetPlugin: SUBSTITUTE error when text=old and replace is empty
Line: 163 to 182
 
Item6240 unhelpful error message when sysCommand fails
Item6243 URLPARAM "empty or missing"
Item6251 CSRF vulnerability CVE-2009-1339: Possible to gain TWiki admin privileges with a specially crafted image tag
Added:
>
>

TWiki 4.3.2 Patch Release - Details

TWiki-4.3.2 was built from SVN http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x03 revision 18148 (2009-09-02)

Highlights

Enhancements

Item2927 Topic moved message too visible
Item6283 upgrade TinyMCEPlugin with latest tinyMCE WYSIWYG editor
Item6315 HeadlinesPlugin: New touch parameter for HEADLINES variable

Fixes

Item6253 SpreadSheetPlugin: $WORKINGDAYS is returning invalid results
Item6259 Prevent GUI-based rename of TWiki web and Main web
Item6267 FORMFIELD expands $title to field name if $title exists in field value
Item6295 Preferences for raw edit or WYSIWYG edit
Item6296 Crypt token based CSRF fix for TWiki
Item6308 viewfile adds trailing newline to attachments
 

View topic | History: r6 < r5 < r4 < r3 | More topic actions...
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiReleaseNotes04x03.