Changes Report

Last modified by Vincent Massol on 2017/05/31

Provide strategies for grouping notifications

Notifications used to be automatically grouped using an hardcoded algorithm based on type of events and documents attached to the events. Starting with this release, we provide strategies to allow choosing how to group the events to be displayed in alert and email notifications.

This work is still at early stage since we do not provide yet an UI for users to chose their strategies, neither we provide updated templates that would work properly with all type of strategies. So if developers want to use the new strategy, they'd need to customize the notification templates.

Quick Editing Actions

You can now access most of the WYSIWYG editing features using the keyboard, just by typing / (slash). This opens the Quick Actions drop down that lists quick action suggestions based on the context. Rendering macros are exposed as quick actions. Checkout the CKEditor Integration documentation for more information.

Listing of Extensions Vulnerabilities

A security vulnerabilities section is now available in the administration. This section present the state of the known vulnerabilities of extensions installed on the wiki.

This list is filled based on a periodic scan (running every 24h by default), and uses https://osv.dev/ as its vulnerability database.

Please note that the list does not include all extensions for now. Extensions that can't be upgraded through the extension manager are not included.

Therefore, do not consider a instance as exempt of know security issues if the list is empty. See our Security Policy to know more about our security practices.

The vulnerabilities presented in the screenshots are based on outdated extensions versions and does not represent the state of an up to date XWiki instance.
They are here to show what the UI looks like with known vulnerabilities listed.

Quick Icon Insertion

You can now search for and insert icons using the keyboard, by typing / (slash) and selecting the icon Quick Action. This opens a drop down that lists all the available icons.

Performance improvement in templates

Wiki skins and filesystem templates are now cached. In addition, the Velocity from Velocity templates (not yet those based on wiki syntax) is compiled to speed up following executions.

The first performances tests suggest that the XWiki Standard skin is now up to 5 times faster thanks to this caching.

It will continue to improve in upcoming versions of XWiki with the caching and compilation of Velocity (and other costly tasks) in other areas (templates located in JAR extensions, velocity scripts located in wiki content like UI extensions and panels, code macros, etc.).

XJetty Debian packages

XWiki now comes with new Debian package based on a customized Jetty optimized for XWiki that you can use instead of the traditional Tomcat based XWiki Debian package which unfortunately don't work on Debian 12+. See InstallationViaAPT for mode details.

Automatic validation and encryption keys

The validation and encryption key configured in the xwiki.cfg file and used for cookies don't need to be set anymore. When not set (the default now) they are automatically generated and stored.

Block preparation and caching

To continue the work on improving the performances and benefit from the Velocity scripts compilation introduced in 15.8, the concept of block preparation has been added to the Rendering framework. The goal is to pre-execute everything that does not rely on the context in a XDOM and cache it to not redo all this in each transformation pass.

The rendering framework now offers a helper to make a lot easier to cache part of the execution of a macro. When preparing a Block, the Macro transformation will call the new Macro#prepare API that any macro can implement to reduce the time spent in Macro#execute.

In 15.9, the following macros are prepared:

  • the content is compiled in the velocity macros
  • the wiki content is parsed (and the resulting blocks are prepared) in the following macros
    • box
    • info
    • warning
    • error
    • success
    • content
    • footnote
    • html
    • async
    • context
    • cache
    • container
    • gallery
    • translation

And the XDOM is prepared and cached in the following use cases:

  • The content of the UI extensions
  • The content of the panels
  • The content of the wiki macros

See ExtendingMacro for more details.

Required Rights

When the rights of the current author are different from the rights of the page author, a required rights analyzer is executed.

This analyzer can raise a warning if:

  • the current user has more rights than the content author (e.g., a macro previously failing by lack of right might start being evaluated)
  • the current user has less rights than the content author (e.g., a macro previously working might stop working by lack of rights)

Note that this analysis is currently disabled by default. See the Admins section.

Tags:
   

Get Connected