Changes Report

Last modified by Vincent Massol on 2017/05/31

Block attributes

Rendering Blocks now have the concept of attributes. The main difference between Block parameters and block attributes is that attributes are not meant to be parser/serialized, the point is to use them as internal metadata associated to a block. The current main use case is to store the result of pre-executed macros.

Component role type priority

It's now possible to indicate the priority of a component among its role type siblings when it's retrieved through APIs like ComponentManager#getInstanceList and ComponentManager#getInstanceMap. In a Java component declaration, this is done through the standard javax.annotation.Priority annotation.

Note that component priority can also be used to sort event listeners.

TOC macro numbered property

The numbered property of the Table of Content macro is now marked as advanced and is only proposed in the "more" section of the macro configuration dialog. This is because we're now offering a Numbered Content Application covering the numbering use case in a better way.

Pre-edit document check

It is now possible for extensions to define a pre-edit document check, similar to what already exists for locked pages, or pages owned by extensions.

Common User Name Differentiator

It's now possible to configure an user property to be used as differentiator (hint) when displaying users in compact mode, in order to better identify users that have common or similar names. You can use an existing user property, like address, or a custom user property that you need to add first (e.g. the position inside the organization). This can be done from file:

#-# [Since 14.10.12]
#-# [Since 15.5RC1]
#-# When displaying an user in a compact mode we usually rely only on the user avatar and their full name. If this is
#-# not enough to properly identify the user then this configuration can be used to display additional information.
#-# The name of the user property to be used as qualifier (hint) when displaying the user in a compact mode. This
#-# configuration is not set by default, which means no additional information is displayed:
# user.display.qualifierProperty =

For instance:

user.display.qualifierProperty = address

At the moment this configuration is taken into account only by the user picker, and is not set by default, meaning that we don't show any differentiator by default. Check out the User Module documentation for more information.

Users can be filtered based on first name and last name in the rights UI

The rights UI now allows filtering based on the user first name last name and username. This is particularily helpful in cases where usernames do not contain any character from the user first name or last name (for example, uuid-based usernames).

Home page change

The Youtube video located on the XWiki Standard flavor's home page has been removed (for privacy reasons and also for increased usability, as the underlying markup was complex to understand for users).

#displayUser and #displayGroup now allow displaying a link to the profile

The standard velocity macros #displayUser and #displayGroup can now be configured to display a link to the user or group profile with the parameter displayLink. The parameter defaults to true.

Empty Line Placeholder

A placeholder text is now displayed on currently focused empty lines. By default it indicates the type of content block that holds the caret (e.g. paragraph, heading, list item, etc.), but it could also show tips on how to use the editor in that particular context. This is for instance used to advertise the Quick Actions shortcut (slash). Checkout the CKEditor Integration documentation for more information.

Required Rights

The Required Rights Application analysis is deactivated by default as the analysis is still incomplete and the presentation needs to be improved to more clearly show what's wrong. Still, the analysis can already provide useful warnings and this is a good opportunity to provide feedback as this feature will be activated by default in a future version of XWiki. It can be activated by setting the to warning.

#-# [Since 15.9RC1]
#-# Indicates how documents are protected by required rights.
#-# The possible choices are:
#-# * none (the default): no required rights check
#-# * warning: a warning is presented to the user when trying to edit a document with required rights issues

The rights livetables display user first name and last name

User first name and last name are now displayed in the rights UI using the standard user and group displayers.

Mail Deletion

It's now possible to delete a single mail from the Admin UI, by clicking on the "Delete" button next to the mail in the Mail Status screen.

Tour Application in platform

The Tour Application is now part of xwiki-platform and the contrib extension has been moved to the attic.

Common User Name Differentiator

The user picker can now be configured to show additional information about the listed users (e.g. the user address or user position within the organisation) in order to help you distinguish between users with similar names. Check out the User Module documentation for more information.

Extensions Security Vulnerabilities Application

After some forum discussions we agreed that the extension is current not useful to fix security vulnerabilities, and is at risk of presenting false-positive. Until those issues are fixed, we decided to stop bundling it as part of the standard distribution.

Restricted context macro

A new restricted parameter has been introduced in the context macro to allow executing content in a restricted content. See Context Macro for more details.

New script service for HTML operations

A new HTML script service has been introduced allowing to use the recently introduced HTMLElementSanitizer in scripts. It can be used in velocity with $

Extension plan in isolation

It's now much easier to run extension jobs isolated from the current instance. The following two new properties has been added to ExtensionRequest:

  • coreExtensionRepository: a custom repository to use to find available core extension
  • installedIgnored: true if already-installed extensions should not be taken into account while resolving the install plan

Tags are hidden when there are none

When there aren't any tags assigned to a page, the text “Tags:” is no longer displayed at the bottom of the page unless the user has edit rights.

What's New API

New experimental API to gather external news related to XWiki.

Example to get news items from a xwikiblog source, for a given user, filtered by a category:

private NewsSourceFactory factory;

private NewsConfiguration configuration;

List<NewsSourceDescriptor> descriptors = this.configuration.getNewsSourceDescriptors();
NewsSourceDescriptor descriptor = descriptors.get(0);
List<NewsSourceItem> items = this.factory.create(descriptor.getParameters())
NewsContent content = items.get(0).getDescription().get();
String itemDescription = content.getContent();
Syntax itemSyntax = content.getSyntax();

Refactored tips panel extension point

The tips panel extension point has been refactored to be safer and easier to use. See the "Add Tip to Tips Panel" extension point for more details on how to define a tip in 15.1+. Note that any custom tip you may have will continue to work as is, but we encourage you to move the tip definitions from the UIXP parameter to the UIXP content as the old way is now deprecated and will be removed one day (and it's also safer to use the new way).

Limit parameter in tag cloud

The tag cloud macro supports a new parameter to limit the number of tags to the n most occurring tags.

Velocity macro for sanitizing URLs

A new velocity macro has been provided to allow getting sanitized URLs from request parameters to be used in HTML.

More required rights analyzers

Even more required rights analyzers have been added in XWiki 15.10, now analyzing HTML Macros, translation documents, gadgets, icon sets, and configurable sections.

PDF Export Size Limit

The default PDF export size limit has been increased from 100KB to 5MB and is now applied only when exporting multiple wiki pages. Checkout the PDF Export Application documentation for more information.

Filter for testing for restricted HTML cleaning

A new filter for HTML cleaning allows testing if HTML content would be affected by restricted cleaning, allowing to determine automatically if HTML content could also be used with restricted cleaning without risking any breakage.

Improved Security Vulnerabilities scanner

On XWiki 15.5 the Security Vulnerabilities Application was limited to installed extensions. The scan now includes core extensions as well as dependencies provided by the environment (e.g., the servlet engine).

Environment vulnerabilities are listed in a separate tab.

Pre-edit check can be cached

It is now possible to define a caching strategy for pre-edit checks, allowing to define when to re-display the results of a check to the user if they have been previously forced.

Security Vulnerabilities name display

The display of the extension names on the extension security vulnerabilities is now improved to take into account the limited horizontal space of the administration.

New API for macro required rights analyzers

A new API for required rights analyzers for macros has been introduced that makes it simpler to introduce a required rights analyzer for a macro. Such an analyzer is necessary for all macros that support wiki syntax outside the content (e.g., in a parameter) or any kind of script or other content that uses the author's rights.

Set email grouping strategy per scheduler

The email grouping strategy can be defined at different levels (per wiki, and per user) and is specific for a given scheduler, using a new dedicated XObject XWiki.Notifications.Code.NotificationEmailGroupingStrategyPreferenceClass.

So an admin can add one or severals xobjects in XWiki.XWikiPreferences for defining the different strategies for each scheduler, at wiki level: the xobject needs to contain the name of the strategy to use, and the name of scheduler (hourly, daily, weekly or live).
This value can be overridden by a user if they perform adding the same type of xobject in their own user profile.

More robust security cache

The security cache has been made robust against the disposal of structurally important entries by storing them also outside the cache as long as they're still needed by entries in the cache to avoid cascading disposal of large parts of the cache. If you've had problems with users seeing access denied sometimes, this might be the improvement you've been looking forward to. Also, if you've configured a very high size for the security cache to avoid these problems, it should be possible to reduce these limits now. The documentation provides some hints how to choose a reasonable security cache size. However, as with every change to code that is critical to performance and security, there is a risk for regressions even though we have extensive tests. In particular if you're maintaining a larger instance of XWiki, it is advised to monitor memory usage and performance after the upgrade to see if there are any irregularities. Also, please check that access restrictions are still working, in particular, if they involve nested groups. As always, please open a bug report or create a forum post if you're noticing anything unusual.

Pre-edit check can be cached

When editing a page, once a pre-edit check result is presented to the user, it will not be presented again unless something changed. For instance, once a user chooses to edit a page owned by an extension, he or she will not be warned again. However, if a page is locked twice by different users, they will be warned at each edit attempt.

Increasing contrast

The info button of the Flamingo Theme is now increased to conform to the minimum contrast defined in the Web Content Accessibility Guidelines

New API to safely evaluate XObject properties

A new API to provide safe evaluation of XObject properties has been introduced to allow developers to control which properties from which XClasses should be evaluable, and how they should be evaluated. For XObjects that have assigned evaluators, the evaluated properties can be recovered in scripts through the new evaluate() method.

Forced default image style

The default image style can now be forced, meaning that it will be used by default and a style must be selected.

Add parameters to the CKEditor html conversion request

A new xwiki:ckeditor:convertHTML event is send before a request to convert some content to HTML is sent by CKEditor. Listeners can add new request parameters by add properties on the data object send with the event. The example below show how to add an example parameter with value 1.

$(document).on('xwiki:ckeditor:convertHTML', function(event, data) {
    data.example = 1;

Groups can be filtered by their title in groups livetables

It is now possible to filter groups by their title in the groups livetables or the access rights livetables. This is particularly helpful in case a group has a “pretty name” that is more user-friendly than the name of the group document.

Allow to chose conflict fallback version when merging

The storage merge API have been improved in order to allow consumers of the API to define what should be the fallback versions to use in case of merging conflicts: by default the version is still the current version element, but it's now also possible to chose the next version element.

Table of content entries customization

It is possible to decorate the Table of Content entries by providing a component with the TocEntryExtension role.

Suggestions for the wiki macro parameter type

It's now easier to decide what value to set in the wiki macro parameter type as suggestions are proposed: "Unknown" (the default), and "Wiki" for a parameter containing wiki markup. It's still possible to explicitly set the Java type to use.

Velocity AST caching

VelocityEngine API now expose helpers to much easier to compile and cache the Velocity AST.

Dynamic registration of rendering listeners

It is now possible to declare a rendering listener dynamically from an extension.

Added accessibility test overview

Now, builds with the property xwiki.test.ui.wcag property activated will create overview reports of the accessibility results. These reports will generate whatever the results are, and will contain statistics about the tests in the test suite.

Add concept of image to What's New API

In preparation for displaying images in the What's New UI for news items, the What's New API has been updated to support getting images for news items.

private NewsSourceFactory factory;

private NewsConfiguration configuration;

List<NewsSourceDescriptor> descriptors = this.configuration.getNewsSourceDescriptors();
NewsSourceDescriptor descriptor = descriptors.get(0);
List<NewsSourceItem> items = this.factory.create(descriptor.getParameters())
String imageURL = items.get(0).getImageURL().get();

ClassLoader name

The ClassLoaders associated to namespace are now implementing ClassLoader#getName() so you don't need to cast it to NamespaceURLClassLoader to access the namespace anymore.

Available macros sorted by id

The available macros list is now sorted by ascending macro ids.

Anchor in EntityResourceReference

The anchor metadata has been added to EntityResourceReference, to align it with other entity reference-related APIs. The general goal is to be able to support anchors (a.k.a URL fragments) in references to resources.


Get Connected