Changes Report

Last modified by Vincent Massol on 2017/05/31

Improved Display of What's New

The display of the What's New Application has been improved to allow an easier differentiation between the different news items and better accessibility.

Improved required rights reporting

The reporting presented by the required rights analyzer is now just a summary of the impacted rights first, with the possibility to expand the details. This is done to prevent showing technical items to users by default.

Responsive Content in PDF Export

XWiki's user interface (UI) adapts automatically to the screen size (i.e. it's responsive), thanks to Bootstrap's grid system, and this sometimes applies even to the wiki page content. For instance the page content could be split into columns, the number of columns depending on the available screen width: a single column on extra small devices, 2 columns on small devices, 3 columns on medium and large devices. When exporting such a page to PDF the outcome can be different than what you see in view mode because the available width depends on the print page size which is different than the screen size. Starting with this version we're adapting Bootstrap's grid system for print media, in order to have a more predictable outcome:

  • extra small print: anything less than A4 portrait width => should match the behaviour from extra small screens
  • small print: A4 portrait up to A4 landscape => should match the behaviour from small screens
  • medium print: A4 landscape up to A3 landscape => should match the behaviour from medium screens
  • large print: A3 landscape and up => should match the behaviour from large screens

By default the PDF export uses the A4 print page size so it should match the behaviour from small screens. See the PDF Export Application for more information.

Icon Macro

A new icon macro has been introduced. It supports displaying an icon from the current or a chosen icon set and can thus be used to display icons that are consistent with XWiki's UI.

What's New in XWiki

Displays news about XWiki and its ecosystem, directly into your XWiki instance.

Increasing contrast

Some elements of the XWiki interface systematically didn't achieve the minimum contrast defined in the Web Content Accessibility Guidelines.

Instances using Iceberg - the default color theme - or no color theme, are now patched to avoid those systematic violations.

Contrast is notably higher on buttons or light texts.

Changes for the Iceberg UI:

  • Navigation bar is very slightly darker
  • Links are slightly darker
  • Breadcrumb text is darker.
  • Muted text (e.g. description of a template when creating a page, [+] to add tags, ...) is darker
  •  The buttons have more contrast:
    • Blue buttons have a slightly darker background
    • Red buttons have a darker background
    • Green buttons have a darker background
    • Yellow buttons have a lighter background and their text is swapped from white to black

Changes for the no-theme UI:

  • The anchors in the right side drawer are darker.
  • Breadcrumb text is darker.
  • Muted text is darker
  • The buttons have more contrast:
    • Blue buttons have a slightly darker background
    • Red buttons have a darker background
    • Green buttons have a darker background
    • Yellow buttons' text swapped from white to black


Choose the authentication service at runtime

It's now possible to choose the authentication service to use at runtime (for authenticators which support it).

New Watch button state

The behaviour of watch buttons have changed to be more accurate regarding users' custom notification filters: if users have filters concerning some specific events only (e.g. a filter to watch mention on the whole wiki) the watch buttons will be displayed as "undecided". The idea is to expose to the users that "some events" are actually watched for that page, space or wiki.

Also using the watch buttons might disable some already existing custom filters, if those are concerning the exact same location and are contradictory. So for example, if a filter has been created to ignore mentions on a specific space, and the user decides to watch this space, then automatically the filter to ignore mention will be disabled. It can be enabled back manually by the user through the notification settings.

New API to render a translation

There's now new LocalizationManager#getTranslation() and ContextualLocalizationManager#getTranslation() APIs to get a translation and render it for a target Syntax. For example:

private LocalizationManager localizationManager;
try {
  String translation = this.localizationManager.getTranslation("key", locale, Syntax.HTML_5_0, parameters);
} catch (LocalizationException e) {
 // Error getting the HTML5 renderer


private ContextualLocalizationManager localizationManager;
try {
  String translation = this.localizationManager.getTranslation("key", Syntax.HTML_5_0, parameters);
} catch (LocalizationException e) {
 // Error getting the HTML5 renderer

Quick Image Insertion

You can now search for and insert images using the keyboard, by typing / (slash) and selecting the image Quick Action. This opens a drop down that lists latest images uploaded to the page and to the whole wiki. You can also upload new images directly from the drop down. Checkout the CKEditor Integration documentation for more information.

Security Vulnerabilities Reviews

The Security Vulnerabilities Application now takes into account vulnerabilities reviews maintained by the XWiki Development Team

Those reviews provide a more in-depth analysis of the security vulnerabilities found by the security scan. Known vulnerabilities that are analyzed as safe are displayed in a small font and will not raised the security notification.

Vulnerabilities with available reviews have a button next to them in the security listing Live Data, allowing to display the details of the reviews.

See the XWiki Security Policy for more details about our review process and to know where to reach us for questions.

Fine-grained control over how Chrome accesses XWiki

The "XWiki Host" PDF Export configuration parameter has been replaced by a new configuration parameter named "XWiki URI". While the old parameter was used to specify only the domain name or IP address of XWiki (required by the headless Chrome web browser to open the print preview page) the new parameter allows you to specify additionally the scheme (e.g. HTTP versus HTTPS) and the port number (e.g. 8080). This makes it easier to configure the remote Chrome so that it bypasses the proxy (e.g. SSO) in front of XWiki (e.g. by accessing directly the servlet engine that runs XWiki, such as Tomcat).

Note that the old "XWiki Host" configuration parameter is still taken into account (e.g. if it was set before upgrading to XWiki 15.7+) but the new "XWiki URI" parameter takes precedence (when set). We recommend updating your configuration to use the new parameter (in case you're using a remote Chrome and not the user's browser for PDF export). Migration is easy: just copy the value from the old parameter to the new one. This is possible because the scheme and port number are optional when specifying the "XWiki URI".

For more information checkout the PDF Export Application documentation.

Quick Link to a new Attachment

You can now upload and link to an attachment using the keyboard, by typing / (slash) and selecting the Link Quick Action. This opens a drop-down that now supports uploading attachments.

Buttons appearance

We made some changes on the visual aspect of buttons:

  • the gradient on the buttons background has been removed
  • buttons are now borderless, except for the default buttons since they have the same background as the default background

Live Data in Batch Restore

The list of deleted pages that is displayed when restoring a batch of pages uses Live Data instead of Livetable.

PDF Export Metadata

The PDF export template has a new field named "Metadata" that you can use to display additional information about the exported wiki pages in the PDF header or footer. You need to follow three steps:

  • Use the Metadata field to indicate the extra information you want to display. For instance, if you want to display the tags:
    {{velocity output="false"}}
      'data-tags': $stringtool.join($doc.getTagList(), ', ')
  • Use the Header or Footer fields to indicate where to display the metadata:
    {{html clean="false"}}
    Tags: <span class="pdf-doc-tags"></span>
  • Use the Style Sheet Extension object to inject the metadata in the PDF header or footer:
    h1[data-xwiki-document-reference] {
     string-set: doc-tags attr(data-tags);
    .pdf-doc-tags:before {
     content: string(doc-tags);

See the PDF Export Application documentation for more information.

Attachments Page from the Index now use a Live Data

The Attachments page displayed in the Index now use a Live Data instead of a Live Table for displaying the information.

Headings appearance

In order to make headings easier to ready, they are now bolder. In addition, the size difference between two adjacent levels is larger.

Default radius of UI elements

The default radius of UI elements of the Flamingo Skin are now larger (about 1.75 times larger) by default.

New script service for URL security operations

A new script service has been introduced to allow performing security checks on URL. The script service currently provides a single method which can be used like that:

#set ($myURL = "")
#set ($safeURI = $$myURL))
## The URI is null if not safe.
#if ($safeURI)
 ## use it as an URI object. 

New tags right check strategy configuration

It is now possible to configure the algorithm used when checking view rights on tags (returned by the Tags API) by editing

#-# [Since 14.4.8, 14.10.4, 15.0RC1]
#-# Configure the tag selection algorithm to use.
#-# The default algorithm is "exhaustive", which check all elements (documents and tags) for view right before returning
#-# them. This exhaustive check can lead to tag clouds and tag lists being slow to compute on instances with very large 
#-# amounts of tags or tagged documents (more than 5000 of elements).   
#-# Note that it is advised to keep using the default implementation as much as possible, and to switch to the "unsafe"
#-# option only when all performance improvements options have been exhausted 
#-# (see
#-# The "unsafe" algorithm does not perform any right checks. It is approximately 10 times faster than "exhaustive"
#-# but does not provide any guarantee that the current user won't be able to view a tag he/she is not allowed to. 
#-# Therefore, we cannot recommend to use it unless tags performance is critical AND tags and document references are 
#-# not considered as critical information.
# tag.rightCheckStrategy.hint=exhaustive
# tag.rightCheckStrategy.hint=unsafe

New source support for content and context macros

The content and context macros now have an alternative way to indicate the content to parse, which allows executing content coming from a script value. See Content Macro for more details.

The PDF export is now generating internal links as much as possible. By internal links we mean links that make the PDF viewer scroll the target content into view rather than opening it in a web browser. The following types of internal links are supported:

  • links to a fragment from the same page that is included in the PDF export (e.g. #HDescription)
  • links to a fragment from another page that is included in the PDF export (e.g. /xwiki/bin/view/Other/Page#HDescription)
  • links to another page that is included in the PDF export (e.g. /xwiki/bin/view/Other/Page)

Internal links that use fragment identifiers are updated automatically, before printing the content to PDF, to target the corresponding global fragment identifier that is generated by the shared id generator used when rendering multiple pages for PDF export. In other words, having multiple sections with the same name in the PDF export shouldn't cause any problems because the links that target them are updated properly.

Checkout the PDF Export Application documentation for more information.

Warning when the dimensions are larger than the selected image

A warning message is displayed to the user when the width or height of an image are larger than the dimensions of the selected image.

More required rights analyzers

More required rights analyzers have been implemented, warning about rights required for UI extensions, HTML via the raw macro and correctly analyzing the content and parameters for the context and cache macro.

Required rights enabled by default

The required rights check before editing is now enabled by default. It can still be disabled by changing the required rights configuration in case it is not desired or there should be any issues.


Get Connected