|
< < | TWiki Release 4.3.1 (Georgetown), 2009-04-29 |
> > | TWiki Release 4.3.2 (Georgetown), 2009-09-02 |
|
Introduction |
|
< < | TWiki 4.3.0 released on 2009-03-30 introduces security enhancements, usability enhancements, feature enhancements, and adds extensions to strengthen TWiki as an enterprise collaboration platform. |
> > | TWiki-4.3.0 released on 2009-03-30 introduces security enhancements, usability enhancements, feature enhancements, and adds extensions to strengthen TWiki as an enterprise collaboration platform. |
| |
|
< < | TWiki 4.3.1 released on 2009-04-29 introduces security enhancements. This release also introduces use of ISO date format by default. |
> > | TWiki-4.3.1 released on 2009-04-29 introduces security enhancements. This release also introduces use of ISO date format by default. |
| |
|
< < | It is highly recommended to upgrade to TWiki 4.3.1. Users will find this release much more stable and secure in daily use. |
> > | TWiki-4.3.2 released on 2009-09-02 introduces security enhancements (CSRF fix). WYSIWYG editing is enhanced as well, the TinyMCEPlugin is upgraded with latest tinyMCE Javascript library.
It is highly recommended to upgrade to TWiki-4.3.2. Users will find this release much more stable and secure in daily use. |
|
Pre-installed Extensions |
|
< < | TWiki 4.3.1 is ships with: |
> > | TWiki-4.3.2 ships with: |
|
- Plugins: CommentPlugin, EditTablePlugin, EmptyPlugin, HeadlinesPlugin, InterwikiPlugin, PreferencesPlugin, RenderListPlugin, SlideShowPlugin, SmiliesPlugin, SpreadSheetPlugin, TablePlugin, TinyMCEPlugin, TWikiNetSkinPlugin, TwistyPlugin, WysiwygPlugin
- Contribs: BehaviourContrib, JSCalendarContrib, MailerContrib, TipsContrib, TWikiUserMappingContrib, TwistyContrib
- Skins: ClassicSkin, PatternSkin, TWikiNetSkin,
|
|
> > | Note: HeadlinesPlugin, TWikiNetSkin and TWikiNetSkinPlugin are new in TWiki-4.3.0. |
| New Features Highlights
|
|
< < | |
> > | |
|
-
- S/MIME support to sign administrative e-mails
- Usability Enhancements
- Replace question mark links with red-links to point to non-existing topics
|
|
< < |
-
- Use ISO date dormat by default
|
> > |
-
- Use ISO date format by default - added in TWiki-4.3.1
|
|
- Enterprise Collaboration Enhancements
- Pre-installed HeadlinesPlugin to show headline newsfeeds in TWiki topics
- Pre-installed TWikiNetSkin, TWikiNetSkinPlugin for corporate look and feel
|
|
See the full list of bug fixes at the bottom of this topic. |
|
> > | Important Changes
1. Added protection against CSRF (cross-site request forgery) in TWiki 4.3.2 patch release
TWiki protects content updates with a one-time-use crypt token to guard against CSRF exploits. This means that it is no longer possible to hit the browser back button to fix a typo; you get an "invalid crypt token" error message if you try to save again. Workaround: Instead of browser back button, hit the "Edit" button to fix a typo.
There is a balance between security and user convenience. A TWiki administrator can enable and disable the crypt token based CSRF protection with the {CryptToken}{Enable} configure setting. For mission critical public TWiki sites it is recommended to enable the crypt token; for firewalled TWiki sites it is usually OK to disable it. |
| Deprecation Notices
The %MAINWEB% and %TWIKIWEB% variables have been deprecated. For compatibility reasons they are unlikely to ever be removed completely, but you should use the %USERSWEB% and %SYSTEMWEB% variables instead. |
| Enhancements
|
|
> > |
|
|
|
| Fixes
|
|
> > |
Item6253 |
$WORKINGDAYS is returning invalid results |
Item6259 |
Prevent GUI-based rename of TWiki web and Main web |
Item6267 |
FORMFIELD expands $title to field name if $title exists in field value |
Item6295 |
Preferences For Raw Edit or Wysiwyg Edit |
|
|
|
|
Item6251 |
CSRF vulnerability CVE-2009-1339: Possible to gain TWiki admin privileges with a specially crafted image tag |
|
|
> > | TWiki 4.3.2 Patch Release - Details
TWiki-4.3.2 was built from SVN http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x03 revision 18148 (2009-09-02)
Highlights
Enhancements
Item2927 |
Topic moved message too visible |
Item6283 |
upgrade TinyMCEPlugin with latest tinyMCE WYSIWYG editor |
Item6315 |
HeadlinesPlugin: New touch parameter for HEADLINES variable |
Fixes
Item6253 |
SpreadSheetPlugin: $WORKINGDAYS is returning invalid results |
Item6259 |
Prevent GUI-based rename of TWiki web and Main web |
Item6267 |
FORMFIELD expands $title to field name if $title exists in field value |
Item6295 |
Preferences for raw edit or WYSIWYG edit |
Item6296 |
Crypt token based CSRF fix for TWiki |
Item6308 |
viewfile adds trailing newline to attachments |
|
| <-- Note: Do not use TWikibug: interwiki links because interwiki rule might not be defined
--> |