Index: openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes-5-10-1.xml
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes-5-10-1.xml,v
diff -u -r1.1.2.1 -r1.1.2.2
--- openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes-5-10-1.xml 1 Aug 2024 08:03:42 -0000 1.1.2.1
+++ openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes-5-10-1.xml 2 Sep 2024 09:31:40 -0000 1.1.2.2
@@ -8,161 +8,2798 @@
Release 5.10.1
-
-
- The release of OpenACS 5.10.1 contains the 97 packages of the oacs-5-10
- branch. These packages include the OpenACS core packages, the major
- application packages (e.g. most the ones used on OpenACS.org), and
- DotLRN 2.10.1.
-
- Improved templating
-
- Client-side double click prevention
- Support for generic icon names, which can be mapped differently depending on the installed packages and themes: The generic names are supported via <adp:icon name="NAME" title=....>. By using this feature, one can use font-based icons (like e.g. glyphicons of Bootstrap5, bootstrap-icons, fa-icons, ...) instead of the old-style .gif and .png images. This makes the appearance more uniform, has better resizing behavior, and works more efficiently (fewer requests for embedded resources). Most of the occurrences of the old-style images in standard core and non-core packages in oacs-5-10 are already replaced.
- Support for listing registered URNs
-
-
- Security improvements
-
- Stronger password hashes (scram-sha-256 hash in addition to the classical salted-sha1)
- Added optional CSP rules based on MIME types. This is important for user-contributed content. When users upload e.g. SVG-files to the file storage, and the content is served from there, it poses a potential security hole. One can now define an additional parameter called StaticCSP in the section ns/server/$server/acs of the OpenACS configuration file to deactivate execution of script files from static content.
-
- ns_param StaticCSP {
- image/svg+xml "script-src 'none'"
- }
-
- Cookie-Namespace: When multiple OpenACS instances are served from the same domain name, the same cookies (e.g. ad_session_id, ad_login, ...) are set to all servers. For sensible cases, a cookie-namespace can be used, which can be used as a replacement of the traditional ad_ prefix. This can be as well set in the section ns/server/$server/acs of the OpenACS configuration file:
-
- # Provide optionally a different cookie namespace
- # (used for prefixing OpenACS cookies)
- ns_param CookieNamespace "ad_"
-
-
-
-
- Further reduce divergence between Oracle and Postgres SQL. Target version of Oracle could be 12.*, as Extended support ends in 2022 (see https://www.oracle.com/us/support/library/lifetime-support-technology-069183.pdf)
-
- limit / rownum -> fetch first
- use Postgres schemas for stored procedures so that they can be invoked with the same Oracle idiom
-
-
- Deprecated commands
-
- acs_message_id contract filter
- acs_privacy::*
- acs_tcl_vars_list_to_ns_set
- acs_tcl_vars_to_ns_set
- ad_apply
- ad_approval_system_inuse_p
- ad_dateentrywidget
- ad_db_select_widget
- ad_decorate_top
- ad_ns_set_to_tcl_vars
- ad_package_admin_home
- ad_parameter_all_values_as_list
- ad_user_class_description
- apm_file_type_keys
- application_group::child_application_groups
- attachments::root_folder_map_p
- bulk_mail::parameter
- bulk_mail::pretty_name
- calendar_portlet_display::get_url_stub
- calendar::adjust_date
- calendar::assign_permissions
- calendar::from_sql_datetime
- calendar::item::assign_permission
- calendar::make_datetime
- content::revision::update_attribute_index
- dotlrn_chat::add_portlet_helper
- dt_widget_*
- export_entire_form
- export_entire_form_as_url_vars
- export_ns_set_vars
- f::* API that cannot be replaced by a drop-in alternative
- forum::new_questions_allowed_p
- forum::new_questions_allow
- forum::new_questions_deny
- fs::add_created_version
- fs::get_archive_extension
- fs::get_folder_contents
- fs::item_editable_info
- fs::torrent::get_hashsum
- notification::get_delivery_method_id
- notification::get_interval_id
- oacs_util::vars_to_ns_set
- template::adp_levels
- template::form::export
- template::util::array_to_vars
- template::util::is_true
- template::util::list_to_array
- template::util::list_opts
- template::util::nvl
- template::util::tcl_to_sql_list
- template::util::set_to_list
- template::util::set_to_vars
- template::util::vars_to_array
- twt::server_url
- twt::user::create
- twt::user::delete
- util_AnsiDatetoPrettyDate
- util_commify_number
- util_get_current_url
- util_list_to_ns_set
- util_ns_set_to_list
- util_report_successful_library_load
- util_report_library_entry
- util::string_check_urlsafe
- Color widget API
- ...
- New proc ad_log_deprecated: unified interface for logging deprecated usages The existing code used a larger variety of different messages to denote invocations of deprecated procs and other artifacts. ad_log_deprecated provides a unified interface, and provides a usage hint what to use instead based on the API-doc definitions in the log-file.
- Move deprecated code into separate files
- Give people the chance to use OpenACS with WithDeprecatedCode set to 0. When OpenACS is configured to omit loading of long deprecated code (WithDeprecatedCode set to 0) files like deprecated-procs.tcl are not loaded. Therefore, these files should only contain code, which was deprecated at LEAST ONE RELEASE EARLIER, such that site admins have one release time to fix calls to deprecated code. This is especially important for public procs.
-
-
- General cleanup/maintenance
-
- Modernization of Tcl idioms.
- Compliance of files, proc names, ... to the naming conventions.
- White space cleanup, indentation changes.
- Improvement of public API documentation
- Adjustment of proc protection levels (public, private)
- Adjustment of log severity
- Cleanup of obsolete files
- Replacement of handcrafted forms by ad_form
- Typo fixing
- Editor hints
- Replacement of deprecated calls
- Addition of missing contracts
- ...
-
-
- New Packages:
-
- openacs-bootstrap5: Bootstrap 5 theme for OpenACS
- bootstrap-icons: Free, high-quality, open-source icon library with over 1,600 icons. Include them anyway you like—SVGs, SVG sprite, or web fonts. Use them with or without Bootstrap in any project
- fa-icons: Free, high-quality, open-source icon library with over 2,000 free icons. As of 2020, Font Awesome was used by 38% of sites that use third-party font scripts, placing Font Awesome in second place after Google Fonts
- highcharts: The Highcharts library is a JavaScript and TypeScript package for producing data visualizations (line/bar/pie charts etc.). The OpenACS package offers support to load this library either via CDN or from a local installation (via acs-admin and global administration UI)
-
-
- Migrate to bootstrap 5. Bootstrap 3 reached EOL in 2019, Bootstrap 4 had EOL 2022. See https://github.com/twbs/release
- Potential incompatibility with OpenACS 5.10.0: "permission::permission_p" returns Boolean values as "t" and "f" and not "1" and "0". Avoid literal comparisons of the result and use boolean tests available in Tcl/OpenACS.
- Support for fresh installations on Oracle 19c.
- Require NaviServer (i.e. drop AOLserver support). AOLserver cannot be compiled with the required modules with recent Tcl versions. Trying to backport NaviServer compatibility functions seems to be an overkill for the OpenACS project.
- Require Tcl 8.6, XOTcl 2.1, PostgreSQL 11 (PostgreSQL 10 EOL: November 2022), tdom 0.9
-
+
+ The release of OpenACS 5.10.1 contains the 94 packages of the
+ oacs-5-10 branch. These packages include the OpenACS core packages,
+ the major application packages (e.g. most the ones used on
+ OpenACS.org), and DotLRN 2.10.1.
+
Altogether, OpenACS 5.10.1 differs from OpenACS 5.10.0 by the
following statistics
- 2886 files changed, 197060 insertions(+), 182613 deletions(-)
-
- contributed by 6 committers (Antonio Pisano, Gustaf Neumann, Günter Ernst, Héctor Romojaro, Raúl Rodríguez, Thomas Renner) and additional 7 patch/bugfix providers (Felix Mödritscher, Frank Bergmann, Franz Penz, Markus Moser, Marty Israelsen, Monika Andergassen, Sebastian Scheder).
+ 3027 files changed, 428212 insertions(+), 219697 deletions(-)
- All packages of
- the release were tested with PostgreSQL 13.* and Tcl 8.6.*.
+ contributed by 8 committers (Antonio Pisano,
+ Gustaf Neumann,
+ Günter Ernst,
+ Héctor Romojaro,
+ Michael Aram,
+ Raúl Rodríguez,
+ Sebastian Scheder, and
+ Thomas Renner)
+ and additional 8 patch/bugfix providers (Felix Mödritscher,
+ Frank Bergmann,
+ Franz Penz,
+ Josue Cardona,
+ Keith Paskett,
+ Markus Moser,
+ Marty Israelsen, and
+ Monika Andergassen) - all sorted by the first names.
- For more details, consult the
+ In terms of changes, this is the largest amount of changes at
+ least since the release of OpenACS 5.9.0.
+ Below is a summary of the most important changes, often
+ together with the commit references in Git. The summary was
+ made on subjective criteria, to get an overview of the
+ changes.
+
+
+ For all details, consult the
raw ChangeLog.
+
+
+ Changes in the acs-core packages between OpenACS 5.10.0 and
+ 5.10.1
+
+ New Features
+
+
+
+ Security and Privacy Posture
+ Overview: As expressed as a wish from OpenACS users
+ at the last OpenACS conference, a Security and Privacy
+ Posture Overview
was added that offers a quick
+ overview of the state of the system and eases access to the
+ parameters scattered over different packages in the system.
+ The page offers:
+
+
+ Quick overview
+
+
+ Check of security and privacy relevant package parameters
+
+
+ Permission and accessibility check of mounted packages
+
+
+ Response header check
+
+
+ External library check (CDN vs local usage, vulnerable or
+ outdated libraries) The page is linked from the
+ site-wide-admin page (/acs-admin).
+
+
+
+
+
+
+ Stronger Password Hashes for
+ OpenACS (commit fe2bdb547, 8eee6a932, 52d2c997e,
+ 62d969c85): Introduction of new password hash functions
+ alongside the pre-existing salted-sha1
. The new
+ algorithms are named scram-sha-256
,
+ scrypt-16384-8-1
,
+ argon2-argon2-12288-3-1
,
+ argon2-rfc9106-high-mem
, and
+ argon2-rfc9106-low-mem
. These algorithms can be
+ specified via the kernel package parameter
+ PasswordHashAlgorithm
. The algorithms require a
+ recent version of NaviServer and a recent version of OpenSSL,
+ which serves as a crypto library. This feature enhances
+ security against brute-force attacks on password hashes (when
+ db is compromised). Preferences of the password hash
+ algorithms can be set via kernel package parameter
+ PasswordHashAlgorithm
, the first available
+ algorithm is taken from the preference list, hash re-coding
+ happens automatically at the next login.
+
+
+
+
+ Setting of CSP rules based on MIME
+ types (commit 6bc253f1e, commit 94b8513ae). This is
+ necessary to mitigate certain attacks on static SVG files
+ uploaded to, e.g., the content repository. For example, set
+ the following to the ns/server/$server/acs
+ section of your NaviServer configuration file:
+
+
+
+
+ ns_param StaticCSP {
+ image/svg+xml "script-src 'none'"
+ }
+
+
+
+
+ Support for generic icon
+ names Support for generic icon names, which can
+ be mapped differently depending on the installed packages
+ and themes. The support provides a mapping from a set of
+ generic names to the names provided by different libraries
+ sich as Glyph Icons, Bootstrap Icons, Font-Awsome. The
+ provided support can be inspected on the site-wide page of
+ acs-templating.
+
+ The generic names can be used via the special tag <adp:icon
+ name="NAME" title=....> in .adp-files. By
+ using this feature, one can use font-based icons (like
+ e.g. glyphicons of Bootstrap5, bootstrap-icons, fa-icons,
+ ...) instead of the old-style .gif and .png images. This
+ makes the appearance more uniform, has better resizing
+ behavior, and works more efficiently (fewer requests for
+ embedded resources). Most of the occurrences of the
+ old-style images in standard core and non-core packages in
+ oacs-5-10 are already replaced. (commit c129c89ec,
+ 996740672, e9cae22dc, c7705c68b, a85ea7301, 58ad43055,
+ 737da5514, a05813ec7, 110b2f5d6, 7011c8fd9, 286fd9e58,
+ 927d9d5ef)
+
+
+
+
+
+ Better Automated Site
+ Configurability: Support for installing themes from
+ install.xml (commit 2f9761160).
+
+
+
+
+ Dynamic Cluster Nodes and Cluster
+ Infrastructure (commit 5738761db, 7cbc3e63c,
+ 1a7a7656c, 3faceddc4, 5fba13c0f, 7cbc3e63c, 3faceddc4,
+ 1a7a7656c): Added support for dynamically adding and removal
+ of nodes in an OpenACS cluster. In contrast to static cluster
+ nodes, the IP addresses of dynamic cluster nodes do not have
+ to be provided at startup time. The changes introduce new
+ admin pages and further configuration options.
+
+
+
+
+ Optional Caching Deactivation
+ (commit 75c3f2b25): It is possible to deactivate caching via
+ the ns_cache infrastructure when the
+ NaviServer configuration variable
+ cachingmode is set to
+ none. The change modifies
+ per_thread_cache to behave like a
+ per_connection_cache. This option is useful
+ for cluster configurations, when legacy components do not
+ handle cache coherency (e.g. via
+ acs::clusterwide)
+
+
+
+
+ Support for Cloud Identity
+ Providers (commit e506dee05, fd7af8d17, 06954d83b).
+ Additional Identity providers can be added as secondary
+ registries (e.g., MS Azure via oauth2), to support e.g. logins
+ via the classical register page and via a
+ cloud registry (requires package xooauth for full
+ functionality)
+
+
+
+
+ Client-side double click
+ prevention: This change makes it possible to
+ provide a double click prevention for HTML elements via the
+ CSS class prevent-double-click
. The double
+ click prevention deactivates a button or an anchor element
+ after clicking for a short time (per default for 1s) and
+ ignores in this time window further clicks. The time window
+ can be specified via the data element oacs-timeout. (commit
+ 5f2edeec2a9a831, 916d365aa11f2d)
+
+
+
+
+ Cookie Namespaces (commit
+ ce1573ed8): Important, when multiple OpenACS instances are
+ served from the same domain name, but different cookies have
+ to be used.
+
+
+
+
+
+ Reforms
+
+
+ lc_time_tz_convert: Enforce ISO format for
+ dates and other changes (commit 9a5b5cd97).
+
+
+ template::element validation reform to
+ improve validation on fields (commit 87919f923).
+
+
+ Provide timeouts for caching operations to improve liveliness
+ also when certain calls are hanging (commit 22cd530d4).
+
+
+ Form widget attributes reform consolidating logics for merging
+ tag attributes (commit 3a7fc6a8e).
+
+
+
+ Streamlined resource_info handling by adding versioning and
+ better management of external library dependencies. External
+ libraries can be used from CDN or downloaded, the versions are
+ checked for vulnerabilities, which are reported via posture
+ overview and package-specific site-wide admin pages.
+
+
+
+
+
+ Configuration Changes
+
+
+ Set the (default) theme package on the subsite upon
+ installation (commit 0ff7101b3).
+
+
+ Improved clusterwide operations with new configuration
+ parameters (commit 5738761db).
+
+
+ New configuration options CSSToolkit and
+ IconSet for acs-subsite
+ (commit fc56a275b).
+
+
+ Support specification of allowed tags/attributes/protocols via
+ global package parameters (commit 657cef99a,fc46466e3).
+
+
+ Made ad_html_security_check configurable
+ (commit bc63ee424).
+
+
+ Support for memory units as default cache sizes (commit
+ 68c853abd).
+
+
+
+
+ Bug Fixes
+
+
+ Fixed missing
+ update_content-lob.set_content (commit
+ a3effac23, 4ce8e9fae).
+
+
+ Fixed incorrect HTTP status code on result page (commit
+ 636226cb2).
+
+
+ Fixed signature of service contract implementation (commit
+ b9f0c541c).
+
+
+ Fixed implementation of ad_acs_admin_node
+ (commit 34a823c51).
+
+
+ Fixed reference in doc (commit e596b46f8).
+
+
+ Fixed ad_approval_system_inuse_p
+ implementation (commit bd8afdeeb).
+
+
+ Fixed self-inflicted bug in form variable specification
+ (commit 79e6df943).
+
+
+ Fixed a bug in db_multirow_group_last_row_p
+ (commit aafd1db58).
+
+
+ Fixed issue with ns_parseurl in
+ util::split_location (commit aee571ad1).
+
+
+ Various fixes for Oracle 19c compatibility issues (numerous
+ commits).
+
+
+ Fixed broken function_args definition and other issues (commit
+ 83e45f9b5, d166927d2, etc.).
+
+
+ Fixed a bug in db_driverkey when OpenACS
+ connects to multiple databases, involving the removal of
+ per-thread caching (commit 18e656b00).
+
+
+ Fixed and generalized version_dir handling
+ for download of external resources (commit 8e9a6a5c8).
+
+
+ Fixed selector for click all list callback in core.js (commit
+ 00b9db614).
+
+
+ Fixed a bug in db_foreach with
+ -column_set flag (commit 95e8970d7).
+
+
+ Handle null dates in core.js (commit 1dd928238).
+
+
+ Fixed issues in SQL function calling to avoid incorrect
+ function selection due to typecasting issues (commit
+ bc33e9938).
+
+
+ Corrected problems with session handling in cluster mode and
+ fixed cache coherency issues in clustered environments (commit
+ c0a1cf7b9).
+
+
+
+
+ Improvements
+
+
+ Security Improvements
+
+
+ In addition to the new security features mentioned
+ above, the new release was tested several times by
+ different vulnerability scanners, which triggered a
+ large number of changes as for example strengthening
+ the input tests in page contracts, consequent use of
+ bind variables and permission checks.
+
+
+ New API ad_mktmpdir and
+ ad_opentmpfile (commit a10b55d3d).
+
+
+ Added support for elliptic curve certificates (ecdsa) when
+ the lets-encrypt module from NaviServer is used (commit
+ 2c40f1d9d).
+
+
+ Hardened page contracts, added many constraints to address
+ potential SQI and XQL etc. attacks (many commits,
+ e.g. 8eee6a932, d4846d106)
+
+
+ Warn warning when parametersecret is
+ not set (commit 0ec8f0183).
+
+
+ Safe creation of temporary directories (commit d25ff6593).
+
+
+ Upgraded internal use of JavaScript and HTML standards to
+ improve security and performance (commit e68a73c92).
+
+
+
+
+
+ Performance Improvements
+
+
+ New partial index for a common query in acs-tcl (commit
+ aaaf86adb).
+
+
+ Implemented ad_html_security_check
+ based on ns_parsehtml (commit
+ 387f3de3e).
+
+
+ Added support for NaviServer built-in
+ ns_trim -prefix (commit 500099e0).
+
+
+ Change in storing and displaying util user messages
+ (commit bb0702bf3).
+
+
+
+
+ Additional Filters for Page
+ Contracts
+
+
+ Introduced ad_page_contract filter
+ object type (commit 2f9d127a0).
+
+
+ Introduced a new clock page contract
+ filter (commit 5544faffc).
+
+
+ Introduced new tmpfile page contract
+ filter (commit 1a179e9bc).
+
+
+ Allow more characters in argument specs (commit
+ f952d9d5e).
+
+
+
+
+ Code Refactoring
+
+
+ Added a new procedure ad_log_deprecated
+ for unified logging of deprecated usages (commit
+ 0e03b3358).
+
+
+ Improved configurability of LockfreeCache (commit
+ 9bc412576).
+
+
+ Reform of site-nodes-procs for improved clarity and ease
+ of maintenance, esp. Oracle (commit 3fe93032e).
+
+
+ Update of SQL function calls via API, made it callable
+ during initial bootstrap (commit ad97aa747).
+
+
+ Modernization of idioms and cleanup of deprecated code
+ (e.g., commit a5c537515, e68a73c92, 1d1ff8c4e).
+
+
+ Improved documentation, localization updates, and typo
+ fixes (e.g., commit 5c23325a3, f3590415f, 7a97e0ea0).
+
+
+ Phased out outdated procedures and functions that were
+ superseded by more efficient and secure implementations
+ (e.g., commit 6272226b6).
+
+
+ Deprecated old APIs that no longer align with modern
+ security practices or performance standards (commit
+ cd0af7373).
+
+
+ Removed legacy support for certain outdated browser
+ features and replaced them with modern alternatives
+ (commit a1a7c22a7).
+
+
+ Further reduced divergence between Oracle and Postgres
+ SQL. Target version of Oracle could be 12.*, as Extended
+ support ends in 2022 (see
+https://www.oracle.com/us/support/library/lifetime-support-technology-069183.pdf).
+ This change implies:
+
+
+ change limit ... rownum ...
to standard
+ fetch first ...
+
+
+ use Postgres schemas where available for stored
+ procedures so that they can be invoked with the same
+ Oracle idiom
+
+
+
+
+
+
+ Miscellaneous
+
+
+ Message keys for content repository (commit 2f89a971a).
+
+
+ Make util::join_location usable for UDP
+ and SMTP (commit 01b5c0d61).
+
+
+ Zero-dependency implementations of Modal and Tooltip using
+ CSS and JavaScript (commit db0f52664, 02bfffbb2).
+
+
+ Deprecation of specific functions and APIs in favor of
+ modern replacements (e.g., commit 4493f07b9, 6db041083,
+ 94c505b01).
+
+
+ Extended API: Introduced new API functions like
+ ad_unless_script_abort,
+ aa_silence_log_entries, and
+ util::json2dict to enhance error
+ handling and logging cleanliness (commit aeb027aeb,
+ f455d60c6, e9298cf02).
+
+
+ Expanded timezone data and improved internationalization
+ features, including better locale management and updated
+ localization data (commit 828ab0bd4, 47d478bcf).
+
+
+ Added Support for listing registered URNs (per package on
+ the site-wide admin page of a package, full set on the adm
+ page of acs-templating)
+
+
+ Added support for relative redirects (commit 867d9441e).
+
+
+
+
+ Regression Test:
+
+
+ The regression test was substantially extended and in part
+ overworked
+
+
+ The test includes now checks for resource leaks (tDOM
+ documents and nodes, temporary objects, etc.) and leaves less
+ garbage in the /tmp directory
+
+
+ For the major packages (core and application packages),
+ the tests run without reporting errors.
+
+
+ For the tests of the majro packages, the system.log is now free of
+ error messages (e.g., when handling cases in the test that
+ are supposed to fail)
+
+
+
+
+
+
+ Version requirements
+
+
+ Require NaviServer (i.e. drop AOLserver support). Rationale:
+ AOLserver cannot be compiled with the required modules with
+ recent Tcl versions. Trying to backport NaviServer
+ compatibility functions seems to be an overkill for the
+ OpenACS project.
+
+
+ Bootstrap 3 reached EOL in 2019, Bootstrap 4 had EOL 2022, so
+ we should migrate to Bootstrap 5 (details:
+ https://github.com/twbs/release)
+
+
+ Require Tcl 8.6.2, XOTcl 2.1, PostgreSQL 12 (PostgreSQL 11
+ EOL: November 23), tdom 0.9
+
+
+ Support for fresh installations on Oracle 19c (for details,
+ see:
+oacs-5-10-on-oracle-19c)
+
+
+
+
+
+ Changes in OpenACS Application Packages
+
+
+ New Packages in OpenACS 5.10.1
+
+
+ bootstrap-icons
+
+
+ caldav
+
+
+ captcha
+
+
+ fa-icons
+
+
+ highcharts
+
+
+ openacs-bootstrap5-theme
+
+
+
+ For a description of all packages, see:
+ https://openacs.org/repository/5-10/
+
+
+
+
+
+
+
+ Changes in package "attachments"
+
+ Improvements
+
+
+ Security Improvements
+
+
+ Strengthen page contracts (3b9068ad)
+
+
+
+
+ Code Refactoring
+
+
+ Replace handcrafted HTML icons with new adp:icon adp tag
+ (f45e6406)
+
+
+ Replace deprecated
+ util_commify_number, with
+ lc_numeric (518e1b34)
+
+
+
+
+ Miscellaneous
+
+
+ Document public API (fd5b5e1c)
+
+
+ Improve test suite and cover 100% of public api
+ (3446f91c, c933a64e)
+
+
+
+
+
+
+ Deprecations
+
+
+ attachments::root_folder_map_p ->
+ duplicates functionalities of
+ attachments::root_folder_p (cc3177d1)
+
+
+
+
+
+ Changes in package "calendar"
+
+ New Features
+
+
+ Inclusion of multiple
+ calendars (77f4db84): name calendar forms in a
+ way that multiple calendars can be embedded on the same page
+ (relevant in the context of .LRN portlets)
+
+
+
+
+ Bug Fixes
+
+
+ Javascript fixes (b1d49bc1)
+
+
+ Fix retrieval of a calendar item when a connection context
+ is not available (772449b4, a049d806)
+
+
+
+
+ Improvements
+
+
+ Security Improvements
+
+
+ Improve/harden input validation (many commits)
+
+
+ Don’t expose immutable values as hidden formfields
+ (03e3f2e7, 31955520)
+
+
+
+
+ Code Refactoring
+
+
+ Replace deprecated API (8e6d01a0, 9cfbf8a1)
+
+
+ Streamline idioms (50c5c2d3)
+
+
+ Replace handcrafted HTML icons with new adp:icon adp tag
+ (054c46cc, 8bb2cd6f)
+
+
+ Replace custom calendar widget implementation with
+ native HTML5 form fields and streamline input validation
+ (6bd30d58, f5118fb4)
+
+
+
+
+
+ Miscellaneous
+
+
+
+
+ Improve spelling in catalog files (258edac5)
+
+
+
+
+ Pass properties to master template as literal according
+ to best practices (9598e88e)
+
+
+
+
+ Improve API documentation (d924a307)
+
+
+
+
+ Cleanup vestigial features/dead code (various commits)
+
+
+
+
+ Port of downstream localization (90dbfa96)
+
+
+
+
+ Various typos and formatting improvements
+
+
+
+
+ Increase test suite of functionalities and cover 100% of
+ public api (various commits)
+
+
+
+
+
+
+
+ Deprecations
+
+
+ calendar::adjust_date -> inlined the
+ one occurrence (fbd97314)
+
+
+ calendar::from_sql_datetime,
+ calendar::make_datetime -> not used
+ upstream, superseded by modern clock idioms and HTML5
+ features (bccd1c3a, 7264a2fe)
+
+
+ cal_outlook_gmt_sql -> last usage in
+ the codebase 2002 (1ee22f96)
+
+
+ calendar::item::assign_permission.
+ calendar::assign_permissions ->
+ trivial wrappers over the permission api (a1ddaed5,
+ f174fd12)
+
+
+
+
+
+ Changes in package "captcha"
+
+ Features
+
+
+
+ Bot protection for your
+ form implements template::widget::captcha. This
+ can be used in forms exposed to the public to hinder
+ automated bots. Based on the implementation at
+ https://fossil-scm.org/
+
+
+
+
+ Scalable a new captcha is
+ generated fast, from scratch and on the fly
+
+
+
+
+ No external dependencies
+ this package does not require any external commands or
+ libraries
+
+
+
+
+
+
+ Changes in package "categories"
+
+ Reforms
+
+
+
+ Mark service contract implementations as private (efd3b8e5,
+ 886068d3)
+
+
+
+
+
+ Improvements
+
+
+
+ Performance Improvements
+
+
+
+
+ Create indices on FK constraints (e935a857)
+
+
+
+
+
+
+ Security Improvements
+
+
+
+
+ Add include contracts where missing (40b5bdc3, 667d9cdf,
+ 5d3fb337)
+
+
+
+
+ Strengthen page contracts (1ad80ea6)
+
+
+
+
+
+
+ Code Refactoring
+
+
+
+
+ Replace deprecated
+ template::util::is_true with inline
+ string idiom (f2604994)
+
+
+
+
+ Replace handcrafted HTML icons with new adp:icon adp tag
+ (035bd73b)
+
+
+
+
+ Better qualify command invocation (a693a8be)
+
+
+
+
+
+
+ Miscellaneous
+
+
+
+
+ Cleanup and formatting changes (various commits)
+
+
+
+
+ Increase test suite of functionalities and reach 80.82%
+ coverage of public api (various commits)
+
+
+
+
+ Improved documentation of library file and public API
+ (8da391b1)
+
+
+
+
+
+
+
+
+ Changes in package "chat"
+
+ New Features
+
+
+
+ Anonymous chat
+ participants (3a73986c, 214684f3): use newly
+ introduced support for anonymous users built in xowiki to
+ support not logged-in users
+
+
+
+
+ Chat include (c2ab5967) :
+ Move the main chat rendering in an include to allow reuse in
+ other contexts
+
+
+
+
+
+ Bug Fixes
+
+
+
+ Fix typo in datamodel code affecting new installations
+ (98d26cfa)
+
+
+
+
+ Improve/fix Oracle compatibility (d3e0d69b, cb2e52d0,
+ 04e229f2)
+
+
+
+
+ Allow for arbitrary arguments to be passed when extending
+ inherited methods (95ca0c0e)
+
+
+
+
+ Allow to persist chat messages also in the chat sweeper
+ (4bf7bd59)
+
+
+
+
+
+ Improvements
+
+
+
+ Performance Improvements
+
+
+
+
+ (Postgres only) Improve performances when fetching the
+ available chat rooms using recursive permission api
+ (56d47b31, 0b2cff50)
+
+
+
+
+
+
+ Security Improvements
+
+
+
+
+ Improve SQL quoting (e2146673)
+
+
+
+
+ Harden page contracts and use new contract features from
+ the core (43955d16, 148be6f4, 7f6b5c92)
+
+
+
+
+
+
+ Code Refactoring
+
+
+
+
+ Replace :xo::clusterwide -> ::acs::clusterwide for
+ cluster-aware chaching (76fbfe1f)
+
+
+
+
+ Replace ::xo::db::sql -> ::acs::dc as tcl abstraction
+ for db stored procedures (76fbfe1f)
+
+
+
+
+ Replace deprecated api (928793ce, cb2e52d0)
+
+
+
+
+ Replace handcrafted HTML icons with new adp:icon adp tag
+ (054c46cc)
+
+
+
+
+ Reduce layers of redirection when accessing a chat room
+ (4f57e272)
+
+
+
+
+
+
+ Miscellaneous
+
+
+
+
+ Prefer message keys from core packages (943daaa3)
+
+
+
+
+ Cleanup vestigial features/dead code (23fe7d3a,
+ b8d5da6d, d7434cae)
+
+
+
+
+ Pass properties to master template as literal according
+ to best practices (98a2b1ec)
+
+
+
+
+ Extend test suite to 100% public API coverage (117c66e3,
+ 210e3f16, b2abc81c, fe60e3d1)
+
+
+
+
+ Improve configurability and styling of the chat
+ includelet (54bb236f, 289ddee6)
+
+
+
+
+ Streamline idioms (2b0bd209)
+
+
+
+
+ Replace legacy message keys (a465cf76)
+
+
+
+
+ Improve localization (0252ed50)
+
+
+
+
+
+
+
+
+ Changes in package "dotlrn" and associated packages
+
+
+
+ Reforms
+
+
+
+ dotlrn:
+
+
+
+
+ Deactivate obsolete SQL function in creation script
+ (sql/postgresql/dotlrn-create.sql). This complements
+ commit 3a280c7e in acs-kernel (commit 1b845ba0).
+
+
+
+
+ Use dotlrn-bootstrap3-theme as default theme (commit
+ c6547eb8).
+
+
+
+
+
+
+ theme-zen: Adapt to
+ commit 3a280c7e (acs-kernel) and c6547eb8 (dotlrn) (commit
+ 6d50cb9b).
+
+
+
+
+
+ Improvements
+
+
+
+ Performance Improvements
+
+
+
+
+ dotlrn: Prefer APIs
+ returning cached values before querying the DB using
+ site_node:: (commit 4d025e63)
+
+
+
+
+ dotlrn-fs: Prefer
+ APIs returning cached values before querying the DB
+ using site_node:: (39bcaf3f)
+
+
+
+
+
+
+ Security Improvements
+
+
+
+
+ dotlrn: Mitigating
+ potential XSS attacks using NaviServer own
+ ns_quotehtml (commit 4476e815)
+
+
+
+
+
+
+ Code Refactoring
+
+
+
+
+ dotlrn:
+
+
+
+
+ Replace deprecated
+ notification::get_interval_id
+ with
+ notification::interval::get_id_from_name
+ (commit 871dd502)
+
+
+
+
+ Replace deprecated
+ notification::get_delivery_method_id
+ with
+ notification::delivery::get_id
+ (commit a9760fc4)
+
+
+
+
+ Replace deprecated
+ template::util::is_true with
+ [string is true -strict $value]
+ (commit 38981891)
+
+
+
+
+ Replace deprecated
+ util_commify_number with
+ lc_numeric (commit 7c14688e)
+
+
+
+
+ Replace deprecated
+ twt::user::create and
+ twt::user::delete with the
+ respective acs::test::user::
+ counterparts (commit dea8673e)
+
+
+
+
+ Cleanup usage of deprecated API
+ template::util::nvl (commit
+ 0775f434, 73b52fba)
+
+
+
+
+ Cleanup usage of deprecated API
+ acs_privacy:: (commit d31c3b6f,
+ 9ae5aa4a)
+
+
+
+
+ Replace deprecated
+ bulk_mail::parameter with
+ parameter::get (commit b10c5f26)
+
+
+
+
+ Replace deprecated
+ forum::new_questions_deny and
+ forum::new_questions_allow with
+ permission::grant (commit
+ 4880f884)
+
+
+
+
+ Replace custom calendar widget implementation with
+ native HTML5 fields (commit 113b1cb4)
+
+
+
+
+
+
+ dotlrn-bm: Replace
+ deprecated bulk_mail::pretty_name
+ with parameter::get (commit b6b7aec1)
+
+
+
+
+ dotlrn-calendar:
+ Reform handling of admin permissions (commit ce9e27d4,
+ 6a9ada80)
+
+
+
+
+ dotlrn-forums:
+
+
+
+
+ Replace deprecated
+ notification::get_interval_id
+ with
+ notification::interval::get_id_from_name
+ (commit d77b24b7)
+
+
+
+
+ Replace deprecated
+ notification::get_delivery_method_id
+ with
+ notification::delivery::get_id
+ (commit 075b8adc)
+
+
+
+
+
+
+ dotlrn-fs: Replace
+ Naviserver ns_mktemp with
+ ad_tmpnam (commit f5fd2c96)
+
+
+
+
+ dotlrn-homework:
+
+
+
+
+ Alter reference to db-error file in acs-subsite
+ (commit d47e5f2c)
+
+
+
+
+ Replace deprecated
+ util_commify_number with
+ lc_numeric (commit 990b0b0a)
+
+
+
+
+ Replace handcrafted HTML icons with adp:icon adp tag
+ (commit 3f1557c2)
+
+
+
+
+
+
+ dotlrn-news:
+
+
+
+
+ Replace deprecated
+ notification::get_interval_id
+ with
+ notification::interval::get_id_from_name
+ (commit 586cc6ae)
+
+
+
+
+ Replace deprecated
+ notification::get_delivery_method_id
+ with
+ notification::delivery::get_id
+ (28661484)
+
+
+
+
+
+
+ dotlrn-static: Fix
+ applet mount point (commit 233e0c6c)
+
+
+
+
+ new-portal:
+
+
+
+
+ Replace export_ns_set_vars with
+ export_vars (commit e8ab835d)
+
+
+
+
+ Prefer adp:icon adp tag over handcrafted HTML icons
+ (commit 7afadf3b)
+
+
+
+
+
+
+
+
+ Miscellaneous
+
+
+
+
+ All packages:
+
+
+
+
+ Cleanup and formatting (various commits)
+
+
+
+
+ Strengthen page contracts (various commits)
+
+
+
+ Document public API, e.g., in new-portal,
+ dotlrn-dotlrn (e.g., commit 75656f6f, 05540825)
+
+
+
+ Improve test coverage, e.g., in
+ dotlrn-portlet (e.g., commit
+ dcfe916b, 712e8793, 59ec97b0)
+
+
+
+
+
+
+
+
+
+
+ Changes in package "faq"
+
+ New Features
+
+
+
+ faq::new API (1fc77330):
+ an API to create an FAQ, also useful for testing
+
+
+
+
+
+ Bug Fixes
+
+
+
+ Fixes for Oracle compatibility (3e5418a3)
+
+
+
+
+
+ Reforms
+
+
+
+ Mark service contract implementations as private (987ef426)
+
+
+
+
+ Mark apm callbacks as private (6861af77)
+
+
+
+
+
+ Improvements
+
+
+
+ Security Improvements
+
+
+
+
+ Harden page contract validation (a2904377, 87d05896,
+ a4c9fc52)
+
+
+
+
+
+
+ Code Refactoring
+
+
+
+
+ Replace deprecated twt::user::create
+ and twt::user::delete with their
+ acs::test::user:: counterpart (27286797)
+
+
+
+
+ Replace handcrafted HTML icons with new adp:icon adp tag
+ (17acc438, 5a7ce6b6)
+
+
+
+
+ Replace rp_form_put with plain ns_set
+ idioms (d7deda66)
+
+
+
+
+
+
+ Miscellaneous
+
+
+
+
+ Cleanup and formatting changes (various commits)
+
+
+
+
+ Increase test suite of functionalities and cover 100% of
+ public api (various commits)
+
+
+
+
+
+
+
+
+ Changes in package "file-storage"
+
+ Bug Fixes
+
+
+
+ Make fs::get_file_package_id more robust
+ to cases where the package_id is not set on the object
+ itself (bbbbf93b)
+
+
+
+
+ Fixes for Oracle compatibility (9a5b9cf4, 0d4331cb,
+ de75d648)
+
+
+
+
+ Fix regression when the files list is rendered in
+ list
format (d0eecbe4)
+
+
+
+
+
+ Reforms
+
+
+
+ Make oacs-dav an optional, uninstallable dependency
+ (c8e3b5f8)
+
+
+
+
+ Make Service Contract implementation private and use the
+ abstract api instead (81ef9be7, 6eee7dbd, 846b226b,
+ f56b331a)
+
+
+
+
+
+ Improvements
+
+
+
+ Performance Improvements
+
+
+
+
+ (Postgres only) Improve performances when fetching
+ folder files using recursive permission api (02f64379)
+
+
+
+
+
+
+ Security Improvements
+
+
+
+
+ Improve server and client-side input validation (various
+ commits)
+
+
+
+
+
+
+ Code Refactoring
+
+
+
+
+ Reduce divergency between Oracle and Postgres codebase
+ (55e70c4f, 2cf7bbf5)
+
+
+
+
+ Replace deprecated
+ template::util::tcl_to_sql_list with
+ NaviServer own ns_dbquotelist
+ (8b1a62d0)
+
+
+
+
+ Replace deprecated twt::user::create
+ and twt::user::delete with their
+ acs::test::user:: counterpart (cbc632d0)
+
+
+
+
+ Cleanup obsolete error catching (d99eccfb)
+
+
+
+
+ Replace handcrafted HTML icons with new adp:icon adp tag
+ (602c473d, 651ab668, 53b1248d)
+
+
+
+
+ Replace ad_tmpnam with
+ ad_opentmpfile and
+ ad_mktmpdir, safer from race
+ conditions (576d51a1, 8a9ac2b9)
+
+
+
+
+
+
+ Miscellaneous
+
+
+
+
+ Cleanup and formatting (various commits)
+
+
+
+
+ Improve test suite and cover 100% of public api (various
+ commits)
+
+
+
+
+
+
+
+ Deprecations
+
+
+
+ fs::add_created_version -> behavior
+ specific to this proc was to
+ fs::add_version, largely similar
+ (815cbaae)
+
+
+
+
+ fs::torrent::get_hashsum -> superseded
+ by NaviServer ns_md command (aaf2751d)
+
+
+
+
+ fs::item_editable_p,
+ fs::item_editable_info -> Unused,
+ unclear usefulness (86cd3917)
+
+
+
+
+ fs::get_archive_extension -> trivial
+ wrapper over the parameter api (aa63e153)
+
+
+
+
+ fs::get_folder_contents -> Not used in
+ the codebase, same result can be achieved with other api
+ (72e444b8)
+
+
+
+
+
+
+ Changes in package "forums"
+
+ Bug Fixes
+
+
+
+ Fix broken message key (74cadd4f)
+
+
+
+
+ Fixes for Oracle compatibility (f5db030e)
+
+
+
+
+ Rely less on values provided by the connection (f85185af)
+
+
+
+
+
+ Reforms
+
+
+
+ Adapt template::element calls after replacing
+ template::util::get_opts (16b22e9e)
+
+
+
+
+ Mark service contract implementations as private (bb6e3b3b)
+
+
+
+
+ Use UTF-8 emojis instead of actual images to render
+ supported smileys in forum posts (335f1ede)
+
+
+
+
+
+ Improvements
+
+
+
+ Performance Improvements
+
+
+
+
+ Avoid transaction when unnecessary (aeb4e876)
+
+
+
+
+ Use cached api when detecting if attachments are
+ supported (83b9a2e8)
+
+
+
+
+
+
+ Security Improvements
+
+
+
+
+ Improve server response in error situations (b2e833ab)
+
+
+
+
+ Harden page contract validation (c92794b8, 22c992f2,
+ 655eea7b, 619b2580, c403e313, 189442f8, 0a4c5d1d)
+
+
+
+
+ Increase permission checking (6ddf512d)
+
+
+
+
+
+
+ Code Refactoring
+
+
+
+
+ Pass properties in adp consistently with @….;literal@
+ best practice (dc2b6f8f, 44d3483e)
+
+
+
+
+ Replace deprecated
+ template::util::is_true with inline
+ string idiom (88c779b5)
+
+
+
+
+ Replace handcrafted HTML icons with new adp:icon adp tag
+ (1b6adbcb, 0cf9dfe4)
+
+
+
+
+
+
+ Miscellaneous
+
+
+
+
+ Cleanup and formatting changes (various commits)
+
+
+
+
+ Increase test suite of functionalities and cover 100% of
+ public api (various commits)
+
+
+
+
+
+
+
+ Deprecations
+
+
+
+ forum::new_questions_allowed_p ->
+ Trivial shotrhand to forum::get (5e7c3e01)
+
+
+
+
+ forum::new_questions_allow and
+ forum::new_questions_deny -> Trivial
+ shorthands to forum::edit
+
+
+
+
+ forum::message::get_attachments ->
+ Unused and repleaceable by other API
+
+
+
+
+
+
+ Changes in package "general-comments"
+
+ Bug Fixes
+
+
+
+ Fixes for Oracle compatibility (e6fdab8b)
+
+
+
+
+
+ Reforms
+
+
+
+ Reimplement add/edit UI to use ad_form and reduce
+ duplication (0842ac32)
+
+
+
+
+
+ Improvements
+
+
+
+ Security Improvements
+
+
+
+
+ Harden page contract validation (a17a883b, 438b62a5,
+ 150c40c4, c08961bd, 993e67b1, 026075fc, b041c11b,
+ b6e063dc, dc08e85c, c34e943b)
+
+
+
+
+
+
+ Code Refactoring
+
+
+
+
+ Replace deprecated export_ns_set_vars
+ with alternative idioms (4892cc8d)
+
+
+
+
+ Replace deprecated ad_convert_to_html
+ with ad_html_text_convert (e48e5624)
+
+
+
+
+
+
+
+
+ Changes in package "proctoring-support"
+
+ New Features
+
+
+
+ Support for mock exams
+ (commit 114d489e): introduce parameter record_p in the main
+ proctoring include allowing to turn off artifacts
+ collection. Useful FOR mock exams.
+
+
+
+
+ Artifacts data model
+ (commit 9acb6bc8, f9206d9e): proctoring artifacts are now
+ stored in actual database tables and not only on the
+ filesystem.
+
+
+
+
+ Test pages (commit
+ 30ea5f4b): the default proctoring installation provides a
+ fully-functional test environment of the admin and regular
+ user functionalities.
+
+
+
+
+ Push updates for new
+ artifacts (commit 337d8cb6): the proctoring
+ display UI now uses websockets to receive push updates from
+ the server when new artifacts are available.
+
+
+
+
+ Artifacts review UI
+ (commit 99cdda4a and various others): the proctoring display
+ UI now enables admin users to review proctoring artifacts
+ via comments or flagging.
+
+
+
+
+ Red border (commit
+ d20cb434): allow one to display an additional border around
+ the proctored window. Useful to increase the visibility of
+ the proctored session in a classroom.
+
+
+
+
+
+ Reforms
+
+
+
+ Proctoring enforcing: captive-portal the proctoring session
+ using a callback mechanism, rather than via includes in the
+ master template (commit 9acb6bc8).
+
+
+
+
+ Stop the proctoring session from the client side when no
+ artifacts are sent for too long (commit 0b87b9e0).
+
+
+
+
+
+ Bug Fixes
+
+
+
+ Be more robust in case of client-side error conditions
+ (commit 64d4dde9, 2c7ff02a, 7dc4239a)
+
+
+
+
+ Use PiP to circumvent browser powersaving that would shut
+ down MediaStreams when a browser is out of focus. (commit
+ 0b87b9e0, c0d97c91)
+
+
+
+
+ Relax enforcing of duplicated images for proctored desktops
+ (commit c72ddbb3)
+
+
+
+
+
+ Improvements
+
+
+
+ Code Refactoring
+
+
+
+
+ Replace deprecated api (various commits)
+
+
+
+
+ Modernize javascript idioms (various commits)
+
+
+
+
+ Maintain an adequate look and feel using both Bootstrap5
+ and Bootstrap3 (70a0f52c, f07dfc06, e913ee2b, 54d4f3cc
+ and others)
+
+
+
+
+ Drop custom implementation of lazy
+ loading
for the proctoring display UI and rely
+ on modern native browser features instead (commit
+ 90d2404c)
+
+
+
+
+
+
+ Usability
+
+
+
+
+ Improve usability of the proctoring display UI on mobile
+ and when using a keyboard (various commits)
+
+
+
+
+
+
+ Miscellaneous
+
+
+
+
+ Improve integration with master template (9acb6bc8,
+ 44729649)
+
+
+
+
+ Streamline idioms (various commits)
+
+
+
+
+ Improved documentation
+
+
+
+
+ Increase test suite of functionalities and cover 100% of
+ public api (various commits)
+
+
+
+
+ Extend package localization. Currently English, German,
+ Italian and Spanish are supported.
+
+
+
+
+
+
+
+
+ Changes in package "xotcl-core"
+
+ New Features
+
+
+
+ Added value checker signed (commit
+ 1ce581a)
+
+
+
+
+ Added value checker oneof (commits
+ 58bc938, 2dbadad, 65575bf, 58bc938).
+
+
+
+
+ Added value checker cr_item_of_package
+ (commit 6fc46f3)
+
+
+
+
+ Provided consistent sorting for Database and Tcl sorts
+ (commit 6effe16)
+
+
+
+
+
+ Bug Fixes
+
+
+
+ Avoiding double quoting (commit 08386db).
+
+
+
+
+ Fixed potential memory leaks
+
+
+
+
+ Free explicitly answer ns_set in
+ database sets
method (commit 158a831)
+
+
+
+
+ Free ns_set storage more eager (when
+ e.g. large queries are used in longer loops) (commit
+ 3d6b05a)
+
+
+
+
+
+
+ Compatibility Fixes for Oracle 19c (commit de4a9a5, 88f8521,
+ 1408e2b)
+
+
+
+
+
+ Improvements
+
+
+
+ Security improvements:
+
+
+
+
+ Support for form_parameter specs with
+ value checkers added (commit 64bb847).
+
+
+
+
+ harden page contracts (commit b0c282d)
+
+
+
+
+
+
+ Performance improvements:
+
+
+
+
+ Improved prepared-statement handling (commit fac52ce)
+
+
+
+
+ Various other changes such as e.g. d22121d
+
+
+
+
+
+
+ Unified package parameter handing between xo* and oacs-core
+ (commit 66ee181)
+
+
+
+
+ Reduced verbosity of logging for streamlined output (commit
+ 0553811).
+
+
+
+
+ Stop sending messages to other (potentially stopped) thread
+ to avoid log messages (commit 0aa8c98).
+
+
+
+
+
+
+ Changes in package "xowiki"
+
+ New Features
+
+
+
+ GUI improvements
+
+
+
+
+ New abstraction xowiki::CSS to provide portability
+ between different frameworks and version of frameworks
+ (commit 99e3331c)
+
+
+
+
+ Added xowiki::bootstrap::card for
+ increased configurability (commits 97685004, 4e09efa9,
+ 136edcc5).
+
+
+
+
+ Use adp:icon for better cross framework compatibility
+ (commits 562e9e48, 19407b34, 71606059)
+
+
+
+
+ Support for Bootstrap5 (commits 97685004, ddae6214,
+ 701612b7, a073060e, de6f0f48, 694c61b5, 48efaa9e,
+ 57a7e91a, b71aacc0, 07be172b and several more)
+
+
+
+
+ Added native CSS classes for Tree renderer and made
+ TreeRenderer more configurable, reduce YUI (commit
+ 83eafdcf).
+
+
+
+
+ Beautify display of CSS tree renderer for deeper trees
+ (commit ab624faa).
+
+
+
+
+
+
+ Chat improvements
+
+
+
+
+ Reduce server-side guessing of browser capabilities and
+ minimize mode-specific JavaScript code (commit
+ 8d98e9bf).
+
+
+
+
+ Support for anonymous users in chat class, allowing
+ mixed participation of authenticated and
+ non-authenticated users (commit d929ec45).
+
+
+
+
+
+
+ Drag and Drop improvements
+
+
+
+
+ Support for drag & drop for reordering items for
+ mobile devices (commit 4489907b).
+
+
+
+
+ Extended functionality of the DropZone widget (commit
+ d65bd411).
+
+
+
+
+
+
+ Added support for archiving of items (commit 4d17aa0e).
+
+
+
+
+
+ Reforms
+
+
+
+ Generalized handling of error pages in disconnected stage
+ (commit b3b677d4).
+
+
+
+
+
+ Configuration Changes
+
+
+
+ Update CDN sources where necessary (commit d4d0d85e).
+
+
+
+
+ Updates of external libraries and CDN providers (commits
+ d4d0d85e, f71db88b, 2986f329, f22f9b0b, e3b9f244, c63f61c9)
+
+
+
+
+ Improved Parameterization *Ability to parameterize
+ www-delete and
+ www-toggle-publish-status with
+ return_url for workflow-specific behavior
+ (commit abba6cd1).
+
+
+
+
+ New package parameter:
+ PackageInitParameter for
+ instance-specific package behavior (commit cc5b9959).
+
+
+
+
+ Added support for passing parameter specs of the form
+ parameter_name:value_constraint to
+ xowiki::Package.get_parameter (commit
+ 9df95cb3).
+
+
+
+
+
+
+
+ Bug Fixes:
+
+
+
+ Test reproducing a bug in
+ acs::test::xpath::get_form_values proc
+ (commit f495cac3).
+
+
+
+
+ Fixed test case returned violation on plain instance (commit
+ 78ec506d).
+
+
+
+
+ Fixed xowiki
+ create_form_with_form_instance automated
+ test (commit a9a37dcc).
+
+
+
+
+ Handle more gracefully the case of missing files on the
+ filesystem (commit 72c1aeeb).
+
+
+
+
+
+ Improvements:
+
+
+
+ Improved autosave support (commit b373091c).
+
+
+
+
+ Added support to check the file types of uploaded content
+ (commit 80756c4b).
+
+
+
+
+ Improved portability
+
+
+
+
+ Added missing Oracle support for Oracle 19c (commit
+ 777eadbc).
+
+
+
+
+ Fix for Oracle 19c issues (commit 777eadbc).
+
+
+
+
+
+
+ Improved error handling
+
+
+
+
+ Improved handling of pages with
+ parent_id == 0 (commit 7637ff52).
+
+
+
+
+ Improved error message clarity and handling (multiple
+ commits).
+
+
+
+
+ Improved warning message (commit 80c69179).
+
+
+
+
+ Various small improvements in handling form pages and
+ error messages (commit 1c11ce20).
+
+
+
+
+
+
+ Various API improvements:
+
+
+
+
+ Updated interface for
+ Page.create_form_page_instance
+ (commit c0ee21d6).
+
+
+
+
+
+
+ Security improvements:
+
+
+
+
+ Enhanced form and query variable validation (commit
+ d405042d).
+
+
+
+
+ Improved safety of SQL queries (commit be15be72).
+
+
+
+
+
+
+ Code Maintenance:
+
+
+
+
+ Cleanup and modernization of code, removal of obsolete
+ and commented code (multiple commits).
+
+
+
+
+ Extended regression test (commit 8daa654b).
+
+
+
+
+ Improved comments (commit 9e9a99f5).
+
+
+
+
+ Improved documentation and cleanup (commit 27609be3).
+
+
+
+
+
+
+
+ Deprecations:
+
+
+
+ Cleanup of deprecated API references and methods (commit
+ b0a9b875, commit fc1e48d1, commit 2c490318).
+
+
+
+
+ Logging of deprecated usages unified under
+ ad_log_deprecated (commit 56d4b9d5).
+
+
+
+
+ Removal of features and scripts no longer in use (commit
+ 726cc0dd, commit c8100365).
+
+
+
+
+ Added @see
to deprecated proc (commit
+ bb2fa23a).
+
+
+
+
+ Got rid of legacy message key
+ menu-Clipboard-Copy (commit ba901036).
+
+
+
+
+
+
+ Changes in package "xowf"
+
+ New Features
+
+
+
+ Improved Support E-Learning applications (mostly inclass
+ exam)
+
+
+
+
+ Support for restricting access to exams based on IP
+ addresses (7fc8473).
+
+
+
+
+ Drag and Drop interface for feedback files (fd68c22).
+
+
+
+
+ Support for pool questions in the test-item family (No
+ specific commit hash related to this feature was found
+ in the provided content).
+
+
+
+
+ Improved support for viewing and downloading exam
+ results (250d5a4).
+
+
+
+
+ Added Support for viewing/altering all configuration
+ options for inclass exams via modal dialogs (39d5063).
+
+
+
+
+ Added Parameter to allow/disallow page translation and
+ spell checker for exams (commits 97e383e, 20a2d49).
+
+
+
+
+
+
+
+ Configuration Changes
+
+
+
+ Turn off production mode by default (363c839).
+
+
+
+
+
+ Bug Fixes
+
+
+
+ Fixed achieved points in exam statistics per question
+ (f05631f).
+
+
+
+
+ Fix for potential loss of statistics for auto-graded exams
+ (fc03d5f).
+
+
+
+
+
+ Improvements
+
+
+
+ Improved Maintainability: Added Site-wide admin pages for
+ xowf (cbb3bc8).
+
+
+
+
+ Improved Performance: Added support for shared workflow
+ definitions (2628b6f).
+
+
+
+
+ Improved GUI:
+
+
+
+
+ Improved support for Bootstrap5 (e.g. commits 8623ebd
+ and a5e1f6c).
+
+
+
+
+ Enhanced usability and styling for inclass exams and
+ workflows (3d33b2a).
+
+
+
+
+
+
+
+
+ Changes in package
+ "xotcl-request-monitor"
+
+ New Features
+
+
+
+ Ability to order by time values in long-calls listing
+ (Commit 031ee35).
+
+
+
+
+ Support for ordering long-calls by start time or by end time
+ in long-calls listing (Commit 7c9ffe9).
+
+
+
+
+
+ Configuration Changes
+
+
+
+ Added configurability to watchdog with parameters like
+ -maxWaiting
and -maxRunning
+ (Commit 60ba4e3).
+
+
+
+
+
+ Improvements
+
+
+
+ Security Improvements
+
+
+
+
+ Protect query-parameters against exceptions with empty
+ values (Commit 176a32b).
+
+
+
+
+ Added safety measures for potential DOS attacks and
+ improved request blocking (Commit ef39b79).
+
+
+
+
+ Improved strictness of tests (Commit ceb4a88).
+
+
+
+
+ Improved description of package parameters (Commit
+ ff8c44d)
+
+
+
+
+ Enhanced the initial population of request-monitor
+ counters for robustness (Commit 622d8f2).
+
+
+
+
+ Switch from xo::db::sql to
+ acs::dc interface (Commit a2d4688).
+
+
+
+
+
+
+
+
+
Index: openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes.xml
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes.xml,v
diff -u -r1.39.2.8 -r1.39.2.9
--- openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes.xml 19 Jul 2023 11:49:32 -0000 1.39.2.8
+++ openacs-4/packages/acs-core-docs/www/xml/for-everyone/release-notes.xml 2 Sep 2024 09:31:40 -0000 1.39.2.9
@@ -38,7 +38,7 @@
linkend="changelog-latest">) since the last release and in the
entire &majorversion;.&minorversion; release sequence .
-->
-
+