Skip to Content

Release Notes for XWiki 17.9.0

Last modified by Ilie Andriuta on 2025/11/25 18:59
Contents

This is the release notes for XWiki Commons, XWiki Rendering and XWiki Platform. They share the same release notes as they are released together and have the same version.

Users will see with this release a few UI improvements with a new mechanism to save unsaved changes when editing pages, and new macro configuration UI for document tree macro. Also, they will experiment a new security mechanism when accessing external links (only in comments by default), configurable by the admins. For those, this release also introduces new important features and APIs for cluster management, as well as important improvements in the Extension Repository Application released as part of XWiki Standard but not bundled with it. Finally, this release contains dependency upgrades, bug fixes and security fixes, with the highest severity being 5.3/10.

New and Noteworthy (since XWiki 17.8.0)

Full list of issues fixed and Dashboard for 17.9.0.

For Users

Unsaved Changes Kept in Session Storage

 
If you have unsaved changes, e.g. because autosave hasn't been triggered yet, and you leave the realtime collaboration, e.g. by navigating to a different web page or by closing the browser tab, then the editor will keep those changes in the browser's session storage, to be restored when you get back. Given that the page you were editing can be further modified by other users, the editor will try to integrate your unsaved changes next time you edit again, using a 3-way merge, but this can fail due to conflicts, in which case your unsaved changes will be lost. You can rely on this feature to restore unsaved changes in case you leave editing by mistake, but in general it's best to use the Done button to leave the collaboration. See the Realtime WYSIWYG Editor documentation for more information.

Revamping of document tree macro configuration

 
The document tree macro configuration UI have been revamped introducing group of parameters displayed in tabs to simplify finding the various options.

document-tree-macro-first-tab.png
document-tree-macro-filters-tab.png
document-tree-macro-show-tab.png
document-tree-macro-display-tab.png

Extension version page in Repository Application

 
In the Repository Application, the metadata of each version of an extension is now stored in its own page. This also led to display the versions and their release notes in the main page as a filtering/sortable livedata.

version_page.png
versions.png

List of supported extensions in Repository Application

 
Extension support plans now show the list of supported extensions in the extension repository application.

repository-supported-extensions.png

Return to view without creating revisions

 
You can now use the Done button to return to view mode from realtime collaboration without fearing that useless empty page revisions are created. The page is saved, and a new revision is created, only if the content has changed since the last (auto)save. This behavior applies to the Save & Continue shortcut key (Alt+Shift+S) as well. You can force a new empty revision only by specifying a change summary, using either the "Summarize & Done" or the "Summarize Changes" actions from the realtime toolbar. See the Realtime WYSIWYG Editor documentation for more information.

Documentation Linking in Repository Application

 
There's now a "Documentation" button displayed when using the website xproperty to link to an extension's documentation. In addition, that button is styled as a primary button, and the "Download" button is now styled as a default button and has been moved to be the last button displayed (since it's the less useful one).

ExtensionPageButtons.png

For Admins

New security check on external URLs

 
A new security mechanism related to URLs has been put in place in XWiki to inform users when they click on a link leading to an external URL that does not belong to the list of trusted domains. This mechanism is enabled by default only on links put on comments, but can be enabled for the whole wiki too. It reuses the list of trusted domains that can be configured in xwiki.properties, and a new configuration has also been provided to allow specifying specific URLs that can be accessed without any warning from the frontend. Finally it's possible to also disable the new security mechanism thanks to a dedicated configuration. 

#-# [Since 17.9.0]
#-# [Since 17.4.7]
#-# [Since 16.10.14]
#-# Define the policy to use for URL checks performed in the UI, whether the user should be asked for confirmation
#-# when going to an untrusted domain.
#-# Accepted values for this property are: enabled, disabled, or comments.
#-# Enabled means that the check will be enforced in all the wiki UI, disabled that the check will never be
#-# performed, and comments (default value) means that the check will only be performed on links provided in the
#-# comments of the wiki.
#-#
#-# By default this property is set to comments:
# url.frontendUrlCheckPolicy=comments

#-# [Since 17.9.0RC1]
#-# [Since 17.4.6]
#-# [Since 16.10.13]
#-# Allow to allow specific URLs to be accessible from the frontend without asking confirmation, and without
#-# needing to allow and entire domain. The expected format is absolute URLs separated by commas, e.g.:
#-# https://github.com/xwiki/xwiki-platform,https://www.xwiki.org/xwiki/bin/view/Main/WebHome
#-#
#-# By default this property is empty:
# url.allowedFrontendUrls=

external-link-confirmation-dialog.png

Remote Observation Admin

 
It's now possible to access various information about the cluster in the dedicated administration page.

observation_admin.png

For Developers

Remote channels and members

 
New public APIs (both Java and script) have been introduced to manipulate remote observation (clustering) channels and members. Each channel also exposes a leader among the active members. See Observation Module Remote for more details.

Miscellaneous

  • Support for several CSS files in icon themes: When creating an icon set, you can now specify several CSS files, making it easier to support icon sets that require several style sheets.

  • LESS customizations now impact CSS properties: CSS and LESS variables now share a common source of truth. In addition, the LESS customization will now have an impact on CSS variables as long as LESS computation works. Read more

Upgrades

The following runtime dependencies have been upgraded (they have a different release cycle than XWiki Commons, XWiki Rendering and XWiki Platform):

Translations

The following translations have been updated: 

Tested Browsers & Databases

Automated testing

XWiki executes a lot of automated tests during its build, testing all supported configurations. In addition, some manual QA is also executed to try to discover additional problems (see below):

Manual testing

Here is the list of browsers we support and how they have been manually tested for this release:

 BrowserTested on:
Firefox30.pngMozilla Firefox 145Not Tested
Chrome30.pngGoogle Chrome 142Jira Tickets Marked as Fixed in the Release Notes
Edge30.pngMicrosoft Edge 142Not Tested
Safari30.pngSafari 18Not Tested

Here is the list of databases we support and how they have been manually tested for this release:

 DatabaseTested on:
hypersql.pngHyperSQL 2.7.4Not Tested
mariadb.pngMariaDB 11.8Not Tested
mysql.pngMySQL 9.3Jira Tickets Marked as Fixed in the Release Notes
postgresql.pngPostgreSQL 17Not Tested
oracle.pngOracle 19cNot Tested

Here is the list of Servlet Containers we support and how they have been manually tested for this release:

 Servlet ContainerTested on:
tomcat-icon.pngTomcat 11.0.13Jira Tickets Marked as Fixed in the Release Notes
jetty-icon.pngJetty 12.0.25 (XWiki Standalone packaging)Not Tested
jetty-icon.pngJetty 12.0.25Not Tested

Security Issues

Security issues are not listed in issue lists or dashboards to avoid disclosing ways to use them, but they will appear automatically in them once they're disclosed. See the XWiki Security Policy for more details.

Known issues

Backward Compatibility and Migration Notes

General Notes

  • When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
    • xwiki.cfg
    • xwiki.properties
    • web.xml
    • hibernate.cfg.xml
  • Add xwiki.store.migration=1 in xwiki.cfg so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.

API Breakages

The following APIs were modified since XWiki 17.8.0:

No breakage!

Credits

The following people have contributed code and translations to this release (sorted alphabetically):

  • Alfons Soriano 
  • Clément Aubin 
  • Cédric LAMBLIN 
  • Gankov Andrey 
  • Josue-T 
  • LucasC 
  • Manuel Leduc 
  • Marius Dumitru Florea 
  • Mathieu Pace 
  • Michael Hamann 
  • Sereza7 
  • Simon Urli 
  • Simpel 
  • Thomas Mortagne 
  • Vincent Massol 
  • Xiaofei Cui 
  • anonymous 
  • raphj 
  • xrichard 

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected