Let's start this blog with an announcement: Foswiki-1.1.9 has been released today, on Foswiki's 5th anniversary. Thanks to all the developers, testers, translators, bug reporters and everyone in the Foswiki community who made Foswiki-1.1.9 possible. Everybody is encouraged to upgrade, even more as a series of further upcoming extensions will be released that depend on the latest and greatest.

This release comes with a set of important security and performance fixes:

  • accumulation of CSS by TablePlugin (Item12480)
  • a major memory leak for certain search strings (Item12585)
  • TOPICLIST macro no longer reveals names of view restricted topics (Item12491)
  • username and password URL params are restricted to POST to the login script (Item12589)
  • additional sanitizing of the URL path is performed

There are a few fixes to the JQueryPlugin shipped with Foswiki. It now comes with jquery-1.10.1 and jquery-2.0.2. You can switch your site to jquery-2.0.2 and still serve jquery-1.10.1 to old Internet Explorers. All of the sub-modules in JQueryPlugin have been updated to the latest upstream packages available.

For those of you developing JavaScript components for Foswiki: we switched from yuicompressor to uglify-js. So you don't need Java anymore … but a recent node-js.

Foswiki-1.1.9 will be the last release on the 1.1.x branch, hopefully. We claimed that before but this time it is for real (fingers crossed). Work on the new 1.2.0 release starts from now on. This is where the train goes now- Foswiki-1.2.0 will have a couple of important fixes on board that didn't make it into 1.1.9 but that's another story. Stay tuned.

