Difference: TWikiReleaseNotes04x03 (3 vs. 4)
Revision 42010-05-15 - TWikiContributor
| Line: 1 to 1 | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
TWiki Release 4.3.2 (Georgetown), 2009-09-02 | |||||||||||||
| Added: | |||||||||||||
| > > | Note: This is the release note for the previous major release version 4.3.X. This note, TWikiReleaseNotes04x00, TWikiReleaseNotes04x01 and TWikiReleaseNotes04x02 are included with 5.0.X because they contain valuable information for people upgrading from earlier versions. Both for the admin and the users. See TWikiReleaseNotes05x00 for the 5.0.X release notes. | ||||||||||||
On this page:
Introduction | |||||||||||||
| Line: 9 to 11 | |||||||||||||
| TWiki-4.3.1 released on 2009-04-29 introduces security enhancements. This release also introduces use of ISO date format by default. | |||||||||||||
| Changed: | |||||||||||||
| < < | TWiki-4.3.2 released on 2009-09-02 introduces security enhancements (CSRF fix). WYSIWYG editing is enhanced as well, the TinyMCEPlugin is upgraded with latest tinyMCE Javascript library. | ||||||||||||
| > > | TWiki-4.3.2 released on 2009-09-02 introduces security enhancements. | ||||||||||||
| It is highly recommended to upgrade to TWiki-4.3.2. Users will find this release much more stable and secure in daily use. | |||||||||||||
| Line: 48 to 50 | |||||||||||||
| See the full list of bug fixes at the bottom of this topic. | |||||||||||||
| Deleted: | |||||||||||||
| < < | Important Changes1. Added protection against CSRF (cross-site request forgery) in TWiki 4.3.2 patch releaseTWiki protects content updates with a one-time-use crypt token to guard against CSRF exploits. This means that it is no longer possible to hit the browser back button to fix a typo; you get an "invalid crypt token" error message if you try to save again. Workaround: Instead of browser back button, hit the "Edit" button to fix a typo. There is a balance between security and user convenience. A TWiki administrator can enable and disable the crypt token based CSRF protection with the{CryptToken}{Enable} configure setting. For mission critical public TWiki sites it is recommended to enable the crypt token; for firewalled TWiki sites it is usually OK to disable it. | ||||||||||||
Deprecation NoticesThe %MAINWEB% and %TWIKIWEB% variables have been deprecated. For compatibility reasons they are unlikely to ever be removed completely, but you should use the %USERSWEB% and %SYSTEMWEB% variables instead. | |||||||||||||
| Line: 95 to 89 | |||||||||||||
Enhancements | |||||||||||||
| Deleted: | |||||||||||||
| < < |
| ||||||||||||
| |||||||||||||
| Line: 115 to 107 | |||||||||||||
Fixes | |||||||||||||
| Deleted: | |||||||||||||
| < < |
| ||||||||||||
| |||||||||||||
| Line: 191 to 179 | |||||||||||||
Highlights
| |||||||||||||
| Changed: | |||||||||||||
| < < |
| ||||||||||||
| > > |
| ||||||||||||
Enhancements | |||||||||||||
| Changed: | |||||||||||||
| < < |
| ||||||||||||
| > > | TODO | ||||||||||||
Fixes | |||||||||||||
| Changed: | |||||||||||||
| < < |
| ||||||||||||
| > > | TODO | ||||||||||||
|
View topic | History: r6 < r5 < r4 < r3 | More topic actions...   Copyright © 1999-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiReleaseNotes04x03. | |||||||||||||
