WIKINDX / News: Recent posts

Focus: bug fixes

Bug fixes

• Fix a function typing error in libs\PAGING.

Focus: bug fixes, feature enhancements, and improvements

We have prepared a Release Candidate of the next WIKINDX release: X.Y.Z. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.7.1 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Focus: bug fixes, feature enhancements, and improvements

We have prepared a Release Candidate of the next WIKINDX release: X.Y.Z. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.7.1 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Statement on glibc/iconv Vulnerability

Below we reproduce an important PHP security announcement from April 24, 2024.

WIKINDX is not affected by this iconv() vulnerability because the conversion to ISO-2022-CN-EXT encoding is not used and not allowed.

Stéphane Aulery

---

Recently, a bug in glibc version 2.39 and older (CVE-2024-2961) was uncovered where a buffer overflow in character set conversions to the ISO-2022-CN-EXT character set.

This specific buffer overflow in glibc is exploitable through PHP, which uses the iconv functionality in glibc to do character set conversions. Although the bug is exploitable in the context of the PHP Engine, the bug is not in PHP. It is also not directly exploitable remotely.

There are numerous reports online with titles like "Mitigating the iconv Vulnerability for PHP (CVE-2024-2961)" or "PHP Under Attack". These titles are misleading as this is not a bug in PHP itself.

Currently there is no fix for this issue, but there is a workaround described in GLIBC Vulnerability on Servers Serving PHP. It explains a way how to remove the problematic character set from glibc. Perform this procedure for every gconv-modules-extra.conf file that is available on your system.

Additionally it is also good practice for applications to accept only specific charsets, with an allow-list.

Some Linux distributions such as Debian, CentOS, and others, already have published patched variants of glibc. Please upgrade as soon as possible.

Once an update is available in glibc, updating that package on your Linux machine will be enough to alleviate the issue. You do not need to update PHP, as glibc is a dynamically linked library.

PHP users on Windows are not affected.

There will therefore also not be a new version of PHP for this vulnerability.... read more

Dear users,

Two serious security vulnerabilities were recently found in the PHP interpreter. They allow the bypassing of cookie security and the validation of incorrect passwords.

• Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
• Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)... read more

Focus: maintenance

Important information

This version is a maintenance version only to facilitate the transition
from PHP 8.0 to PHP 8.1. its code is strictly identical to version 6.9.0
minus support for PHP 8.0.

Maintenance

• Switch PHP minimum version to 8.1 [#472].

Focus: bug fixes and improvements

Important information

Smarty replaced the 'implode' modifier with the 'join' modifier. This will cause a lot of deprecation warnings if your template is custom. To correct these messages use the new syntax described by the Smarty documentation of join.

Feature enhancements... read more

We have prepared a Release Candidate of the next WIKINDX release: 6.9.0.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

Focus: bug fixes

Important information

This version corrects data loss caused by versions 6.8.0 and 6.8.1. Lost data cannot be recovered.

Bug fixes

• If there were no ideas in the WIKINDX, an upgrade to v6.8.0 or 6.8.1 deleted all rows in the resource_keyword table. If you have upgraded to either of these versions and discover that there are none of the expected keywords when you select Search|Browse...|Keywords, then you will need to restore the previous database before upgrading with the v6.8.2 code.

Focus: bug fixes and improvements

Bug fixes

• If used with PHP 8.4, the polyfills of mb_trim() and mb_ltrim() call mb_rtrim.
• Upstream bugfix of mb_trim and mb_rtrim polyfills: trailing newline was ignored.
• Fix a message warning when configuring plugins through the Admin Components interface and ensure a pluginX menu is displayed even if there is only one plugin enabled for that menu [#670].
• IDEAS: Fix an incorrect link on ideas keywords [#672].
• IDEAS: Fix the next/previous icons and improve navigation through ideas [#672].
• Bump component compatibility version of templates to 6 [#672].... read more

Focus: bug fixes, feature enhancements, improvements, and maintenance

Important information

This version supports PHP 8.0, 8.1, 8.2, 8.3. It’s the first offering PHP 8.3 support.

This version supports the 8.x branch of MySQL, and MariaDB 10.4 and higher.

Feature enhancements

• Added tooltips (short help texts when hovering over a menu item) to selected menu items [#555]. NB all plugin menu structures are changed to take account of this—see the WIKINDX help for details.
• As per [#590], there is an option in Admin|Configure|Resource lists to change the default word conjunction in search fields (OR or AND).
• Embed a full parser for MS Word binary files.
• Support all EndNote XML formats: X1/X4, and X8 and higher.
• Validate DOI resources on input [#504].
• When viewing a single resource, the user and group bibliographies to which the resource belongs can now be edited.
• Ideas can no longer be searched via Advanced search but are searched within their own interface under the Metadata menu.
• Replaced the option to display the bibtex export of an individual resource with an icon that opens a pop-up to display either the bibtex export or the formatted (e.g. APA, IEEE, etc.) resource for copying. Where the formatted resource has a long URL that has been shortened for the display in WIKINDX, this facility allows you to copy the formatted resource with URL intact.
• Add a "Protect case" button in the TinyMCE toolbar [#606].
• New translation: Bulgarian (with DeepL and Google Translate).
• New translation: Czech (with DeepL and Google Translate).
• New translation: Finnish (with DeepL and Google Translate).... read more

We have prepared a Release Candidate of the next WIKINDX release: 6.8.0.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

We have prepared a Release Candidate of the next WIKINDX release: 6.8.0.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

Dear users,

We are happy to announce the second version of our plugin for Dokuwiki. It extends support to several versions of Dokuwiki: Hogfather, Igor, Jack Jackrum.

This plugin develops the initial work of Andreas Wagner (thanks to him) and is adapted to the latest versions of WIKINDX (6.6.0 and higher).

It allows, among other things, to cite resources from your personal WIKINDX in a Dokuwiki page and to automatically create the bibliography for this page.... read more

Focus: maintenance

Important information

This version is a maintenance version only to facilitate the transition
from MySQL 5.7 to MySQL 8.0 and higher, or MariaDB 1.2/1.3 to MariaDB 10.4
and higher.

Its code is strictly identical to that of version 6.7.1,
except for the change of support.

Focus: bug fixes, feature enhancements, and maintenance

Important information

This version is the last supporting MySQL 5.7, MariaDB 10.2 and MariaDB 10.3.
Their maintainers no longer offer security support from 2023 for these versions.
In addition, the functionality gap has grown and causes bugs that we want to limit.

Feature enhancements

• In the search menu, added zoom as a different way to browse resources. The number of resources in the database must be at least 10 * your max. paging links. If you zoom in on resource titles, for example, you will be presented with links like 'aardvark <—> batman', 'batmobile <—> kitten' .... 'zeugma <—> zygote'. If you click on the first link, you might then get links such as 'aardvark <—> animal', 'animus <—> azure', .... 'batch <—> batman'. Clicking further, you will eventually get to a list of resources.
• Where the browser is capable, provide a preview attachment feature. See, for example, single resource view—clicking on the attachment icon launches the preview, clicking on the attachment name downloads the attachment. Operation is very much dependent on what the browser is capable of.
• Allow the 'General' category to be renamed by the admin.
• Related to bug 5, ensure that only populated user and group bibliographies are displayed in Wikindx|Bibliographies.
• For resource lists, split the 'Timestamp' order option into 'Timestamp: added' and 'Timestamp: edited' options.
• Rationalize the behaviour of editing users regarding passwords—if editing user details, leaving both password fields blank will keep the current password—a character in either of the two password fields will start the password validation process.
• Tooltip for attachments.
• Add to the citation engine the detection of imperial and SI measurement units [#417].
• Convert XML style to JSON [#524].
• Upgrade on autopilot.
• New translations: Chinese (zh), Korean (ko), Swedish (sv).... read more

Starting with WIKINDX v6.7.1, we have decided to institute beta releases prior to full releases.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

Starting with WIKINDX v6.7.1, we have decided to institute beta releases prior to full releases.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

Dear users,

The newly released dual version 6.6.8/6.7.0 will mark a change in the development of WIKINDX.

Release Candidate Cycle

The series of versions 6.6.1 to 6.6.8 is a long series of fixes from version 6.6.0, the last of which is the most stable. The same thing had happened on the 6.4.x series.

Indeed, version 6.6.0 released shortly before Christmas 2022 took a year. The rewrite of the citation engine was a colossal undertaking, the fruits of which we hope to see in the months and years to come. However, it caused a lot of bugs.... read more

Focus: maintenance

NB: THIS VERSION IS A MAINTENANCE VERSION ONLY TO FACILITATE THE TRANSITION
FROM PHP 7.4 TO PHP 8.0. ITS CODE IS STRICTLY IDENTICAL TO VERSION 6.6.8
MINUS SUPPORT FOR PHP 7.4.

Maintenance

• Drop PHP 7.4 support.

Focus: bug fixes, feature enhancements, and maintenance

NB: THIS VERSION IS THE LAST SUPPORTING PHP 7.x.

Bug fix

• Fix a number of issues to do with resource, basket, and ideas listing.

Feature enhancements

• Added dictionary paging. For resource lists ordered by creator and title (or attachment when using advanced search to display only attachments), paging can now be set to dictionary (e.g., aardvark <—> batman, batmobile <—> kitten and so on) in MYWIKINDX.... read more

Bug fix

• Bump component compatibility version of plugins to 17.
• Fix MySQL/percona vesion number detection.

Focus: bug fixes

Bug fix

• Fix an issue with displaying attachment lists from advanced search.
• Wrong name of optional bz2 extension.
• Note 'xml' extension as mandatory.
• Missing licence header.
• Missing persistent mode for MySQL.
• Missing socket support for MySQL [#509].
• Replace the image of the statistics bar with CSS code because it is not accessible in some cases.
• Escape histograms tooltips.
• Resource type histograms tooltips were not translated.
• Sort resource type names by following their translation.
• Add missing fields from component.json in Admin Style editor.
• Restore the licence field of component.json file of styles.
• Clear the version table when a component is uninstalled.
• Simplification of the translation system [#511] and standardization of catalogs between the core and the plugins [#510].
• Ensure that the 'Return to list' icon when viewing a single resource is properly pointing back to the basket if basket was the last list type.
• Fix HTML syntaxic errors (empty title and target attributes).
• Fix quicksearch bug with no results when using AND [#517]
• Wrong target attributs in resource view and attachments.
• Follow the W3C standardization recommendation for strings to NFC (see https://www.w3.org/International/questions/qa-html-css-normalization).
• \FORM\selectedBox() could truncate option’s values.

Focus: bug fixes

Bug fix

• Although the database was updated correctly, the checkbox for 'Print PHP errors and warnings to the screen:’ in the Configure menu was always checked.
• Fix a crash when the mailing function is called.

Focus: bug fixes

Bug fix

• Use PHPMailer sender mechanism to set Return-Path header.
• The style cache was corrupted.
• Wrong display of MySQL engine version in debug config page [#515].
• CAST( bla AS INT ) is not a syntax supported by MySQL engine.