WIKINDX News

Focus: security, maintenance

Bug fixes

• When viewing results of a QUICKSEARCH, ensure the toggle switch for search parameters works.
• Ensure musings assigned to a user group can be viewed by all members of that group.

Maintenance

• Update Czesh translation.
• Update Finnish translation.
• Update Hungarian translation.
• Update Korean translation.
• Update Slovenian translation.
• Update Swedish translation.
• Update Chinese translation.
• Update Chinese Traditional translation.

Focus: security, maintenance

Important information

This version, whose code is strictly identical to 6.13.0, 6.14.0, and 6.15.0 increases the minimum supported version of MariaDB (10.5). At the time of this release, earlier versions of MariaDB are no longer maintained.

Maintenance

• Switch MariaDB minimum version to 10.11 [#728].

Focus: security, maintenance

Important information

This version, whose code is strictly identical to 6.13.0 and 6.14.0, increases the minimum supported version of MySQL (8.4) and MariaDB (10.5). At the time of this release, earlier versions of MySQL and MariaDB are no longer maintained.

Maintenance

• Switch MySQL minimum version to 8.4 [#729].
• Switch MariaDB minimum version to 10.5 [#727].

Focus: security, maintenance

Important information

This version supports PHP 8.2, 8.3, 8.4, 8.5.

It is strictly identical to version 6.13.0 but removes support for PHP 8.1.

Maintenance

• Removes support for PHP 8.1 [#667].

Focus: bug fixes, feature enhancements, improvements, maintenance, security.

Important information

This version supports PHP 8.1, 8.2, 8.3, 8.4, 8.5. It’s the first offering PHP 8.5 support.

Bug fixes

• Fix some issues which caused logon operations (user or readOnly) to occasionally fail.
• Fix graph display in visualize plugin after the addition of security measures (embed graphs in display dialog as base64 encoded string).
• Wildcards in search strings ('?' and '*'): safely deal with e.g. "blah ? moreblah" to avoid a fatal error.
• Fix an error in DOCX export related to the CODE HTML entity.
• Fix an error adding/editing users where there are no resources with creators [#737].
• If using bibutils for the conversion of bibliography formats, ensure the output file is downloadable through the standard WIKINDX processes.
• When importing a bibTeX file or pasting bibTeX entries, ensure all selected categories are correctly registered.
• If searching a list and compressing attachments to a zip file, the zip file can now be successfully downloaded [#739].
• When exporting a DOCX file from a list, ensure the interim DOCX folder is deleted after DOCX creation.
• If using browserTabID, fix an issue that caused moderated new user registration to fail (new user was unable to log on).
• If no word is input for QUICKSEARCH, ensure there is a valid error message.
• Replace PHP translation catalogs by JSON, since some of them were corrupted [#742].
• Ensure users who are members of a group bibliography, can select that bibliography when importing resources or adding/editing a new one.
• Fix an issue in MYWIKINDX email notification where the user's preference was not stored.
• Fixes session purging: the session access time was not always recorded in the same time zone [#740][#743].
• User groups: ensure all members of the group can make ideas, musings, and metadata comments available to the group.... read more

Focus: bug fixes, feature enhancements, improvements, maintenance, security.

We have prepared a Release Candidate of the next WIKINDX release: 6.13.0. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.13.0 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Focus: bug fixes, maintenance

Bug fixes

• Remove a warning about a deprecated '$useimap' argument of PHPMailer.
• Trigger the session gc every 100 requests otherwise the session table size grows too much [#723].
• The sessions were not purged according to the administrator's configuration while the loaded sessions respected this same configuration [#723].
• Ensure a user who is a member of a group bibliography can add to and view resources in that bibliography.
• Ensure the owner of a group bibliography can also browse it.... read more

Focus: bug fixes, feature enhancements, improvements, maintenance, security.

Important information

• This version supports PHP 8.1, 8.2, 8.3, 8.4. It’s the first offering PHP 8.4 support.

Bug fixes

• SQL error when upgrading SoundExplorer plugin with MariaDB 11.5.
• Fix translation loading in TinyMCE on OS with a case-sensitive filesystem.
• In the resource form, don't automatically fill in a series number value when selecting a series in the select box [#691].
• In the resource form, fix an error in adding user Ids to the abstract and note fields [#692].
• Fixes the name of languages ​​displayed by browse search to follow the user's preferred language.
• Fix zoom errors where the paging is less than the total resources in the database [#695].
• Fix a blank front page when the list is set to display resources in the last x days [#697].
• Don't increment the view counter if a resource is missing (crash).
• If the admin has set only the resource originator as able to edit/add attachments, another registered user can now (as should be the case) view those attachments. Along the way, improve checks on who can manipulate attachments.
• Registered users not allowed to edit a resource can now add the resource to a user bibliography (as they can tag the resource with user tags).
• Ensure that the resource originator of a quarantined resource has access to that resource for listing, viewing, and editing.
• When importing a bibliography (if allowed by the admin), a user could tag the import but could not delete the import tag (and associated resources). This has been fixed with a menu option under Resources.
• Don't publish a sitemap when the website is not public.
• Fix a few errors in Advanced Search: a) fields like publisher and collection were not available to search and b) the previous search fields were not stored correctly when reloading the search form.
• Fix an empty innerHTML error in the advanced search form and its results [#697].
• If browsing a user bibliography, the bibliography was not always used as the source for various operations.
• File upload was blocked when memory_limit = -1 (infinity).
• Accept URL of external images longer that 255 characters (8000 max).
• Images containing special characters in their name such as a space were not exported in HTML/RTF documents.
• Fix a small warning when the download of an image fails during RTF/DOCX export.
• Fix base64 encoded media type in paper HTML exports.
• If an image is included more than once in an RTF/HTML export, only the first temporary file was purged at the end of the export.
• Fix missing rows in search_resources and search_abstractnotes. Code to write these rows was missing in the import code for bibtex and endnote (now fixed in this release).
• Ensure, for proceedings and proceedings_article types, that conference organiser, conference name, and publisher are properly handled for display, import, and export.
• When browsing, correct the resource counts for creators, system users, departments, and institutions.
• Use the right mime-type when returning JSON.... read more

Focus: bug fixes, feature enhancements, improvements, maintenance, security.

We have prepared a Release Candidate of the next WIKINDX release: 6.12.0. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.12.0 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Focus: bug fixes, feature enhancements, improvements, maintenance, security.

We have prepared a Release Candidate of the next WIKINDX release: 6.12.0. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.12.0 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Focus: bug fixes, maintenance, and security

Bug fixes

• Ensure messages (no. successful imports, discarded duplicates, etc.) are properly generated for resource importing when browserTabID is enabled.
• When entering a new resource (or editing an existing one), it was not possible to insert a citation in the abstract or notes field.
• In past upgrades, not all collections were properly collated and labelled in the collections table.
• Fix the date of files in release tarballs to the date of the release (EPOCH can confuse FTPs).... read more

Focus: bug fixes, maintenance, and security

We have prepared a Release Candidate of the next WIKINDX release: 6.11.0. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.11.0 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Focus: bug fixes

Bug fixes

• Fix a function typing error in libs\PAGING.

Focus: bug fixes, feature enhancements, and improvements

We have prepared a Release Candidate of the next WIKINDX release: X.Y.Z. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.7.1 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Focus: bug fixes, feature enhancements, and improvements

We have prepared a Release Candidate of the next WIKINDX release: X.Y.Z. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.7.1 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Statement on glibc/iconv Vulnerability

Below we reproduce an important PHP security announcement from April 24, 2024.

WIKINDX is not affected by this iconv() vulnerability because the conversion to ISO-2022-CN-EXT encoding is not used and not allowed.

Stéphane Aulery

Recently, a bug in glibc version 2.39 and older (CVE-2024-2961) was uncovered where a buffer overflow in character set conversions to the ISO-2022-CN-EXT character set.

This specific buffer overflow in glibc is exploitable through PHP, which uses the iconv functionality in glibc to do character set conversions. Although the bug is exploitable in the context of the PHP Engine, the bug is not in PHP. It is also not directly exploitable remotely.

There are numerous reports online with titles like "Mitigating the iconv Vulnerability for PHP (CVE-2024-2961)" or "PHP Under Attack". These titles are misleading as this is not a bug in PHP itself.

Currently there is no fix for this issue, but there is a workaround described in GLIBC Vulnerability on Servers Serving PHP. It explains a way how to remove the problematic character set from glibc. Perform this procedure for every gconv-modules-extra.conf file that is available on your system.

Additionally it is also good practice for applications to accept only specific charsets, with an allow-list.

Some Linux distributions such as Debian, CentOS, and others, already have published patched variants of glibc. Please upgrade as soon as possible.

Once an update is available in glibc, updating that package on your Linux machine will be enough to alleviate the issue. You do not need to update PHP, as glibc is a dynamically linked library.

PHP users on Windows are not affected.

There will therefore also not be a new version of PHP for this vulnerability.... read more

Dear users,

Two serious security vulnerabilities were recently found in the PHP interpreter. They allow the bypassing of cookie security and the validation of incorrect passwords.

• Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
• Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)... read more

Focus: maintenance

Important information

This version is a maintenance version only to facilitate the transition
from PHP 8.0 to PHP 8.1. its code is strictly identical to version 6.9.0
minus support for PHP 8.0.

Maintenance

• Switch PHP minimum version to 8.1 [#472].

Focus: bug fixes and improvements

Important information

Smarty replaced the 'implode' modifier with the 'join' modifier. This will cause a lot of deprecation warnings if your template is custom. To correct these messages use the new syntax described by the Smarty documentation of join.

Feature enhancements... read more

We have prepared a Release Candidate of the next WIKINDX release: 6.9.0.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

Focus: bug fixes

Important information

This version corrects data loss caused by versions 6.8.0 and 6.8.1. Lost data cannot be recovered.

Bug fixes

• If there were no ideas in the WIKINDX, an upgrade to v6.8.0 or 6.8.1 deleted all rows in the resource_keyword table. If you have upgraded to either of these versions and discover that there are none of the expected keywords when you select Search|Browse...|Keywords, then you will need to restore the previous database before upgrading with the v6.8.2 code.

Focus: bug fixes and improvements

Bug fixes

• If used with PHP 8.4, the polyfills of mb_trim() and mb_ltrim() call mb_rtrim.
• Upstream bugfix of mb_trim and mb_rtrim polyfills: trailing newline was ignored.
• Fix a message warning when configuring plugins through the Admin Components interface and ensure a pluginX menu is displayed even if there is only one plugin enabled for that menu [#670].
• IDEAS: Fix an incorrect link on ideas keywords [#672].
• IDEAS: Fix the next/previous icons and improve navigation through ideas [#672].
• Bump component compatibility version of templates to 6 [#672].... read more

Focus: bug fixes, feature enhancements, improvements, and maintenance

Important information

This version supports PHP 8.0, 8.1, 8.2, 8.3. It’s the first offering PHP 8.3 support.

This version supports the 8.x branch of MySQL, and MariaDB 10.4 and higher.

Feature enhancements

• Added tooltips (short help texts when hovering over a menu item) to selected menu items [#555]. NB all plugin menu structures are changed to take account of this—see the WIKINDX help for details.
• As per [#590], there is an option in Admin|Configure|Resource lists to change the default word conjunction in search fields (OR or AND).
• Embed a full parser for MS Word binary files.
• Support all EndNote XML formats: X1/X4, and X8 and higher.
• Validate DOI resources on input [#504].
• When viewing a single resource, the user and group bibliographies to which the resource belongs can now be edited.
• Ideas can no longer be searched via Advanced search but are searched within their own interface under the Metadata menu.
• Replaced the option to display the bibtex export of an individual resource with an icon that opens a pop-up to display either the bibtex export or the formatted (e.g. APA, IEEE, etc.) resource for copying. Where the formatted resource has a long URL that has been shortened for the display in WIKINDX, this facility allows you to copy the formatted resource with URL intact.
• Add a "Protect case" button in the TinyMCE toolbar [#606].
• New translation: Bulgarian (with DeepL and Google Translate).
• New translation: Czech (with DeepL and Google Translate).
• New translation: Finnish (with DeepL and Google Translate).... read more

We have prepared a Release Candidate of the next WIKINDX release: 6.8.0.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

We have prepared a Release Candidate of the next WIKINDX release: 6.8.0.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more