WIKINDX News

Focus: bug fixes, maintenance

Bug fixes

• Remove a warning about a deprecated '$useimap' argument of PHPMailer.
• Trigger the session gc every 100 requests otherwise the session table size grows too much [#723].
• The sessions were not purged according to the administrator's configuration while the loaded sessions respected this same configuration [#723].
• Ensure a user who is a member of a group bibliography can add to and view resources in that bibliography.
• Ensure the owner of a group bibliography can also browse it.... read more

Focus: bug fixes, feature enhancements, improvements, maintenance, security.

Important information

• This version supports PHP 8.1, 8.2, 8.3, 8.4. It’s the first offering PHP 8.4 support.

Bug fixes

• SQL error when upgrading SoundExplorer plugin with MariaDB 11.5.
• Fix translation loading in TinyMCE on OS with a case-sensitive filesystem.
• In the resource form, don't automatically fill in a series number value when selecting a series in the select box [#691].
• In the resource form, fix an error in adding user Ids to the abstract and note fields [#692].
• Fixes the name of languages ​​displayed by browse search to follow the user's preferred language.
• Fix zoom errors where the paging is less than the total resources in the database [#695].
• Fix a blank front page when the list is set to display resources in the last x days [#697].
• Don't increment the view counter if a resource is missing (crash).
• If the admin has set only the resource originator as able to edit/add attachments, another registered user can now (as should be the case) view those attachments. Along the way, improve checks on who can manipulate attachments.
• Registered users not allowed to edit a resource can now add the resource to a user bibliography (as they can tag the resource with user tags).
• Ensure that the resource originator of a quarantined resource has access to that resource for listing, viewing, and editing.
• When importing a bibliography (if allowed by the admin), a user could tag the import but could not delete the import tag (and associated resources). This has been fixed with a menu option under Resources.
• Don't publish a sitemap when the website is not public.
• Fix a few errors in Advanced Search: a) fields like publisher and collection were not available to search and b) the previous search fields were not stored correctly when reloading the search form.
• Fix an empty innerHTML error in the advanced search form and its results [#697].
• If browsing a user bibliography, the bibliography was not always used as the source for various operations.
• File upload was blocked when memory_limit = -1 (infinity).
• Accept URL of external images longer that 255 characters (8000 max).
• Images containing special characters in their name such as a space were not exported in HTML/RTF documents.
• Fix a small warning when the download of an image fails during RTF/DOCX export.
• Fix base64 encoded media type in paper HTML exports.
• If an image is included more than once in an RTF/HTML export, only the first temporary file was purged at the end of the export.
• Fix missing rows in search_resources and search_abstractnotes. Code to write these rows was missing in the import code for bibtex and endnote (now fixed in this release).
• Ensure, for proceedings and proceedings_article types, that conference organiser, conference name, and publisher are properly handled for display, import, and export.
• When browsing, correct the resource counts for creators, system users, departments, and institutions.
• Use the right mime-type when returning JSON.... read more

Focus: bug fixes, feature enhancements, improvements, maintenance, security.

We have prepared a Release Candidate of the next WIKINDX release: 6.12.0. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.12.0 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Focus: bug fixes, feature enhancements, improvements, maintenance, security.

We have prepared a Release Candidate of the next WIKINDX release: 6.12.0. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.12.0 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Focus: bug fixes, maintenance, and security

Bug fixes

• Ensure messages (no. successful imports, discarded duplicates, etc.) are properly generated for resource importing when browserTabID is enabled.
• When entering a new resource (or editing an existing one), it was not possible to insert a citation in the abstract or notes field.
• In past upgrades, not all collections were properly collated and labelled in the collections table.
• Fix the date of files in release tarballs to the date of the release (EPOCH can confuse FTPs).... read more

Focus: bug fixes, maintenance, and security

We have prepared a Release Candidate of the next WIKINDX release: 6.11.0. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.11.0 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Focus: bug fixes

Bug fixes

• Fix a function typing error in libs\PAGING.

Focus: bug fixes, feature enhancements, and improvements

We have prepared a Release Candidate of the next WIKINDX release: X.Y.Z. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.7.1 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Focus: bug fixes, feature enhancements, and improvements

We have prepared a Release Candidate of the next WIKINDX release: X.Y.Z. Note that this beta version is not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta version in order to ensure that the final 6.7.1 release is of the highest quality. A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect the beta release period to last two(?) weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then please send an email to sirfragalot@users.sourceforge.net and we will contact you asap.... read more

Statement on glibc/iconv Vulnerability

Below we reproduce an important PHP security announcement from April 24, 2024.

WIKINDX is not affected by this iconv() vulnerability because the conversion to ISO-2022-CN-EXT encoding is not used and not allowed.

Stéphane Aulery

Recently, a bug in glibc version 2.39 and older (CVE-2024-2961) was uncovered where a buffer overflow in character set conversions to the ISO-2022-CN-EXT character set.

This specific buffer overflow in glibc is exploitable through PHP, which uses the iconv functionality in glibc to do character set conversions. Although the bug is exploitable in the context of the PHP Engine, the bug is not in PHP. It is also not directly exploitable remotely.

There are numerous reports online with titles like "Mitigating the iconv Vulnerability for PHP (CVE-2024-2961)" or "PHP Under Attack". These titles are misleading as this is not a bug in PHP itself.

Currently there is no fix for this issue, but there is a workaround described in GLIBC Vulnerability on Servers Serving PHP. It explains a way how to remove the problematic character set from glibc. Perform this procedure for every gconv-modules-extra.conf file that is available on your system.

Additionally it is also good practice for applications to accept only specific charsets, with an allow-list.

Some Linux distributions such as Debian, CentOS, and others, already have published patched variants of glibc. Please upgrade as soon as possible.

Once an update is available in glibc, updating that package on your Linux machine will be enough to alleviate the issue. You do not need to update PHP, as glibc is a dynamically linked library.

PHP users on Windows are not affected.

There will therefore also not be a new version of PHP for this vulnerability.... read more

Dear users,

Two serious security vulnerabilities were recently found in the PHP interpreter. They allow the bypassing of cookie security and the validation of incorrect passwords.

• Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756)
• Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096)... read more

Focus: maintenance

Important information

This version is a maintenance version only to facilitate the transition
from PHP 8.0 to PHP 8.1. its code is strictly identical to version 6.9.0
minus support for PHP 8.0.

Maintenance

• Switch PHP minimum version to 8.1 [#472].

Focus: bug fixes and improvements

Important information

Smarty replaced the 'implode' modifier with the 'join' modifier. This will cause a lot of deprecation warnings if your template is custom. To correct these messages use the new syntax described by the Smarty documentation of join.

Feature enhancements... read more

We have prepared a Release Candidate of the next WIKINDX release: 6.9.0.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

Focus: bug fixes

Important information

This version corrects data loss caused by versions 6.8.0 and 6.8.1. Lost data cannot be recovered.

Bug fixes

• If there were no ideas in the WIKINDX, an upgrade to v6.8.0 or 6.8.1 deleted all rows in the resource_keyword table. If you have upgraded to either of these versions and discover that there are none of the expected keywords when you select Search|Browse...|Keywords, then you will need to restore the previous database before upgrading with the v6.8.2 code.

Focus: bug fixes and improvements

Bug fixes

• If used with PHP 8.4, the polyfills of mb_trim() and mb_ltrim() call mb_rtrim.
• Upstream bugfix of mb_trim and mb_rtrim polyfills: trailing newline was ignored.
• Fix a message warning when configuring plugins through the Admin Components interface and ensure a pluginX menu is displayed even if there is only one plugin enabled for that menu [#670].
• IDEAS: Fix an incorrect link on ideas keywords [#672].
• IDEAS: Fix the next/previous icons and improve navigation through ideas [#672].
• Bump component compatibility version of templates to 6 [#672].... read more

Focus: bug fixes, feature enhancements, improvements, and maintenance

Important information

This version supports PHP 8.0, 8.1, 8.2, 8.3. It’s the first offering PHP 8.3 support.

This version supports the 8.x branch of MySQL, and MariaDB 10.4 and higher.

Feature enhancements

• Added tooltips (short help texts when hovering over a menu item) to selected menu items [#555]. NB all plugin menu structures are changed to take account of this—see the WIKINDX help for details.
• As per [#590], there is an option in Admin|Configure|Resource lists to change the default word conjunction in search fields (OR or AND).
• Embed a full parser for MS Word binary files.
• Support all EndNote XML formats: X1/X4, and X8 and higher.
• Validate DOI resources on input [#504].
• When viewing a single resource, the user and group bibliographies to which the resource belongs can now be edited.
• Ideas can no longer be searched via Advanced search but are searched within their own interface under the Metadata menu.
• Replaced the option to display the bibtex export of an individual resource with an icon that opens a pop-up to display either the bibtex export or the formatted (e.g. APA, IEEE, etc.) resource for copying. Where the formatted resource has a long URL that has been shortened for the display in WIKINDX, this facility allows you to copy the formatted resource with URL intact.
• Add a "Protect case" button in the TinyMCE toolbar [#606].
• New translation: Bulgarian (with DeepL and Google Translate).
• New translation: Czech (with DeepL and Google Translate).
• New translation: Finnish (with DeepL and Google Translate).... read more

We have prepared a Release Candidate of the next WIKINDX release: 6.8.0.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

We have prepared a Release Candidate of the next WIKINDX release: 6.8.0.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

Dear users,

We are happy to announce the second version of our plugin for Dokuwiki. It extends support to several versions of Dokuwiki: Hogfather, Igor, Jack Jackrum.

This plugin develops the initial work of Andreas Wagner (thanks to him) and is adapted to the latest versions of WIKINDX (6.6.0 and higher).

It allows, among other things, to cite resources from your personal WIKINDX in a Dokuwiki page and to automatically create the bibliography for this page.... read more

Focus: maintenance

Important information

This version is a maintenance version only to facilitate the transition
from MySQL 5.7 to MySQL 8.0 and higher, or MariaDB 1.2/1.3 to MariaDB 10.4
and higher.

Its code is strictly identical to that of version 6.7.1,
except for the change of support.

Focus: bug fixes, feature enhancements, and maintenance

Important information

This version is the last supporting MySQL 5.7, MariaDB 10.2 and MariaDB 10.3.
Their maintainers no longer offer security support from 2023 for these versions.
In addition, the functionality gap has grown and causes bugs that we want to limit.

Feature enhancements

• In the search menu, added zoom as a different way to browse resources. The number of resources in the database must be at least 10 * your max. paging links. If you zoom in on resource titles, for example, you will be presented with links like 'aardvark <—> batman', 'batmobile <—> kitten' .... 'zeugma <—> zygote'. If you click on the first link, you might then get links such as 'aardvark <—> animal', 'animus <—> azure', .... 'batch <—> batman'. Clicking further, you will eventually get to a list of resources.
• Where the browser is capable, provide a preview attachment feature. See, for example, single resource view—clicking on the attachment icon launches the preview, clicking on the attachment name downloads the attachment. Operation is very much dependent on what the browser is capable of.
• Allow the 'General' category to be renamed by the admin.
• Related to bug 5, ensure that only populated user and group bibliographies are displayed in Wikindx|Bibliographies.
• For resource lists, split the 'Timestamp' order option into 'Timestamp: added' and 'Timestamp: edited' options.
• Rationalize the behaviour of editing users regarding passwords—if editing user details, leaving both password fields blank will keep the current password—a character in either of the two password fields will start the password validation process.
• Tooltip for attachments.
• Add to the citation engine the detection of imperial and SI measurement units [#417].
• Convert XML style to JSON [#524].
• Upgrade on autopilot.
• New translations: Chinese (zh), Korean (ko), Swedish (sv).... read more

Starting with WIKINDX v6.7.1, we have decided to institute beta releases prior to full releases.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

Starting with WIKINDX v6.7.1, we have decided to institute beta releases prior to full releases.

Beta releases are not for production use. However, we would appreciate the help of dedicated WIKINDX users in testing the beta versions in order to ensure that the final release is of the highest quality.

A beta tester should be able to set up and manage a test WIKINDX environment, ideally populated with data from their production environment. We expect each beta release period to last two weeks during which bugs will be reported and fixed. If you are able and willing to beta test with us, then the latest beta test files can be found in BETA RELEASE of Files section.... read more

Dear users,

The newly released dual version 6.6.8/6.7.0 will mark a change in the development of WIKINDX.

Release Candidate Cycle

The series of versions 6.6.1 to 6.6.8 is a long series of fixes from version 6.6.0, the last of which is the most stable. The same thing had happened on the 6.4.x series.

Indeed, version 6.6.0 released shortly before Christmas 2022 took a year. The rewrite of the citation engine was a colossal undertaking, the fruits of which we hope to see in the months and years to come. However, it caused a lot of bugs.... read more