Known Issues of TWiki 4.2.x Production Releases
These are known issues of
TWiki-4.2.0,
TWiki-4.2.1,
TWiki-4.2.2,
TWiki-4.2.3, and
TWiki-4.2.4, code named
FreetownRelease.
The latest TWiki release is available at
DownloadTWiki.
Security Alerts
- Security Alert L1: Remote Perl code execution with query string to debug TWiki plugins
- Security Alert L1: Apache configuration file upload on TWiki on Windows server
- Security Alert L1: MAKETEXT variable allows arbitrary shell command execution
- Security Alert L3: XSS Vulnerability with topic create and slideshows
- Security Alert L3: XSS Vulnerability with origurl parameter of login script
- Security Alert L3: XSS Vulnerability with rev parameter & login script
- Security Audit L3: Crypt token based fix for cross-site request forgery vulnerability
- Security Alert L2: Cross-site request forgery vulnerability with image tag
- Security Alert L1: TWiki SEARCH variable allows arbitrary shell command execution
- Security Alert L3: Cross-site scripting vulnerability with TWiki URLPARAM variable
- Security Alert L1: Arbitrary Code Execution in Configure Script
Major issues
Minor issues
Major issues
Minor issues
Fixed in |
Description |
Pending Firefox fix |
Preview has been disabled when using Wysiwyg editor because users of Firefox experience a bug in Firefox which means that they loose all they edited when they hit the back button of the browser. We regard this as a minor issue because preview is not really needed when you edit with Wysiwyg. Preview still works in Raw Edit mode. Firefox 3 did not resolve this issue so it is not likely that preview is reintroduced in a near future |
TWiki-4.2.3 |
TWikibug:Item5939 - Rogue <p /> below </html> on every topic in every web |
TWiki-4.2.4 |
TWikibug:Item5967 - viewfile partly broken |
Major issues
Major issues
Minor issues
Fixed in |
Description |
TWiki-4.2.2 |
TWikibug: Item5643 - REVINFO with web specified in topic param renders as though topic does not exist |
TWiki-4.2.2 |
TWikibug:Item5887 - TWiki::Compatibility has undefined variable error |
Pending Firefox fix |
Preview has been disabled when using Wysiwyg editor because users of Firefox experience a bug in Firefox which means that they loose all they edited when they hit the back button of the browser. We regard this as a minor issue because preview is not really needed when you edit with Wysiwyg. Preview still works in Raw Edit mode. Firefox 3 did not resolve this issue so it is not likely that preview is reintroduced in a near future |
Major issues
Fixed in |
Description |
TWiki-4.2.1 or CPAN CGI 3.38 |
If you install TWiki on a very new Linux distribution you may find the error Use of uninitialized value $filename in substitution (s///) at (eval 41) line 23 . The error is not in TWiki but in the CPAN library called "CGI" which is part of the default Perl. At least CGI version 3.37 is known to be broken. The fix is to upgrade this library to 3.38 or higher. See Bugs:Item5727 which also describes how to upgrade the library |
TWiki-4.2.1 |
TWikibug:Item5287 - The link feature in the Wysiwyg editor does not work with internal links and in some cases disable the save button or data entered is lost when you save. There is already a fix for this. You can upgrade WysiwygPlugin and TinyMCEPlugin and this problem is fully resolved. If done from configure this can be done by an admin from a browser and takes two minutes. See HowToUpgradeExtensionsWithConfigure |
TWiki-4.2.1 |
TWikibug:Item5307 - Plugins with beforeAttachmentSaveHandler break file attachments. Public TWiki sites that depend on the BlackListPlugin should upgrade to TWiki 4.2.1 |
Minor issues
Fixed in |
Description |
TWiki-4.2.1 |
TWikibug:Item4946 - urlDecode() not working for characters represented by Unicode code points. We are looking for unicode experts to help fixing and testing. |
TWiki-4.2.1 |
TWikibug:Item5135 - EditTablePlugin must disable initsort when editing table TABLE tag to work with new move row feature. Work around is to place the EDITTABLE tag before the TABLE tag |
TWiki-4.2.1 |
TWikibug:Item5118 - Difference from 4.1.2 - 4.2: Apache loginname no longer works with access control lists |
Pending Firefox fix |
Preview has been disabled when using Wysiwyg editor because users of Firefox experience a bug in Firefox which means that they loose all they edited when they hit the back button of the browser. We regard this as a minor issue because preview is not really needed when you edit with Wysiwyg. Preview still works in Raw Edit mode. Preview may return later in an improved version when we have found a way to work around the Firefox bug |
Bug reports
Please visit the bugs web to review and report bugs.
Discussion
Found a bug? Fill in a report in the bugs web.
Need support? Ask your questions in the Support web, but only after reviewing the support guidelines :-)