New in JSPWiki 2.11.3 - Released on 02/08/2022

• Engine Lifecycle Extensions
• JSPWIKI-802 - Markdown support improvements
  • Plain editor now understands different wiki syntaxes, with initial support for Markdown
  • org.apache.wiki.markdown.migration.WikiSyntaxConverter to convert from JSPWiki syntax to markdown
• JSPWIKI-1075 - New CsrfProtectionFilter to protect POST requests from CSRF attacks
  • org.apache.wiki.api.core.Session gains new String antiCsrfToken() method
  • Custom templates must ensure that all <form> elements and the commonheader.jsp file contain a <wiki:CsrfProtection/> custom tag (like this and this)
• JSPWIKI-1171 - Ensure Lucene indexes all pages and attachments, even when they don't fit in the cache
• Fixed logout modal dialog not showing up
• Add default application name on <title> elements to templates' templates, and Main as default frontpage is none is defined on default template
• Upgraded bundled dependencies
  • Awaitility to 4.2.0
  • JUnit to 5.9.0
  • HSQLDB to 2.7.0
  • Log4J to 2.18.0
  • Lucene to 8.11.2
  • Mockito to 4.6.1
  • Selenide to 6.6.6
  • Tika to 2.4.1
  • Tomcat to 9.0.65
  • XStream to 1.4.19
• Security Fixes
  • CVE-2022-27166
  • CVE-2022-28730
  • CVE-2022-28731
  • CVE-2022-28732
  • CVE-2022-34158
• Devs only
  • JSPWiki memory footprint can be established by running mvn test -Dtest=MemoryProfiling on the jspwiki-main module
  • TestEngine#shutdown now cleans cache, wiki pages dir and their associated attachments, if any. This allows cleaning up a handful of tests
  • TestEngine#emptyWikiDir deletes both page and attachment directories
  • TestEngine is able to not clean up directories / ensure they have unique names if jspwiki.test.disable-clean-props wiki property is set to true