Browse Tag by Release

Security release 2.23.1.1, and how to report vulnerabilities

Yesterday, we published the security release BlueSpice 2.23.1.1. Community user Frederic Mohr had reported a severe cross-site-scripting vulnerability with the Shoutbox, where arbitrary JavaScript code could be inserted in the box and would be executed on each page load. The fix he provided contains a minor change in the input handling. The new release fixes this vulnerability. There’s also a patch available for BlueSpice 2.23.1. The monthly release also contains the patch. Downloads and patches can be found at Sourceforge.

We highly recommend to update or patch your existing BlueSpice installations.

I want to thank Frederic for his support! And I’d like to take this chance to sketch out how we handle vulnerability reports. Usually, bugs are reported in our public forum. However, reporting a security related issue also means publishing the vulnerability right away, without giving us the chance to patch the software. Because of this, I ask you to report security issues directly to me by email: glaser@hallowelt.com. If possible, please encrypt the actual description of the vulnerability with GPG. My public key can be found on the MIT keyserver. We will then contact you, verify the vulnerability and provide a patch. After the patch is released, we will request a CVE number to have this properly documented. Of course, credits for finding the vulnerability go to the person that reported it.

BlueSpice 2.23.1 – Patch Release for the Free Enterprise MediaWiki

Today we released BlueSpice 2.23.1 on sourceforge. This is a patch release which you can download on sourceforge.net.

However we focused on bugfixing there are also some notable new features:

  • Database: added experimental SQLite compatibility
  • ExtensionInfo: Added link to Mediawiki version page
  • Shoutbox: mentions of users with @ now possible and with ajax autocomplete
  • SmartList: Added mode “whatlinkshere”

In the BlueSpice helpdesk you will find detailed release notes as well as the installation manual and update manual.

BlueSpice 2.23 – a minor release with many changes

The BlueSpice minor release 2.23 contains much more than one would expect. Dialogues are much faster and the individual design of the skin can be implemented much better. This works, because the skin of the wiki has been has been rearranged. We also worked on the performance, e.g. we added the general caching support for BlueSpice, which supports memcached .

In the following you will get an overview on the most important changes: Continue Reading

BlueSpice 2: The new version coming up later this year!

We started with BlueSpice three years ago in October 2010. Since then, we have gradually expanded and improved the software. In the fall of 2013, we are taking the plunge and publishing a completely revised version.

The new version of BlueSpice builds on the experience we have amassed working with public company wikis and user requests and suggestions. But opening up BlueSpice for developers and vendors is also an important step. We took this into account in the planning stage by inviting our users to participate in a feature poll.  The architectural changes below the surface also have this aim.

The schedule: In October 2013, both the beta and the stable versions will be launched. The good news is that most of the changes have already been done. We don´t want to let the release become a never ending story and so we decided on for a timebox approach. It´s better to have one feature less than to jeopardize the release date. Nevertheless, there is a lot of work which has to be done! Continue Reading

Roadmap: Ideas for the New Version!

A little over two years ago we published the first BlueSpice version. Since that time the software was enhanced enormously. BlueSpice is used in more than 100 countries and the downloads still rise.

No reason for us to pause. This year we will take the software to a higher level. BlueSpice will better cooperate with MediaWiki and will support more languages.

But what else should be done? Which features are missing, how can we optimize the existent ones? Should we focus on improvements the usability or do we need better team management tools?

Join the discussion!

Until July 14th, 2013 we collect and discuss proposals of community members like you at the BlueSpice Feature Poll. The most important and highest rated ideas will likely be included in the next version.

We need your help. Share your ideas with us!

Download BlueSpice 1.21.0 Minor Release

Download
Date: 2013-06-12 This is a minor release (rev 9693).

  • Added support for MediaWiki 1.21
  • Improved MediaWiki Skin support
  • Fixed a lot of bugs

Changes since BlueSpice Core 1.20 / BlueSpice for MediaWiki 1.20

BlueSpice Framework (Core/Adapter)

  • Supported MediaWiki verions are 1.19-1.21
  • Validator: Implemented workaround for PHP bug (https://bugs.php.net/51192) – This affects PHP 5.3.2 (eg. Ubuntu 10.04 LTS)
  • Fixed restriction on specialpages
  • Fixed error when BsMailer::send() was called with just a e-mail address string
  • Removed BsHTmlTidy class
  • Removed Minifier
  • Added i18n for TagErrorList
  • TagFinder: Fixed bug with non-well-formed XML
  • Removed “BlueSpiceFramework.js” from resourceloader module to avoid double loading.
  • Added option for preferences => NO_DEFAULT (usersettings-only options can be marked with it)
  • Added HTMLFormField to provide the possibility, to render images in Preferences
  • Fixed PageContentProvider that caused an “oldid” parameter not to be evaluated
  • Fixed output of URLs in anchor tags

Detailed ChangeLog you will find on our BlueSpice helpdesk.

Starting download BlueSpice 1.21.0 from sourceforge.net.

BlueSpice 1.20.1 (patch release) ready for download

Release date: 2013-01-17 This is a minor release (rev 8207).

Main Changes:

  • Install check: Updated installcheck.php
  • Search: Layout improved
  • Search: „search all namespaces“ is now working
  • Search: new Office formats are going to be indexed
  • InsertLink: Selected WikiText shows up in description field (instead of page link field)
  • MailChanges: Fixed MWException in newer MediaWiki versions
  • VisualEditor: Can be deactivated vor single namespaces
  • Skin: Improvements concerning skin, red links, section editing and in the Gallery-Tag.

Detailed changelog you will find on our BlueSpice helpdesk.
Starting download BlueSpice 1.20.1 from sourceforge.net.

Download BlueSpice 1.20.0 (STABLE)

There is now a stable release:

BlueSpice Core 1.20 / BlueSpice for MediaWiki 1.20

Date: 2012-12-21 This is a major release (rev 7909).

Some improvements:

  • ArticleInfo: Change order of informations
  • Distribution: Tagcloud
  • Distribution: Calendar
  • FeedbackHelper: Feedback to the BlueSpic-Team
  • Framework: Internationalization of MediaWiki
  • Framework: Support for MW 1.17 to 1.21wmf
  • InsertFile: Duplicate
  • InsertFile: Licences
  • InsertMagic: Insert tags and wiki words with a tool
  • MailChanges: Mailtemplates with wiki site
  • PageAccess: Assignment of permissions for single articles
  • ResponsibleEditors: Permissions for resopnsible editors
  • SaferEdit: Improvements within collision detection
  • Shoutbox: Delete shouts
  • SmartList: Newer Tag: Toplist
  • Suche: Autocomplete
  • Suche: Search-as-you-type
  • VisualEditor: Buffering
  • VisualEditor: Improvements of parser