This is where announcements of new releases, features, and other news are posted. IkiWikiUsers are recommended to subscribe to this page's RSS feed.
ikiwiki 3.20170111 released with these changes
- passwordauth: prevent authentication bypass via multiple name parameters (CVE-2017-0356, OVE-20170111-0001)
- passwordauth: avoid userinfo forgery via repeated email parameter (also in the scope of CVE-2017-0356)
- CGI, attachment, passwordauth: harden against repeated parameters (not believed to have been a vulnerability)
- remove: make it clearer that repeated page parameter is OK here
- t/passwordauth.t: new automated test for passwordauth
ikiwiki 3.20170110 released with these changes
- [ Amitai Schleier ]
- wrappers: Correctly escape quotes in git_wrapper_background_command
- [ Simon McVittie ]
- git: use an explicit function parameter for the directory to work in. Previously, we used global state that was not restored correctly on catching exceptions, causing an unintended log message "cannot chdir to .../ikiwiki-temp-working: No such file or directory" with versions >= 3.20161229 when an attempt to revert a change fails or is disallowed
- git: don't run "git rev-list ... -- -- ..." which would select the wrong commits if a file named literally "--" is present in the repository
- check_canchange: log "bad file name whatever", not literal string "bad file name %s"
- t/git-cgi.t: fix a race condition that made the test fail intermittently
- t/git-cgi.t: be more careful to provide a syntactically valid author/committer name and email, hopefully fixing this test on ci.debian.net
- templates, comments, passwordauth: use rel=nofollow microformat for dynamic URLs
- templates: use rel=nofollow microformat for comment authors
- news: use Debian security tracker instead of MITRE for security references. Thanks, anarcat
- Set package format to 3.0 (native)
- d/copyright: re-order to put more specific stanzas later, to get the intended interpretation
- d/source/lintian-overrides: override obsolete-url-in-packaging for OpenID Selector, which does not seem to have any more current URL (and in any case our version is a fork)
- docwiki.setup: exclude TourBusStop from offline documentation. It does not make much sense there.
- d/ikiwiki.lintian-overrides: override script-not-executable warnings
- d/ikiwiki.lintian-overrides: silence false positive spelling warning for Moin Moin
- d/ikiwiki.doc-base: register the documentation with doc-base
- d/control: set libmagickcore-6.q16-3-extra as preferred build-dependency, with virtual package libmagickcore-extra as an alternative, to help autopkgtest to do the right thing
ikiwiki 3.20161229.1 released with these changes
- git: Attribute reverts to the user doing the revert, not the wiki itself.
- git: Do not disable the commit hook while preparing a revert.
ikiwiki 3.20161229 released with these changes
- Security: force CGI::FormBuilder->field to scalar context where necessary, avoiding unintended function argument injection analogous to CVE-2014-1572. In ikiwiki this could be used to forge commit metadata, but thankfully nothing more serious. (CVE-2016-9646)
- Security: try revert operations in a temporary working tree before approving them. Previously, automatic rename detection could result in a revert writing outside the wiki srcdir or altering a file that the reverting user should not be able to alter, an authorization bypass. (CVE-2016-10026 represents the original vulnerability.) The incomplete fix released in 3.20161219 was not effective for git versions prior to 2.8.0rc0. (CVE-2016-9645 represents that incomplete solution.)
- Add CVE references for CVE-2016-10026
- Add automated test for using the CGI with git, including
- Build-depend on libipc-run-perl for better build-time test coverage
- Add missing ikiwiki.setup for the manual test for CVE-2016-10026
- git: don't issue a warning if the rcsinfo CGI parameter is undefined
- git: do not fail to commit changes with a recent git version and an anonymous committer
ikiwiki 3.20161219 released with these changes
- [ Joey Hess ]
- inline: Prevent creating a file named ".mdwn" when the postform is submitted with an empty title.
- [ Simon McVittie ]
- Security: tell
git revertnot to follow renames. If it does, then renaming a file can result in a revert writing outside the wiki srcdir or altering a file that the reverting user should not be able to alter, an authorization bypass. Thanks, intrigeri. (CVE-2016-10026)
- cgitemplate: remove some dead code. Thanks, blipvert
- Restrict CSS matches against header class to not break Pandoc tables with header rows. Thanks, karsk
- Make pagestats output more deterministic. Thanks, intrigeri
- Security: tell
ikiwiki-hosting is an interface on top of Ikiwiki to allow easy management of lots of ikiwiki sites. I developed it for Branchable, an Ikiwiki hosting provider. It has a powerful, scriptable command-line interface, and also includes special-purpose ikiwiki plugins for things like a user control panel.
To get a feel for it, here are some examples:
ikisite create foo.ikiwiki.net --admin http://joey.kitenet.net/ ikisite branch foo.ikiwiki.net bar.ikiwiki.net ikisite backup bar.ikiwiki.net --stdout | ssh otherhost 'ikisite restore bar.ikiwiki.net --stdin'
The ikiwiki.info domain has been moved to a new server. If you can see this, your DNS has already caught up and you are using the new server. By the way, the new server should be somewhat faster. --Joey
Ikiwiki has reached version 3.0 and entered a new phase in its development cycle.
The 3.0 release of ikiwiki changes several defaults and finishes some transitions. You will need to modify your wikis to work with ikiwiki 3.0. A document explaining the process is available in upgrade to 3.0.
The highlights of the changes in version 3.0 include:
- Support for uploading attachments.
- Can rename and remove pages and files via the web.
- Web based setup.
- Blog-style comments as an alternative to Discussion pages.
- Many other new plugins including htmlbalance, format, progress, color, autoindex, cutpaste, hnb, creole, txt, amazon s3, pinger, pingee, edittemplate
- The RecentChanges page is compiled statically, not generated from the CGI.
- Support for additional revision control systems: bzr, monotone
- Support for untrusted git push.
- A new version (3.00) of the plugin API, exporting additional
commonly used functions from
- Nearly everything in ikiwiki is now a plugin, from WikiLinks to page editing, to RecentChanges.
- Far too many bug fixes, features, and enhancements to list here.
Thanks to the many contributors to ikiwiki 3.0, including:
Jelmer Vernooij, Recai Oktaş, William Uther, Simon McVittie, Axel Beckert, Bernd Zeimetz, Gabriel McManus, Paweł Tęcza, Peter Simons, Manoj Srivastava, Patrick Winnertz, Jeremie Koenig, Josh Triplett, thm, Michael Gold, Jason Blevins, Alexandre Dupas, Henrik Brix Andersen, Thomas Keller, Enrico Zini, intrigeri, Scott Bronson, Brian May, Adeodato Simó, Brian Downing, Nis Martensen. (And anyone I missed.)
Also, thanks to the users, bug submitters, and documentation wiki editors. Without you, ikiwiki would just be a little thing I use for my home page.
I've produced a code_swarm visualization of the first 2+ years of ikiwiki's commit history.
PS, while I'm posting links to videos, here's a video of a lightning talk about ikiwiki.
Interesting things to watch for:
- Initial development of ikiwiki to the point it was getting web edits. (First 2 seconds of video!)
- Introduction to plugin support, and later, plugin changes dominating code changes.
- Introduction of openid support and the resulting swarm of openid commenters.
- Switch to git, my name in the logs changes from "joey" to "Joey Hess", and there are more code commits directly from others.
Getting the commit log was tricky because every web commit is in there too, so it has to deal with things like IPs and openids. The code swarm log.pl script will munge the log to handle these, and it was configured with code swarm.config.
Video editing by kino, ffmpeg, ffmpeg2theora, and too many hours of pain.
Audio by the Punch Brothers.
I was asked a good question today: How can a company find someone to work on ikiwiki? To help answer this question, I've set up a consultants page. If you might be interested in being paid to work on ikiwiki, please add your information to the page. --Joey
And here's the first company looking for an ikiwiki developer that I am aware of:
The TOVA Company, a small medical software and hardware company in Portland, Oregon, is looking for developers to add functionality to ikiwiki. We're looking for developers who are already familiar with ikiwiki development, including plugins, and who would be willing to work on a part-time, non-employee, project-based basis for each of the small features that we want. The features we're interested in would obviously be GPL'd, and released to the community (if they'll have them ). Please contact Andrew Greenberg (andrew@thetovacompany) if you're interested. Thanks!
I've gone ahead and moved ikiwiki.info to the faster box mentioned on server speed. Most poll respondants felt the old box was fast enough, but it's getting a bit overloaded with other stuff.
If you can see this, you're seeing the new server. If not, your DNS server hasn't caught up yet. I'll keep the old server up for a while too and merge any changes across since git makes that bog-easy.
Please report any problems..
ikiwiki.info has upgraded to the not yet released ikiwiki 2.30. This version of ikiwiki drops support for subscribing to commit mail notifications for pages. The idea is that you can subscribe to the new RecentChanges feed instead. (Or create your own custom feed of only the changes you're interested in, and subscribe to that.)
So if you were subscribed to mail notifications on here, you'll need to change how you keep track of changes. Please let me know if there are any missing features in the RecentChanges feeds.
Statically building the RecentChanges also has performance implications, I'll keep an eye on server speed..
I've put together a short screencast that covers approximatly the first half of the setup document, and includes a demo of setting up a blog using ikiwiki.
.. And now I've added a second screencast. Note that this uses a script that is only available in the as yet unreleased ikiwiki version 2.15.
Ikiwiki has reached version 2.0 and entered a new phase in its development cycle.
With the 2.0 release of ikiwiki, some major changes have been made to the default configuration:
usedirssetting is enabled by default. This will break all URLs to wikis that did not have
usedirsturned on before, unless you follow the procedure described at switching to usedirs or edit your setup file to turn
usedirs => 0,
- OpenID logins are now enabled by default, if the
Net::OpenID::Consumer perl module is available. Password logins
are also still enabled by default. If you like, you can turn either OpenID
or password logins off via the
An overview of changes in the year since the 1.0 release:
- New improved URLs to pages via
- OpenID support, enabled by default.
- Plugin interface added, with some 60 plugins available, greatly expanding the capabilities of ikiwiki.
- Tags, atom feeds, and generally full-fledged blogging support.
- Fully working utf8.
- Optimisations, approximately 3.5 times as fast as version 1.0.
- Improved scalability to large numbers of pages.
- Improved scalable logo.
- Support for additional revision control systems besides svn: git, tla, mercurial.
- Some support for other markup languages than markdown: rst, textile.
- Unit test suite, with more than 300 tests.
Integrated issue tracking with Ikiwiki by Joey Hess is now available on LinuxWorld.com. (LinuxWorld's author contract also allows this article to become part of the project's documentation.) Learn how to use Ikiwiki inlining and PageSpecs for lightweight workflow. Joey also explains how having the BTS and docs in the project's revision control system can help users of distributed revision control systems keep bug tracking info in sync with code changes.
Quick poll: Do you feel that ikiwiki is fast enough on this server, or should I move it to my much beefier auxiliary server?
It's fast enough (80%)
It's too slow! (12%)
No opinion (8%)
Total votes: 50
If you have specifics on performance issues, you might mention them on the discussion page.
Ikiwiki is now hosted at Branchable.
Ikiwiki now has an IRC channel:
#ikiwiki on irc.oftc.net
The channel features live commit messages for CIA for changes to both ikiwiki's code and this wiki. Plus occasional talk about ikiwiki.
Thanks to JoshTriplett for making this happen.
Ikiwiki has its own domain now, ikiwiki.info. Update your links.
Ikiwiki in svn now has support for using OpenID, a decentralized authentication mechanism that allows you to have one login that you can use on a growing number of websites.
Traditional password-based logins are still supported, but I'm considering switching at least ikiwiki.info over to using only OpenID logins. That would mean blowing away all the currently registered users and their preferences. If you're active on this wiki, I suggest you log out and log back in, try out the OpenID signup process if you don't already have an OpenID, and see how OpenID works for you. And let me know your feelings about making such a switch. --Joey
Accept only OpenID for logins (51%)
Accept only password logins (14%)
Accept both (33%)
Total votes: 149
Some people may consider ikiwiki's default look to be a bit plain. Someone on slashdot even suggested perhaps it uses html 1.0. (Yes, an ikiwiki site has survived its first slashdotting. With static html, that's not very hard..) While the default style is indeed plain, there's more fine-tuning going on than you might think, and it's actually all done with xhtml and style sheets.
Stefano Zacchiroli came up with the idea of adding a css market page where IkiWikiUsers can share style sheets that you've come up with for ikiwiki. This is a great idea and I encourage those of you who have customised stylesheets to post them.
I'm also always looking for minimalistic yet refined additions to the default style sheet, and always appreciate suggestions for it.