Title: TeamPage 6.2.17

TeamPage 6.2.17 is a minor release focused on bug fixes and other improvements. Because TeamPage 6.2.17 includes a fix for a script injection vulnerability, we recommend that all TeamPage customers upgrade as soon as possible. This release also includes the latest release of the TinyMCE rich text editor which is used by TeamPage rich text forms and status.

Download TeamPage 6.2


Table of Contents


Bug Fixes



• Fixed sanitization of certain incoming HTTP request parameters to avoid the possibility of a certain kind of script injection attack. An attacker could have arbitrary Javascript code executed in the user's browser by getting the user to open a specially crafted URL. (Internal12106 / Internal12123 / Internal12129)

• Fixed some recent regressions that were preventing TeamPage's feed reader, including the feed reader setup UI, from working properly. (Server82730 / Server82763)

• Fixed a bug that prevented modifications to the Journal Description setting from appearing to take effect. Modifications would be saved, but wouldn't be reflected in the interface, or where the journal description can be configured to appear (e.g., in the heading of the body of an email digest message). (Server87166)

• Fixed a bug that prevented the TeamPage documents UI from properly reflecting the effects of uploads and other operations performed in the scope of folders outside of the WebDAV repository, such as optionally created non-WebDAV controlled space share folders, or TeamPage installation folders (visible to server administrators only). (Server82987)

• Fixed a bug that could cause the expected filtering of type-ahead completion options offered for certain types of custom form fields to be ignored in certain cases. (Proteus14982)

• Fixed a bug related to concurrent access to in-memory data structures used to track the tags for a given entry or paragraph. This bug could cause certain requests to fail unexpectedly with a generic error message and diagnostic details that mention "java.util.ConcurrentModificationException". (Server85955)

• Fixed a minor bug related to TeamPage's tracking of usage restrictions related to violations of the current license. This bug was never seen "in the wild," but might cause some inconsistencies in the way that TeamPage reported license violations. (Server86192)

• Fixed a bug that could prevent a journal metadata index rebuild from working properly if the TeamPage server was configured with certain legacy settings. (Server87117)

• Fixed a bug that could cause TeamPage to try to rotate or archive log files too early during startup, which could prevent the service from starting up. (Server87116)

• Fixed a bug that caused log file cleanup tasks to run at times they shouldn't. (Server87123)

• Fixed a bug that could prevent setting editors from working properly when TeamPage's recently introduced Colorful Setting Panel Styling is used. (Server87279)

• Fixed TeamPage's handling of a rare issue that could prevent the service from working properly with a journal that is missing the expected creation header record. (Server87199 / Server86187)

• Fixed TeamPage's handling of a very unlikely issue related to looking up a non-existent tag by its journal-unique numeric identifier. The only time this issue is likely to have occurred "in the wild" is when displaying search results from an external search engine collection for a different TeamPage journal, which will not happen in the course of normal usage. Nonetheless, TeamPage now properly handles such lookups without raising unexpected errors. (Server87222)

• TeamPage has changed the service manager used for installing and configuring Windows services in order to address an issue that affected some customers, who were not able to start the Traction service after upgrading to TeamPage 6.2.

Improvements



• TeamPage has now been updated to use the latest version of the TinyMCE rich text editor, which contains a number of bug fixes and improvements compared to earlier versions.

• Improved the display and truncation for very long text strings appearing in section table columns, such as very long article titles. (Server87169 / Server87202)

For Developers



Custom Transformers



Custom Transformers based upon the open source htmlcleaner library can now be set up to use a custom serializer, by setting configuration properties like these:

class=com.traction.sdk.util.HtmlCleanerAdapterTransformer


# Engages the custom serialization mode.
cleaner_SerializationMode=CUSTOM

# The specification for the class 
cleaner_serializer_custom_class=com.example.traction.util.MyCustomHtmlCleanerSerializer

# A custom property that will be available in the class's constructor.
cleaner_serializer_custom_my_custom_property=foobar


For further details, see the Javadoc for the com.traction.sdk.util.HtmlCleanerAdapter transformer.

Custom Form Dialog



TeamPage's custom forms API now has support for choosing which FormDialog class is to be used on the client side. Different FormDialogs have different behaviors, such as those relating to the handling of success or failure of form save operations. The default is generally "entry", because most forms are entry forms, so most custom form developers will not have to choose a different type of FormDialog. But in case of a form that is not meant to create an entry, but which is meant to supply a search or navigation capability, this could be useful. To choose the type of FormDialog, developers can supply the appropriate custom value for the dialogType= form bootstrap property, usually including in as attributes of an action region token. If you are a custom form developer, please file a support request for more information on this capability.

Other Changes



• ReferenceBuckets, and their corresponding custom form fields, can now be associated with any number of entry types. Developers may now specify a comma-separated list of IndexEntryType names in the entry_type= property instead of just one. (Server87156)



Attachments:
Teampage__logo_mark_250x250.jpg
Article: Customer5036 (permalink)
Categories: :Doc:changelog, :Doc:r62
Date: January 5, 2018; 5:40:02 PM EST
Author Name: Dave Shepperton
Author ID: shep