Release of OpenACS 5.9.0: This is the announcement of the availability of the OpenACS 5.9.0 release. This release contains several secturity and performance improvements as well as new functionality. Since the release of OpenACS 5.8.1, we had the following changes 3658 files changed, 120800 insertions(+), 97617 deletions(-) contributed by 4 committers (Michael Aram, Victor Guerra, Gustaf Neumann, Antonio Pisano) and patch/bugfix providers (Frank Bergmann, Andrew Helsley, Felix Mödritscher, Marcos Moser, Franz Penz, Thomas Renner). These are significantly more changes as the differences in the last releases. All packages of the release were tested with PostgreSQL 9.4.* and Tcl 8.5.*. Here is a short summary of the changes in this release: - The release contains the 78 packages of the oacs-5-8 branch. These packages contain the OpenACS core packages, major application packages (e.g. most the ones used on OpenACS.org), and DotLRN (see detailed list of packages in the attachment). SQL: - Improved performance of acs-object deletion. - Replaced many manual referential integrity calls by built-in handing in PostgreSQL. - Removed various manual bookkeeping and deletion operations in the content repository by built-in handing in PostgreSQL. - Removed tree_sortkey on acs-objects to reduce its size and to speedup operations, where the context-id is changed (could take on large installation several minutes in earlier versions) - Removed several uncalled / redundant SQL statements and functions. - Cleanup of .xql files in acs-subsite: * Some cleanup of .xql files: removed misleading sql-statements from db_* calls, which were ignored due .xql files * Removed bug where same query-name was used in different branches of an if-statement for different sql statements, but the query-name lead to the wrong result. * Removed multiple entries of same query name from .xql files (e.g. the entry "package_create_attribute_list.select_type_info" was 7 (!) times in a single .xql file) Web Interface: - Improve Performance of WebSites created with OpenACS: e.g. move core.js to a body requests, provide kernel parameter ResourcesExpireInterval to specify expiration times for resources. - Much better protection against XSS attacks. - Improved HTML validity (especially for admin pages) - Improved admin interface: - Placed all installation options to a single page. - Added pagination to /admin/applications (was unusable for large sites) - New admin pages for subsites linked from site-wide-admin package (/acs-admin). - Added explanatory text to several admin pages. - Add lightweight support for ckeditor4 for templating::richtext widget (configurable via package parameter "RichTextEditor" of acs-templating. ckeditor4 supports mobile devices (such as iPad, ...) Templating: - Improved theme-ability: Moved more information into theme packages in order to create responsive designs, reduce hard-coding of paths, HTML etc. - Improved include-handling: All includes are now theme-able, interfaces of includes can be defined with "ad_include_contract" (similar to ad_page_contract). - Improved them-ability for display_templates. One can now provide a display_template_name (similar to the sql statement name) to refer to display templates. This enables reusability and is theme-able. - Dimensional slider reform (ad_dimensional): Removed hard-coded table layout from dimensional slider. Add backwards compatible templates - Move hard-coded styles into theme styling - Notification chunks are now theme-able as well (using ad_include_contrat) - Complete template variable suffixes (adding noi18n, addressing bug #2692, full list is now: noquote, noi18n, literal) - Added timeout and configurable secrets for signed url parameters to export_vars/page_contracts. This can be used to secure sensitive operations such as granting permissions since a link can be set to timeout after e.g. 60 seconds; after that, the link is invalid. A secret (password) can be set in section ns/server/$server/acs parameter "parametersecret". For example, one can use now "user_id:sign(max_age=60)" in export_vars to let the exported variable expire after 60 seconds. Misc: - Added ability to show ns_log statements of current request to developer support output when developer support is activated (controlled via package parameter "TclTraceLogServerities" in the acs-tcl package parameters) - Added ability to save data sent by ns_return in files on the file system. This can be used to validate HTML content also for password protected pages (controlled via package parameter "TclTraceSaveNsReturn" in the acs-tcl package parameters) - New API function "ad_log" having the same interface as ns_log, but which logs the calling information (like URL and call-stack) to ease tracking of errors. - Use per-thread caching to reduce number of mutex lock operations and lock contention on various caches (util-memoize, xo_site_nodes, xotcl_object_types) and nsvs (e.g ds_properties) - Improved templating of OpenACS core documentation - Improved Russian Internationalization - Make pretty-names of acs-core packages more consistent - Mark unused functions of acs-tcl/tcl/table-display-procs.tcl as deprecated - Many more bug fixes (from bug tracker and extra) and performance improvements. - Version numbers: * Require PG 9.0 (End Of Life of PostgreSQL 8.4 was July 2014) * Require XOTcl 2.0 (presented at the Tcl conference in 2011). Changes in application packages: - Various bug fixes and improvements for e.g. file-storage, forums, news, notifications, xowiki. - All packages have the following properties: * SQL: + All packages are PostgreSQL 9.1+ compatible (tested with PostgreSQL 9.3) + All SQL files with stored procedures use the recommended $$ quoting + All SQL-functions have regular function arguments instead of the old-style aliases + The function_args() (query-able meta-data) are completed and fixed + Incompatible functions (e.g. for sequences) are replaced. * Tcl: + All packages were brought up Tcl 8.5, including the actual Tcl idioms where appropriate (e.g. using the safer expand operator, range indices, dict, lassign, etc.) + The code was updated to prefer byte-compiled functions instead of legacy functions from ancient Tcl versions + The code works with NaviServer and AOLserver * API: + All packages are free from calls to deprecated code (157 functions are marked as deprecated and will be moved into an "outdated" package in the 5.9 or 6.0 release) + General overhaul of package management + Install-from-local and install-from-repository can be used to install the provided packages based on a acs-core installation. This means that also DotLRN can be installed from repository or from local into an existing OpenACS instance. + Install-from-repository offers filtering functions, allows to install optionally from head-channel (for packages not in the base channel of the installed instance). Install-from-repository works more like an app-store, showing as well vendor information + Packages can be equipped with configuration files (e.g. changing parameters for style packages) + Package developers can upload .apm packages via workflow for review by core members and for inclusion to the repository. The option is integrated with package management, the link is offered for local packages. We hope to attract additional vendors (universities, companies) to make their packages available on this path. + New management-functions for package instances (list, create, delete package instances) + Substantially improved API browser: o Show just relevant parts of .xql files for a function o Provide syntax-highlighting for www scripts as well o Handle more special cases like e.g. util_memoize o Provide links to Tcl functions depending on the installed Tcl version o Provide links to NaviServer or OpenACS functions depending on installed version o Syntax highlighter uses CSS rather than hard-coded markup o Significant performance improvement for large installations This is just a quick wrap-up of the functions, probably many important changes are not summarized so far (especially the functional changes in the application packages). The full list of changes is included in the raw ChangeLog [1]. OpenACS.org runs this package at the newest level (but not all packages of the list are installed on OpenACS.org). The list of application packages contains as well the DotLRN packages. For DotLRN this means essentially: - This release provides an upgrade path from outdated PostgreSQL versions - Use of packaged PostgreSQL distributions without fiddling with PostgreSQL configuration options - Easier installation and maintenance - Larger choice of package combinations The version number of DotLRN changed to 2.8.1 (in accordance to 5.8.1 of OpenACS). [1] http://openacs.org/changelogs/ChangeLog-5.8.1 ============================================================================ Package list of OpenACS 5.8.1: acs-admin acs-api-browser acs-authentication acs-automated-testing acs-bootstrap-installer acs-content-repository acs-core-docs acs-datetime acs-developer-support acs-events acs-kernel acs-lang acs-mail-lite acs-messaging acs-outdated acs-reference acs-service-contract acs-subsite acs-tcl acs-templating acs-translations ajaxhelper assessment assessment-portlet attachments bm-portlet bulk-mail calendar calendar-portlet categories dotlrn dotlrn-assessment dotlrn-bm dotlrn-calendar dotlrn-dotlrn dotlrn-evaluation dotlrn-faq dotlrn-forums dotlrn-fs dotlrn-homework dotlrn-news dotlrn-portlet dotlrn-static dotlrn-xowiki evaluation evaluation-portlet faq faq-portlet file-storage forums forums-portlet fs-portlet general-comments intermedia-driver new-portal news news-portlet notifications oacs-dav openacs-default-theme profile-provider ref-countries ref-language ref-timezones rss-support search static-portlet survey theme-zen tsearch2-driver user-profile versions.tcl views xotcl-core xotcl-request-monitor xowf xowiki xowiki-portlet