| Apache Wookie Release Notes | |
| =========================== | |
| See https://issues.apache.org/jira/browse/WOOKIE-* (where * is the number of the issue below) | |
| For more detailed information on significant changes, see NEW_AND_NOTEWORTHY | |
| Version 0.11.0 | |
| ============== | |
| Bugs Fixed | |
| ========== | |
| * WOOKIE-347 - Demo page does not work in IE9 (due to page being run in quirks mode) | |
| * WOOKIE-346 - DWR 2.0.5 no longer available (Updated to 2.0.10) | |
| * WOOKIE-341 - Walkthrough widget actions show as 'undefined' in IE | |
| Improvements | |
| ============ | |
| * WOOKIE-345 - Refactor model APIs to improve consistency and remove duplication | |
| * WOOKIE-344 - Remove deprecated non-localized model methods | |
| * WOOKIE-343 - Remove remaining references to deprecated model APIs | |
| * WOOKIE-342 - Modify LICENSE and NOTICE files to reflect similar entries as ones found in RAVE distro | |
| New Features | |
| ============ | |
| * WOOKIE-66 - Implement getHost() method of Wave feature | |
| Known Issues | |
| ============ | |
| * WOOKIE-222 - There is a known issue when using Tomcat 7.* with Wookie. Sometimes when a widget is actually | |
| loaded, a browser alert box sometimes appears informing the user of a "Session Error". | |
| This is caused by the DWR library used by Wookie for Comet-based widgets handling HTTP-only cookies incorrectly; | |
| Tomcat 7 uses HTTP-only cookies as the default setting to prevent cross-site scripting (XSS) attacks. | |
| A workaround is to add the following to the WEB-INF/web.xml file | |
| <init-param> | |
| <param-name>crossDomainSessionSecurity</param-name> | |
| <param-value>false</param-value> | |
| </init-param> | |
| Note that XSS prevention will still be in place in Tomcat 7; this just disables the additional mechanism | |
| implemented in DWR that conflicts with it. | |
| This is an issue for DWR 2.* with Tomcat 7.* (or earlier versions of Tomcat where useHttpOnly="true" is set.) |