blob: 4d68c3a6d0a7abeeb28aa60a7de7b50ebcfd9ef0 [file] [log] [blame]
Apache Wookie Release Notes
===========================
See https://issues.apache.org/jira/browse/WOOKIE-* (where * is the number of the issue below)
For more detailed information on significant changes, see NEW_AND_NOTEWORTHY
Version 0.15.0
==============
BUGS FIXED
==========
WOOKIE-412
Widget redeploying on Windows fails due to timezone info in path
WOOKIE-416
PHP Connector uses wrong attribute for listing available widgets
IMPROVEMENTS
============
WOOKIE-340
Improve mobile and tablet usability of SimpleChat widget
WOOKIE-408
Add a "default feature" for injecting scripts and CSS
WOOKIE-401
Widget instances: make default width/height returned configurable
WOOKIE-415
Add postWidget functionality for the php connector, similar to the Java connector.
NEW FEATURES
============
None
Known Issues
============
* WOOKIE-222 - There is a known issue when using Tomcat 7.* with Wookie. Sometimes when a widget is actually
loaded, a browser alert box sometimes appears informing the user of a "Session Error".
This is caused by the DWR library used by Wookie for Comet-based widgets handling HTTP-only cookies incorrectly;
Tomcat 7 uses HTTP-only cookies as the default setting to prevent cross-site scripting (XSS) attacks.
A workaround is to add the following to the WEB-INF/web.xml file
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
Note that XSS prevention will still be in place in Tomcat 7; this just disables the additional mechanism
implemented in DWR that conflicts with it.
This is an issue for DWR 2.* with Tomcat 7.* (or earlier versions of Tomcat where useHttpOnly="true" is set.)