RELEASE_NOTES - wookie - Git at Google

 Apache Wookie Release Notes
 ===========================
 See https://issues.apache.org/jira/browse/WOOKIE-* (where * is the number of the issue below)

 For more detailed information on significant changes, see NEW_AND_NOTEWORTHY

 Version 0.10.0
 ==============

 Bugs Fixed
 ==========

 	* WOOKIE-167 - Gallery icons for bondi camera & geolocation are missing
 	* WOOKIE-322 - Policies API only validates the origin, not the scope or directive
 	* WOOKIE-15  - Companion document links
 	* WOOKIE-149 - Sudoku widget not working correctly

 Improvements
 ============

 	* WOOKIE-327 - Make widget metadata returned by the REST API more consistent with W3C Widget Config.xml, remove confusing IDs
 	* WOOKIE-263 - Remove deprecated "Services" and related functionality
 	* WOOKIE-320 - Allow GET of Widget to support download of the original .wgt package
 	* WOOKIE-319 - Add DELETE and PUT to /widget API
 	* WOOKIE-318 - Change POST to /widgets to upload, parse and return error messages rather than just drop into /deploy
 	* WOOKIE-324 - POSTing a widget to wookie should return its config.xml metadata
 	* WOOKIE-314 - Filter license headers when concatenating HTML template files
 	* WOOKIE-331 - Move API Keys from the database into a configuration file
 	* WOOKIE-294 - Generalise all templates
 	* WOOKIE-326 - Extend the Java Connector
 	* WOOKIE-317 - Create documentation on how to create/generate wookie release artifacts
 	* WOOKIE-334 - Adding PUT and DELETE to proxify
 	* WOOKIE-330 - Make the Java connector backwards-compatible
 	* WOOKIE-328 - Create "demo widget" capability without requiring rest of the web UI
     * WOOKIE-19  - Write server admin guide
     * WOOKIE-321 - Add functional test cases for Policies API
 	* WOOKIE-20	 - Conform to the LC W3C Widget API specification
 	* WOOKIE-333 - Creating IntelliJ code style and code template files

 New Features
 ============

     * WOOKIE-262 - Create non-UI administration client and capabilities
     * WOOKIE-227 - Implement OpenAjax hub 2.0

 Known Issues
 ============

 	* WOOKIE-222 - There is a known issue when using Tomcat 7.* with Wookie. Sometimes when a widget is actually
 	loaded, a browser alert box sometimes appears informing the user of a "Session Error".

     This is caused by the DWR library used by Wookie for Comet-based widgets handling HTTP-only cookies incorrectly;
     Tomcat 7 uses HTTP-only cookies as the default setting to prevent cross-site scripting (XSS) attacks.

     A workaround is to add the following to the WEB-INF/web.xml file

     <init-param>
         <param-name>crossDomainSessionSecurity</param-name>
         <param-value>false</param-value>
     </init-param>

     Note that XSS prevention will still be in place in Tomcat 7; this just disables the additional mechanism
     implemented in DWR that conflicts with it.

     This is an issue for DWR 2.* with Tomcat 7.* (or earlier versions of Tomcat where useHttpOnly="true" is set.)
	Apache Wookie Release Notes
	===========================
	See https://issues.apache.org/jira/browse/WOOKIE-* (where * is the number of the issue below)

	For more detailed information on significant changes, see NEW_AND_NOTEWORTHY

	Version 0.10.0
	==============

	Bugs Fixed
	==========

	* WOOKIE-167 - Gallery icons for bondi camera & geolocation are missing
	* WOOKIE-322 - Policies API only validates the origin, not the scope or directive
	* WOOKIE-15 - Companion document links
	* WOOKIE-149 - Sudoku widget not working correctly

	Improvements
	============

	* WOOKIE-327 - Make widget metadata returned by the REST API more consistent with W3C Widget Config.xml, remove confusing IDs
	* WOOKIE-263 - Remove deprecated "Services" and related functionality
	* WOOKIE-320 - Allow GET of Widget to support download of the original .wgt package
	* WOOKIE-319 - Add DELETE and PUT to /widget API
	* WOOKIE-318 - Change POST to /widgets to upload, parse and return error messages rather than just drop into /deploy
	* WOOKIE-324 - POSTing a widget to wookie should return its config.xml metadata
	* WOOKIE-314 - Filter license headers when concatenating HTML template files
	* WOOKIE-331 - Move API Keys from the database into a configuration file
	* WOOKIE-294 - Generalise all templates
	* WOOKIE-326 - Extend the Java Connector
	* WOOKIE-317 - Create documentation on how to create/generate wookie release artifacts
	* WOOKIE-334 - Adding PUT and DELETE to proxify
	* WOOKIE-330 - Make the Java connector backwards-compatible
	* WOOKIE-328 - Create "demo widget" capability without requiring rest of the web UI
	* WOOKIE-19 - Write server admin guide
	* WOOKIE-321 - Add functional test cases for Policies API
	* WOOKIE-20 - Conform to the LC W3C Widget API specification
	* WOOKIE-333 - Creating IntelliJ code style and code template files

	New Features
	============

	* WOOKIE-262 - Create non-UI administration client and capabilities
	* WOOKIE-227 - Implement OpenAjax hub 2.0

	Known Issues
	============

	* WOOKIE-222 - There is a known issue when using Tomcat 7.* with Wookie. Sometimes when a widget is actually
	loaded, a browser alert box sometimes appears informing the user of a "Session Error".

	This is caused by the DWR library used by Wookie for Comet-based widgets handling HTTP-only cookies incorrectly;
	Tomcat 7 uses HTTP-only cookies as the default setting to prevent cross-site scripting (XSS) attacks.

	A workaround is to add the following to the WEB-INF/web.xml file

	<init-param>
	<param-name>crossDomainSessionSecurity</param-name>
	<param-value>false</param-value>
	</init-param>

	Note that XSS prevention will still be in place in Tomcat 7; this just disables the additional mechanism
	implemented in DWR that conflicts with it.

	This is an issue for DWR 2.* with Tomcat 7.* (or earlier versions of Tomcat where useHttpOnly="true" is set.)