| Apache Wookie Release Notes |
| =========================== |
| See https://issues.apache.org/jira/browse/WOOKIE-* (where * is the number of the issue below) |
| |
| For more detailed information on significant changes, see NEW_AND_NOTEWORTHY |
| |
| Version 0.14 |
| ============ |
| |
| BUGS FIXED |
| ========== |
| |
| WOOKIE-403 |
| ProxyServlet doesn't work well on chunked data |
| |
| WOOKIE-406 |
| Widget redeploying fails on Windows |
| |
| WOOKIE-404 |
| Server crashed after long wait, while reloading widget |
| |
| WOOKIE-405 |
| Widget localization does not work |
| |
| WOOKIE-387 |
| deploying flatpack to another wookie results in an error |
| |
| WOOKIE-382 |
| Flatpack function returns wrong widget package |
| |
| WOOKIE-402 |
| Package files are overwritten by updates |
| |
| WOOKIE-399 |
| Twitter widget: public timeline no longer works |
| |
| WOOKIE-290 |
| Widget templates not allowing content to be overwritten properly |
| |
| WOOKIE-386 |
| HTML Hex-encoded unicode entities are incorrectly encoded in start files |
| |
| WOOKIE-44 |
| Default widget returns js "error" when loaded into a browser |
| |
| IMPROVEMENTS |
| ============ |
| |
| WOOKIE-360 |
| Process all start files, not just specified locales |
| |
| WOOKIE-397 |
| Improvements to assetPlayer Template |
| |
| WOOKIE-366 |
| Update to the Walkthrough template and test widget |
| |
| NEW FEATURES |
| ============ |
| |
| None |
| |
| Known Issues |
| ============ |
| |
| * WOOKIE-222 - There is a known issue when using Tomcat 7.* with Wookie. Sometimes when a widget is actually |
| loaded, a browser alert box sometimes appears informing the user of a "Session Error". |
| |
| This is caused by the DWR library used by Wookie for Comet-based widgets handling HTTP-only cookies incorrectly; |
| Tomcat 7 uses HTTP-only cookies as the default setting to prevent cross-site scripting (XSS) attacks. |
| |
| A workaround is to add the following to the WEB-INF/web.xml file |
| |
| <init-param> |
| <param-name>crossDomainSessionSecurity</param-name> |
| <param-value>false</param-value> |
| </init-param> |
| |
| Note that XSS prevention will still be in place in Tomcat 7; this just disables the additional mechanism |
| implemented in DWR that conflicts with it. |
| |
| This is an issue for DWR 2.* with Tomcat 7.* (or earlier versions of Tomcat where useHttpOnly="true" is set.) |