Posts by Alexander Ebert

    We're changing the way we use our branches in all of our repositories, paving the way for an accelerated release cadence. These changes will become effective on Wednesday, February 19th, 2020. We highly recommend that you adjust your build processes, in particular all sorts of artifacts, to reflect these changes.

    The New Branch Schema

    Old branches have been tracked in version branches, such as 2.1 or 3.0, for a long time already. However, the current and next version have faced some inconsistencies over the past years, residing in different branches with sometimes unclear rules on when they are migrated into version branches. This has historically lead to some confusion with 3rd party developers that had issues tracking down the correct branch to apply and/or suggest their changes.


    The new schema puts up clear rules on this:

    • Stable version will always reside in version branches, regardless of their age.
    • master is always the development branch that eventually becomes the next stable version.
    • Upon reaching the stable version .0, the master branch is transfered into the appropriate version branch.
    • The next branch has become obsolete, as it is now represented by the master branch.

    Effective Changes: An Example

    The Core's repository (https://github.com/WoltLab/WCF/) will serve as an example for the aforementioned changes:


    TreeBeforeAfter
    Version 2.1.x2.12.1
    Version 3.0.x3.03.0
    Version 3.1.xmaster3.1
    Version 5.2.xnext5.2
    (Next version)---master

    Timeline

    These changes will enter into force on Wednesday, February 19th, 2020.

    The system running all demos will be unavailable tomorrow, Feburar 13th, 2020, between 1:00 pm and 4:00pm CET for maintenance. Existing demos cannot be reached during this time period.


    Requests for new demos are added to a queue and will be processed once the maintance has been completed.


    Update 3:15 pm: The maintenance has been completed successfully.

    We have just released new versions of our products:

    • WoltLab Suite 5.2.2


    Stability releases (also known as "minor releases") aim to solve existing problems in the current version. Like every stability release, they do not introduce new features; It is strongly recommended to apply these updates.

    Performing System Updates

    Open your Administration Control Panel and navigate to Configuration > Packages > List Packages. Please click on the button Search for Updates located in the right corner above the package list.

    Notable Changes

    The list below includes only significant changes, minor fixes or typos are generally left out.

    WoltLab Suite Blog

    • The generated HTML for the article preview was invalid, causing some parts of the preview to not respond to clicks.

    WoltLab Suite Calendar

    • Adjusted the HTML5 metadata to the latest standard.
    • The test for overlapping event dates suffered from a calculation error if the start and end date are equal.

    WoltLab Suite Filebase

    • The text of custom licenses could not be edited.
    • Added support for the import of reviews.

    WoltLab Suite Filebase: Support Threads

    • The support thread was created twice by accident.

    WoltLab Suite Gallery

    • The category filter on the album list did not behave as expected.
    • An incorrect number of image were reported inside the album bbcode.

    WoltLab Suite Forum

    • Empty threads raised an exception due to some incorrect propery accesses.
    • Approving threads had been counted twice in the stats. It is recommended to rebuild the board data after applying this update.
    • RSS feeds that yielded no items after applying the filters will no longer report an error.
    • The list of replies displayed below articles now follow the same order as they appear in the thread.

    WoltLab Suite Core: Conversations

    • The action ConversationAction::markAsRead() no longer implicitly assumes the active user.

    WoltLab Suite Core: Importers

    • MyBB 1.x
      • Incorrect recognition of quotation marks inside font bbcodes.
    • vBulletin 5.x
      • Broader support for different [attach] types.
      • BBCodes in signatures had not been converted.
      • Improved the support for pixel based font sizes.
    • XenForo 2.x
      • Incorrect detection of JSON encoded data.

    WoltLab Suite Core: Infractions

    • The form to issue warnings now correctly applys a predefined reason.

    WoltLab Suite Core

    • Resolved an issue that could cause special trophies to be awarded twice.
    • The system check page suffered from a bad string comparison for MySQL.
    • Attempting to create a new article in the frontend offered multilingual articles even when there is only a single language available.
    • The detection for WebP images failed in PHP 7.0.
    • Streamlined the token validation for pages that require access tokens.
    • HTML entities were encoded twice in the anchor links of the user profile tabs.
    • Hidden dialogs containing an iframe would sometimes react to pointer events.
    • Triple clicking inside a table cell inside the editor will no longer yield invalid markup if the selected content was replaced.
    • Optional "select" fields in the contact form did not support the "(No selection)" option.
    • Improved the DateFormField component, better validation and a consistent usage of UTC dates.
    • Resolved a compatibility issue in the Net_IDNA2 package when used with PHP 7.4.
    • Upgrading from Woltlab Suite 3.1 would previously discard the custom box positions for some pages.
    • The reaction picker was sometimes rendered behind the page header.
    • The fullscreen mode in the editor did not work in some cases.
    • Disabled the edit button in the user list if the active user lacks the required permissions.
    • Detection for misconfigured PHP environments that use opcache but prevent any sort of cache reset.
    • Adjusted the GitHub authentication to match their latest API changes.

    We do not support push notifications at this time, but we do implement desktop notifications. The only difference is that a (background) tab of the site needs to be open in order to deliver the notifications.

    Please disable Rocket Loader, it's broken beyond repair and flagged as "Beta" since its early days. It's known to break JavaScript by mixing up execution order and doing all sort of fancy snakeoil things, that don't really accomplish anything.

    Is there a simple way to block bots and leave all the rest off?

    No, and I will give zero advices in that direction. "Bots" is a very fuzzy term and one has to understand that these are not bad by definition, for instance, search engines use bots for legitimate reasons. Generally speaking, you should not make the mistake of blocking all sorts of things in advance, the chance for false positives is quite significant and you can always take actions when something doesn't behave as expected.

    To be honest, I'm not sure if the WAF is of any actual use. I mean, their filters are much better than the average garbage offered by some webhosts, but in the end they're still some dumb filters that look for specific patterns. They also keep adding new rules regularly, but in the end I turn most of them off again, because they conflict with our site. For instance, it will detect SQL queries and such inside packages uploaded to the Plugin-Store (or the admin panel as in your case), which isn't exactly a problem.


    I guess it boils down to the other software you're running on the same site, for example, WordPress would sure benefit from an additional protection layer, considering its terrible track record. I'm only leaving the WAF online because it blocks some annoying bots, some using custom rules that are a bit more complex.