5.3 - 31 July 2023

PLEASE NOTE! YOU NEED TO UPGRADE TO 4.35 BEFORE UPGRADING TO 5.xx

Incompatibilities and deprecations

• Users with browse (read only) rights in the Publisher can no longer view the results of a form file
• Support for MD4 and NTLM authentication has been removed
• Consilio has undergone some deep internal changes that may trigger issues in other modules:
  • All changes through the API are now asynchronous and you need to use WaitReady if you rely on them to complete. (we used to synchronously wait after CommitWork until they applied)
  • Consilio now uses Fetch instead of WebBrowser for communication. This should fix a few cornercases where consilio was recursively invoked
  • Consilio no longer waits for the index to be fully available before submitting searches (which could take a long time) but will instead throw a SearchUnavailableException exception.
  • Various Consilio APIs there were deprecated in 5.0 have now been removed
• WHUSER_DISABLED (whuserDisabled) has been deprecated - in the future to you should check for WHUSER_DISABLE_TYPE (whuserDisableType) being set
• Any WRD schema which is used for user and rights management must be based on usermgmt.wrdschema (ie we expect WHUSER_UNIT, WHUSER_LASTLOGIN etc to all exist)
• Consilio site indexing will no longer spider discovered links on pages. You should set up a PageListProvider to ensure indexing of subpages.
  • If you relied on being able to set 'no follow' to keep Consilio from processing indexing links on a page, make sure your PageListProvider honors this setting
• The storage format for Dashboard issue 'snoozes' has changed. All existing snoozes will be ignored
• The new API %IsValidModernEmailAddress is a stricter version of IsValidEmailAddress that implements the browser type=email validation rules and limits the email address to 254 characters (the SMTP limit). This may break emailadresses of the form user@example.net (Real Name) and "Real Name" <user@example.net> but simplifies unique checking.
  • forms and tollium screens that use type=email or inputvalidationcheck=email (and its variants) will now use these new checks
• The logfile formats for notice, debug and accounting are now set to JSON
• We no longer allow external links to be created that look like site:/path to avoid a common copypaste error (when you intended an internal link)
• The WebHare backend now sets a much stricter Content-Security-Policy

Things that are nice to know

• A HareScript implementation of fetch() has been added in wh::internet/fetch.whlib.
  • fetch.whlib also exports a synchronous API through FetchSync
• autocomplete=username can be enabled in forms by setting <formintegraton autocompleteusername="<LABEL>" />
• A YAML 1.2 parser has been added (wh::internet/yaml.whlib)
• The HareScript engine is now partly available as a WASM module to easy integration of HareScript into JavaScript
• Site comments are now added to the site export (dashboard)
• The default mail template no longer formats results in a (responsive) table, which works better with long questions and on mailclients not supporting responsive design
• Markdown documents now enable 'linkify' (automatic links)
• SSO providers can be hidden on the loginscreen and directly invoked using window.triggerWebHareSSO, simplifying internal-only usage of SSO
• Dompack's setupBusyModal simplifies automatically showing a modality layer during eg. RPC calls and other 'UI busy' moments
• WebHare can now host Javascript-backed OpenAPI services, with the webserver handling the necessary routing and authentication
• The Feedback application has switched to html2canvas for better custom font support

Things you should do