The tollium <richtext> component has been removed. The easiest way to replace it is with a <rte type="inline">, and
replacing ->value := "string" with ->value := [ htmltext := StringToBlob("string") ], but ideally you'd switch to
4.19's <richarea>
wh wrd:import no longer runs an automatic metadata update after import
The wrd/objectapi.whlib UpdateWRDSchemaByName and ApplyXMLMetadata calls have been removed
PrepareSchemaForUserManagement and SetupSchemaForWRDAuth should no longer be used. Import mod::system/data/wrdschemas/usermgmtschema.xml into your WRD schema instead
PrepareStandardWebHareManagement should no longer be used. You can now import mod::system/data/wrdschemas/default.wrdschema.xml and set usermgmt := TRUE in CreateWRDSchema
ApplyWRDSchemaDefinitionFile and ApplyWRDSchemaDefinition should no longer be used. Prepare to switch to wrdschema->ApplySchemaDefinition
CreateNewWRDSchema and CreateNewWRDSchemaFromImport have been removed, please use mod::wrd/lib/api.whlib instead to create new schemas (but always prefer moduledefinitions to create schemas if at all possible)
The use of updateat will trigger an error in the log. You should update any affected code.
GetEntityModificationDates has been removed from the (legacy) WRD entities.
If you set a password (scope) at CreateWebSession but simply pass an empty password when opening the session, you'll now get an exception.
Support for at="install" and at="upgrade" has been removed from startup tasks in module definitions. The implementation was never fully race-free so it's best just not to rely on 'at'
Runonce scripts will now be repeated at every startup/upgrade until they complete successfully.
The debug settings page now requires you to login as supervisor/sysop
The default TLS cipher suite has been updated. If you encounter connection difficulties, this was the previous OpenSSL cipher list:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Things you should do
The form upload control (wh-form__uploadfield) now has a delete button (<span class="wh-form__uploadfielddelete">) but
it will not be visible until you style it.
If you use sessions, we recommend always specifying a scope to prevent 'creative' users from trying to pass their sessionid into other cookies looking for information leaks.
Things that are nice to know
<richarea> has been added as a 'cleaner' (considering XML attributes) version of non-structured <rte>. We intend to
deprecate <rte> in the future, and everyone should switch to either <richarea> or <rtd>
The testframework now configures its testsuite schema the same way whether or not you enable wrdauth during tests
WRD schemas defined in moduledefinitions can now use wildcards in their tags, to apply to multiple schemas
4.19 will run a daily migration to get rid of 'past' and 'future' wrd entity_settings, to minimize the downtime during the 4.20 upgrade