2007-09-16  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.139

        * [BUG 136]: Fixed several XSS vulnerabilities in plain.jsp,
        commonheader.jsp, GroupContent.jsp, EditGroupContent.jsp,
        InfoContent.jsp, NewGroupContent.jsp, VariableTag, UserProfileTag
        and MessagesTag.  Reported by Jason Kratzer.

        * Fixes a local path disclosure vulnerability in
        BasicAttachmentProvider.  Reported by Jason Kratzer.
        
        * Updated Finnish localization
        
        * Also fixed a number of instances of apostrophe (') use in
        localization files - better to use &#39; to avoid loads of nastiness
        with certain constructions.

2007-09-14  Juan Pablo Santos (juanpablo.santos@gmail.com)

        * 2.5.138

        * Localized Referring Pages and Current Time plugins (again, strangely enough,
        the plugins' texts were already in the resource file.). Updated
        referringpagesplugin.more localized text, it was looking for two parameters and
        the plugin uses only one.

        * Localized also Forms Plugins, JSPWikiMarkupParser, PluginContent,
        TranslatorReader and PluginManager. New localized strings:
        + CoreResources.properties
		    # JSPWikiMarkupParser
		    - markupparser.error.invalidset = Invalid SET found: {0}
		    - markupparser.error.nointerwikiref = No InterWiki reference defined in
		    		properties for Wiki called '{0}'!
		    - markupparser.error.parserfailure = Parser failed: {0}
		    - markupparser.error.javascriptattempt = Attempt to output javascript!
		+ PluginResources.properties
			# Forms Plugins
		    - formclose.noneedtoshow = (no need to show close now)
		    - forminput.namemissing = Input element is missing parameter 'name'.
		    - forminput.noneedtoshow = (no need to show input field now)
		    - formopen.missingparam = The FormOpen element is missing the '{0}'
		    		parameter.
		    - formopen.postorgetonly = Method must be either 'post' or 'get'
		    - formopen.noneedtoshow = (no need to show form open now)
		    - formoutput.missingargument = Argument '{0}' required for Form plugin
		    - formselect.namemissing = Select element is missing parameter 'name'.
		    - formtextarea.noneedtoshow = (no need to show textarea field now)
		    - formtextarea.namemissing = Textarea element is missing parameter 'name'.

        * Web tests no longer require the servlet container to be running at
        http://localhost:8080/. Now you can set host & port at the build.properties
        file indicated in build.xml

2007-09-09  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.137

        * Few javascript fixes for improved URL constructor compatibility [ BUG 115 ]
        The generated links in the ajax search dropdown are now compatible with
        the selected URL constructor.

        * More IE fixes to improve rendering of floats. ( ref. IE6 peekaboo bug )


2007-09-08  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.136

        * D'oh, due to some debug code left in CookieAuthenticationLoginModule,
        it was expiring sessions in 30 seconds.

        * AdminUI now shows all known plugins and whether they are compatible
        with this version of JSPWiki.  WikiWizard also gains an AdminBean
        (though it doesn't do anything).

2007-09-04  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.135

        * [Bug 135]: Turned out to be a faulty quote in Finnish translation.

        * [Bug 134]: Ditto.

2007-09-03  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.134

        * Fixed the JSON-RPC url, to be independent on the url constructor

2007-09-02  Juan Pablo Santos (juanpablo.santos@gmail.com)

        * 2.5.133

        * [Bug 133]: Release.isOlderOrEqual() was not comparing revisions
        properly and, in the end, Editors were not registering. Something
        similar was happening with Release.isNewerOrEqual(), fixed as well.

        * [Bug 122]: Partly fixed. Preferences for default template are now readed
        from jspwiki.properties instead of being hardcoded in
        com.ecyrd.jspwiki.preferences.Preferences. Cfr. with jspwiki.properties.tmpl
        lines 258 - 261.

        * Updated es_ES locales

2007-09-02  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.132

        * Fixed search menu for Smart skin. (improve compat. with IE)


2007-09-01  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.131

        * [Bug 131]: Added Harry Metske's patch to allow "excludeattachments"
        on UnusedPagesPlugin for those who need it.

        * Updated Finnish localization.

2007-09-01  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.130

        * Fixed missing html attrib in LostPassword tab

        * The Edit findSuggestionMenu has been moved into the Favorites,
        so it nicely accomodates with Left or Right position of the favorites block.

        * [ BUG 132 ] Collapsable lists and boxes now also are rendered in preview mode

        * [ BUG 123 ] Added a confirm box in case you click aways from the page without saving.
        When you leave the edit session without first saving your changees (eg clicking the
        Info tab, clicking any page link, etc.) a popup window asks you to confirm.

        javascript.edit.areyousure=Without clicking the Save button, your changes will be lost. \
            Are you sure you want to exit this page?

        * [ BUG 126 ] Remove 'spurious' css errors.

2007-08-28  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.129

        * Fixed a number of bugs in the SpamFilter, and added automatic
        bot detection according to idea from
        http://www.modernbluedesign.com/web-design-blog/fighting-spam-with-css/

        * SpamFilter captcha is now user-settable.  Possible options
        are "none" and "asirra".

        * 2.5.128

        * Added SearchManagerBean to the admin UI.  It's now possible
        to force a reindex of all pages, either from your MBean manager
        or the Admin UI.

2007-08-27  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.127

        * Login redirections were failing; fixed with some bubble gum.

2007-08-26  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.126

        * Performance optimizations: PagePermission constructor
        no longer uses String.split() but StringUtils.split().
        String.split() is a regexp function, and they're always
        expensive.

2007-08-26  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.125

        * Add UserBox.jsp

        * Spaces should not break action buttons such as 'Log In' or 'My Prefs'.
        (reported by Murray Altheim)

        * [Bug 120] : Fix unbalanced JSP single or double quote's. (eg on Websphere or BEA)

2007-08-25  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.124

        * [Bug 89]: Removed Test plugin (now that IfPlugin can do all the
        same things).

        * [Bug 32]: LuceneSearchProvider now also indexes the page
        with all the non-letters removed.

        * [Bug 121]: RSS.rdf is now only generated of pages to which
        the Anonymous user has access to.

2007-08-24  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.123

        * Added Murray's patch to allow static calling of IfPlugin.

2007-08-22  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.122

        * [Bug 113]: Error with 'join wiki now!' link creating new accounts

2007-08-22  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.121

        * [Bug 10]: Fixed.

        * Made findSuggestionMenu transparent since it sometimes blocks
        the view.  Also reduced fontsize a bit.

2007-08-21  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.120

        * [Bug 89]: Added support also for [{If var='xyssy' exists='true'}],
        requested by Dirk.

        * Localized WeblogEntryPlugin (strangely enough, the plugin text
        was already in the resource file.)

        * [Bug 39]: Fixed the login issue, but many things still remain.

        * Fixed issue with login email sending which was using a hard-coded
        URL.

2007-08-19  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.119

        * [Bug 89]: Added "exists" parameter to IfPlugin.

2007-08-19  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.118

        * [Bug 110]: WikiContext.checkAccess() was doing double encoding,
        and therefore pages with spaces would be returning wrong login
        URLs.  Reported by Alex Samad.

        * Fixed a bunch of failing unit tests - the change of "editpage"
        to "createpage" had for some reason slipped everyone's attention.

2007-08-17  Juan Pablo Santos <juanpablo.santos@gmail.com>

        * 2.5.117 - Page renaming caused a NullPointerException under some circumstances,
        filed as Bug 85. Fixed, seemed to be caused when renaming a non-existing page
        (cfr. with http://bugs.jspwiki.org/show_bug.cgi?id=85). Added some JUnit tests to
        check this.

2007-08-15  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.116 - More fixes for IE

        * More fixes for collapsable lists and the Greeting box.

        * Positioning of popup menu's now also correct on IE.

        * CSS-classes were added reflect anonymous, asserted, authenticed status.
        The SMART skin has user icons reflecting the login status.
        (suggested by Murray Altheim)


2007-08-12  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.115 - More IE fixes (more to come)

        * Collapsable lists were not working in the current STRICT DTD mode,
        due to a remarkable IE bug (ref. http://mt-olympus.com/emmett/bug_overflow_positionrelative.php )

        * The USER greeting box needed an fix, for IE.

        * Fixed the visibility of the Attachment Tab for IE

        * The handling of the user profile Creation (under login context) and
        user profile modifications (under Pref context) has been fixed.
        Errors during creation or update are now routed back to the correct contexts.


2007-08-06  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.114 - Few IE fixes

        * Some annoying IE layout issues fixed:
        TAB layouts and positioning of User greeting & login & prefs.
        There is still a major bug on the positioning of the popup menu's
        in IE  which makes the More menu and Navigation menu's not usable.
        Ongoing.

        * Checkboxes for Tab-completion and Smart-typing-pairs are not
        functional in IE, so now they are hidden in that browser. (BUG 103)

        * Added the LoginHelp page.

        * Ensure xhtml compliance when suppressing the PageActionsTop
        in 'login' and 'prefs' context

2007-08-04  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.113

        * Added "localheader.jsp", which is included from commonheader.jsp.
        The idea is that it is an "empty" header file which can be safely
        overridden in your local template without having to change
        commonheader.jsp

        * Updated Finnish localization.

2007-08-05  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.112 - Login/LostPassword/Register user fixes

        * Fixed 'show-all' search results in Find. Only display of blocks of 20 was working.

        * Renamed the css class 'editpage' to 'createpage'
        because that's actually what it is. (BUG 55)

        * Login/LostPassword/Register jsp's clean up and bugfixes:

        Handling of Lost/Reset Password is now properly covered by template jsps. (BUG 38)

        Still todo: the handling of Create/Modify User Profile (part of UserPreference and Login flow)
        need to be refactored. When creating a new user profile in the Login screens, the error handling
        get's processed by UserPrefs. Confusing.

        Some i18n resources where shifted to the right CoreResources or templates.default bundle.
        (this still needs to be done for all language specific resource files !!)

        # Login.jsp  (moved from template.default to CoreResources)
        login.error.capslock=Invalid login (please check your Caps Lock key)
        login.error.password=Not a valid login.
        login.error.noaccess=It seems you don't have access to that. Sorry.

        # moved from CoreResources to template.default  (NOTE: lostpwd changed to lostpw !)
        login.lostpw.reset.clickhere=Click here
        login.lostpw.reset.login={0} to log in once you retrieve your new password.

        * PageActionsTop.jsp was updated to hide the More menu from 'non-page' related contexts.
        The More menu will only be shown in view, edit, comment, diff, info, preview, upload & find

        * The SearchPageHelp was extended with some Lucene hints.

2007-08-04  Janne Jalkanen <jalkanen@ecyrd.com>

        * Updated Finnish localization.

2007-08-05  Juan Pablo Santos <juanpablo.santos@gmail.com>

        * i18nized some JSPs with hard-coded text. New localizable strings:

			- GroupTab.jsp (default.properties)
			grp.createdon
			grp.lastmodified
			grp.groupnames.title
			grp.newgroupname
			grp.savegroup
			grp.savenewgroup
			grp.cancel
			grp.deletegroup
			grp.deletegroup.confirm
			grp.formhelp
			grp.allgroups
			(grp.by removed due to proper use of MessageFormat)

			- NewGroupContent.jsp (default.properties)
			newgroup.creategroup

			- PreferencesContent.jsp (ProfileTab.jsp, default.properties)
			prefs.roles
			prefs.groups
			prefs.creationdate
			prefs.profile.lastmodified

			- UserProfileTag (coreresources.properties)
			userprofile.nogroups
			userprofile.noroles

        * Updated spanish (es_ES) translation.

2007-08-04  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.111

        * Closing final final XHTML compliancy issues (Closing BUG 9)

        * More menu is now extendable (BUG 20)
        A new page called 'MoreMenu' can now be used to extend the More menu
        with extra stuff, such a links to Recent Changes, Page Index,
        System Info, About, Site Map, etc. The behaviour is similar as for the LeftMenu.
        It is only functional when JS is turned on in your browser.
        Otherwise the more menu is an ordinary dropdown.

        * Fixed Favorites position (left/right) in Edit and Upload view

        * Removed font resizing stuff. No real add value. (and not working in IE anyway)

2007-08-04  Janne Jalkanen <jalkanen@ecyrd.com>

        * "ant war" now compresses jspwiki-edit.js, jspwiki-common.js
        and jspwiki-prefs.js using the Rhino library.  This should bring
        in considerable savings to bandwidth and response.

2007-08-03  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.110

        * Added patch from Murray to provide property cascading from
        system properties.

        * Added patch from Murray to provide setting of AclManager
        (use jspwiki.aclManager=<class>).

2007-07-30  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.109 - internal cleanup of JSP's, few bugfixes (one for IE)

        * Added new <wiki:SetPagination> Tag to get rid of java hacking
        in InfoContent.jsp and AJAXSearch.jsp. Fixed a few bugs on pagination
        as well. Now pagination does show up properly at version=20.
        (reported by Milt Taylor)

        * New marker defined 'jslocalizedstrings' to cleanup commonheader.jsp.
        Some refinement is still needed, but it works for now.

        * Fixed IE crash in jspwiki-edit.js causing edit toolbars not to be
        rendered. (as reported by Milt Taylor)

        * Bugfix: Attachment upload was not working anymore (introduced in 2.5.107)


2007-07-30  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.108 - template changes & usability

        * The 'Edit' button is now back in its previous position. (after recent popularity poll ;-)
        The 'More' button now has a little down-icon as visual clue that it's actually a dropdown.
        The GoTo-Bottom triangle has been removed (reduce screen clutter, not used much anyway)
        The GoTo-Top button is still there.
        The 'Login', 'Logout' and 'My prefs' are put below Greeting, which is more natural.
        (with still 2 different approachs in the default and Smart skin)

        * New preference added to select Left/Rigth position the Favoristes menu.
        The position of the 'More' menu and 'Find/Recentchanges' dropdowns is now calculated on the fly.

        prefs.user.orientation=Favorites style
        prefs.user.orientation.left=Left
        prefs.user.orientation.right=Left

        * Smart and OrderedList skins are now aligned with latest GUI changes

        *  After setting new UserPreferences, you get now redirected back to the page you came from.
        (similar to login)

        * XHTML compliance improvements.
        Border settings have been removed from img elements. (RecentChangesPlugin,
        RSSCoffeeCupLinkTag, TranslatorReader)
        Replace all <u> in default.properties by <span class="accesskey">

        editor.plain.name=Your <span class='accesskey'>n</span>ame
        editor.plain.email=Homepage or e<span class='accesskey'>m</span>ail
        actions.edit=<span class='acceskey'>E</span>dit
        actions.editparent=<span class='acceskey'>E</span>dit parent page
        actions.prefs=My <span class='acceskey'>P</span>refs
        actions.prefs.title=Manage user preferences [ p ]

        * The attachment img viewers now alos supports capitalised extensions
        (eg both jpg and JPG can be reviewed)

        * Small refactorings on the Tabbed Sections. (simplified TabTag html)
        All content inside a tab, also the floated content, will nicely fit inside the tab.
        (ref bug 101)

2007-07-24  Juan Pablo Santos <juanpablo.santos@gmail.com>

        * Updated spanish (es_ES) translation.

2007-07-24  Janne Jalkanen <jalkanen@ecyrd.com>

        * Just updated Finnish translation and fixed some entity names
        in English translation.

2007-07-23  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.107

        * Many 'usability' improvements based on many many inputs from
        Claudia, Murray, Alex and Janne. Hope you like them :-)

        All screens now consistenty show 3 TABS (view, attach and info)
        The Edit action has become a 'pseudo' TAB positioned right next
        to the standard set of tabs, but visually different.
        For the time being, Add-Comment remains hidden in the More dropdown
        as it is less frequently used.
        The More action has been visually adjusted as a kind of 'button'.

        The Link tab and Diff tabs are incorporated in the Info screen as
        collapsable boxes, and are only shown depending on the context.
        This brings back all page info (links, version history) back under one
        single place.

        A new --USER-- bar is added with UserName, Login/Register, Prefs and Logout
        actions. These actions are not anylonger in the top pageactions sections.
        This USER bar is positioned at the top of the screen (PlainVanilla skin)
        or in the Favorites sections (SMART skin)

        The bottom page actions have been simplified to the max.
        When clicking the 'goto TOP' triangle, you are just one click away
        from all remaining actions and buttons. (this was the most easiest for now ;-)

        Pending stuff: allow configurable 'quick-links' to be added next to and
        inside the More... menu. Skins may not yet be up to date with all changes
        - expect some glitches here and there.

        * Added link to 'View source page' to the More menu. New i18n property:`
        actions.rawpage=View Page Source

        * Fixed the Diff dropdown selectors when no parameters (r1 and r2) are provided.

        * Editor/Posteditor improvements:
        Checkboxes were added to turn on/off the Tab Completion and
        Smart TypingPairs. Your settings are cookie-fied.
        Some new i18n keywords added:

        editor.plain.smartpairs= Smart Typing Pairs
        editor.plain.smartpairs.title= Auto pairing of () [] {} "" ''
        editor.plain.tabcompletion=Tab Completion (keyword+Tab)
        editor.plain.tabcompletion.title=Auto expansion of keyword to Wiki Markup

        All posteditor functions are now also undo-able.

        The Posteditor now correctly handles Shift+right-arrow in Firefox. (Bug 91)

        * Fixed Bug 86 Commentbox and Tabbedsection not playing well (reported by Alex Samad)


2007-07-20  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.106

        * Fixes an XSS vulnerability with evilly formed links.
        Reported by Igor Minar.

2007-07-18  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.105

        * AdminUI has now rudimentary user management - it's now
        possible to add, change and remove user accounts using the adminUI.
        AdminUI is reachable through admin/Admin.jsp.

2007-07-18  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.104

        * The "Home" link now get's the actual name of the home/front page
        (suggested by Claudua Frers)
        Remove the key='actions.home'  from i18n properties

        * Fixed floating issue between TabbedSections and CommentBoxes inside pages.
        (reported by Alex Samad)

        * More xhtml fixes on PreferncesTab and default.properties.

2007-07-18  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.103

        * [Bug 21]: Turned out to be a problem of self-referencing
        pages.

        * [Bug 85]: Added an extra check for this case.  It still throws
        an exception, but at least it's a lot more useful to debug.

        * [Bug 25]: Was related to Bug 21.  Added test cases and fixed.

        * Added IfPlugin; thanks to Scott A. Bybee who explained to me
        how useful conditional wikitext can be.

        * [Bug 87]: Login process now returns you to the same page
        where you chose to login.

2007-07-17  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * Updated Finnish localization.

2007-07-17  Dirk Frederickx (dirk.frederickx@gmail.com)

        * No version bump -- some small fixes only.

        * Few small IE6 tweaks: position of actionmenu popup,
        position of triangle icons for top and bottom link

        * Remaining xhtml issues (empty <td/> are not allowed) (BUG 9)
        All pages of xhtml compliant, excpet UserPreferences.

2007-07-17 Christoph Sauer (sauer@hs-heilbronn.de)

        * 2.5.102

        * Bug 13 fixed. Chuck found that by using WikiWizard 1.1.1 instead of 1.1,
          it would load properly. However, it would not import the text with JavaScript
          due to a new security mechanism built into Mac OS X. To remedy this problem,
          we added scriptable="true" to the applet tag and it should work now.

       *  Added missing german localisations. Added a class called MissingTranslations
          that helps diff the ressource property files. Adapt it to your localisation
          and run it directly in your IDE.

2007-07-14  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.101

        * Few more xhtml issues resolved.

        * Default Template is now fixed for IE6.

        * Edit Assist toolbar tips localized.
          New localisable items, since v2.5.100

            editor.plain.posteditor=Enter Keyword+Tab:
            editor.plain.posteditor.title=shift+enter for next next field
            editor.plain.editassist=Edit Assist
            editor.plain.editassist.title=Toggle Edit Assist buttons
            editor.plain.tbLink.title=link - Insert wiki link
            editor.plain.tbH1.title=h1 - Insert heading1
            editor.plain.tbH2.title=h2 - Insert heading2
            editor.plain.tbH3.title=h3 - Insert heading3
            editor.plain.tbHR.title=hr - Insert horizontal ruler
            editor.plain.tbBR.title=br - Insert line break
            editor.plain.tbPRE.title=pre - Insert preformatted block
            editor.plain.tbDL.title=dl - Insert definition list
            editor.plain.tbB.title=bold
            editor.plain.tbI.title=italiceditor.plain.tbMONO.title=mono - monospace
            editor.plain.tbSUP.title=sup - superscript
            editor.plain.tbSUB.title=sub - subscript
            editor.plain.tbSTRIKE.title=strike - strikethrough
            editor.plain.tbTOC.title=toc - Insert table of contents
            editor.plain.tbTAB.title=tab - Insert tabbed section
            editor.plain.tbTABLE.title=table - Insert table
            editor.plain.tbIMG.title=img - Insert image
            editor.plain.tbCODE.title=code - Insert code block
            editor.plain.tbQUOTE.title=quote - Insert quoted block
            editor.plain.tbSIGN.title=sign - Insert your signature

2007-07-14  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.100

        * Finalising xhtml fixes. I hope to close (BUG 9) really soon now.

        * The Frontpage variable can not be use cause it is not always set.
        Falling back to engine.getFrontPage() (BUG 82)

        * The Edit Assist and the resize bar are now also availble in the Add Comment page

        * The Edit Assist buttons have been improved. Pressing a button will replace the selected
        text properly, instead of just overwriting it. (EG, select a word and press the BOLD button
        to replace theword by __word__) Also the handling of newline has been improved as
        some markup should always appear at the start of a new line. (EG, headers, tables, ...)
        (ref also BUG 83)

        * Experimental, but looks promising ;-)  When JSPWiki rendered on a narrow screen, (eg 200x320px)
        page-tabs were overlapping with page-actions, and not usable anymore.
        Now, the tabs nicely shift below the page-actions when the screen is very small.
        This will help JSPWiki to be usable on mobile divices such as S60 or iPhone. (BUG 80)
        As always:: please test this on IE browsers and feedback. Testing was done FF, Safari, Opera and Camino ok.

        * The Smart and OrderList skin have now aligned with latest pageactions changes

2007-07-14  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.99

        * [Bug 77]: We were starting two FilterManagers - apps were
        registering to the other one, and events were fired with the
        other one... Heh.

        * Startup now outputs a lot more useful info about the environment
        (enabled by setting WikiEngine to DEBUG).

        * WebSphere Community Edition (WSCE 1.0) was crashing at startup,
        due to AuthenticationManager.hasCookieAuthentication() assuming
        non-null JAAS lists.

        * TestHttpServletRequest now returns a sane locale (so that no
        NPE's occur anymore in tests).

        * Updated Finnish localization up-to-date.

2007-07-14  Juan Pablo Santos <juanpablo.santos@gmail.com>

        * Checked in spanish (es_ES) translation.

        * Added localization for validateNotNull at InputValidator, one new
        localizable string in CoreResources:

           - validate.cantbenull

2007-07-13  Christoph Sauer <sauer@hs-heilbronn.de>

        * checked in missing /com/ecyrd/jspwiki/plugin/PluginResources
          german translation. [Bug 74] closed.

2007-07-12  Christoph Sauer <sauer@hs-heilbronn.de>

        * 2.5.98

        * Added jspwiki.basicAttachmentProvider.disableCache property. It takes
          a regex that let you define for which filename patterns to disable the
          browser cache. See more on this in the jspwiki.properties.tmpl comment

        * Fixed Bug in CreolePageFilter: Two tables seperated by a blank line
          where rendered as one table

        * Checked in German localisation for CoreResources

2007-07-12  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.97

        * Changed "validate.unsafechars" i18n pattern to fix a fatal
        bug with it.  Also deleted "validate.invalidid", since it's no
        longer needed.

        * Updated Finnish localization (fi).

2007-07-11  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.96

        * Added a bunch of missing localizations, reported by Youheng Hu.
        New localizable strings in CoreResources are:

           - security.error.createprofilebeforelogin
           - security.error.blankpassword
           - security.error.passwordnomatch
           - security.error.illegalfullname
           - security.error.illegalloginname
           - security.user.loginname
           - security.user.fullname
           - security.user.email
           - validate.unsafechars
           - validate.invalidemail
           - validate.invalidid

        * WikiSession gains getLocale() method, which provides a cached
        locale object.

2007-07-10  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * [BUG 81] Added the _en resource bundles to the JAR build by copying
        the default bundles in build.xml.  No bump, no functionality change.

2007-07-09  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.95

        * Stabilising 2.5.94.

        * Remove editor type selector from CommentContent.jsp

        * Bugfix on tab switching in the Login and UserPreferences pages

        * Bugfix: the SIGN shortcut was not working in Edit Assist

        * Bugfix: typo in commonheader.jsp caused jspwiki-edit.js to be loaded twice

        * Bugfix: z-index adjusted for More.. menu to satisfy IE editors.

        * Fixed remaining xhtml issues. (BUG  9)


2007-07-08  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.94

        * Cookie handling has been refactored. JSPWikiUserPrefs is now JSON based.
        Also the height of the edit textarea is 'cookiefied', so jspwiki remembers
        your prefered height of the editor area. (BUG 67)
        The RecentSearches memory has been added to the JSPWikiUserPrefs and doesn't require
        an additional cookie. (less cookie dirt)

        * Replace all hardcoded references to 'Main' by 'wiki.frontPage'  (BUG 42)

        * Improved the loading of additional Javascript chunks. jspwiki-edit.js is now
        only loaded with plain.jsp, so no more interference with WikiWizard (BUG 78)

        * Major refactoring of the 'More...' dropdown menu. It now perfectly runs on Firefox,
        Opera, Camina, Safari and (i hope ;-) on IE. Plse test test test on IE6 and IE7 and report
        bugs. The new menu is also XHTML compliant.
        Many improvements have been done on the remaining XHTML compliancy issues.

        * The Editor type selector is now moved to the UserPreferences page, instead of the
        Edit.jsp. Changing the editor type during an edit session was dangerous,
        as changes to the page are not saved. Now you can set your preferred editor in MyPrefs.

        * The editor textarea has been boosted with Posteditor
        (see http://icebeat.bitacoras.com/mootools/posteditor/ for a demo)
        The textarea now supports the TAB key, smart 'typing pairs' (suchs as () [] {} )
        and has some fancy tab-completion of commonly used commands.
        Try entering toc+TAB to see the effect.
        The PostEditor is only functional on non-IE browsers, and if Javascript is on.

        * The Editor assist toolbar provides a set of buttons to assist newbies in entering
        wiki markup. Supports both non-IE as IE, only if Javascript is on.


2007-07-06  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.93

        * RESOURCE_HTTPHEADER didn't work if adding dates.

        * AdminBeanManager is now a bit more robust if a bean is already
        registered.  Thanks to Alex Samad for the patch.

2007-07-04  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.92

        * DiffProviders are now localized.  Unfortunately, this meant an API
        change, so WikiEngine.makeDiff() now takes a WikiContext as a parameter.
        I don't think many people were using it, though, so it's not a major
        issue.

        * New localizations in CoreResources-bundle:

            - diff.traditional.added
            - diff.traditional.changed
            - diff.traditional.removed
            - diff.traditional.oneline
            - diff.traditional.lines

2007-07-03  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.91

        * There have been loads and loads of fixes to Checkstyle warnings.

        * Added RESOURE_HTTPHEADER from Alex Samad.  Thanks!

2007-06-30  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.90

        * [Bug 71]: Login.jsp is now localized.  All localizers, please
        note that there are three new strings to localize in
        "templates.default" -bundle:

            - login.error.capslock
            - login.error.password
            - login.error.noaccess

        * In addition, there are further localization done in top-level
        JSPs.  New strings in CoreResources are:

            - security.error.noaccess.logged
            - security.error.noaccess
            - security.error.wrongip
            - rename.empty
            - rename.error.title
            - rename.error.reason
            - rename.identical
            - rename.exists
            - rename.unknownerror
            - lostpwd.newpassword.email
            - lostpwd.newpassword.subject
            - lostpwd.nouser
            - lostpwd.nomail
            - lostpwd.emailed
            - lostpwd.reset.title
            - lostpwd.reset.clickhere
            - lostpwd.reset.login
            - lostpwd.reset.unable
            - lostpwd.reset.blurb
            - lostpwd.reset.submit

        * Updated English and Finnish localizations (and fixed a couple of
        sillinesses in the Finnish localization)

2007-06-23  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.89

        * Cookie handling has been refactored. JSPWikiUserPrefs is now JSON based.
        Also the height of the edit textarea is 'cookiefied', so jspwiki remembers
        your prefered height of the editor area. (BUG 67)

        * Fixed handling of form focus() logic. JSPWiki now correctly puts the focus
        on the first visible form element. This also resolves a JS crash on IE.

        * Some improvement on XHTML compliance (BUG 9) Still some refactoring
        needed on dropdown menu to improve compliance.

        * Added UTF8 support to AJAXSearch.jsp

2007-06-18  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.88

        * [Bug 24]: BugReportHandler no longer talks about "bug
        reports", but pages.  Reported by Gregor Hagedorn.

2007-06-16  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.87

        * BUG 62 resolved: no sensitve info in LeftMenu during Login.

        * Fix some SkinName issue relate to the new preferences object.

        * BUG 52 resolved: Diff.jsp and PageInfo.jsp should not be indexed

        * TextArea resize bar image.

2007-06-16  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.86

        * [Bug 29], search path is now trim()med properly. Thanks
        to David Au.

        * A couple of fixes to warnings courtesy of Alex Samad.

        * [Bug 12], AM/PM are now correct in preferences.

        * Created new Preferences object, and refactored some old
        preferences code from commonheader.jsp into it.  This also
        means that instead of using ${prefTimeZone} you would use
        ${prefs["TimeZone"]} in your variables.  This is far more
        extensible and future-proof than before.  The HttpSession
        now gets a Preferences object under the name "prefs".  There
        are also some utility methods in the Preferences class which
        abstract this away.  (It's also a lot faster because we do
        not parse the cookie every single time.)

        * [Bug 63]: The default eclipse coding style file now
        has .xml suffix.

        * Checkstyle config under doc/eclipse also now gains a .xml
        suffix.

2007-06-14  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.85

        * Bug fix: Bug 58, BreadcrumbsTag.java does not compile under JDK 6

2007-06-13  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * 2.5.84

        * Bug fix: Bug 8, Multiple spaces in page names are not cleaned

2007-06-11  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

        * Added Finnish localization.  No version bump, as there
        is no functionality change.

2007-06-11  Dirk Frederickx (dirk.frederickx@gmail.com)

        * 2.5.83

        * Fixed blocking IE javascript bug.

2007-06-11  Christoph Sauer (sauer@hs-heilbronn.de)

        * 2.5.82

        * Added German localisation.

        * Added missing i18n tags in PageInfo and UserPreferences

2007-06-10  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

       * 2.5.81

       * Fixed a couple of localization issues (diff tab
       was not localized properly).

2007-06-09  Dirk Frederickx (dirk.frederickx@gmail.com)

       * Several XHTML STRICT compliance issues fixed.

2007-06-09  Dirk Frederickx (dirk.frederickx@gmail.com)

       * 2.5.80

       * Refactoring of SubmitOnce functionality, such that is doesn't harm
       when javascript is off. Wiki.SubmitOnce() prevents you from pressing
       submit buttons multiple times.
       Editing is now possible (and login etc.) while javascript is off.
       (ref. http://bugs.jspwiki.org/show_bug.cgi?id=3)

       * Added experimental GroupTab.

       * Info tab added to Upload.jsp

       * Minor missing i18n fixed. Small css fixes


2007-06-09  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

       * 2.5.79

       * Fixed minor issue with default template saying "go" instead
       of "find".

       * First alpha release of JSPWiki 2.6.

2007-06-09  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.78

       * Even more little fixes to remove Checkstyle issues.

2007-06-09  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

       * 2.5.77

       * Refactored EditorIteratorTag; Added editor changes
       to the UserPreferences.

2007-06-09  Dirk Frederickx (dirk.frederickx@gmail.com)

       * Info tab is back, now making use of the new tab url parameter.

       * Stylesheets of the Smart and OrderedList skins have been refactored.

       * Submit of the quick Navigation menu now defaults back to the
       advanced Search page. The same applies to clicking the looking-glass icon.

       * Upgraded to mootools v1.11

2007-06-05  Christoph Sauer (sauer@hs-heilbronn.de)

       * 2.5.76

       * JSPWiki now supports WikiCreole 1.0:
       Checked in CreoleToJSPWiki renderer plus CreolePageFilter.
       This will allow users to operate JSPWiki in WikiCreole mixed mode.
       see http://www.wikicreole.org for more infos about WikiCreole.

2007-06-03  Dirk Frederickx (dirk.frederickx@gmail.com)

       * Same version

       * Progress bar fixed to run on Safari or Opera as well.
       It uses now css style visibility:hidden iso display:none.

       * Minor css fixes.

2007-06-04  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

       * 2.5.75

       * JSON interface now actually checks whether the user has
       permission to call the methods.  This was a relatively major
       security hole... :-)

       * Performance optimization to JSONSearch.

2007-06-03  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

       * 2.5.74

       * Remaining patches from David to FCK editor support.

2007-06-03  Dirk Frederickx (dirk.frederickx@gmail.com)

       * 2.5.73

       * In-page Upload Progress Bar has been added based on jsonrpc backend.
       (i'm not yet 100% sure on the cross browser compatibility - can anybody
       check this on ie win ?)  This replaces the Progress.Popup jsp.

       * Cookie handling fixed. Bug caused text-area size to be mixed up
       with font size.

       * New sort-icons added. Sortable tables have a better visibility now.

2007-06-02  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

       * 2.5.72

       * D'oh, David's patch didn't make it completely to CVS.  Now
       it should be there.

2007-06-01  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

       * 2.5.71

       * Added UserManager.JSONUserModule

       * Fixed Admin.jsp such that it can no longer be invoked
       accidentally (don't expect it to be available in initial alphas).
       Turn on "jspwiki-x.adminui.enable=true" to see how it works.

       * Added initial, non-functional user management tab in Admin.jsp.

       * Added new AjaxWiki object to jspwiki-common.js to simplify AJAX
       calls (mootools is nice, but their AJAX API is insanely complex).

       * Added Murray's patch to enable event monitoring.

       * Added David Au's patch to fix remaining issues in FCK integration.

       * fckconfig.js: Disabled 'Insert Flash' button.

       * FCK.jsp: Fixed issue where image attachments would not be displayed
       when accessing JSPWiki via https.

       * PluginContent.java: Fixed issue where plugin error messages were
       appearing in FCK's editor area.

       * WysiwygEditingRenderer.java: Fixed issue where pagenames were
       appearing in their URL-encoded format in the href.

       * XHtmlElementToWikiTranslator.java: Beautify the generated wiki markup
       by printing a newline character after a linebreak. Fixed issue when
       generating wiki links with spaces in the pagename.  Don't print a
       extraneous space after a link or an image anymore.

       * WysiwygEditingRendererTest.java: Added tests for pagenames with
       spaces.

       * HtmlStringToWikiTranslatorTest.java: Fixed several unit tests broken
       by this latest set of changes.


2007-05-30  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.70

       * Many, many little fixes to remove Checkstyle issues.

       * Removed the two-argument constructor from GroupPrincipal
       and its associated "wiki" field. This interacted in a
       very subtle way with LocalPolicy to prevent GroupPrincipal
       privilege grants from being processed correctly. We
       concluded that this "feature", while intended to be used
       with multi-wiki environments, was fatally broken from the
       start. This change is purely "under the covers" and users will
       not notice the difference or need to do anything special.

       * Minor tweaks to SessionMonitor and AuthorizationManager
       that should slightly reduce memory leak potential.

       * Introduced a new exception called DecisionRequiredException
       that denotes when an operation cannot complete because
       a person must make a decision. It is thrown by WikiEngine.saveText()
       and UserManager.setProfile().

2007-05-29  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

       * 2.5.69

       * Renamed TEST plugin as Test to be more in line with
       Java class naming conventions.  Updated jspwiki_module.xml
       to still use TEST as an alias.

       * Tiny tweaks to some tests, who should now tell you
       what to do if they cannot connect to a database.

2007-05-29  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.68

       * Fixed a bug in the Ant script that were causing tests
       to refuse to run sometimes because of an (erroneous)
       Hypersonic error.

       * As of this build, we have eliminated the need to sign
       JSPWiki JARs for 95% of most users' deployments. The only
       case where you need to sign them, now, is when you wish
       to create a JVM-wide, consolidated security policy. We have
       retained an Ant target "signjar" for that purpose. If you
       are upgrading from an earlier version of JSPWiki and are
       using a customized policy, however, you MUST MUST MUST
       remove any "signedBy jspwiki" and "keystore" references,
       otherwise JSPWiki might act odd.

       * The container-specific/JVM-wide parts of the Java
       security policy have been moved to a new file,
       etc/jspwiki-container.policy. This is NOT bundled into
       the WAR because it isn't needed there in any event...

2007-05-28  Dirk Frederickx (dirk.frederickx@gmail.com)

       * SMART skin updated. Few bugfixes

2007-05-27  Janne Jalkanen <Janne.Jalkanen@ecyrd.com>

       * 2.5.67

       * WeblogPlugin now considers ACLs - if the user does not have
       view permission on an entry, it's ignored on display.  Also
       refactored the WeblogPlugin slightly to be more legible.

       * 2.5.66

       * Added "url" parameter to TabTag to allow for Javascript-less
       tabs.

       * Removed WikiEventManager.WikiEventDelegate.m_client field, as
       it was not used anywhere.

       * UploadTemplate.jsp now uses the "url" parameter so that it's not
       possible to get broken URLs anymore (i.e. it looks just like a regular
       page view, but the URL says "Upload.jsp").  This would be pretty
       confusing to an user if you sent the wrong URL in email, and the
       recipient didn't e.g. have access to Upload.jsp, but did to Wiki.jsp...

       * Added doc/eclipse/jspwiki-checkstyle Checkstyle Eclipse preferences.

       * Added patch from Juan Pablo Santos Rodriques to add i18n targets
       to build.xml.

2007-05-26  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.65

       * Lots of little fixes for bugs FindBugs found.

2007-05-26  Dirk Frederickx (dirk.frederickx@gmail.com)

       * 2.5.64 - 4th Brushed Template commit (still more to come)

       * Font size fixed. Various css enhancements. Skins not yet finished.

       * Enhanced Find page, including search scope (author, pagename, attachement),
       and on/off checkbox for find details. Find page is now ajax driven, but also
       functions properly when javascript is off.

       * Edit textarea is resizeable, with a cool drag effect.

       * GoToBottom and GoToTop links have icons instead of >> and <<

       * Refactoring of Collapse and CollapseBox. New icons (+ and -) are being used.

       * Bugfixes on Tips JSPWiki style

       * Test Plugin added, to enhance use of JSPWiki variables.
       EG you can now use [{TEST name="context" match="edit"  ...some body... }]
       for specific content in your leftmenu.
       More info at http://www.jspwiki.org/wiki/BrushedConditionalPlugin


2007-05-25  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * 2.5.63

       * Fixed a couple of typos in default template (thanks to Frank Fischer).

       * Fixed a couple of typos in code (thanks to Murray Altheim).

       * Fixed HTML editor crashing when editing (thanks to David Au).

2007-05-22  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * 2.5.62

       * Added CookieAuthenticationLoginModule.  This module stores
       an UID in the user's browser, and automatically logs the user
       in, if the cookie exists.  This can be a security hazard, so
       it is a good idea to disable it in jspwiki.jaas, if you are
       worried about local users being able to spoof identities.
       For this reason, it's by default disabled in jspwiki.jaas

       * Modified LoginContent.jsp to contain "Remember me?" checkbox.

2007-05-20  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.61

       * Fixed the last of the failing JWebUnit tests. Also added a new one
       that verifies that profile renaming operations correctly re-set group
       memberships and page ACLs.

2007-05-20  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * 2.5.60

       * New, improved SpamFilter with Captcha recognition, if we
       suspect you to be a spammer.  Captcha system is currently based
       on Microsoft Research's Asirra, though we will probably want
       to make it pluggable.  I have to admit that this required
       far too much surgery in Edit.jsp to be nothing but a hack,
       but I have to get it off my hard drive.  In addition,
       commenting does not work, if spam is detected.

2007-05-19  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * 2.5.59

       * Again, a number of CheckStyle issues fixed.

       * Switched to new HttpMultipartRequest library (2.00b9)

       * Added upload progress bar.  Unfortunately, it's still kinda
       kludgy, but we'll try to fix it.  The backend stuff works; it's just
       the UI which looks like a brick of legos built by a two-year old.

       * New package: com.ecyrd.jspwiki.ui.progress, which manages different
       kinds of progress systems.

2007-05-14  Dirk Frederickx (dirk.frederickx@gmail.com)

       * i18n default.properties included, inline with last BrushedTemplate commit

2007-05-11  Dirk Frederickx (dirk.frederickx@gmail.com)

       * 2.5.58 - 3nd Brushed Template commit (still more to come)

       * Quick Navigation box has been refactored and now uses the new RPC-JSON in the backend.
       Search icon added.

       * Update of all Editors, including FCK and WikiWizard. (i18n alignment)
       you can now also use wysiwyg editors in the Comment.jsp. There is still a
       widht/heigh bug in the combination WikiWizard & FireFox (visible in Comment.jsp)

       * Font-size is based on the default browser settings. For FF this is pretty large.
       You can now adjust the font-size in the UserPreferences.

       * Many bugfixes: e.g cookie handling.


2007-05-13  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * Installed "FindBugs" and "Checkstyle", and found about 1500
       problems.  This update fixes a number of minor code style issues.
       No functionality changes, therefore no revision bump.


2007-05-11  Dirk Frederickx (dirk.frederickx@gmail.com)

       * 2.5.57 - 2nd Brushed Template commit (more to come)

       * Remove Info tab from all screens, as it causes overload on the wiki server,
       but also to avoid confusion when similar screens are served from different URLs.
       The info page has back it own existence, with small optimalisations.

       * Mootools library upgraded to v1.1, just released

       * Added code prettifier from Google. (use %%prettify around code blocks)

       * Several smaller refactorings on jsp's and i18n default.properties
       The new more-info menu gets replaced by dropdown when browser has javascript on.

       * Bugfix on numberformat reported by Frank Fisher.
       See http://www.jspwiki.org/wiki/BugAttachmentAndInfoTabsAreBlank


2007-05-08  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * 2.5.56

       * Tiny refactorings all over the place; removing unnecessary
       imports, renaming fields, removing compiler warnings,
       that sort of stuff.

       * Removed jmxri.jar and jmxtools.jar from the distro - since
       we require 1.5 anyway to compile, there's not much point in
       putting them in here.  Most J2EE containers already ship
       with a JMX implementation anyway.

2007-05-08  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * 2.5.55

       * Tiny optimization for PageManager, improving the performance
       for pageExists(String,int), if CachingProvider is in use.
       This should help considerably in listing page histories.

2007-05-07  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * 2.5.54

       * Several performance optimizations, including:

       * Added PermissionFactory, which caches the permissions using
       a WeakHashMap.  Creation of PagePermissions is relatively expensive
       due to permissions parsing, so this should help a lot.  All routines
       should be using the PermissionFactory.getPagePermission(), if possible.

       * Refactored AbstractCommand constructor so that it no longer uses
       String.replaceAll(), which is a very expensive operation due to
       regular expressions.  It's still expensive, but the biggest pain
       point is now resolved.

       * InfoTab just lists ReferringPages one deep - three-level deep nesting
       ended up using something like 30% of all CPU power on a moderately
       link-heavy page.

       * Bug fix: if the user updated his account (e.g. by requesting a new
       password) AND his account was created in the old days when
       XMLUserDatabase was using platform default formatting for dates,
       the dates were in different formats, causing XMLUserDatabase to
       behave irrationally.

       * ReferredPagesPlugin now allocates a bigger buffer for creating
       html to avoid allocation overhead.  Ditto for TabbedSectionTag.

2007-05-06  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.53

       * Changed the behavior of the UserDatabase and GroupDatabase classes
       so that the save/delete methods are atomic. Consequently, the
       commit() methods in these classes are deprecated and will be removed
       in a future release. The reason for this change is simple: the
       commit() methods made no sense and were never *not* used. Also, added
       a new method, rename(), that permits renaming of profile login names.
       References to commit() were removed from all classes, including
       test classes.

       * Recently added status flags for UserCheckTag were moved to
       UserProfileTag and renamed. The new property values are
       "canChangePassword" and "canChangeLoginName" and are used in
       ProfileTab.jsp to selectively display input fields. These
       properties also allow negation too (e.g., !canChangePassword).

       * UserManager receives final tweaks to allow profile renaming.
       Modified ProfileTab.jsp slightly to accommodate this new feature.

       * Minor de-stringification and anal-retentive i18n tweaks.

       * Fixed several failing web unit tests. A few still fail, though.

2007-05-05  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * 2.5.52

       * Fixed TemplateManager.listSkins() so that it returns only
       directories, not everything.

       * Added SearchManager.JSONSearch.findPages(), though be warned that
       it can be really slow.  An API change to SearchProvider needs to be
       done before this can be fixed.

       * Reformatted ChangeLog to word wrap at column 80 to make it more
       readable...

       * A major commit of new Admin.jsp and AdminTemplate.jsp and all the
       related paraphernalia.  It's not yet complete, but the framework is
       getting there.  Due to the use of JMX, JSPWiki now requires JDK 1.5
       to compile (though it should happily continue to run under 1.4 as
       well).

2007-05-03  Dirk Frederickx (dirk.frederickx@gmail.com)

       * 2.5.51 - Brushed Template incorporated.

       * Bulk commit of Brushed Template. Expect things to be broken :-)
       JSPWiki now has a tabbed-user interface, skins, slimbox attach-viewer,
       improved jspwiki-styles suchs as table-filters, accordions, tips,
       etc. etc...  Look 'n feel is still very ikea like.  Read the
       jspwiki.css to change color scheme.  Additional menu items are now
       visible via a "More...." dropdown.

       * Javascript is based on the mootools library.

       * Many JSPs are now driven by JSTL's EL. Not yet 100% completed.

       * Only plain editor has been updated. No work done yet on WikiWizard,
       FCK

       * The JSPWiki template has been tested on safari and FF.
       Feedback on IE 6.x and 7.x. is appreciated.

       * RecentChanges plugin now sets colspan correctly. (formatting of
       recent changes page)

       * Two skins added: Smart and OrderedList. These skins are not yet
       tested 100%.


2007-05-01  Andrew Jaquith <andrew AT freshcookies DOT org>

       * Enhancement: checked in back-end code that removes the restriction
       on changing login names and user names ("full names") after
       registration. To do this, UserManager emits a new WikiSecurityEvent
       called PROFILE_NAME_CHANGED that signals when the login name or user
       name changes. PageManager and GroupManager listen for this event,
       and will make all appropriate changes to page ACLs and groups that
       contain the old user name(s). The front-end changes (JSP tweaks)
       are nearly finished and will be checked in shortly.

       * Added a new method for AclManager, setPermissions(), that persists
       Acls. The DefaultAclManager (which extracts Acls from wiki page markup)
       implements setPermissions() by injecting the [{ALLOW ....}] markup
       into the wiki page.

       * Synchronized thread-sensitive methods in the AclImpl/AclEntryImpl
       class.

2007-04-28  Andrew Jaquith <andrew AT freshcookies DOT org>

       * Enhancement: user profile JSPs no longer request a distinct wiki
       name when a user registers. The wiki name is now computed automtically;
       it is the user name without any whitespace. This change should make
       registration even easier.  In the various user manager/database
       classes, UserProfile/DefaultUserProfile.setWikiName() is hereby
       deprecated and will be removed in a future release. However,
       getWikiName() remains, as does the UserDatabase method findByWikiName().
       The UserDatabase classes do not change their public APIs, and they
       still persist WikiNames so that they can be searched. However, when
       UserManager loads a profile from the UserDatabase, it always re-computes
       the wiki name.

       * Tweaked i18n resource file to remove references to "wiki names" in
       favor of just plain old "names." Typographically correct curly quotes
       were substituted wherever needed.

2007-04-23  Christoph Sauer <sauer AT hs-heilbronn DOT de>

      * 2.5.48 - Bugfix

      * Bugfix: NullPointer Exception on initReferenceManager, reason
        was that it indirectly uses the filterManager -> m_filterManager
        has to be initialized before.


2007-04-23  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.47 aka the JavaMail refactoring release

       * Enhancement: To increase security, MailUtil gains the ability to use
       container-managed JNDI JavaMail session factories, in addition to the
       standalone factory configured via jspwiki.properties. JNDI is now the
       preferred method of obtaining mail sessions, and will always be attempted
       first before falling back to the stand-alone method. See the JavaDocs
       for MailUtil. All of MailUtil's internal code, test properties
       and JavaDocs were also totally refactored. A sample JNDI block for JavaMail
       was added to web.xml; it is commented out by default.

       * Enhancement LostPassword.jsp now uses POST for form submission.

       * Enhancement: Profile registrations now automatically trigger an
       e-mail confirmation to the user, if an e-mail address was supplied.

       * Bug fix: page-save workflow does no longer sends rejection SimpleNotifications
       to users unless they have already authenticated when they save the page.
       Also, the submitter's authentication status is added as a Fact for the
       approver to consider.

       * WorkflowBuilder.buildApprovalWorkflow now interprets a null value for
       the rejectedMessageKey parameter as meaning "don't send a notification"
       upon rejection.

       * MailTest moved to the *.util package, which was where it belonged.

2007-04-22  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * 2.5.46 - my birthday release!

       * PermissionTag now allows a list of permissions just like
       CheckRequestContextTag, as well as negative permissions.  Based
       on an idea by Dirk Frederickx (whose last name I will learn to
       spell one of these days).

2007-04-17  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.45

       * Checked in workflow support for user profile creation. Now, new profiles
       can be routed for approval before they become active. The name of the user,
       role or group that approves new profiles is contained in jspwiki.properties
       under the property jspwiki.approver.workflow.createUserProfile. If not
       supplied (the default), user profiles are created without requiring approval.

       * UserManager receives a proper unit test, at long last. We test with
       approval workflows turned on and off.

       * Minor bug fixes to the Fact and WorkflowBuilder classes.

2007-04-15  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.44

       * Found the b*****d. VariableManager makes an unsafe assumption
       that WikiContexts will always have an associated request and HttpSession.
       This isn't always true with a WikiContext passed along in a Workflow,
       which will come from an earlier point in, and from a potentiallly different,
       Http session. We now check explictly for the presence of the HttpSession
       before querying it for wiki variables.

2007-04-15  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.43

       * Many incremental changes to the workflow package to increase
       ease of use. A new WorkflowBuilder class includes a factory method
       for composing simple approval workflows. SaveWikiPageWorkflow and
       the workflow.impl package goes away, and instead the workflow code
       for saving pages moves to inner classes in PageManager (it is now
       much smaller because it uses WorkflowBuilder).

       * Unit tests for the page-save workflow now simulate PageFilter failures
       so that proper propagation of exceptions is verified. Should help Janne a lot.

       * Workflow.jsp receives minor UI tweaks, notably the replacement of submit
       buttons with a JavaScript-driven dropdown. The default.properties
       localization file receives properties in preparation for the new user profile
       workflow (not checked in yet, because it isn't debugged).

       * The UI for approving workflows currently contains a nasty, intermittent NPE
       that is resisting my best efforts to debug. It usually occurs when selecting
       the 'approve' option. It results in Decisions being removed from the workflow
       inbox, and the page does save correctly -- so it is essentially "cosmetic".
       However, it's ugly and we need to fix it. Assistance is most welcome.

       * If you are a US citizen, it is that time of year again. Many happy returns.

2007-04-09  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.42

       * Modified the PagePermission implies() algorithm so that the "rename"
       permission no longer implies "modify" (or "upload"). This will allow
       separation of uploading attachments from page edit/rename actions.
       Thanks to Tim Koop for the suggestion.

       * Added WikiContext.MESSAGE to support workflows and other processes
       that need to send a non-exception-related UI message in response
       to user events. Also added a top-level Message.jsp and template.
       Changed DisplayMessage.jsp slightly to use the <c:out> tag, which
       gives us protection against cross-site scripting.

       * Added 'throws WikiException' to all methods meant to be
       implemented by workflow subclases: notably Step.start(),
       Decision.decide(), Workflow.start()/restart(). Now, if these
       methods encounter exceptions they will abort the workflow and
       propagate the exceptions to callers.

       * Many tiny little Javadoc fixes.

       * Fixed failing PageRenamerTest.

2007-04-10  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * 2.5.41

       * Added David Au's new set of patches for WYSIWYG editing.

       * WikiEngine.scanWikiLinks() no longer renders the page; it just
       parses it.  This should provide some speedup at startup.

       * Changed the default template resource bundle from
       webdocs/templates/DefaultResources.properties to
       etc/i18n/templates/default.properties (more logical).

       * Added class remapping ability.  See etc/ini/classmappings.xml
       and ClassUtil.java for further information.  This is not yet a complete
       feature, but it brings some simple AOP to JSPWiki.

       * Javascript is now localized.  The key-string mappings reside in
       templates/<template>.properties; and the correct method to call is
       "<key>".localize(args).  Thanks to Dirk Frederickx for the help!

2007-04-09  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

       * Added a number of unit tests to AllTests runs; they were not being
       properly included, so a number of them were not run during a regular
       unit test run...

2007-04-09  Andrew Jaquith <andrew AT freshcookies DOT org>

       * 2.5.40

       * Fixed AuthorizationManager failure to add attachment
       when jspwiki.security=off. [BugAddAttachmentFailsWithContainerAuthentication]

       * Upgraded freshcookies-security lib to 0.54. This new version accepts
       a user-supplied charset for parsing security policy files.
       Previously, PolicyReader defaulted to the platform default encoding.

       * AuthorizationManager, when it initializes, supplies the default
       JSPWiki encoding to the updated freshcookies PolicyReader class.
       Many thanks to Harry Metske for identifying the need for this, based on his
       experiences using JSPWiki on a platform where EBCDIC is the default.
       (Which is probably a mainframe; yegads.)

       * Fixed bug that was causing Workflows to be added multiple times
       to the "history" queue; this was caused by recent changes to the
       WikiEventManager classes.

2007-04-02  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

        * 2.5.39

        * Fixed bug in SessionsPlugin which threw an Exception
        at startup.  Reported by Harry Metske.

        * Greatly improved SpamFilter logging.  There's a new SpamLog
        which can be used to track all changes; accepts and rejects.

        * SpamFilter no longer adds Akismet-rejections to the temporary
        ban list.  Akismet is non-deterministic, so it's kinda annoying
        for users who just quite don't know why this is happening.

        * Fixed also some dumb bugs in the way SpamFilter was
        computing the delta.

2007-04-02  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

        * 2.5.38

        * Added Note plugin from John Volkar.

        * Added PAGE_REQUESTED, PAGE_DELIVERED events fired by
        WikiJSPFilter.  Unfortunately, no such things are fired for
        attachments.  Note that attaching to these events is very noisy.
        Thanks to Murray Altheim.

        * Renamed TestHtmlStringToWikiTranslator to
        HtmlStringToWikiTranslatorTest to conform to other tests.

2007-03-31  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

        * 2.5.37

        * Forward ported fixes from 2.4.102

        * Fixes issue with a number of plugins failing due to wrong
        initialization order.

        * Moved everything pre-2.4.0 to OldChangeLog.  Oh, the memories...

2007-03-29  Christoph Sauer <sauer AT hs-heilbronn DOT de>

        * 2.5.36

        * Moved FilterManager initialisation in the wiki engine to the bottom,
          so that all object references to modules are already available to
          a page filters initialize method. This is important to register
          event listeners there.

        * Added a destroy method to the PageFilter interface. Destroy is
          called upon engine shutdown. You can use this to close global
          resources that you opened in the PageFilters initialize method.

2007-03-26  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

        * 2.5.35

        * Refactored the XML-RPC implementation a bit to provide proper
        authentication/authorization.

        * Upgraded to Apache XML-RPC 2.0.1.

2007-03-24  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

        * 2.5.34

        * Added Mikkel Troest's patch to AttachmentServlet to fix issues
        with uploading and file size.

        * Added DynamicAttachments and their generation.  You can now go
        and build attachments which do not exist in the repository, but
        are generated on-the-fly.  See the attachments package and related
        documentation.

        * Bug fix: [open bugs] would not be recognized as wikipage OpenBug.

        * Changed ETag generation to make it unique per page.

2007-03-19  Christoph Sauer <sauer AT hs-heilbronn DOT de>

        * 2.5.33

        * Changed signature of sendMail in MailUtil from using WikiContext
        to use WikiEngine.  WikiContext was not needed. This enables us
        to use the mail util, even if no Wiki Context is available.

2007-03-19  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

        * 2.5.32

        * Fixed a bunch of Eclipse warnings; hopefully no functionality
        changes.

        * Fixed BugInlineImagesCaseSensitive - inline image lists are now
        case insensitive (yay!).  Thanks to Harry Metske.

        * Fixed BugMultiWikiCreatesRSSFileInWrongPlace.  Thanks to Harry Metske
        again.   Now, if the rssFile property is set to an absolute path, it is
        used instead of a relative path to the wikiengine home.  This allows you
        to have separate paths for multi-wikis.

        * Fixed BugReferringPagesPluginLinksNonExistingPages, thanks to
        Candid Dauth.

        * Implemented IdeaRemoveDuplicatesFromSessionsPlugin from Harry Metske.

2007-03-19  Christoph Sauer <sauer AT hs-heilbronn DOT de>

        * 2.5.31

        * Fixed Bug with LostPassword.jsp: If you set access priviledges for
          a wiki completely private (even view) then you where not able to restore
          the password since LostPassword.jsp required login.

2007-03-18  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

        * 2.5.30

        * Fixed BugReferenceToRenamedPageNotCleared

        * Fixed BugTableHeaderNotXHMTLCompliant

        * Fixed BugInitializablePluginNotInitialized

        * API Change: The signature of PageFilter.initialize() now
        also includes the WikiEngine.  This was necessary, because otherwise
        the initialize() -method was essentially useless for most use
        cases.

        * Added ParserStagePlugin interface.  This allows a plugin to be
        executed even during parsing of the wiki page, not until the render
        stage.

        * Added David Au's patches to get the FCK support back up to speed
        again.

2007-03-17  Janne Jalkanen  <Janne.Jalkanen@ecyrd.com>

        * 2.5.29

        * Forward ported fixes from 2.4.100.

2007-02-28  Christoph Sauer <sauer AT hs-heilbronn DOT de>

        * 2.5.28

        * Improved MailUtil: Added authentication support, so
          that you can use mail servers that require an account
          (the OpenRelay issue...). You now also can indicate
          a different smtp port. Changed LostPassword.jsp accordingly.

2007-02-25  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.5.27

        * Upgraded bundled log4j to 1.2.14; freshcookies-security to 0.51.

        * Fixed 2 failing RPCHandlerTest tests by counting changes relative
        to beginning of test, rather than absolute changes.

        * Changed all JSP taglib declarations to use JSP 2.0-compatible tags.
        Also upgraded jstl.jar and standard.jar to JSTL 1.1 versions. Note:
        if you are a template developer, you should change your taglib
        declarations as follows:

         New:
         <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
         <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

         Old:
         <%@ taglib uri="http://java.sun.com/jstl/fmt" prefix="fmt" %>
         <%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %>

2007-02-24  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.5.26

        * Major enhancement: replaced JSPWiki's dependency on the global,
        JVM-wide security policy with a "local policy" that is always
        read from WEB-INF/jspwiki.policy. If you have a JVM-wide policy,
        the local policy will supplement it. The practical upshot of this
        change is that the most common configuration challenge that most
        first-time admins face (why won't any pages display?) is gone,
        and gone forever. No more fiddling with the java.security.policy
        property! The syntax for the local policy is exactly the same
        as what it's always been; but now it Just Works instead of
        Mostly Works.

        * Fixed bug in WebContainerAuthorizer introduced by change to
        Java Servlet API 2.4. The parsing class now explictly includes
        namespaces in XPath searches. This was not something we needed
        to worry about with 2.3 (which used a DTD). The result of this
        problem was causing container-managed logins to fail.

        * Fixed failing unit tests WebContainerAuthorizer; web tests
        CommonCustomTests, CommonTests.

        * Minor enhancement to WikiSession now allows full use of non-JSPWiki
        supplied JAAS LoginModules in the JSPWiki-custom configuration. Previously,
        we considered a user to be authenticated only if a LoginModule had added
        Role.AUTHENTICATED to the Subject's principal set. This is clearly
        unreasonable for LoginModules that have no knowledge of JSPWiki, such
        as Sun's supplied modules or third-party modules used for LDAP
        authentication. Now, we consider a user authenticated if they are
        not anonymous and not asserted, and we lazily add Role.AUTHENTICATED
        in these cases, after login.

        * Bug fix: WikiEventManager refactoring in 2.5.24 caused duplicate
        listeners to be added in some cases. This has been fixed.

        * The security policy file has been simplified to remove redundant
        grants that don't vary across roles. It should be simpler to read
        and understand.

        * Did I mention that local security policies are a big deal?

2007-02-22  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.25

        * Added SisterSites.jsp to support the SisterSites standard.

2007-02-21  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.24

        * Forward ported features from 2.4.94, including the WatchDog,
        and the new, faster WikiEventManager.

2007-02-18  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.23

        * Added David Au's patches to re-enable FCK.  All you now need
        to do is to install FCK, and enable it in the ini/jspwiki_modules.xml.
        This also added a new mode for RenderingManager: WYSIWYG_EDITOR_MODE,
        which will not render plugins (except some), but keep them in plain
        text format.

        * web.xml now explicitly declares Java Servlet API 2.4.

        * Added AdminBeanIteratorTag

        * Bug fix: putting a plugin or a variable on the first line would
        cause a crash, if there were more than one paragraph on the page.
        Thanks to Terry Steichen for debugging.

        * There is now a rudimentary plugin-based administration interface
        in admin/Admin.jsp (and the corresponding template files).  It does not
        quite work yet, and it's definitely unstable, but it's been submitted
        to get some comments.  The idea is that you can declare in your
        jspwiki_module.xml an "adminBean" class, which then offers an
        administrative interface to your plugin.  As an example, a
        PlainEditorAdminBean is implemented (partly).

2007-02-05  Christoph Sauer <sauer AT hs-heilbronn DOT de>

        * 2.5.22

        * Added variable mechanism in property files. You now
          can declare a variable as a regular property with
          prefix 'var.' and then use it with the '$' prefix
          in other property values within the property files cascade.

        * Factored out property reading from WikiEngine into a new
          class called PropertyReader, since it now represents a distinct
          concept. Added UnitTest for it.

2007-02-05  Christoph Sauer <sauer AT hs-heilbronn DOT de>

        * 2.5.21

        * Added possibility to specify cascading properties
        in the context-mapping for multiple wiki setups. Added
        method to WikiEngine that will check for
        jspwiki.propertyfile.cascade.x context properties, where
        x is a number from 1 to n. Properties specified in those
        files will overwrite values specified in the default jspwiki.properties
        file or a properties file of a lower cascade.
        This is based on an idea by Olaf Kaus, see [JSPWiki:MultipleWikis]
        discussion.

2007-01-30  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.5.20

        * Minor tweak to the i18n properties file to add in some whitespace
        between words for several messages (DefaultResources.properties).

        * Corrected a SessionMonitor failure to correctly stash a WeakReference
        in the user's HttpSession, which was causing downstream ClassCastExceptions.
        Thanks to Marc Pateet for isolating the issues. I haven't tested this
        fix extensively, so please let me know if it fixes (or does not fix)
        the issue.

        * I continue to be flabbergasted at the speed at which my new dual-core
        MBP runs the 737 JUnit tests in the JSPWiki test suite: about 2min 45s,
        compared to 7min on my old machine. This has no place in a ChangeLog, I know.
        But still.

2007-01-29  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.19

        * Synchronized with 2.4.91

2007-01-08  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.5.18

        * Bug fix: fixed DefaultResources.properties trailing space in multi-line
        property that was causing Role and Group memberships on the Profile
        tab of UserPreferences to fail to display. If you were wondering why
        UserPrefs wasn't showing group memberships -- well, it's fixed now.

        * Bug fix: PageActions.jsp now links to UserPreferences as a JSP, not
        as a wiki page. Also gains a Workflow link for authenticated users.

        * Minor enhancement: WikiEngine gains an accessor for the DifferenceManager
        (getDifferenceManager). This is used by the workflow classes.

        * Minor enhancement: To support workflow, WikiContext gains new a context,
        WORKFLOW. It does not require special privileges to access. WikiCommand
        gains a corresponding WORKFLOW command.

        * Second major checkin of the workflow package. The API is mostly stable,
        but it should still be regarded as volatile. Workflow now includes
        a working user interface (Workflow.jsp). UI has a workflow "inbox" (for
        decisions a user has been asked to make) and an "outbox" (for workflows
        a user has started). Users must be authenticated to see their workflows.

        * 'SaveWikiPageWorkflow' is now operational. It provides moderation for
        saving wiki pages, and is turned off by default. See jspwiki.properties
        for configuration guidelines.

        * To test workflow, enable SaveWikiPageWorkflow via jspwiki.properties.
        Note: a cosmetic NullPointerException occurs in some cases after approving
        page saves; this does not prevent the actual page save. This will be
        fixed very soon. Other than this, approve/deny/abort features work nicely.

        * TestEngine gains accessors for the 'admin' and 'Janne' sessions.

2007-01-02  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.5.17

        * Happy New Year everyone!

        * This release adds a significant new package for modeling
        workflow operations (com.ecyrd.jspwiki.workflow). This package allows
        arbitrary combinations of "steps" to be modeled, with support for
        unlimited branching and support for human intervention. The core class
        is the Workflow class. Workflows are composed of Steps, which can be
        Tasks (which run uninterrupted) and Decisions (which require input
        from named Principals -- users, roles or groups). This initial checkin
        is well-tested and solid code, but the API should not be considered
        stable... yet. There are NO user-interface classes as yet.
        Additional front-end JSPs that provide a UI will follow in the coming weeks.

        * The initial sample Workflow subclass, checked in today, implements moderated
        page changes (SaveWikiPageWorkflow). It has an undocumented configuration
        interface, which I will detail more fully when the UI is closer to completion.

        * See the (very complete) JavaDoc for more details. I'm VERY psyched
        about this new capability, and once we get flesh out the interface you all
        will be too!

        * Enhancement: changed throws clause in I18NManager methods.

        * Enhancement: added new dir (etc/i18n) and a resource file called
        CoreResources.properties for message strings for the core JSPWiki packages
        (that is, not plugins, tags or JSPs).

        * Enhancement: added new event class, WorkflowEvent, to support workflow
        create/run/pause/restart/halt/complete events.

2007-01-01  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.16

        * If there was no default locale set, I18NManager.getBundle()
        would fail.

        * Attachment links with new character set work now.

        * Section titles are now returned back to 2.5.14 behaviour.

        * Some tiny i18n work on TableOfContents.

2006-12-31  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.15

        * English resource files had some &apos;'s in them.  Replaced
        with &#39;.  Turns out that &apos; is an entity in XML, but
        not in HTML - and therefore IE does not recognize it.  Fun,
        but for once IE is correct in their standards support.  Found
        by Harry Metske.

        * The LinkParser would not boot jspwiki.org content due to
        being too strict: ("[]") would cause a RuntimeException being
        thrown, which would not be caught until a very high level.
        Fixed LinkParser to use a new declared exception "ParseException".
        Reminder to self: RuntimeExceptions are evil.

        * This is a biggie: increased the number of allowed characters
        in a wikiname.  Now the list reads " ()&'*+,-=._", so yes,
        spaces are allowed now.  Added MarkupParser.wikifyLink() to
        keep compatibility with previous versions, and also enhanced
        CommandResolver to be able to figure out old-style links.
        Please be aware that this is not yet a final set of characters,
        so using this version may cause a legacy you might have to
        deal with it painfully later on.  Also, note that the code is
        largely untested right now, and many unit tests are failing
        right now, so consider this now "bleeding edge".  Please give
        feedback on what the proper set of characters should be.

2006-12-29  Janne Jalkanen <jalkanen@ecyrd.com>

        * v.2.5.14

        * Bug fix: 2.5.9 was breaking unit tests badly, thanks
        to a missing null check.

        * Bug fix: Any markup in the first paragraph would break
        paragraph detection in JSPWikiMarkupParser.parse().
        Reported by Murray Altheim.

        * Added patch from Murray to add the "target" attribute to
        the Image plugin.

        * CommentedPropertiesTest no longer requires JDK 1.5.  Thanks
        to Murray for spotting this!

2006-12-27  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.13

        * Added LinkParser class from Murray Altheim.  Thanks!
        Links now have a new, extended syntax.  You may add metadata
        to a link by adding a new bar: [text|link|attributes]. Only
        a subset of attributes is allowed, as described in LinkParser.
        This allows you to have things like link targets and link
        relations.

2006-12-26  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.5.12

        * Fixed bug with Login/LoginContent that was preventing
        page redirection upon login from working properly. The
        corresponding web unit tests now all work again, too.

        * Fixed minor bug in Ant Hsql database teardown task
        that would cause the test db to erroneously think the
        database didn't need starting, even if it did.

2006-12-23  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.5.11

        * Fixed failing auth unit tests and web unit tests.

        * Fixed compilation errors for *GroupContent JSPs.

2006-12-20  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.10

        * Mass commit of code from 2.4.87

2006-12-18  Christoph Sauer <sauer@hs-heilbronn.de>

        * 2.5.9

        * Bugfix in FilterManager: Filter Manager used
        getClass().getResourceAsStream( "/filters.xml" ) to locate filters.xml.
        To ensure that it reads it from WEB-INF like described in the
        documentation we have to use the same aproach like with jspwiki.properties:
        engine.getServletContext().getResourceAsStream( DEFAULT_XMLFILE );

2006-12-16  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.8

        * JSPWikiMarkupParser now exports parseToken() method, which
        can be used by subclasses to modify or change the default
        markup rendering.  There are a couple of caveats: first,
        don't forget to call super.parseToken() if you don't do
        anything; second, you might create a completely non-compatible
        version of JSPWiki with this method.  So be very, very careful.
        Note also that this is an experimental way yet, so I would
        very much like to hear feedback before we cement it to stone.

        * CreoleRenderer now correctly renders plugins and images.

2006-12-13  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.7

        * JSPWikiMarkupParser will now ignore whitespace between
        list bullet and list - makes no difference and produces more
        unambiguous code.

        * Added CreoleMarkupRenderer, which currently supports
        WikiCreole 0.2 syntax.  This is a highly experimental feature.
        You can't do much with it yet, since we're missing a backconverter.

        * JSPWikiMarkupParser now properly produces <p> tags for
        all paragraphs - UNLESS there is just a single paragraph, in
        which case old behaviour will follow.

        * Bug fix: DefaultResources.properties was still using some
        {0,date} strings instead of just strings.  Reported by Harry
        Metske.

2006-12-11  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.6

        * Merged in JSPWIKI_2_4_BRANCH changes up to 2.4.84.

2006-11-28  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.5

        * plain.jsp did not compile due to last-minute changes in
        package structure.  Reported by Juan Pablo Santos Rodriguez.

        * InternationalizationManager was not properly initialized.
        Reported also by Juan.

        * TableOfContents was using wrong resource bundle.  Reported
        by Juan.

        * LoginContent.jsp was failing, if someone localized the login
        button.  Reported by someone (remind me and I will fix this entry)

2006-11-27  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.4

        * Added rpc package, JSONRPCManager, and added preliminary
        support to get suggestions in plain.jsp over AJAX.  Yes,
        JSPWiki just gained AJAX support using JSON...

        * Moved AtomAPIServlet to rpc/atom under the assumption that
        nobody was using it anyway.

2006-11-21  Christoph Sauer <sauer@hs-heilbronn.de>

        * 2.5.3

        * Checked in WikiWizard 1.1:

          Major Improvements:
          - Now supports multiple file uploads
          - Speed up loading by putting config file init
            in extra thread
          - Highlighting of %% tags
          - "Mark Occurences" function similar to eclipse
          - Drag 'n Drop Interface for extension bar

          for details please take a look
          at /applets/WiWi-INF/ChangeLog.txt

2006-11-20  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.2

        * Synchronized with 2.4.81.

2006-11-12  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.1

        * Fixed LoginContent.jsp so that it compiles.

        * Fixed issue with PolicyLoader when the URI found had a "file:"
        in it.

        * Fixed some other issue which I can't remember right now because
        I drunk some very nice Tomintoul 27 years old single malt whiskey.

2006-11-09  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.5.0

        * Split off 2.4 to its own JSPWIKI_2_4_BRANCH stable development
        branch.  HEAD is now 2.6 development branch.

        * Mass commit of i18n code.  Almost everything is localized now,
        but unfortunately we only support English right now.

2006-11-07  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.78

        * A bunch of minor refactorings suggested by Aron Gombas,
        including:

        * Visibility of member variables in WikiContext have been checked -
        things were made more private, except m_request is now protected to
        help in subclassing.

        * JSPWikiMarkupParser also has visibility checked a bit to help
        in subclassing - the different link types are now protected,
        and a new factory method createAnchor() was added.

        * JSPWikiMarkupParser now checks WikiContext for overrides for
        most variables.

2006-11-06  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.77

        * Hopefully fixed login redirection issues when using
        container authentication.  If the user did not have permissions
        even after login, this would result in a constant series of
        redirections.

        * Added run_webtests.sh

2006-11-06  Christoph Sauer <sauer@hs-heilbronn.de>

        * 2.4.76

        * added fix from Chuck Smith so that WikiWizard.jsp now is valid XHTML:
          document.write() function in JavaScript is deprecated, instead
          document.addEventListener("DOMContentLoaded", changeWidth, null)
          is used now to modify the the DOM Tree after it is loaded.

2006-11-04  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.75

        * Added patch from Tomasz Szymko to fix previews when adding
        comments.  Thanks!

        * Added patch from Murray Altheim to provide timestamps in
        WikiEvents, and added a new SESSION_EXPIRED event as well.

        * Session monitor now fires SESSION_EXPIRED events.

2006-10-29  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.74

        * Improved startup a bit; now the log files should be better in
        case you have a problem in your jspwiki.properties.  It's still
        not perfect, but it's better.  The unfortunate side effect is
        that you'll start getting 404 errors instead of error messages
        when you are trying to access the site.

        * Got rid of jspInit() in all top-level JSP files.  This is a
        bit nicer and simpler all around.

2006-10-28  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.73

        * Patch from Neil Miller to fix PageManager which was not using
        proper getProperty().

        * AttachmentManager.listAttachments() now sorts the attachments.
        Suggested by Fabio Bonin.

        * If jspwiki.useCache was set to false, finding pages would
        not work with VersioningFileProvider, thanks to some really old
        optimization code that never got updated.  Removed optimization,
        hey presto!  It works!

        * Spam filter now includes change notes in its checks as well.

        * WikiEventSource is now gone, since it was not used for anything.
        Thanks to Murray for the heads-up!

2006-10-21  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.72

        * SpamFilter is now a lot smarter.  I enlisted a small guy
        called Herb, who has agreed to sit in the JAR file, and watch
        for any spam.  Log files are a bit better, too.

        * SpamFilter will now watch at consecutive modifications, and
        mark them as spam, if there are too many similar-looking
        modifications (no matter what IP they're from).

        * SpamFilter can now connect to Akismet (www.akismet.com).
        You need to get your own API key, though, and put it in the
        filters.xml config file.  Unfortunately we don't yet have
        the ability to mark "ham" and "spam".

        * ShortURLConstructor did not handle CONFLICT situations
        correctly.

2006-10-17  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.71

        * Small fix from Tomasz Szymko: jspwiki.css has information
        and error images reversed.

        * Comment.jsp did not compile.  Reported by a number of people.
        Ooops...

2006-10-13  Erik Bunn  <ebu@memecry.net>

        * 2.4.70

        * Minor mod to WeblogEntryPlugin: now accepts a 'page' parameter,
        like WeblogPlugin. Allows providing a 'new entry' link on some
        page other than the actual blog page; this may be useful e.g.
        for alternate views of a blog page.

2006-10-12  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.69

        * Added a couple of patches from Tomasz Szymko to fix a problem
        with messages from the AttachmentServlet, and a problem with
        EditLinkTag.

        * Added patch from Murray Altheim to fix a problem with
        TextUtil.replaceString() - it would be dying under certain
        circumstances.

        * Added patch from Murray to add "_bounds" parameter to the
        plugin invocation.  _bounds consists of an integer array (int[]),
        where element 0 is the start of the plugin position in the page,
        and element 1 the end.

        * Small fixes to LuceneSearchProvider.

2006-10-09  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.68

        * Hopefully fixed the "ACL not refreshed at startup" problem,
        reported by many people.

2006-10-08  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.67

        * Enhancement: JDBCUserDatabase will now use transactions, if the
        back-end database supports them. In addition, JDBCUserDatabase now
        nails up a single, long-running connection instead of continually
        opening and closing them. Log message verbosity expanded slightly.

        * Enhancement: GroupDatabase now has a relational database implementation
        called JDBCGroupDatabase. It supports transactions and is configured
        using a container-managed JNDI DataSource, exactly like JDBCUserDatabase.
        Unit tests and DDL setup/teardown scripts were upgraded for the
        new implementation. Sample scripts are included for PostgreSQL and
        Hypersonic.

2006-10-06  Janne Jalkanen <jalkanen@ecyrd.com>

        * Fixed a bunch of javadoc warnings; not enough to warrant a
        version bump.

2006-10-05  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.66

        * Added small patch from Neil Miller to fix WikiEngine.getInstance()
        which was not properly passing its arguments.  Thanks!

        * Added patch from Murray Altheim which makes ReferenceManager and
        SearchManager to behave as EventListeners for page deletion.  Notably,
        AttachmentManager and RenderingManager do not yet fire or listen these
        events (needs fix).

        * Added PAGE_DELETED and PAGE_DELETE_REQUESTED from Murray.

        * Added patch to JSPWikiMarkupParser from Murray to make some of the
        attributes publically accessible and less magic.

        * Fixed ShortURLConstructor again for some contexts (FIND, DELETE & PREFS)

2006-10-01  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.65

        * Bug fix: fixed an issue with WikiContext that caused ACLs and policy settings to
        be ignored when accessing the default front page. This bug was introduced during
        the AAA mega-patch in July (2.4.25). Note: we still have an unrelated bug
        with ACLs not being applied the *first time* pages are loaded.

2006-10-01  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.64

        * WikiPage.clone() was not cloning everything; this should now be fixed.

        * Included patch from Neil Miller to make RenderingManager use the
        eventing system instead of PageFilters.  Thanks!

        * ShortURLConstructor now supports group functionality.

        * Fixed an annoying bug which appeared if saving failed for some reason
        (e.g. when SpamFilter would reject an edit): the cache would still
        contain the changed page metadata.  We now make a clone of the
        WikiPage before we attempt a save.

2006-10-01  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.63

        * WikiSession receives several under-the-hood changes to improve session
        stability. The technique used to detect session status changes now includes an
        explicit check for prior authentication; this should prevent sudden "downgrades"
        from authenticated status to asserted (cookies). User/login Principals and
        the status strings (anonymous/asserted/authenticated) are cached now, rather
        than dynamically calculated. WikiSession gains a new public method, isAsserted()
        that does what it says. Finally, WikiSession now takes responsibility
        for populating the JAAS Subject with user profile principals, rather than
        the various login modules.

        * AuthenticationManager now fires an event called LOGIN_INITIATED whenever
        the authentication status changes, signifying that the JAAS login stack
        executed (but without regard to whether it succeeded). WikiSession listens
        for this event and updates its cached principals. AuthenticationManager
        also now fires explicit events called LOGIN_ANONYMOUS and LOGIN_ASSERTED
        in addition to LOGIN_AUTHENTICATED.

        * In the name of code simplification, event support was removed from the
        Group class. It was redundant and made things more complicated. Consequently,
        GroupManager loses its GroupListener inner class, and WikiSecurityEvent gets
        rid of types GROUP_ADD_MEMBER, GROUP_REMOVE_MEMBER, GROUP_CLEAR_MEMBERS.
        If you really really need these let me know, but in the meantime the coarser-
        grained GROUP_ADD and GROUP_REMOVE will do what we need.

        * UserDatabaseLoginModule no longer populates WikiSession's Subject with
        user profile principals; this was moved to WikiSession. This should make
        pure, authentication-only login modules possible, such as for LDAP and Kerberos.
        Because authentication and user profile storage are better separated, it will
        prevent the need to subclass and hack XMLUserDatabase. WebContainerCallbackHandler
        no longer needs a UserDatabaseCallback as a result, so the callback was removed.

        * Bug fix: LoginForm now injects a WikiContext, but only if one does not already
        exist in the page context. This plugs the bug introduced in 2.4.60. Page redirection
        after login works for both container and custom authentication; the web unit
        tests now test for this condition explicitly. The fix has been tested with
        Tomcat and JBoss 4.

        * Fixed a bunch of failing auth tests.

2006-09-28  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.62

        * Fixed the fix for the login-redirection issue, patched in 2.4.60.
        "Regular" logins (those without a subsequent redirection) now work again.
        Thanks to the indefatigable Terry Steichen.

2006-09-27  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.61

        * Fixed a couple of failing tests (recent changes caused slight behaviour
        change)

        * Bug fix: the Wiki Event INITIALIZING is now fired after log4j is running -
        this stops about a zillion of errors in the container log file.

        * Slightly juggled with the built-in system filter priorities to make sure
        that they are executed in correct order.

        * Added a small fix to saveText() to check if it possibly fixes some problems
        with disappearing ACL lists or other metadata.  Our provider interface is
        desperately in the need of an overhaul...

2006-09-27  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.60

        * Fixed typo in SecurityConfig.jsp that caused group verification to
          report the number of "users" rather thank groups. Credit: Chuck Deal.

        * Fixed a series of related, minor bugs that caused JSPWiki to always
        redirect to the front page after login, even when instructed to redirect
        to another page. This fix also resulted in the removal of a redundant
        WikiContext creation in LoginForm. Thanks to Terry Steichen for figuring
        out where to look.

2006-09-24  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.59

        * XMLGroupDatabase and XMLUserDatabase now represent dates using
          a locale-independent, machine-independent format. To preserve backwards
          compatibility, JSPWiki will attempt to parse dates using the platform
          default format if parsing with the standard format fails. New records
          will always be saved in the standard format.

2006-09-24  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.58

        * Some internal reshuffling of Managers.

        * PluginManager and EditorManager now check if a module is
        compatible with JSPWiki.  You can state your own compatibility
        by declaring it in the jspwiki_module.xml file, as
        <minVersion>2.4</minVersion>, and/or
        <maxVersion>2.6.32</maxVersion>.

        * 2.4.57

        * Added change notes also to attachments

        * Attachment names are now also beautified (though just the
        page name part).  This should help the problem when RecentChanges
        plugin overflows.

        * Cleaned away a few compiler warnings

        * Improved some PluginManager javadocs

        * BasicAttachmentProvider has now more sanity checks and should
        no more throw wild NPEs at startup.

        * Fixed
        BugLuceneSearchProviderNotReadJspwiki.lucene.analyzerFromConfiguration
        Thanks to Ekkasit Takoungsakdakul for pointing this one out!
        (And I am very sorry I did not notice that bug report earlier.)

2006-09-21  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.56

        * Added patch from Kalle Kivimaa to fire the event with the
        proper principal at logout.  Thanks!

2006-09-15  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.55

        * Added patch from Joseph Schmigel to recognize IP
        addresses in sortable tables.  Thanks!

        * Added new icons from Murray Altheim so that we could
        get rid of all Creative Commons-licensed icons.  This was
        done so that JSPWiki 2.4 could be included on Debian.  Thanks
        heaps for the good work!

        * Reverted to previous behaviour with respect to WikiWizard:
        no longer closes applet and div with javascript, which should help
        in IE.

2006-09-12  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.54

        * Added patch from Murray Altheim to fix WikiEventManager
        javadocs, as well as made it return booleans on a couple
        of methods.  Thanks Murray!

2006-09-10  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.53

        * Removed FCK.jsp from the distribution (since we don't distribute
        FCK, it's sort of weird to have it there breaking things).

        * Bug fix: Comment.jsp now catches RedirectExceptions

        * Bug fix: BugReportHandler also catches RedirectExceptions and
        now gives a proper error report.

        * Limited change note length to 80 characters.

2006-09-09  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.52

        * UserManager now checks to make sure that a user can't
        specify as a wiki name somebody elses's full name or login
        name. This check is peformed for all other combinations of
        these three user profile fields also. This is a potentially
        serious security flaw, so all users should upgrade.

2006-09-08  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.51

        * Added patch from Malte Kiesel to fix a problem which caused
        overwriting of user profile.

        * Fixed WikiJSPFilter writing the wrong content length to the
        response (we're skipping setting the length for now).

2006-09-07  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.50

        * Test release to check whether we can solve some WebLogic
        issues.

        * Split WikiServletFilter to WikiServletFilter and WikiJSPFilter.
        The latter takes care of JSP stuff, the former of all other types
        of data.  WikiJSPFilter uses getWriter() extensively, while
        WikiServletFilter is for those instances that use
        getOutputStream().  Thanks to Marc Patteet for the help.

        * Renaming now also renames attachments (assuming that the
        attachments exist - if they don't, then there's no way to know
        which pages refer to them (bar going through all pages).

        * Changed web.xml to reflect the new filters.  Don't forget
        to update!

        * Added "print" style for jspwiki.css in commonheader.jsp.  This
        should fix problems with printing looking different from screen.
        Reported by Steve Lihn, fix from Dirk Frederickx

        * Fixed InfoContent.jsp for WebLogic.  By Marc Patteet.

2006-09-06  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.49

        * Witness the awesome p0w3r of unit testing.  Fixed the
        unit tests added in the morning so that we now hopefully
        are fixing BugStrangeRenameBehaviour.  Reported by Candid
        Dauth.

        * Bug fix: ReferenceManager was not removing all references
        to a page if it was renamed, resulting in "hanging" pages.

        * Added a bunch of new unit tests to check for page
        renaming problems.  At the moment most of them fail, suggesting
        that there is something wrong in PageRenamer...

2006-09-05  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.48

        * Bug fix: it was possible to gain user privileges simply
        by faking the cookie.  This is a serious problem and all
        people running 2.4.x are suggested to upgrade.  Thanks
        to Andrew for the fix.

        * SecurityVerifier no longer gets confused, if you state
        a property using "==" instead of "=".

2006-09-05  Christoph Sauer <sauer@hs-heilbronn.de>

        * 2.4.47

        * Added title and accesskey attribute to
          LinkTag, EditLinkTag and PageInfoTag. You can now set
          accesskeys to edit pages in the PageActions.jsp
          Use the title attribute to add a tooltip text to indicate
          the speedkey you used.

2006-09-04  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.46

        * Bug fix: PageLock was using acquisition time for both
        expiry and acquisition.  Fixes BugLockNotWorking.  Reported
        by Terry Steichen.

        * Added WikiContext.hasAdminPermission() as a convenience
        method.

        * Changed SpamFilter to check for AllPermission instead of
        a group called Admin - this is better because of i18n.

        * SpamFilter now checks also the changenote before saving.

        * Added the possibility to escape }}} within a preformatted
        section by using ~}}}.  Suggested by several people at
        WikiCreole.org...

2006-09-04  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.45

        * Bug fix: When SpamFilter rejected something, there would
        be no message shown in RejectedMessage.  Reported by
        Terry Steichen.

        * Removed plenty of documentation from the default wikipages
        package.  It was out of date, and better written up at
        doc.jspwiki.org anyway.

        * Removed doc/Templates.txt, which was no longer accurate.

2006-09-03  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.44

        * Both XMLUserDatabase and XMLGroupDatabase will now check
        if the database is up to date.  This allows propagation of
        databases across wikis (though it's rather flaky; there are
        concurrency issues).

2006-09-03  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.43

        * Bug fix: If the front page did not exist, would die with
        a NullPointerException, when accessed with the default URL
        (e.g. /Wiki.jsp, or /wiki/ without the page).
        Should fix BugBadDefaultConfig.

2006-09-02  Christoph Sauer <sauer@hs-heilbronn.de>

        * 2.4.42

        * Fixed Bug with WikiWizard.jsp and Weblogic reported by Marc Patteet

2006-09-02  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.41

        * LinkTag should no longer crash if WikiContext does not have
        a page attached.  Reported by Fabiano Bonin.

2006-08-30  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.40

        * Christoph Sauer joins in as a contributor (if only I got
        him to update the ChangeLog... ;)

        * WikiWizard is now included.  Hooray for WIKIWYG editing!

        * Small tweaks to the EditTemplate.

        * Changed "jspwiki.security=container" to "jspwiki.security=off".
        This should make it more clear to people.  The old setting
        will continue to work.

        * Added page info links back to attachments in RecentChanges.
        Unfortunate side effect of the new renderer...

2006-08-30  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.39 - The "Piko" release.  Rest in Peace.

        * Added SearchManagerTest to make sure that our search works.

        * Bug fix: LuceneSearchProvider was not indexing the WikiName
        of the page.

        * Bug fix: SearchManager now always indexes the latest version
        of the page (thanks heaps to John Volkar for finding this).

        * Disabled ContextualDiffProviderTest.testKnownProblemCases(),
        I have no idea how to fix those, and it was never running anyway.

        * Disabled JSPWikiMarkupParserTest.testSpanJavascript2() -
        it would need a lot more care to make it really run.

        * Fixed failing XMLRPC tests.

        * Upgraded to Lucene 2.0.0.

2006-08-27  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.38

        * WikiEvents are now fired at almost any occasion that seems suitable.
        Thanks to Murray Altheim for this mega-patch.  Some of the event
        classes were also reorganized (thanks to Andrew and Murray).

        * SpamFilter no longer counts admins as evil, if they make many
        changes/minute.

        * WikiServletFilter fails now gracefully if WikiEngine instatiation
        fails - should no longer emit dumb NullPointerExceptions.

        * FindContent.jsp now hopefully calculates previous- and next
        search sizes correctly.

        * Change Notes are now visible in page history as well.  Unfortunately,
        the visuals suck.  Anyone want to help to make them look better?  Just
        don't make them too wide...

        * Change Notes are now limited to 60 characters (totally arbitrary).

2006-08-21  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.37

        * Faced with physical threats at WikiSym, I added the "change note"
        feature.  Hope y'all are happy now :-D  (Well, okay, it does not
        work in the page info yet; I'm thinking what would be a good
        presentation so that the page does not get overly wide).

        * Bug fix: jspwiki.tld had the wrong attribute for RequestResourceTag.
        Reported by Marc ?.

2006-08-14  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.36

        * Bug fix: UserProfileTag was not printing groups.  Reported by
        Dirk Fredericx.

2006-08-13  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.35

        * Fixed BugPreformattedTextWithHtmlDoesnTWorkIfAllowHTMLTrue. Thanks to
        RealGagnon and an unknown submitter.

        * Fixed BugStyleDoublePercentProblem.  There are two new tokens:
        /% can also be used to stop a style, and ~<space> is a non-rendering
        space.

        * Fixed BugNullPointerExceptionWhenInsertingImagesWithoutAlignAttribute.
        Thanks to Candid Dauth for pointing it out.

        * Added patch from Laurent Courtin to fix
        BugTableOfContentsDoesnTWorkWithPageNotInAscii.  Thanks!

2006-08-12  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.34

        * Implemented RequestResourceTag (oops, it had been skipped for
        some reason).

2006-08-09  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.33

        * RecentChangesPlugin was missing a quote in the generation
        of author names.

2006-08-08  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.32

        * Fixed an astoundingly brain-damaged bug in WikiContext that caused
        all wiki contexts to use the default template in all cases, regardless
        of the setting in jspwiki.properties. This bug was introduced by the
        2.4.25 security mega-patch. The fix, of course, was three lines
        of code. Now that it's in, I'd like to put down my crack pipe
        long enough to thank Terry Steichen for spotting this.

2006-08-01  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.31

        * Bug fix: BugArbitraryHTMLMarkupInHeadingIsRenderedByTableOfContentPlugin,
        reported by Jerome Duprez.

        * Bug fix: BugCenteringImagesUsingImagePluginDoesNotWorkInFirefox,
        contributed by Alex Reid.

        * Bug fix: BugCanKeepPressingNext20ResultsOnResultSearchPage.  Rewrote
        the scriptlets in FindContent.jsp to provide a better experience
        overall.

        * Bug fix: BugReferringPagesPluginDontWriteNobobyAfterFiltering.
        Reported by François Burtin.

        * Removed a bunch of compiler warnings found thanks to upgrade to
        Eclipse 3.2.

2006-08-04  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.30

        * Fixed cosmetic bug that was causing all search results to
          appear with the name "Search".

2006-08-01  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.29

        * Character encoding is now set in the servlet filter, not
        WikiEngine.createContext() anymore.  This should remove certain
        cases where character encoding got lost.

        * 2.4.28

        * Fixed a HUGE number of potential problems, found using FindBugs.
        Problems included such as:

        * Now many Comparators are also Serializable

        * hashCode() is now implemented properly on objects that do
        equals()

        * clone() is rewritten to use super.clone()

        * Many inner classes were made static to save extra effort

        * Forms package classes had really dubious null checks which
        were rewritten.

        * TranslatorReader is no longer used in the code anywhere.  Even
        the TranslatorReaderTest is gone.  The class, however, remains,
        until we can refactor it to be a facade for JSPWikiMarkupParser.

        * Coding style is now a local setting instead of a global
        setting...

        * And a lot of small bits and pieces...

2006-07-31  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.27

        * Bug fix: SecurityConfig was erroneously reporting that externally set
          values for java.security.policy did not resolve to existing files,
          even when they did.

        * Bug fix: SecurityConfig was erroneously reporting that wiki groups
          could not be deleted, even when this function actually worked
          properly.

2006-07-30  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.26

        * Fixed editor textarea width, thanks to Gordon Smith.

2006-07-29  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.25 - a.k.a. the AAA mega-patch

        * This release completely changes the way JSPWiki manages wiki groups.
          They are no longer stored in pages; instead, GroupManager controls
          access, while back-end storage is provided by the GroupDatabase interface.
          This change has caused many other changes. More details:

          * GroupManager changes from an interface to a concrete, final class. Group storage
            is now handled by a separate GroupDatabase interface. The default implmentation is
            XMLGroupDatabase. In addition, Group becomes a concrete final class; DefaultGroup
            and DefaultGroupManager disappear. Group gets a new method groupPrincipal() that returns
            the equivalent GroupPrincipal. Many new unit tests created for all of these changes.

          * Group creation handled in UI by NewGroup.jsp. Editing is via EditGroup.jsp.

          * UserProfileTag gains a property "groups" that will print the list of wiki groups
            the current user belongs to. The "roles" property now just prints the roles.

          * Default security policy (jspwiki.policy) gains grant entries for group
            viewing, editing, deletion permissions. By default, users must be at least
            "asserted" to view group members, and must be a member of a group to edit
            the membership.

          * PermissionTag gains three new permission checks: "viewGroup", "editGroup", "deleteGroup".

          * Group principal injection responsibilities moves to WikiSession from AuthenticationManager.

          * The hard-coded restriction on pages prefixed "Group" has been lifted.

          * SecurityVerifier adds tests for GroupPermission. Better support for detecting
            exceptions. Adds tests for adding/deleting Groups.

          * New Groups plugin prints a sorted list of the wiki groups in the group database;
            generates a hyperlink to each group page.

        * JSPWikiInstaller (Install.jsp) receives a makeover and substantial enhancements to
          support the new group scheme. When the wiki is set up, we now create an administrative
          user and an Admin group. It also uses the default CSS.

        * The new Command class is now fully integrated into WikiEngine.createContext()
          and the WikiContext constructors. Practically speaking, this means that the
          page names and redirect errors shown on pages will actually show something useful
          when non-pages are accessed (e.g., access denied for UserPreferences.jsp won't
          print the non-sensical "you don't have access to 'Main'). WikiEngine delegates
          page-resolution responsibilities to CommandResolver. Minor changes to new
          Command/CommandResolver classes to make JSP page names "friendlier".

        * WikiSession.getUserPrincipal now defaults to the wiki principal, rather than
          the full name. This means that favorites auto-linking won't break. It also gains
          a method getRoles() that returns the roles and groups the user possesses.
          The method doPrivileged(WikiSession,PrivilegedAction) allows actions to be
          executed using the user's privileges. WikiSession's getSubject() method has been
          removed; it was a security risk.

        * Substantial changes to the AAA package tests. Web unit tests changed to accomodate groups.

        * Minor refactoring: AllPermission, WikiPermission, PagePermission. AllPermissionCollection.

        * Bug fix: closed <span> tag in InsertPagePlugin

        * WikiContext.getName() provides a "safer" shortcut than calling WikiContext.getPage().getName()
          because not all wiki contexts apply to pages. This change was made to: TableOfContents plugin;
          most of the top-level JSPs; TranslatorReader; PageNameTag.

        * Container role principals are now injected at login time by WebContainerLoginModule,
          rather than the AuthenticationManager.

        * More use of checked exceptions. Authorizer.initialize() throws WikiSecurityException

        * WikiSecurityEvent gains the event type PROFILE_SAVED, emitted by UserDatabase. Most
          of the security events are now marked as "debug" level events, which means the logs
          will be much less chatty (this is a temporary hack).

        * AuthorizationManager gains a new public method: getAuthorizer()

        * The WikiEventSource "marker interface"  added to class declarations for AuthorizationManager
          AuthenticationManager, WikiEngine. EventSourceDelegate used in place of cut-and-paste code
          for these classes also.

        * TextUtil.password generator now uses SecureRandom instead of Random.

2006-07-24  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.23

        * Andy J. fixes what he broke... namely the build. Thanks
          to Mark Rawling for pointing it out.

        * SessionMonitor achieves escape velocity and becomes its own class,
          breaking free of WikiSession's gravity.

        * WikiSession.guestSession() changes to guestSession(WikiEngine).
          This required small tweaks to a few classes, notably the RPC handlers
          and parts of the Auth code.

        * Various classes receive small code tweaks in preparation for upcoming
          builds. WikiContext gains three new group-related contexts; WikiEngine
          gains code to initialize CommandResolver and a related accessor;

        * GroupPrincipal gains a two-argument constructor that accepts the
          wiki name as the first parameter.

        * WikiPermission's action strings are now public. Ebu's been waiting a while
          for this.

        * CommentedPropertiesTest's missing test.properties file is now in CVS.

2006-07-23  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.22

        * Added several classes and interfaces to support upcoming
          AAA refactoring. These do not affect functionality, because
          they are not referenced by any existing classes. New classes
          include: (1) Command interface and related AbstractCommand,
          PageCommand, GroupCommand and WikiCommand implementations;
          (2) WikiEventSource interface and EventSourceDelegate class,
          both in events package; (3) GroupDatabase interface and sample
          groupdatabase.xml files and (4) CommentedProperties class for
          reading and re-saving properties files that include comments.
          Again, these classes are not yet actively used.

        * Minor tweak to TestHttpServletRequest to support parameters and
          servlet path.

        * Removed cruft from HttpUtil; no functionality changes.

        * WikiBackgroundThread now contains a getEngine() accessor.

2006-07-17  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.21

        * RCSFileProvider had a rare concurrency issue with the
        SimpleDateFormat.  Reported by Bosmon on IRC.

2006-07-17  Erik Bunn  <root@d183.fi.basen.net>

        * Modularized RenderingManager. By setting
        jspwiki.renderingManager.renderer in jspwiki.properties, a custom
        WikiRenderer can be specified. Defaults to XHTMLRenderer.

2006-07-13  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.20

        * Fixed BugNoMoreThanOneSortableTablePerPage.  Thanks to
        Juan Pablo Santos Rodriguez!

2006-07-13  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.19

        * Added "InternalModule" interface.  This is just an empty
        interface which a module can declare and not get listed
        in SystemInfo, for example.  Used internally by JSPWiki.

        * Fixed a major issue with page renaming: thanks to an
        erroneus context sent downstream, the page which was renamed
        from would get random contents.

        * Page rename would not change referrers if the breakTitleWithSpaces
        option was set on.

2006-07-12  Erik Bunn  <Erik.Bunn@basen.net>

        * Made ParamTag attribute 'value' non-required; tag body is
        acceptable for value. (This should not warrant a version bump.)

2006-07-02  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.18

        * BugReportHandler was dutifully adding the "_cmdline" to the
        pages it was creating...

        * Fixed some quote issues in commonheader.jsp and
        PreferencesContent.jsp which were causing issues with
        WebSphere.  Reported by Robin Tew and Thorsten Nordholm S?birk.

2006-06-28  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.17

        * WikiSecurityEvent.toString() would die if you had a null principal...

2006-06-17  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.16

        * Bug fix: SessionMonitor.sessions() now returns the same
        number of sessions as userPrincipals(). Credit: Terry Steichen.
        Also, the array of Principals returned by userPrincipals() is now sorted.

        * WikiSession receives lots of Javadoc tweaks and minor
        cleanup-oriented fixes (e.g., member visibility changes) that
        do not change functionality. The class, and all of its methods, are
        now marked final. The setSubject() method, which was not called
        anywhere, was removed; it was a potential security risk.

        * Ant 'javadoc' task now links to J2EE 1.3 API.

        * Added table entry to SystemInfo page to display list of active users.
        If you feel this is a privacy risk, remove the line from SystemInfo.

2006-06-23  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.15

        * Fixed issue with absolute URLs and ShortURLConstructor (we were
        using %U where %u should've been used in ERROR and NONE contexts).
        Thanks to jim from IRC for pointing this out.

        * Added patch from Brad Johnson to give better error output if
        RCSFileProvider fails.

        * Added patch from Murray Altheim to support _cmdline in PluginManager.
        This allows a plugin to do completely custom parsing.

2006-06-17  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.14

        * Enhancement: all background threads now subclass a new class called
        WikiBackgroundThread which will gracefully shut themselves down when
        they hear a 'wiki shutdown' event. These threads are, at present:
        WikiSession.SessionMonitor, PageManager.LockReaper, RSSThread, and
        LuceneSearchProvider.LuceneUpdater. These threads are NO LONGER
        daemon threads, which means they won't stay in memory when
        the wiki webapp is removed.

        * Enhancement: Added protected method shutdown() to WikiEngine that is
        triggered by WikiServlet catching webapp destroy() events. Shutdown()
        fires a WikiEngineEvent called 'shutdown' to all listeners, which at
        present includes all WikiBackgroundThreads. New class added:
        WikiEngineEvent. To catch container events, WikiServlet was changed in
        web.xml to load at startup. This is a dirty hack, but not too dirty.

        * Enhancement: Major refactoring of WikiSession to include a background
        'monitor' thread that removes expired wiki sessions. This means that
        session-count information should be accurate to within a minute
        of when your web container expires its sessions. The background thread
        is an inner class called SessionMonitor that subclasses WikiBackgroundThread.
        WikiSession also gains a method called getUserPrincipals(WikiEngine)
        that returns an array of Principals that represents the current
        users currently using the wiki.

        * Enhancement: SessionsPlugin receives parameter 'property' to specify what
        session information should be returned. If set to 'users', plugin
        returns the list of current users. If omitted, it returns the number of
        active sessions. Thus, [{INSERT SessionsPlugin property=users}]
        will actually print the names of current users -- neat!

        * Enhancement: Group interface receives a long-awaited members()
        method that returns the wiki group's current members as an array
        of Principals.

        * Enhancement: thread responsible for RSS generation extracted out of
        WikEngine and moved to its own RSSThread class.

        * Bug fix: to support multi-wiki webapps, WikiSession.getWikiSession's
        method signature now includes a parameter for the current WikiEngine.
        Check your custom JSPs to see if this affects you (it shouldn't; none of
        the default JSPs currently use this method).

        * Bug fix: Fixed deprecated methods used in LuceneSearchProvider.

        * Bug fix: added sensible session timeout defaults to TestHttpSession
        to prevent some tests from failing.

        * Minor signature change to GroupManager: commit() now throws WikiException.

        * Minor refactoring of WikiEvent class and subclasses to add getType()
        method to superclass.

2006-06-05  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.13

        * Added EditorManager patch from Chuck Smith.  This now allows
        fully dynamic editor selection using a drop-down menu in EditContent.jsp

        * Added EditorIterator tag from Chuck, too.

        * Fixed some IE tab layout issues, thanks to Dirk Fredericx.

2006-06-05  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.12

        * Added Hypersonic embedded database for JDBC testing. Enabled
        JDBC testing in build.properties to use Hypersonic by default.
        Added license file; corrected file extensions of two others.

        * Removed database scripts for Mckoi embedded database.

        * Added Ant target called 'tests-auth' for JDPA debugging of
        AuthorizationManagerTest.

        * Minor Javadoc fixes.

2006-05-28  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.11

        * WikiSession received minor refactorings to remove the set/getLastContext()
        methods. These were used for only one purpose anyhow (WebContainerAuthorizer)
        and the net result was that their inclusion was preventing garbage collection
        of expired WikiSessions. WikiSession also receives a removeWikiSession()
        method, which removes wiki sessions from its internal cache, and is called
        during logout.

        * Bug fix: WikiSession.sessions() and the related SessionsPlugin now
        more accurately reflect the number of current WikiSessions, instead of
        continuously incrementing. (Technically, the counter shows the number of
        non-GCed sessions.) In the future a "session reaper" would make this even
        better.

        * Bug fix: Removed divide-by-zero error from SecurityVerifier.

        * Bug fix: DefaultGroup and DefaultGroupManager now store their
        WikiEventListeners in WeakHashMaps to prevent listener objects
        (such as WikiSession) from being reclaimed by GC.

        * Bug fix: WikiDocument now stores its reference to WikiContext
        as a WeakReference, so that caching operations won't prevent GC
        of the WikiContext.

        * Bug fix: Corrected text on the default PreferencesContent.jsp
        to reflect recent e-mail reset function.

        * Bug fix: Fixed listener bug DefaultGroupManager that was preventing
        WikiSessions from receiving updated GroupPrincipals when groups
        were changed to include new members in certain cases.

        * Bug fix: Fixed 'index out of range' error caused by zero-length cookies.

        * Bug fix: WebContainerAuthorizer now recognizes roles declared in
        web.xml for elements web-app/security-role/role-name, in addition to
        those declared for web-app/security-constraint/auth-constraint/role-name.

        * Moved hack-ey code that injects web container Role Principals from
        AuthenticationManager to WebContainerLoginModule, where it belongs.

        * As part of the memory-leak fix, WebContainerAuthorizer no longer
        relies on a sneaky call to WikiSession.getLastContext().getHttpRequest()
        to test whether a user possesses a particular container role. Instead,
        we (only) inspect the user's Subject's Principal set for the desired role.
        This means that changes to container's user/role mappings are NOT
        reflected until the next time the user logs in.

2006-05-28  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.10

        * Atom feeds now validate properly

        * RSS and Atom feeds are now served with proper media type

2006-05-20  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.9

        * Enhancement: UserDatabase interface includes two new methods:
        getWikiNames() for enumerating the users in the current database,
        and deleteByLoginName( String ), for removing users. I have implemented
        these methods to the concrete classes JDBCUserDatabase and
        XMLUserDatabase. Thanks to Frank Fischer for his patches; they
        served as the basis for these changes. I have *not* added convenience
        methods to UserManager... yet.

        * Enhancement: SecurityVerifier includes new code that checks to make
        sure the UserDatabase is initialized properly, and that it can add
        and delete users correctly. Also, admin/SecurityConfig.jsp includes
        a new section ('UserDatabase') where results of the checks are displayed.

        * Minor tweaks to the database setup scripts to include update/delete
        privileges for the roles table.

        * Minor tweak to web unit tests to account for cleared cookies at logout.

2006-05-20  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.8

        * Enhancement: AuthenticationManager now injects role Principals
        at login time from the external authorizer into our WikiSession's
        subject. This works with all Authorizers, including (of course)
        WebContainerAuthorizer. This enables grants to Principals of
        type com.ecyrd.jspwiki.auth.authorize.Role to be specified in
        the Java security policy. In particular, this means that policy
        files can be broadened to include container roles.
        WebContainerAuthorizer received a new method to accomodate this.

        * Enhancement: Added grant block in jspwiki for administrator groups
        principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" (wiki group)
        and principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" (container
        role). Added new wiki page to distribution, GroupAdmin.txt with an
        empty (disabled) membership, which makes the administrator group
        secure by default. We expect that a future enhancement to Install.jsp
        will overwrite the contents of this file, thus "enabling" the admin group.

        * Bug fix: Uploaded JDK1.4-compatible version of freshcookies-security.jar.

        * Bug fix: Fixed error in jspwiki.policy.

        * Bug fix: Changed WikiEvent so that its toString() method does not
        leak credentials.

        * Bug fix: Logout.jsp now removes "asserted" identity cookies.
        This is arguably less confusing to users.

        * Bug fix: Removed SecurityConfig.jsp from web.xml constraint (for now).

        * Removed spurious import in AuthorizationManager.

        * Massive refactoring and huge improvements to SecurityVerifier and
        admin/SecurityConfig.jsp. Janne, it should even for you now. :)

        * AllPermissionCollection now accepts WikiPermission and PagePermission
        types in its add() method. The newPermissionCollection() method for
        WikiPermission and PagePermission returns a new AllPermissionCollection().

2006-05-09  Dan Frankowski

        * 2.4.7

        * Fixed SearchBox "edit" bug when
	  jspwiki.urlConstructor=ShortURLConstructor

        * Add a link on the attachment page back to the original page

2006-05-09  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.6

        * Fixed NPE in ReferenceManager.pageRemoved (thanks
        to JMarquart).

        * ShortURLConstructor did not have PREVIEW context
        available; thanks to Malte Kiesel for the fix.

        * Added quick fix from Dan Frankowski to generate
        JDOM javadoc links.

        * Plain URIs in text are now parsed properly and no longer
        cut at the first "=" sign.

        * NewGroup.jsp would occasionally throw NPEs if the context
        was null - fixed by ICantRememberWhoAnymoreBecauseILostTheEmail.
        Thanks anyway!

2006-05-07  Andrew Jaquith <andrew AT freshcookies DOT org>

        * 2.4.5

        * Added a new JSP for verifying JSPWiki's security
        configuartion, admin/SecurityConfig.jsp. This JSP
        collaborates with a new class, c.e.j.auth.SecurityVerifier.
        SecurityConfig will verify the presence or absence of
        the JAAS login config file, the security policy file,
        and container-managed auth constraints. It will also
        validate that the correct JAAS login configations exist,
        and will print a summary table showing the privileges
        that apply to each role. Much needed, and should
        help folks get their security working.

        * To support the security verifier, small (non-public)
        changes were made to WebContainerAuthorizer. This class
        also gains a new public method isConstrained(String, Principal).

        * Bug fix: AuthenticationManager's method of finding
        its JAAS and security policy files changed so that
        full (absolute) patchs are discovered, rather than
        local (JNDI) paths.

        * Bug fix: small change to default security policy file
        jspwiki.policy. It now includes commas between the
        codebase and principal entries, as it should have.

        * Added a small third-party utility jar (my own)
        for parsing security policy files.

2006-05-06  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.4

        * Added activation.jar and mail.jar to the distribution

        * AuthenticationManager now complains if it cannot
        locate the JAAS LoginManager information, instead of
        failing with NPE.

        * PagePermission.hashCode() no longer fails with NPE
        if wiki is not set (normally, though, you would never
        need it, but there are certain cases where this might
        occur).

        * Added a great patch from Dan Frankowski which allows
        recovery of forgotten passwords!  Please see your
        jspwiki.properties for new SMTP options.

        * Added search results filtering based on permissions,
        i.e. you no longer see pages to which you have no
        access to.  Requested by many people.

        * Login button is now on its own line instead of being
        hidden in the right corner.  Helps those people who
        like to "hunt and click" on the mouse.

2006-05-01  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.3

        * Added fix from Rolf Schumacher: no longer outputs
        password to the log file in Tomcat.  Oops.

        * Fixed a failing unit test

        * atom.jsp is now gone; please use "rss.jsp?type=atom"

        * Fixed SearchBox.jsp issue reported by Dirk Fredericx.

        * FeedDiscoveryTag should now offer Atom 1.0 feeds.

        * WeblogPlugin no longer considers empty comment pages
        as "1 comment".

2006-04-30  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.2

        * Page Renamer did not write the author name properly to
        any pages that were changed due to referrers changing.

        * Page Renamer would accidentally do double-encoding of
        XHTML entities...  Yes, there's a difference between
        getText() and getPureText().  Thanks to suomigo.net
        community for finding this one out.

        * WikiEngine.renamePage() API signature was changed
        because of this... It now takes a WikiContext as well.

        * Login.jsp did not write proper content encoding.

2006-04-26  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.1

        * Updated README.

        * Split old stuff from ChangeLog to OldChangeLog

        * Added missing SearchPageHelp

        * PageActions.jsp now checks if login is allowed

        * Install.jsp now sets "jspwiki.security=container" to make
        first-time installs easier.

        * AuthorizationManager returns now "false", if security is
        set to container and you ask for login permissions.  This
        drops the "Login" button from the display, if JSPWiki is
        not managing authentication, fixing an annoyance.

2006-04-25  Janne Jalkanen <jalkanen@ecyrd.com>

        * 2.4.0

        * SearchResultsIterator now can start from a given place

        * You can now see all of the search results - just click on
        "next 20 results".

        * Included patch from Dan Frankowski to support returning
        of search fragments.  Thanks!

        * Upgraded to Lucene 1.9.1

        * Removed slash from allowed characters in wikipage - that would
        create pages that were impossible to link to.  Oops!  It must've
        been some debug code left in...

        * LinkTag now removes extra whitespace from link text; this allows
        you to use multi-line <wiki:Param> tags without the text becoming
        too unwieldy...

        * Search now also supports Google-like "are you feeling lucky"
        -functionality.  Just click on "Go!" in the search page.

        * Search help is now on a page called "SearchPageHelp".

        * Added support for left-to-right and right-to-left markup with
        the %%ltr and %%rtl default styles.  You can copy them from the
        "jspwiki.css" file.

        * Minor cleanups to build.xml.

        * CheckLockTag would get confused if two people were trying to
        create a non-existent page at the same time.  Reported by
        Mark Rawlings.
