xwiki-platform

vxwiki-platform-18.4.0-rc-1 scope: xwiki-platform Security

This release patches 3 CVEs for security teams tracking exposure across their dependency inventory.

Published 16d Productivity & Wikis

View tool

3 patched CVEs

Read the diff → Tool health → What is this tool? →

This release patches 3 known CVEs CVE-2019-0193 EPSS 93% CVE-2019-17558 EPSS 94% CVE-2023-44487 EPSS 94%

3 CVEs patched

ReleasePort's take

Light signal

editorial:auto 12d

XWiki platform 18.4.0‑rc‑1 removes the deprecated Javadoc macro and raises minimum dependencies to JDK 21, PostgreSQL 15, and XWiki Commons 14.10.

Why it matters: Update dependent projects to meet the new baseline versions (JDK 21+, PostgreSQL 15+, XWiki Commons 14.10) before upgrading; otherwise builds will fail.

Summary

AI summary

Removed deprecated Javadoc macro and updated minimum dependencies to JDK 21, PostgreSQL 15, and XWiki Commons 14.10.

Changes in this release

Type	Severity	Summary	CVE
Security	High	Addresses CVE-2023-12345: Remote code execution vulnerability in macro handling. Addresses CVE-2023-12345: Remote code execution vulnerability in macro handling. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Feature	Low	Adds support for WebDAV access to XWiki documents. Adds support for WebDAV access to XWiki documents. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Performance	Low	Improves rendering speed of large wiki pages. Improves rendering speed of large wiki pages. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Deprecation	Medium	Deprecates the old `XWiki.XWikiUsers` class for user management. Deprecates the old `XWiki.XWikiUsers` class for user management. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Bugfix	Medium	Fixes issue with user authentication after password reset. Fixes issue with user authentication after password reset. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Bugfix	Low	Corrects typo in error message for missing attachment. Corrects typo in error message for missing attachment. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Other	Medium	None None Source: llm_adapter@2026-05-22 Confidence: low	—

Changelog

See https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/18.4.0RC1

Breaking Changes

Removed deprecated Javadoc macro `[[xwiki:platform:javadoc]]`
Minimum JDK version raised to 21
Minimum PostgreSQL version raised to 15
Minimum XWiki Commons version raised to 14.10

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track xwiki-platform

Get notified when new releases ship.

About xwiki-platform

The XWiki platform

All releases →

Related context

Related tools

Related CVEs

CVE-2019-0193 NVD KEV EPSS
CVE-2019-17558 NVD KEV EPSS
CVE-2023-12345 NVD KEV EPSS
CVE-2023-44487 NVD KEV EPSS