Tiki30
Tiki 30.0 LTS is planned for May June 2026.
It is a Long Term Support (LTS) version and will be supported until March 2031 as per the Tiki lifecycle policy. This release is more about refining features than major changes. After this release, there will be major changes in Tiki31.
You can see the development page at: https://dev.tiki.org/Tiki30 and all the code commits here: https://gitlab.com/tikiwiki/tiki/-/commits/30.x/ once it is created (in 2026-01).
1. Infrastructure
1.1. Major Changes
- [+] Admin Page Language – Refactored Section Handling
- [+] Background Job Queue for Asynchronous Task Execution
- A new general-purpose background job queue has been introduced to offload long-running operations such as PDF generation and instance creation.
The queue supports task serialisation, user association, type filtering, and full lifecycle tracking (pending, running, completed, failed).
A new queue:process CLI command executes queued tasks in single-run or continuous polling mode and records outputs and results in the database.
API and CLI endpoints are available to enqueue tasks, retrieve status, and fetch results.
This foundational system enables scalable background processing and removes heavy workloads from HTTP requests.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8581
- Client-Side Queue Processing
A "queued_tasks_js_processing_disabled" preference allows disabling web-based queue processing while keeping task status polling for user feedback.
Smart polling automatically stops when users have no active tasks, reducing unnecessary server requests.
Early-return checks prevent polling and processing when "feature_queued_tasks" is disabled.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9353
1.2. Dependency & Tools Updates
These changes include library upgrades, replacements of deprecated or unmaintained packages,
and tooling improvements to ensure compatibility with modern PHP, JavaScript, and build environments.
The updates aim to improve security, maintainability, and long-term sustainability, while minimising
impact on existing installations.
1.2.1. Application Integrations
1.2.2. Core Libraries
- [+] CAS Authentication Library Modernization
- The deprecated and unmaintained jasig/phpCAS library has been replaced with ecphp/cas-lib.
A backwards-compatible wrapper was introduced to preserve existing phpCAS calls while ensuring continued CAS authentication support with a maintained library.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8071
- [+] HTML Purifier Migration to HTML5-Compatible Fork
- [+] JavaScript Dependency Modernization
- [+] jsPDF and DOMPurify Dependencies updated
- [+] jQuery Reflection Plugin Replacement
- [+] MediaAlchemyst Package Migration
- The abandoned media-alchemyst/media-alchemyst Composer package has been replaced with the official Tiki-maintained fork tikiwiki/media-alchemyst. All references, runtime checks, and CI configurations were updated to ensure continued support for document preview and OCR features, improving long-term compatibility and stability.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8411
- [+] melbahja/seo Library has been upgraded to version 3.
- [+] Laminas/Config replaced with Native Tiki\Config
- Tiki now uses its native INI-based Tiki\Config system for all configuration parsing and merge logic.
The external laminas-config dependency has been removed.
The new system introduces improved merge order handling, overlays, configuration locking, and proper y/n string support.
Core tests have been updated to validate the new configuration behavior.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8574
- [+] PEAR XML Dependency Replaced with PHP Native XML Extension
- [+] Plotly.d3 and d3-color Replacement
- [+] pragmarx/google2fa dependency has been upgraded from version 8 to version 9
- [+] Swiper Library updated to Version 12.1.3 and updated related plugin integration code
- [+] Symfony Polyfills support for PHP 8.4 and 8.5 added
- Tiki now bundles symfony/polyfill-php84 and symfony/polyfill-php85 to ensure forward compatibility with upcoming PHP language features.
These polyfills provide implementations for new PHP core functions and language constructs expected in PHP 8.4 and 8.5.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8504
- [+] Unoserver Support for Document Conversion
- Support for "Unoserver" has been added as a modern alternative to the deprecated "Unoconv".
Administrators can select the converter using a new configuration option.
Includes automatic binary detection, improved diagnostics, and environment checks in tiki-check.php.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9370
- [+] XMPP and Logging Core Libraries Updated
- Backend dependencies related to XMPP and logging have been updated for modernisation and improved compatibility.
The montefuscolo/xmpp library has been upgraded to version ~0.8, adding support for PHP ^8.1 and PSR-3.
This update enables compatibility with Monolog 3, which can now be used by Tiki.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8472
1.2.3. Dev Tools
- [+] CI Check for Alphabetical Ordering of Source Lists
- Tiki’s CI pipeline now includes a test that verifies alphabetical ordering of selected lists in the source code, such as in
composer.json and package.json.
The check is designed to be easily extendable to additional lists in the future.
This improvement strengthens code quality checks and enforces established contributor conventions.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8720
- [+] CI Check for External Links in Source Code
- A new CI check detects external URLs present in the source code.
Links are categorized by severity to identify potential external dependencies.
Helps ensure Tiki remains usable in environments without internet access.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9139
- [+] CI Safeguard for npm Lockfiles
- A new CI check verifies that platform-specific binaries required by dependencies (such as @parcel/watcher) are present in
package-lock.json.
This prevents incomplete lockfiles from being committed and avoids installation failures across different operating systems.
The safeguard improves reliability and consistency of Node.js dependency management.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8792
- [+] CodeMirror Syntax Mode Loading
- [+] Cross-Platform BOM and Line-Ending Handling
- Tiki’s BOM and line-ending maintenance tools have been modernized to improve cross-platform support and remove external dependencies.
A new mechanism now automatically detects and removes byte‑order marks, while an updated component natively manages the different types of line endings (CR, LF, and CRLF).
FixBOMandUnixCommand now supports --report-only and no longer depends on external tools like dos2unix.
These enhancements make Tiki’s maintenance commands more reliable and fully cross-platform for developers.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9142
- [+] Database Schema Checks Enhanced
- tiki-check.php now performs deeper database schema validation by detecting mismatches in column types, sizes, and index definitions between the live database and db/tiki.sql.
Previously undetected issues—such as incorrect column lengths (for example, "tinyint size mismatches") and outdated field size limits (such as "filename length constraints")—are now reported.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8546
- [+] Debug Code Detection in CI
- [+] happy-dom Library dependency has been upgraded from version 18 to version 20
- [+] Husky was added as a pre-commit hook to check the formatting of the commit messages
- [+] MariaDB and MySQL Versions updated in CI
- [+] mohlsen/check-engine replaces deprecated check-engines
- [+] Optimized Local and GitLab CI Quality Checks
- Tiki's development workflow has been significantly improved with faster and smarter local and GitLab CI quality checks.
A shared affected-file detection mechanism enables supported validation tools to analyze only PHP, JavaScript, and Smarty files modified in the current branch or merge request, while intelligent parent branch detection keeps local checks consistent with GitLab CI and avoids unnecessary Git operations on newly created branches.
The local quality check tools also provide clearer error messages and actionable guidance when validation fails, helping developers quickly identify and fix issues before pushing changes.
Configurable options allow selected local validation steps to be skipped when appropriate, providing greater flexibility for different development workflows.
These improvements reduce CI execution time and resource consumption while delivering faster feedback during development.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9044
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10426
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10433
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10459
- [+] PHP CodeSniffer Updated for PHP 8.5 Deprecations
- The PHP CodeSniffer (phpcs) ruleset has been updated to detect PHP 8.5 deprecation warnings more accurately.
Support for polyfills has been added, and outdated manual exceptions were removed to improve overall code quality checks for developers.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9089
- [+] PHPStan Static Analysis Integrated into CI
- [+] Security Check Validation Process
- Enhanced the doc/devtools/securitycheck.php process to improve detection and enforcement of missing feature security checks in PHP files.
The work also evaluates integration with CI pipelines and strengthens release validation procedures to reduce the risk of overlooked security-related inconsistencies across Tiki versions.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9750
- [+] SmartyLint Package Distribution
- [+] SQL Migration Validation Improvements
- [+] Squizlabs/php_codesniffer dependency has been upgraded from version 3 to version 4
- [+] Vitest Upgraded has been upgraded to version 4.0.16.
1.3. Tiki 27+ Build System
- [+] Build System Updated for Node.js 24 Support
- [+] FieldsLinker Migrated to the New Build System
- The FieldsLinker component has been fully migrated to the Tiki 27+ build system.
This refactoring improves consistency with the modern asset pipeline and frontend tooling.
Benefits include cleaner builds, easier maintenance and updates, and better long-term compatibility with Tiki’s current JavaScript infrastructure.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8188
1.4. Configuration & Dependency Management
- [+] Support for Multiple System Configuration Files
- Tiki now supports loading multiple system configuration (INI) files through a new array-based configuration mechanism.
This enables better separation of infrastructure-managed and project-level settings while maintaining ordered configuration precedence and backward compatibility.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10024
2. New Features and Improvements
2.1. User Interface and Navigation
2.1.1. Accessibility
- [+] Support for Prefers-Reduced-Motion
- Tiki now honors the prefers-reduced-motion system setting, disabling non-essential animations across the interface while preserving user-initiated interactions.
This improves accessibility for users with motion sensitivity and also benefits low-end devices or users looking to reduce battery usage.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7433
2.1.2. Responsive Design
- [+] Audio and Video Recording – Responsive Enhancements
- [+] Improved Mobile Dropdown Positioning
- [+] Sidebar Behavior on Small Screens
- The sidebar display has been improved to correctly respect user preferences on smaller viewports, resolving cases where collapsed sidebars rendered improperly.
This update ensures consistent behavior across responsive and split-screen layouts.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7951
- [+] Syntax Help Display on Widescreens Improved
- The Wiki Syntax Help overlay is now responsive and automatically arranges its content into columns on wider screens.
This reduces excessive vertical scrolling and improves readability, especially on landscape and large displays.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8139
2.1.3. Navigation and Menus
- [+] Collapsible Sidebar Restored in Admin Settings
- The collapsible sidebar feature in the Admin Settings has been restored and fully implemented.
The collapsed state is persisted between page loads, and the sidebar can temporarily expand on hover for easier navigation.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9181
- [+] Dropdown Menu Dynamic Opening Direction
- [+] Manage Passkeys
- [+] Menu Usability for Long Dropdowns
- [+] Pagetop Hero Module – Enhanced Breadcrumb Options
- [+] Tooltip Previews for Internal Links
- Introduced tooltip previews for internal links, allowing users to quickly view contextual information for linked wiki pages, tracker items, and other internal objects.
Supports both native internal link syntax and generic URLs pointing to Tiki objects, improving navigation and usability.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10055
- [+] User Info Tooltips Enabled by Default
- User hovercards are now displayed automatically for users who allow their information to be public.
The related preference has been removed to simplify configuration.
The “Public” vs “Private” profile setting has been clarified to ensure consistent behaviour for hovercards and username links.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9419
- [+] Wiki Configs Submenu
2.1.4. Dialogs and Windows
- [+] Dynamic Modal Backdrop Configuration
- Tiki’s modal system now supports dynamic backdrop options, allowing runtime control over whether clicking outside a modal closes it or not.
This enhancement improves UI flexibility and gives developers and theme designers finer control over modal interaction behaviour.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9168
- [+] Modal Dialogs – Improved Resizable Windows
- Resizable modals now better handle dynamic content such as expanding sections and dropdown menus.
Conditional resizing logic allows modals to grow with their content while preserving proper scrolling when reduced.
Fixes layout issues introduced after the migration from jQuery UI to Interact.js.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9524
2.1.5. Themes and Layout
2.1.6. Administration UX
- [+] Asset Caching & Headers Improvements
- Tiki now applies precise HTTP caching headers to files served via its PHP-based download system.
Public assets can be cached with an admin-configurable max-age to improve performance.
Restricted assets are marked as private, no-store, no-cache to prevent any form of caching and ensure strict access control.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7088
- [+] Bulk Removal for Scheduler Jobs
- Administrators can now delete multiple scheduled jobs at once in the Scheduler interface.
Previously, jobs had to be removed individually; the new multi-remove option streamlines cleanup and management of scheduled tasks.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9066
- [+] Custom Module Configuration Improvements
- Custom user-defined modules now support structured parameter forms during module assignment, similar to standard Tiki modules.
This improves usability and makes module configuration more reliable and intuitive for administrators.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9658
- [+] Improved Usability in Admin Notifications
- The tiki-admin_notifications.php interface has been enhanced to make it easier for administrators to locate configuration options related to email notifications for tracker changes.
This includes clearer access to settings such as Copy activity to email for a whole tracker.
The improvement streamlines notification configuration and reduces friction when managing tracker-related emails.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8216
- [+] Module Preference Error Display in Modules Admin
- The Modules Admin interface now highlights missing or invalid preferences directly during module configuration.
Error messages include clickable links that take administrators straight to the corresponding preference in the admin panel.
These improvements streamline module setup, reduce configuration errors, and make troubleshooting significantly faster.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8855
- [+] Profiles Wizard UI Simplified
- The Installer’s Profiles Wizard has been streamlined to prevent access to outdated and non-functional steps.
The left-side menu has been removed, the content area now uses full width, and navigation buttons have been adjusted (the Next button hidden and Back retained where applicable).
Only the first functional step remains visible, with non-working steps commented out for potential future restructuring.
These changes improve clarity and reduce confusion during installation.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8500
2.1.7. Interface Improvements
- [+] Blog Comments Page UX Improved
- The blog comments page has received several usability enhancements to improve clarity and predictability.
Search filters are preserved when users start typing, blogs without comments no longer show unrelated entries, and non-existent blog IDs behave like empty blogs.
Comment action buttons are now hidden when blogs have no posts.
These improvements make the blog comments interface easier and more intuitive to use.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8145
- [+] Collapsible Comment Threads with “Resolved” State
- Introduced collapsible comment threads with a new “Resolved” state inspired by modern code review and discussion platforms.
Resolved threads are automatically collapsed by default, improving readability and helping users focus on active discussions.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10025
- [+] Faceted Search Views
- [+] “Label as Placeholder” Support for Tracker Fields
- [+] Minichat UI Improvements
- The Minichat module interface has been improved with updated chat bubble styling and a clearer message layout.
Minichat messages are now strictly confined to the Minichat module and no longer appear in admin alert areas.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8801
- [+] Username Validation – Improved Registration Page Checks
- [+] User Task List Template – Refactored Structure
2.1.8. New Modules
- [+] Webmail Module Showing Unread Emails
- A new module, Unread emails, displays the number of unread Webmail messages even when users are not on the Webmail page.
Unread counts can be shown on home pages or dashboards and work with IMAP folders as well as Email Folders stored in tracker fields.
This is especially useful when Webmail (Cypht) is integrated into Tiki but not used as the home page.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8650
- [+] Transitive Relations Module
- A new module, `relations_transitive`, displays multi-level relationships between objects (for example A → B → C).
Supports configurable search depth and optional exclusion of specific levels.
Helps explore indirect relationships between tracker items and other linked objects.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9317
2.2. Calendars & Event
- [+] Calendar Interface Layout and Styling Improvements
- [+] Calendar Event and Invitation Attachments
- Calendar events now support file attachments, making it easier to share supporting documents with meetings.
Calendar invitation emails can include these attachments, and when invitations are accepted or updated in Tiki Webmail (Cypht), the attached files are automatically imported and linked to the corresponding calendar event.
This provides a complete attachment workflow by preserving event attachments throughout the invitation lifecycle, from sending to acceptance.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7668
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10484
- [+] ICS Calendar Import Support
- [+] Calendar Module and Plugin Refactoring for Consistency
- The calendar_new module has been refactored to rely on the main Tiki calendar library as its core implementation.
This refactor aligns the module and the wiki calendar plugin with the default calendar page, ensuring consistent behavior, rendering, and feature support across all calendar entry points.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8626
- [+] Checkbox-Based Calendar Selection for calendar_new and PluginCalendar
- [+] Cypht Calendar Invitations – Archive Confirmed Emails
- When a calendar invitation received by email is confirmed and added to the Calendar, the original email is now archived instead of being discarded.
This ensures the invitation and its attachments remain available for future reference alongside the calendar event.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8329
- [+] “Copy to New Event” Calendar Workflow
- The calendar Copy to New Event action now opens a pre-filled event creation form instead of immediately creating a duplicate event.
This provides a safer and more user-friendly workflow by allowing users to review and adjust event details before saving.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9667
- [+] Event Descriptions for Calendar Invitations via Email
- When creating calendar events from email invitations via Cypht, Tiki now prefers a suitable HTML version of the email body when available.
This results in event descriptions that more closely match the original invitation email and avoids multipart-MIME artifacts from calendar attachments.
HTML content is sanitized to prevent security issues and remove inappropriate interactive elements.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8620
- [+] Multi-Day Rendering for Recurring Calendar Events
- Enhanced calendar display behavior for recurring events that span multiple days, ensuring they are now rendered across their full date range in calendar views.
This improves schedule accuracy and overall calendar readability.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9238
- [+] Streamlined Calendar UI and Improved Event Dialog Behavior
- Redundant calendar views have been consolidated to simplify navigation, replacing separate List day/week/month/year views with a single unified list-style view.
This reduces UI complexity and makes calendar browsing more intuitive.
Event dialogs now close reliably, ensuring more predictable and user-friendly interaction.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8427
- [+] Tracker Calendar Auto-Sync Improvements
- The Tracker Calendar plugin now supports automatic synchronization of event dates with tracker fields, including the ability to use multiple calendar item fields within a single tracker item.
This enables managing different expiry dates or variations under the same item.
Improvements also include better handling of date vs. datetime fields and proper support for all-day event settings.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8432
- [+] Tracker Calendar Items Now Link to Tracker Entries
- Calendar views displaying tracker-based events now include a direct link back to the original tracker item.
This makes it easier to navigate from the calendar interface to the underlying record, improving workflow efficiency.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8510
- [+] Unified Calendar Rendering for Plugin and Module
- The wiki Calendar plugin and the calendar_new module now use the main Tiki calendar rendering library.
This provides a unified look, consistent behavior, and shared feature support across the main calendar, plugins, and modules.
Two new display options have been added:
- A List View mode, in addition to the traditional calendar grid view.
- An option to display calendar legends for improved readability.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8359
2.3. Communications & Messaging
- [+] Audio Recording Support for Tracker Comments
- [+] Calendar Invitation Support for Tracker Email Messages
- [+] Combined Email View for Cypht Tracker-Integrated Mailboxes
- Introduced a combined email view for Cypht tracker-integrated mailboxes, allowing users to aggregate and manage emails associated with tracker items from a centralized interface.
Improves workflow visibility for teams using tracker-based email discussions and collaboration workflows.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9805
- [+] Custom Nicknames for Anonymous XMPP Chat Participants
- Administrators can now allow anonymous visitors to choose their own nickname when joining XMPP chats through Converse.js.
When enabled, visitors are prompted to enter a nickname before joining a conversation; otherwise, Tiki automatically generates one.
This option provides a more natural chat experience while remaining fully configurable.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10152
- [+] Newsletter Email Validation and Error Reporting
- Enhanced the newsletter sending system with improved email validation, DNS/MX verification, and more reliable delivery error reporting.
Detailed SMTP error feedback and improved exception handling help administrators better troubleshoot delivery issues.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9446
- [+] Webmail Contact Search
- Webmail contact search has been enhanced to support recipient lookup by nickname and company name while composing emails.
This improves usability and makes it easier to quickly find contacts using alternative identifiers.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9718
2.4. Developer Tools & APIs
- [+] AttachmentsMigrateCommand Command
- The
attachments:migrate console command now better handles missing files when migrating wiki attachments to file galleries.
Attachments whose physical files cannot be found are skipped to prevent inconsistent records.
The command generates a report listing missing files and suggesting verification of the `w_use_dir` configuration.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9538
- [+] ExportPDF
- [+] Git Commit Information in Admin General Panel
- When Tiki is installed from a Git clone, the Admin General panel now displays detailed Git repository information.
The extended version banner shows the current Git branch, the short commit hash (linked to the full commit on GitLab), and the commit date formatted with tiki_short_datetime.
This provides clearer version tracking and improves administration of Git-based deployments.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9030
- [+] GlitchTip – Performance Tracing Support
- The GlitchTip integration now supports performance tracing and transaction grouping.
Enables monitoring of PHP and JavaScript operations through structured transactions and spans.
New preferences allow configuring tracing and sampling rates.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9143
- [+] Model Context Protocol (MCP) Server for AI and External Tool Integration
- Introduced a new Model Context Protocol (MCP) server enabling AI assistants and external tools to interact with Tiki wiki content through the standardized MCP protocol.
Includes wiki management tools, API token authentication, HTTP MCP endpoints, permission enforcement, and automated test coverage.
Enables MCP-compatible clients and AI assistants to manage wiki content programmatically.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9813
- [+] Monitoring Metrics in tiki-monitor.php
- Introduced new scheduler monitoring metrics in tiki-monitor.php for reporting scheduler execution timestamps and health status.
The metrics require authentication using the monitor_token and improve integration with external monitoring systems.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9994
- [+] Object Categorization – API Improvements
- The object categorization API now supports assigning multiple categories to multiple objects in a single request, enabling more efficient bulk operations.
Legacy single-category requests remain supported for backward compatibility with existing integrations.
Correct action handling has been restored after recent refactoring.
API responses now consistently include `message` and `count` fields for clearer feedback.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9387
- [+] REST API for Articles
- Added a complete REST API for managing Articles, following the same design and conventions as the existing Wiki Page REST API.
Supports listing articles with filtering, sorting, and pagination, retrieving individual articles, creating new articles, and partially updating existing articles without resubmitting unchanged fields.
Standardized response formats across all endpoints simplify client development and improve consistency for API integrations.
Includes comprehensive Swagger/OpenAPI documentation for easier discovery and integration.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10562
- [+] Scheduler Monitoring
- The scheduler monitoring system has been improved to help administrators detect failures earlier and integrate with external monitoring tools.
The CLI commands scheduler:monitor and scheduler:stats allow checking scheduler health, retrieving runtime statistics, and integrating with monitoring systems such as Zabbix.
New admin preferences allow detecting failures from the last run or within a configurable time window.
The admin interface can display warnings for tasks with recent failures.
Scheduler errors can optionally be reported to external tracking systems such as GlitchTip.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8005
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9473
- [+] Security Auditing Tool Improved
- Enhancements to doc/devtools/securitycheck.php expand CLI-only validations to strengthen detection of potentially unsafe PHP files.
The tool now classifies execution-safe files, identifying scripts that contain only class or function declarations and do not expose executable entry points.
Missing or improper CLI checks are flagged, while exception cases are validated based on explicit and documented rationale.
These provide more accurate auditing of exposed PHP entry points and help developers maintain clear and secure code boundaries.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8548
- [+] Transition Diagrams Migrated to Mermaid
- The Tiki transition diagram system has been migrated from Dracula/Raphael to Mermaid using stateDiagram-v2.
This modernizes the rendering of transition and event chain diagrams and improves maintainability.
The change aligns diagram rendering with Tiki’s new JavaScript build system and provides more consistent, easier-to-manage visualizations for administrators.
Diagram functionality in the admin interface remains unchanged while simplifying generation and upkeep.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8623
- [+] Wiki API PATCH Endpoint for Partial Page Updates
- A new Wiki API PATCH endpoint allows partial updates of wiki page fields without resubmitting the full page content.
Supported updates include SEO title, SEO description, categories, and tags.
This improves safety and efficiency for integrations, automation workflows, and AI-assisted content management.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9702
- [+] Wiki Plugin Parameter Handling Improvements
2.5. Editors
- [+] Heading Autonumbering and Reset Behavior in Wiki Syntax
- Improved wiki heading autonumbering behavior for numbered headings such as !!#, ensuring correct sequential numbering.
Added a new !#) reset syntax to restart heading numbering within a page.
Additional improvements were made to ordered list numbering behavior and related styling logic.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7609
- [+] Markdown – Expanded Help in Editor
- The Markdown help menu in the editor now includes more comprehensive information about supported syntax.
Based on reference material from the Markdown Guide, providing clearer guidance for formatting options.
Improves consistency with the help available for Wiki syntax.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9511
- [+] Page Edit Form Layout Improvements
- The page edit form has been updated so the Describe the change you made field is displayed outside the Edit/Categories/Properties tabs, clarifying that it applies to all modifications.
The redundant Monitor this page checkbox has been removed, as page monitoring is already available via the page menu.
These changes improve clarity, consistency, and reduce confusion in the page editing interface.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8495
- [+] Summernote – LanguageTool Integration for Grammar and Spell Checking
- Summernote now supports optional real-time grammar and spell checking via LanguageTool.
Highlights issues and provides suggestions directly in the editor.
Configurable preferences allow defining the LanguageTool server URL and related options.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8269
- [+] ToastUI Editor
- Resizable Editor in Edit Mode
The ToastUI editor now supports resizing directly while editing content, without the need for changes in editor configuration settings.
This enhances usability and flexibility, particularly when working with long or complex content.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8654
- Preview Now Uses Tab Mode by Default
The ToastUI editor now displays the preview panel in a separate tab by default.
Previously the preview appeared beside the editor, which could lead users to try editing the rendered content.
Improves clarity by separating editable content from the rendered preview.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8655
- [+] wysiwyg Parameter for Editable Block Fields
2.6. External Services Integrations
- [+] BigBlueButton Integration
- Tiki now uses the official bigbluebutton-api-php library, replacing legacy custom code.
The integration is more robust and maintained in line with upstream development.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7794
- The BigBlueButton plugin now uses consistent shared secret terminology across all settings and error handling.
The bigbluebutton_server_salt preference has been renamed to bigbluebutton_shared_secret, and ServerSaltKeyException is now SharedSecretKeyException.
A migration script updates existing installations automatically.
These changes improve clarity and consistency in configuring and troubleshooting the integration.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9122
- Meetings can now be marked as public or private, providing more control over access.
A new bigbluebutton_use_iframe option allows meetings to open inside an embedded iframe within Tiki.
Improved interface styling, error handling, and user feedback enhance the overall meeting experience.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8551
- [+] CryptPad Integration for Editing Office Documents
- A new integration allows editing Office and OpenDocument files from file galleries using CryptPad.
An “Edit in CryptPad” option opens supported files (DOCX, XLSX, PPTX, ODT, ODS, ODP) in an embedded collaborative editor.
Changes are automatically saved back to the file gallery.
Requires enabling feature_cryptpad_docs and configuring cryptpad_base_url.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9190
- [+] Dedicated Proxy Configuration for RSS Feed Retrieval
- [+] HybridAuth Plugin: Facebook Integration Fix
- [+] Markdown Importer Feature
- Added a new Markdown Importer supporting local sources and remote Git repositories.
Supports multiple Markdown formats, including CommonMark, GFM, and Logseq.
Includes preview mode, automatic page updates, recursive scanning, and scheduled imports.
Designed with a modular architecture for future extensibility.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8726
- [+] PeerTube Integration
- Tiki now supports PeerTube as an external video backend for upload, storage, streaming, and embedding.
Integration uses OAuth2-based authentication and introduces new preferences and schema updates to configure PeerTube connectivity.
A new dedicated library (peertubelib) provides API interactions for video listing, uploading, and token management.
Authorised users can manage PeerTube-hosted videos directly from Tiki via a new video listing page and upload interface.
Includes a new PeerTube tracker field type , a wiki plugin for embedding PeerTube videos, and updates to the video administration panel and related UI templates.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8109
- [+] Prosody and Converse.js Integration with Tiki as Identity Provider
- Adds initial integration enabling real-time chat using Prosody and Converse.js.
Tiki acts as the XMPP identity provider and synchronizes chatrooms with Tiki groups.
Supports anonymous chat access, automatic login for registered users, and optional external XMPP clients.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8631
- [+] RSS Feed Caching Now Respects Feed TTL Values
- [+] Webmail Tracker Folders – Restore Option for Deleted Emails
2.7. File Galleries & Attachments
- [+] Default Archive Retention Preference for File Galleries
- Added a global preference to define the default value for the Maximum number of archives for each file setting when creating File Galleries.
This helps standardise archive retention behaviour and simplifies File Gallery setup.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9940
- [+] File Gallery List Display
- [+] Flexible Rules for Display Names
- Tiki now provides flexible control over how file display names are generated during upload, replacing the previous single fixed behaviour.
A new global default preference has been introduced, now set to preserve original filenames exactly as uploaded.
Administrators can override the global rule on a per-gallery basis, allowing different naming styles depending on context.
For example, a Marketing Photos gallery may apply Title Case for consistency, while a Technical Documents gallery can preserve exact filenames.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8015
- [+] Long-Format File Modification Date/Time Preference
- A new fgal_show_modtimedate preference allows administrators to display file modification timestamps in long format (date and time) within File Galleries.
This addresses previous limitations where long-format timestamps could not be configured through the UI or stored in the database.
The option is now available in File Gallery settings, enabling consistent long-format display across file listings.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8330
- [+] Tiki API File Version Upload Support
- The Tiki API now supports uploading new file versions while respecting the file gallery archive limit.
This prevents uncontrolled storage growth and enables reliable use in IoT and other high-frequency update scenarios.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8049
- [+] ZIP Downloads Preserve Original File Timestamps
- ZIP downloads from file galleries now retain the original file modification timestamps.
Previously, files inside the archive showed the download time instead of their actual modification date.
Ensures accurate metadata and consistent behaviour with the Tiki file manager.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9292
2.8. Maps, Geolocation & Internationalisation
- [+] Interactive Translation Now Supports Modals and Dropdown Menus
- The interactive translation tool can now translate strings displayed inside modal dialogs and dropdown menus.
Several UI and UX blockers that previously prevented translation in overlay elements have been fixed.
This significantly improves the translator workflow, especially when working with modern UI components on i18n.tiki.org.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8580
- [+] JavaScript and Vue Translation Extraction Support
- [+] Timezone Mismatch Detection and Update
- Tiki now detects when a user’s profile-configured timezone does not match the timezone reported by their web browser.
When a mismatch is found, a clear notification is displayed with a one-click option to resolve it.
Users can choose to:
+ Temporarily apply the browser’s timezone for the current session, or
+ Permanently update their profile timezone to match the detected setting.
This helps prevent confusion when viewing dates, calendar events, logs, or tracker timestamps across different devices or locations.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8079
- [+] Timezone Synchronisation Option in User Preferences
2.9. Miscellaneous
- [+] Charts Rendering in PDF Exports
- [+] Copy Link Action for Comments
- A new “Copy Comment Link” action allows users to copy the direct URL of a comment to the clipboard.
This simplifies sharing or referencing specific comments without manually copying the page URL.
Improves usability when linking to discussions across pages, trackers, and other comment-enabled areas.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8926
- [+] Custom WebSocket Base URL Support
- Tiki now supports configuring a custom WebSocket base URL via real-time preferences.
This allows instances to function correctly behind reverse proxies or in advanced deployment setups where the default WebSocket endpoint is not suitable.
The enhancement improves flexibility and reliability for real-time features in complex infrastructures.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8621
- [+] Database Schema Patch Guidance
- [+] Email Threading for Notifications – Improved Handling
- Email notifications now include standard headers such as "In-Reply-To" and "References".
Enables proper conversation threading in mail clients for monitored comments and related activity.
Improves organisation of notification emails when multiple updates occur on the same content.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9108
- [+] Mail Queue Management Interface and Retry Limit
- A new administration page provides visibility into the mail queue, including a full list of queued messages and a summary of the current queue status.
A new preference, mailer_queue_max_retries (default: 10), defines the maximum number of retry attempts for sending emails.
The queue processor automatically ignores messages that exceed the retry limit.
This improves reliability, prevents endless retry loops, and makes failed email delivery handling safer and more predictable.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8549
- [+] Notifications with End-of-Life Alerts
- The update notification system now includes optional End-of-Life (EoL) alerts via the `feature_eol_date_notifier` preference.
Administrators receive warnings when the installed LTS version is approaching or has reached its EoL date.
Notifications now use colour-coded indicators to highlight upgrade priority and importance.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8784
- [+] Performance Statistics Page Enhancements
- Enhanced the Performance Statistics page with a new Details link that provides page-level performance statistics for easier troubleshooting.
Improved the page layout for better readability and added automated tests to help ensure long-term reliability.
Helps administrators distinguish between slow page generation and external factors such as network latency.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10141
- [+] Scheduler
- Improved Notifications and Reliability
The scheduler notification system has been enhanced with multiple improvements:
- Consolidated preferences for better management.
- Introduced an admin notification option for key alerts.
- Added a stalled jobs banner with filtering capabilities.
- Fixed issues with scheduler_users_to_notify_on_stalled to ensure alerts reach only the intended recipients.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7717
- Scheduler Admin: Consolidated Logs and Status Overview
The Scheduler Admin interface now includes a consolidated logs view to simplify monitoring and troubleshooting.
A new Consolidated Logs tab displays total runs, last run status, and stalled status for each scheduled task.
Logs are paginated for easier navigation, and deleted schedulers are handled gracefully with a Scheduler Deleted indicator.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8921
- [+] Survey Redirect Destination Support
- [+] System Menu Visual Consistency
- Icons are now displayed by default for all System Menu dropdown items, aligning their appearance with the admin side menu.
The icons are implemented in a vendor-neutral way to ensure compatibility with different icon sets.
This change improves visual consistency and usability across administrative navigation.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8636
- [+] Tiki Manager Instance Deletion Confirmation
- [+] Upgrade Notices – Improved Handling for VCS Versions
- [+] User Avatar
2.10. Plugins
- [+] Contributions Dashboard Plugin Uses Mermaid for Graphs
- The Contributions Dashboard plugin now uses Mermaid for graph rendering, replacing the previous Raphaël-based implementation.
This modernizes graph visualization and simplifies long-term maintenance, aligns the plugin with other parts of Tiki that use Mermaid for diagrams and visualizations.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9546
- [+] Lottie Plugin for Displaying Animations
- [+] Model3DViewer Plugin to display 3D objects on the page
- A new model3dviewer plugin allows embedding interactive 3D models in pages.
Supports models from File Galleries or external URLs (GLB, glTF, STL, OBJ, FBX).
Provides camera controls, optional auto-rotation, animation playback, and visual customization.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8212
- [+] Newsletter Subscription Plugin – Improved Feedback and Email Confirmation
- The newsletter subscription plugin now provides clearer status messages during the subscription process.
Improves handling of email confirmation workflows to ensure subscriptions are properly validated before activation.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9134
- [+] PluginImg Reflection Update
- [+] PluginList
- Advanced Filtering with AND / OR / NOT
PluginList now supports advanced filtering logic when using multiple selections.
Filters can be combined using AND, OR, or NOT operators on fields that allow multiple values.
The enhancement brings PluginList filtering closer to advanced search capabilities and improves flexibility when building complex lists.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/5416
- Filter Tracker Items by Creator
PluginList now supports filtering tracker items by their creator using the "created_by" filter.
Enables more precise queries and personalized views when listing tracker items.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9291
- [+] RSS Plugin
- The RSS plugin now fully supports the max, sortBy, and sortOrder parameters when used with URL-based feeds.
- max: Controls the number of feed items displayed.
- sortBy: Defines the field used for sorting items.
- sortOrder: Specifies sorting direction (ascending or descending).
These enhancements apply directly to URL-based feeds, not only database-stored items.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8303
- [+] PluginList Sublist Plugin: Memory Optimization with limitfields
- A new limitfields parameter has been added to the Sublist plugin.
When enabled (limitfields="y"), the sublist result set is limited to only the formatted columns actually displayed.
This reduces memory usage and improves performance, especially for large datasets.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8821
- [+] Teleprompter Plugin for Auto-Scrolling Presentations
- A new teleprompter wiki plugin provides a customizable auto-scrolling teleprompter for presentations, speeches, recordings, and guided reading.
Supports configurable scrolling behavior, mirror modes, playback controls, timers, and display customization.
Content can be displayed from wiki text or File Gallery images.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9302
- [+] YouTube Plugin Improvements
2.11. Search and Files
- [+] Clearer Search Actions
- [+] ElasticSearch Configurable max_result_window
- Tiki now allows administrators to configure the ElasticSearch max_result_window setting.
This makes it possible to retrieve result sets larger than the default 10,000 record limit, such as when using PluginList with large datasets.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8982
- [+] Field-Specific Search Enhancements
- Enhanced the search system to support field-specific searches within indexed content.
Users can now restrict searches to specific fields such as titles, descriptions, and other indexed attributes.
Improves precision when searching across wiki pages, tracker items, and other content types.
Helps reduce noise in large search result sets and improves usability for targeted queries.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10131
- [+] mPDF PDF Generation Improvements
- [+] robots.txt – Improved Handling and SEF URL Indexing
- robots.txt handling has been improved with a dedicated parser following RFC 9309.
Supports proper user-agent matching, wildcard rules, and Allow/Disallow precedence.
Prevents incorrect NOINDEX directives when SEF URLs are enabled and improves search engine indexing behavior.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9346
- [+] RSS Feed Caching Improvements
- Cachelib Integration and TTL Support
Updated RSS feed caching to use Cachelib instead of database-based caching.
Added TTL support to generated feeds for improved refresh interval handling.
Improves caching efficiency and reduces database usage.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10046
- Improved RSS Feed TTL Handling
Improved RSS feed caching behavior to better respect remote feed TTL requirements.
Reduces unnecessary external feed requests and improves reliability.
Helps ensure more responsible RSS consumption behavior.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10079
- [+] Shareable and Bookmarkable Search Results
- Dynamic search reports and filtered search result pages now preserve their filters in the page URL. Bookmarked or shared links automatically restore the original search configuration, including keywords, date ranges, tags, and other filters, making recurring searches and shared reports easier to use.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8713
- [+] Sitemap Generation – Improvements
- The sitemap generation system has been refined to improve reliability and maintainability.
Updates include implementation adjustments and compliance with current coding standards.
Helps ensure consistent sitemap generation for search engine indexing.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9487
- [+] SEO and Sitemap Management Enhancements
- Enhanced SEO and sitemap management with automatic sitemap generation support.
Administrators can now choose between automatic and manual sitemap generation modes.
Advanced sitemap splitting options improve scalability and handling of large websites.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9573
2.12. Security & Access Control
- [+] 2FA
- Administration Improvements
Site administrators can now reset or disable Two-Factor Authentication (2FA) for individual users.
This supports secure account recovery scenarios, such as when users lose access to their authentication devices.
The enhancement complements group-based 2FA enforcement and grace-period policies in organizational environments.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8723
- Enforcement with Per-User and Per-Group Grace Periods
Tiki now supports enforcing Two-Factor Authentication (2FA) using configurable grace periods applied per group and per user.
Administrators can define enforcement policies with grace periods (for example 3, 7, 14, or 30 days), calculated per user based on enforcement date or account creation.
Clear reminders are shown to users during the grace period, and optional notifications can be sent to users who have not yet enabled 2FA.
A grace period of 0 days enforces immediate 2FA, and accounts are automatically locked once the grace period expires.
An admin interface allows granting, revoking, or extending grace periods for individual users, supporting scalable and secure 2FA rollout.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8710
- [+] Altcha CAPTCHA Support
- Introduced support for the Altcha CAPTCHA system as a new anti-spam and bot protection option in Tiki.
Includes compatibility handling for PHP 8.1 and PHP 8.2+ environments and provides a modern alternative CAPTCHA provider.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7994
- [+] Batch Lock/Unlock for User Accounts
- Administrators can now lock or unlock multiple user accounts at once from the user administration interface.
Multiple users can be selected and the lock or unlock action applied via the dropdown menu.
This enhancement reduces manual effort and significantly speeds up account management on sites with large user bases.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8733
- [+] Blending Permission Scope System
- A new preference introduces flexible permission scope handling.
Administrators can choose between the traditional strict scope (nearest defined scope wins) or the new blending scope, which merges permissions from nearest to farthest using an additive model.
This provides more granular control over permission inheritance and enforcement.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7181
- [+] Brute Force Protection (Experimental)
- A new experimental brute force protection system has been introduced to mitigate automated attacks on authentication-related workflows.
The new BruteForceProtection service applies exponential backoff throttling to login attempts, user registration, and password reset requests.
Attempts are tracked in a new tiki_bruteforce_attempts database table with automatic, time-based cleanup.
New experimental admin preferences allow enabling or disabling the feature, configuring the initial delay, growth rate multiplier, and forget time window.
Users receive clear retry messages indicating when the next attempt is allowed.
The system includes full unit test coverage for timing, attempt tracking, and expiry behavior.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8588
- [+] Centralized SSRF Protection Library
- [+] Cookie Consent System Improvements
- Reworked parts of the cookie consent system to improve usability, preference persistence, and consent management reliability.
Enhancements include improved preference synchronization, support for disabling unused consent categories, expanded translatable strings, and better handling of consent states.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9843
- [+] Email-to-Tracker Safety Preference
- A new preference has been added (
email_to_tracker_mode ) to control whether emails are moved or copied when creating tracker items from IMAP.
The enhancement is especially useful in test or pre-production environments where email retention is critical.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8646
- [+] Encrypted Tracker Field Workflow and Security Improvements
- Resolved multiple issues affecting encrypted tracker fields and completed the end-to-end encryption key unlock workflow.
Improvements include better validation, secure key handling, permission checks, transaction safety, and more reliable item creation and editing behavior.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10042
- [+] Expanded HTTP Security Headers and CORS Support
- Tiki now supports a full set of configurable CORS and cross-origin policy headers, including credential handling, allowed methods and headers, and modern browser isolation controls (COOP, COEP, CORP).
All headers are configurable from the Admin → Security interface and follow MDN specifications.
Smart validation prevents unsafe configurations, and all options are disabled by default to preserve backward compatibility.
This enhancement strengthens security while giving administrators fine-grained control over cross-origin behavior.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8639
- [+] Groups Emulation Interface and Validation Improvements
- Enhanced the Groups Emulation module with a more intuitive interface, including clearer distinction between parent and inherited groups, collapsible group sections, group counts, and active status badges.
Improved frontend and backend validation to prevent invalid group selections and make permission testing more reliable.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10182
- [+] Forum Email Masking Option
- A new privacy feature allows forums to automatically hide email addresses from public view.
A new forum_mask_emails preference controls masking behavior, and a maskFields method in the Comments class ensures sensitive fields are safely masked.
A new forummaskemail template modifier is used across forum views, and admin settings have been updated to manage email masking.
This enhancement helps prevent email harvesting and strengthens privacy on forums open to anonymous visitors.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9159
- [+] More Restrictive Default Tracker Permissions
- Tracker permission defaults were updated to use more restrictive access settings for new installations, reducing unintended anonymous access to tracker content.
A new tiki-check.php warning also helps administrators identify potentially unsafe anonymous tracker permission configurations.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9674
- [+] Password Reset Security with Cryptographic Tokens Improved
- The password reset process has been modernized to use cryptographically secure random tokens instead of the previous MD5-based validation.
This significantly reduces the risk of token prediction, forgery, or replay attacks.
Key improvements include:
- Replacement of insecure MD5 hashes with secure, randomly generated reset tokens.
- Introduction of PasswordResetLib for token creation, validation, and expiration handling.
- Addition of a new database table, tiki_password_reset_tokens, to safely store and manage reset tokens.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8426
- [+] Retry-After Header for Load Threshold Protection
- When "use_load_threshold" protection is triggered, Tiki now sends a "Retry-After" HTTP header.
Informs clients and bots how long to wait before retrying requests when the server is under high load.
Improves behavior of search engines and automated clients during temporary overload situations.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9349
- [+] SAML Authentication: Admin Fallback Login
- When SAML authentication is enabled, all users with Admin privileges can now log in using Tiki’s fallback authentication method.
This improves flexibility while preserving a secure login flow and simplifies access for administrators.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8214
- [+] Security Checks in tiki-check Enhanced
- tiki-check.php and its dashboard have been extended with additional security verifications to help administrators quickly identify potential risks.
New checks include:
- Detection of exposed or misconfigured phpMyAdmin installations.
- Detection of leftover or publicly accessible Adminer / AdminerEvo files.
- Verification of unsafe, world-readable permissions on db/local.php.
- Additional warnings for other common insecure deployment conditions.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7986
- [+] Tracker Data Redaction Support
- [+] Trusted Proxy Restriction for Load Balancer Access
- Support for trusted proxies has been added to improve security when Tiki is deployed behind a load balancer.
The feature_loadbalancer_header preference enables handling of load balancer headers.
The feature_loadbalancer_trusted_proxies preference allows restricting accepted proxy IP addresses to a trusted list.
Helps prevent spoofed headers and unauthorized access through proxy infrastructure.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9484
- [+] ((Two-factor-authentication|Two-Factor Authentication (2FA) Setup Experience))
- Updated the Two-Factor Authentication (2FA) setup panel to improve usability, accessibility, and standards-based guidance.
Enhancements include clearer setup instructions, vendor-neutral TOTP guidance, copy-to-clipboard support for secret keys, and improved mobile-friendly verification code input.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9837
- [+] Rate Limiting for Attack Protection
- [+] Usernames Cannot Contain Spaces
- Tiki now strictly enforces that usernames cannot contain spaces and must follow a single contiguous pattern.
This prevents ambiguities between usernames and page content or other identifiers.
The rule applies system-wide and improves compatibility with features such as feature_tag_users.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9040
- [+] WebAuthn/Passkey Onboarding Experience
- Enhanced the WebAuthn/passkey onboarding workflow with a dedicated post-registration enrollment prompt, retry and skip options, and clearer error feedback.
This improves usability and aligns the registration experience with modern authentication workflows.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10030
2.13. Trackers
- [+] Admin Tracker: Exact Filtering for Numeric Fields
- An Exact Filter option has been added to the tracker admin item list for precise searches on numeric fields.
This prevents partial string matches (e.g., searching for "45" matching 12345678) and ensures exact-value filtering.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8746
- [+] Barcode Tracker Field Enhancements
- [+] Bidirectional Sync for Wiki Page Tracker Field
- The Wiki Page tracker field type now includes an optional setting to enable two-way synchronization.
When enabled, changes to the tracker field value and updates to the associated wiki page name remain automatically aligned.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8466
- [+] BigBlueButton Recordings Tracker Field
- A new tracker field type has been added to catalog BigBlueButton recordings.
The field can list available recordings and access their associated formats, such as notes, podcast, presentation, screenshare, and video.
This enables structured management and discovery of recorded meetings within Tiki.
The enhancement lays the groundwork for future integrations, such as automated export to PeerTube.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8293
- [+] Configurable Strict Validation for Tracker URL Fields
- [+] DateTime Tracker Fields – Minute Step Option
- [+] "Display as Password" Option for Tracker Text Fields
- A new "Display as Password" option allows tracker Text fields to securely store and present sensitive data.
When enabled, inputs render as password fields with a show/hide toggle, stored values are masked (****) in item view, and values are excluded from the search index.
If the Validation Type is set to Password, this option is automatically enabled for convenience.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8165
- [+] Import-Export: Multi-Table Joins with Remote ODBC
- The import-export system now supports joining multiple tables from remote ODBC sources, enabling flexible external data integration.
Users can map columns across joined tables for more advanced data import workflows.
An ItemLink sort option has also been introduced to improve data handling during imports.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8296
- [+] Item Duplication Workflow – Configurable Tracker Process
- Administrators can now configure per-field duplication rules in tracker properties.
Fields can be copied, cleared, or reset to their default value when duplicating items.
The duplication process now opens a pre-filled “Insert Item” form, allowing users to review and modify values before saving.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9462
- [+] ItemsList Tracker Field
- Rebuild Optimization
The ItemsList tracker field has been optimized to improve performance during rebuild operations.
Item labels and main titles are now cached, reducing processing time and resource usage.
This enhancement makes rebuilding large lists significantly faster and more efficient.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9115
- Dual List (“Transfer”) Mode
The ItemsList tracker field now supports a dual list (transfer) mode for managing relationships between items.
Available and selected items are displayed in two lists, allowing users to easily move items between them.
Provides a clearer and more efficient alternative to traditional multi-select interfaces.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8475
- [+] Manual Value Overrides for Tracker AutoIncrement and Math Fields
- [+] Move Search Emails to Trackers in Webmail
- Webmail now supports moving multiple emails from search results or message lists directly into tracker fields.
Previously limited to single-message moves from the message view, users can now bulk-select messages in list or search mode and assign them to a tracker field.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9071
- [+] Multi-Level Sorting in Tracker Views
- Tracker views now support hierarchical multi-level sorting of items.
Administrators can define primary, secondary, and tertiary sort fields, each with its own ascending or descending order.
Sorting is applied hierarchically, similar to spreadsheet applications.
This enhancement improves navigation and presentation for large trackers, making complex datasets easier to organize and browse.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7602
- [+] Object Selector – Exact Item ID Search
- The Object Selector now supports searching tracker items by their exact numeric ID (for example `123` → `item123`).
This prevents unrelated results where the number appears in content rather than matching the specific item.
Improves workflows when linking or referencing tracker items by their known ID.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9330
- [+] Optional Email Notifications for Tracker Updates
- [+] Optional “Choose Fields to Display” for Tracker Lists
- A new tracker-level option in the Display settings allows administrators to enable or disable the “choose fields to display''” feature for tracker item lists.
This provides better control over whether end users can customize visible fields on a per-tracker basis.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8365
- [+] “Save and Comment” Workflow improved for Tracker Items
- The “Save and comment” workflow for tracker item editing has been improved for better consistency and reliability.
Previously, item changes were saved immediately when selecting “Save and comment”, even if the comment was not completed.
Changes are now saved only after the comment is submitted, ensuring the edit and its comment remain properly linked.
Users can still return to the editing form to modify their changes before finalizing the save.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9387
- [+] Tracker Administration Interface Improvements
- Reorganized tracker action buttons into a more consistent grouped navigation layout.
Added visual highlighting for the active tracker section to improve navigation.
Improves usability when managing tracker properties, fields, and items.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/10134
- [+] Tracker–Calendar Item Synchronization Improved
- The integration between trackers and calendars has been enhanced for more accurate and flexible event handling.
Tracker field updates are now automatically synchronized with their corresponding calendar events.
A single tracker item can generate multiple calendar events using different date or datetime fields (for example, separate start, end, or expiry dates).
Date and datetime fields are now handled correctly, ensuring proper representation of all-day versus timed events.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8432
- [+] Tracker Field Option to Control Modification Metadata Updates
- Introduced a new tracker field option, Modifications impact last modification info, allowing administrators to control whether changes to a field update tracker item modification metadata.
This is useful for automatically updated fields such as counters, statistics, or background-maintained values.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7638
- [+] Tracker Import-Export: Multiple Format Sync
- Trackers can now be synchronized to multiple formats simultaneously, allowing parallel syncing for more flexible data exchange.
This enhancement significantly improves import/export workflows and multi-format interoperability.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8349
- [+] Tracker Items List: Field Visibility for Non-Admins
- Non-admin users can now customize which tracker fields are visible in the items list.
Checkboxes are available for all visible fields, and each user’s preferences are stored in the Tiki database.
This provides personalized views without affecting other users.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/8153
- [+] Tracker Listing: Categories Column as Hyperlinks
- Entries displayed in the Categories column of tracker lists are now rendered as clickable hyperlinks.
This allows users to navigate directly from a tracker item to its associated category, improving usability and navigation.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/7946
- [+] Tracker Notifications Can Now Be Sent to Oneself
- [+] Unified Relation Field Pre-Caching
- An optional pre-cache is now available for formatted relation field values to improve performance on sites with large trackers.
When the unified_cache_relation option is enabled, all possible formatted relation values are pre-cached during indexing instead of being recalculated on each rebuild.
This can significantly speed up indexing and search operations for trackers with many interlinked items.
Note: This option may increase memory usage for trackers with many relations or be less efficient for sparse data; it is disabled by default.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9051
- [+] Tracker Related-Item Search Usability
- [+] Tracker Status Filter Interface Improvements
- [+] Unsaved Changes Warning in Trackers
- [+] UserSelector Field: Search Users Without Group Filter
- The UserSelector tracker field now allows searching users without first selecting a group filter.
When no group is selected, the search returns results across all users and roles.
The group filter remains available to narrow results when needed.
https://gitlab.com/tikiwiki/tiki/-/merge_requests/9019
3. Removals
4. Large-Scale Changes
Large-scale changes affecting 15 or more files across different parts of Tiki. These updates may include refactoring, feature enhancements, infrastructure improvements, or broad system-wide adjustments. Due to the broad scope of these changes, some regressions or unexpected issues may have slipped through. Please report any problems encountered so they can be addressed promptly.