XTF http://pub-xtfweb2-prd.cdlib.org eXtensible Text Framework Thu, 25 Apr 2024 22:23:20 +0000 en-US hourly 1 https://wordpress.org/?v=6.2.2 XTF 3.2 and 3.1.1 security release http://pub-xtfweb2-prd.cdlib.org/2024/04/xtf-3-2-and-3-1-1-security-release/ Thu, 25 Apr 2024 20:44:41 +0000 http://pub-xtfweb2-prd.cdlib.org/?p=2001 Two new versions of XTF have been released to address a security concern in XTF 3.1:

  • XTF 3.2 – new version incorporating bug fixes and enhancements that have been contributed over the years. Of note, XTF now works in Tomcat 9 and any OpenJDK up to and including OpenJDK 21. Many thanks to the generous contributors to XTF over the years (see the git log.) A whole bunch of changes, large and small, are incorporated in this release! See the change log for details.
  • XTF 3.1.1 – bug fix version; the same as XTF 3.1 but with the security fix for DynaXML. Note: still limited to OpenJDK 11 or less.

Details on the security concern:

  • DynaXML supported the ability to override the source XML document using a URL parameter.
  • A malicious actor could point it at a malicious XML file and get DynaXML to process the file. We currently know of no exploits which could leverage that to escalate privilege, but it’s poor security practice to process user-controlled content when an app is not designed to do so.
  • The fix adds a configuration parameter to dynaXML.conf: <allowSourceOverride prefix=""/> to specify an explicit prefix that is allowed in the source override. If not specified or an empty string, source overrides are prevented.
  • If you are depending on source override behavior, you’ll need to configure the prefix. If not, leave it unconfigured or empty.

How to get the fix: this depends on how you run XTF now.

  • If you have Apache httpd in front of XTF, you can add a rewrite rule that blocks /view requests with a source= parameter. No other changes to your XTF installation would be needed.
  • If you run stock XTF 3.1 from the war file, grab the xtf.jar file from inside xtf-3.1.1.zip (linked on the Downloads page), and replace your WEB-INF/lib/xtf.jar file with it. Then restart Tomcat.
  • If you build XTF yourself from source, pull the latest from Github and merge it into yours, or else cherry-pick the fix commit into your codebase.
  • Or if you wish, upgrade to XTF 3.2.

If you have questions, write to the xtf-users email list.

]]>
CDL affirms commitment to stable XTF http://pub-xtfweb2-prd.cdlib.org/2013/09/cdl-affirms-commitment-to-stable-xtf/ Fri, 27 Sep 2013 18:51:33 +0000 http://pub-xtfweb2-prd.cdlib.org/?p=1940 XTF has proven itself as a stable, extremely useful tool, and we here at CDL are re-affirming our commitment to keep it that way. Last year a series of discussions considered large changes, even a total rewrite, but those plans didn’t really come to fruition. At the same time, these discussions couldn’t help but create a bit of trepidation among those currently using or evaluating XTF.

Meanwhile, new and interesting content projects keep coming our way, and XTF continues to be a great tool for tackling these challenges. Of course it’s also a key technology behind existing public services we provide such as eScholarship, OAC, Calisphere, etc. that are certainly not going away nor changing technology platforms.

So we’re backing off from the idea of a big rewrite, and from XTF 4.0 in general, and instead are going to aim for a more modest XTF 3.2 release in the next couple months. As always, XTF is made better by its users and other developers, so do continue to contribute bug fixes and patches.

]]>
XTF 3.1 Now Available http://pub-xtfweb2-prd.cdlib.org/2012/08/xtf-3-1-now-available/ http://pub-xtfweb2-prd.cdlib.org/2012/08/xtf-3-1-now-available/#comments Mon, 06 Aug 2012 22:00:46 +0000 http://pub-xtfweb2-prd.cdlib.org/?p=1936 The California Digital Library (CDL) is pleased to announce the release of version 3.1 of XTF, now available for download.

Major features in the 3.1 release include:

  • Improved schema handling for EAD finding aids.  In addition to EAD 2002 DTD,  XTF now provides support for search and display of:
    • EAD 2002 schema and EAD 2002 RelaxNG finding aids
    • Output from Archivists’ Toolkit and Archon
  •   Better OAI 2.0 conformance
  •   Dynamic site maps to support optimal search engine indexing

See the 3.1 change log for further details.

]]>
http://pub-xtfweb2-prd.cdlib.org/2012/08/xtf-3-1-now-available/feed/ 1
XTF 3.0 Released http://pub-xtfweb2-prd.cdlib.org/2011/04/xtf-3-0-released/ Tue, 05 Apr 2011 21:56:16 +0000 http://pub-xtfweb2-prd.cdlib.org/?p=1892 The California Digital Library (CDL) is pleased to announce the release of version 3.0 of XTF, which, along with updated tutorial packages, is now available to download.

Highlights from the 3.0 release include:

• Scanned book display support in default UI
• Stability improvements to index rotation support
• Globalization and RSS support
• An updated tutorial
• Further Unicode improvements
• Many bug fixes

See the full change log for further details.

]]>
XTF 3.0 beta http://pub-xtfweb2-prd.cdlib.org/2011/02/xtf-3-0-beta/ Tue, 01 Feb 2011 20:56:33 +0000 http://pub-xtfweb2-prd.cdlib.org/?p=1796 We’re excited to announce that the beta release of XTF 3.0 is available now. Here are the highlights:

  • Scanned book display support in default UI
  • Stability improvements to index rotation support
  • Globalization and RSS support
  • More Unicode improvements
  • Many bug fixes
  • See the full change log for details

We’ll be gathering feedback (please sent it to the xtf-user list) over the next few weeks and then make the final release of XTF 3.0.

You can download the new version here (note that SourceForge download is not yet working properly as SourceForge is still recovering from a recent attack on their servers.)

]]>
XTF Website Launched http://pub-xtfweb2-prd.cdlib.org/2010/09/xtf-website-launched/ Wed, 29 Sep 2010 23:43:31 +0000 http://pub-xtfweb2-prd.cdlib.org/?p=1682 eXtensible Text Framework (XTF) Website Launched

Robust open-source application makes managing access to digital content simple

The Publishing Group of the California Digital Library (CDL) announces the launch of the eXtensible Text Framework (XTF) website (/), supporting a robust open-source application for providing access to digital content.  Developed and maintained by the CDL, XTF functions as the primary access technology for the CDL’s digital collections and similar projects worldwide.

XTF excels in supporting rapid, customized application development and deployment. Its high degree of extensibility and performance (even for large documents and large collections) frees implementers to focus on building sophisticated presentations for their digital object collections.

“It’s all about balancing flexibility and ease of use: putting infinite customization ability in the hands of curators and scholars with a driving need to provide deep access to their special collections,” says XTF lead developer Martin Haye.

XTF-based applications range from primary source image collections to publishing platforms and archival finding aid repositories at the University of California and many other institutions, including Northwestern University, the University of Sydney (Australia), Indiana University, Visual Arkiv (Sweden), Morehouse College, Durham University (UK), and the University of Virginia.

Highly customized implementations include:

· CDL’s eScholarship (http://www.escholarship.org/), UC’s open access scholarly publishing platform, which publishes recent research from across the 10 campuses as well as nearly 40 UC-based scholarly journals. XTF customizations include a streamlined facet-selection interface, dynamic PDF snippets called “KWIC Pics,” PDF document previews in the browser, and support for a deep hierarchy of contributing academic units.

· CDL’s Online Archive of California (http://www.oac.cdlib.org/), a collection of more than 20,000 archival finding aids and 200,000 digital primary sources (images and texts) from more than 150 archives, libraries, and other institutions in the state of California. XTF implementation features full-text search and display, detailed descriptive metadata, and a robust finding aid interface.

· Indiana University’s The Chymistry of Isaac Newton (http://webapp1.dlib.indiana.edu/newton/), a digital repository of transcriptions of Newton’s alchemical manuscripts. Site features a seamless blend of various web tools, including XTF as the search technology.

· The Encyclopedia of Chicago (http://encyclopedia.chicagohistory.org/), a collaboration between the Chicago  Historical Society, Northwestern University, and the Newberry Library. Site integrates XTF with an image zoomer to display a large collection of historic photographs and maps, as well as using XTF for search and display of descriptive metadata.

Lightly customized implementations include:

· OhioLink Finding Aids Repository (http://ead.ohiolink.edu/xtf-ead/), this consortium of archives, libraries, and other institutions in the state of Ohio uses the default XTF implementation with dedicated branding and other slight modifications.

· University of Buffalo Finding Aids (http://libweb1.lib.buffalo.edu:8080/findingaids/search) uses a basic XTF application to enable browse and search of collection guides from the university’s archival and manuscript collections.

The new site serves as an expanded resource for programmers, librarians, and the general public to explore and implement the Java and XSLT 2.0-based framework.  Features include:

· XTF application download – full release or core updates to maintain customizations (/download/)

· Documentation, including downloadable deployment guide, programming guide, and tag reference (/documentation)

· Video tutorials focusing on basic setup and customization of XTF (/getting-started-tutorials)

· Example XTF implementations highlighting customized features. (/xtf)

]]>
XTF Community Preview http://pub-xtfweb2-prd.cdlib.org/2010/09/xtf-community-preview/ Thu, 23 Sep 2010 19:53:26 +0000 http://pub-xtfweb2-prd.cdlib.org/?p=1649 Dear XTF Community Members:

You’re invited to preview the new eXtensible Text Framework (XTF) website!

The California Digital Library, which developed and maintains XTF, has created this new site to make it easier for programmers, librarians, and the general public to learn more about and implement the open-source program.

What’s new about the XTF site:

  • Intuitive, fully searchable site design to help you find things quickly – with new URL.  (http://pub-xtfweb2-prd.cdlib.org)
  • Reformatted documentation, including deployment guide, programming guide, and tag reference. Each guide/ref is now a single page making it easier to find what you need (and to download or convert to PDF if you like.) (/documentation)
  • New video walkthroughs of the nine-part “Getting Started Tutorial,” focusing on basic setup and customization of XTF. (/getting-started-tutorials)
  • New FAQ section. (/faq)
  • Up-to-date list of XTF implementations, highlighting customized features. (/xtf)

XTF’s previous documentation wiki, hosted on SourceForge, will remain up for a month or so as we replace its pages with links to the new site. The Mercurial source code repository will stay on SourceForge, and release downloads will be made simultaneously on the new site and on SourceForge.

We are giving the XTF community a first look at our new site and want to hear from you! Please send your feedback to the xtf-user list. We’re happy for any comments – both positive and constructive critiques – on the site’s design, content, and our new user tools.  We will be announcing the site to the general public in about a week and would appreciate any feedback prior to that date.

]]>
XTF 2.2 released http://pub-xtfweb2-prd.cdlib.org/2010/06/older-xtf-post/ Tue, 08 Jun 2010 22:07:07 +0000 http://pub-xtfweb2-prd.cdlib.org/?p=1628 The XTF 2.2 release is out and available on the download page (and on SourceForge).

Aside from a single bug fix, there are no changes since the beta. For more info on the changes in 2.2 see the change log.

As always existing users should download the “xtf-core-2.2.zip” file; this contains the essential parts of XTF that you don’t generally change. Existing stylesheets and configuration files should work unchanged. New users should download “xtf-2.2.war” which contains the core plus sample config files and stylesheets.

Let us know on the discussion lists if you encounter problems or have questions about the new release.

]]>