Changes

Once 6.3.5 release, restore the constrains on the QA

Take into account of a first build in the pipeline of automatic build of Silverpeas

About Silverpeas Web Browser Edition:
- the build pipeline is simplified by asking to the user the branch on
  which the project has to be built (default valued at 'main')
- the release pipeline is improved to create a stable branch in the case
  the release is done from the main branch.

Fix condition testing in the release pipeline for Silverpeas-Sso. In
this same pipeline, give the version of the Docker image to use (6.4
currently). Idem for the auto build pipeline for Silverpeas-Sso.

6.4.2 has been released from build 6.4.2-build241211 (41daf545bf07176968e93623d2fc4f30bccb6339).Prepare for development iteration of next version 6.4.3

Update parent POM to 1.6.2

bug #14660: Display empty string instead of null in the notification subject

Bug #14481

Add the onUnload javascript event to the BodyPart tag.

bug #14210: Now, the timeout actions of removed Workflow app are now executed

bug #14210: Now, the timeout actions of removed Workflow app are now ignored

The localization of the data in bundles of both personal components and
workflow components is now taken in charge. The bundle resources for
those components have to be located, respectively, into the
$SILVERPEAS_HOME/properties/xmlcomponents/personals and
$SILVERPEAS_HOME/properties/xmlcomponents/workflows directories (where
$SILVERPEAS_HOME is the home directory of the Silvepreas installation).

Bug #14491

In uploadFile.jsp, encode for HTML the browsbar info in the breadcrumbs.

In the tree menu building, the tree filter implementations are now
retrieved by CDI and not anymore through the classloader.

Fix the code of the tree menu building to please Sonar.

Fix the bug: the sorting of the subspaces is asked.

Bug #14491

Delete the spacesInURL.js js as no code in this file is used.
Fix the js code in the wysiwygToolBar.js file.

Bug #14491

Fix cycle dependency between TreeBuilder and TreeHandler.

Upgrade ConverseJS to version 10.1.8
Upgrade the ConverseJS plugins we use:
- action
- jitsimeet
- and screencast
Because of the modification in the Plugin API of ConverseJS since
version 8, our own plugin silverpeas-muc-invitations has been also
modified to be compliant with the new Plugin API.

copyright 2025

In order to fix the bug in Firefox (https://bugzilla.mozilla.org/show_bug.cgi?id=1953102), add CSS statements to have the scrollbar

Bug #14720: PK of the node is now displayed in the error log

Fix #14736

Bug #13873

Refactor the function handlers for the CredentialsServlet servlet in
order they are now CDI managed beans. Use the injection statements for
their dependencies instead of programmatically asking them.

Bug #13873

Fix the bug by specifying the id of the sender as system (id -1), so the
email and same properties will be fetched from the
org/silverpeas/notificationserver/channel/smtp/smtpSettings.properties
configuration file.

feature #12562 : Display role on the reassignement page

Bug #14784

Fix the vulnerability by setting a restrictive content security policy
of the HTTP response when serving a file in Silverpeas.
Now, when serving a file, it is done explicitly for download and
not anymore for inlining its content.

bug #14803 : Access to chat with a user is now more visible

Bug #13477

Improve by simplifying the code of resource sharing by ticket.

Bug #13477

Fix the bug: now the publications aliases cannot be shared to other
people for security reasons.

Indeed, the publication aliasing covers two features:
* A way to allow access for publications to users having no access
  for the EDM in which those publications are located.
* A way to multi categorize a publication;
For the first point, for security reasons, the users have only read
rights on the publication aliases. They have then all the functions
mapped to their role that don't break this read-only constraint. Only
users having access for the EDM or the folder in the EDM in which the
alias has been created can then access, through the alias, for the
publication.
For the second point, the multi categorization feature is limited by
the way the publications cannot be directly modified in those different
categorizations; they cannot be modified by their aliases. In fact, the
feature is more a consequence of the first one than a thinkfully one.

Beside this, the folder or publication sharing is a way to share
information both to other users in Silverpeas and external users. This
is why the feature can be a way to counterpass the access constraint on
publications with aliases. So, this fix ensures now the publication
aliases cannot be shared to other people than those expected by the
contributor who created the aliases.

Bug #14829

Refactor the credentials management API in order the handlers can
indicate if credentials pre-checking treatment has to be done before
invoking them. The refactor uses the Visitor pattern.

Now, when the user request a password reseting or a password change, if
the pair login/domain doesn't exist in Silverpeas, an error page is
displayed. The HTT response to the navigator doesn't change if there is
an error or not; only the content of the response (the document) change.
The error page instead of talking about the not found login identifier
for a given user domain, informs just the user its password change/reset
isn't allowed.

Bug #14829

Now it isn't anymore possible to change his password through the login
form. This feature has been removed for security reasons.
To change his password, the user has either to reset it in the login form
(if this feature is enabled) or to change it in his profile page once
signed in Silverpeas.

When reseting his password with an invalid login id, the same message is
given than with a valid login id. So nobody cannot know if a user with
such a login id exists or not.

Fix vulnerability reported in https://github.com/Silverpeas/docker-silverpeas-prod/issues/10

6.4.2 has been released from build 6.4.2-build241211 (e32a8c7f57601a882ad9143206b8560bdfceb919).Prepare for development iteration of next version 6.4.3