Apache Wookie Release Notes
===========================
See https://issues.apache.org/jira/browse/WOOKIE-* (where * is the number of the issue below)

For more detailed information on significant changes, see NEW_AND_NOTEWORTHY

Version 0.15.0
==============

BUGS FIXED
==========

WOOKIE-412 	
Widget redeploying on Windows fails due to timezone info in path

WOOKIE-416 	
PHP Connector uses wrong attribute for listing available widgets

 
IMPROVEMENTS
============

WOOKIE-340	
Improve mobile and tablet usability of SimpleChat widget

WOOKIE-408 	
Add a "default feature" for injecting scripts and CSS

WOOKIE-401 	
Widget instances: make default width/height returned configurable

WOOKIE-415 	
Add postWidget functionality for the php connector, similar to the Java connector. 
 

NEW FEATURES
============

None

Known Issues
============

    * WOOKIE-222 - There is a known issue when using Tomcat 7.* with Wookie. Sometimes when a widget is actually 
    loaded, a browser alert box sometimes appears informing the user of a "Session Error". 

    This is caused by the DWR library used by Wookie for Comet-based widgets handling HTTP-only cookies incorrectly; 
    Tomcat 7 uses HTTP-only cookies as the default setting to prevent cross-site scripting (XSS) attacks.

    A workaround is to add the following to the WEB-INF/web.xml file

    <init-param>
        <param-name>crossDomainSessionSecurity</param-name>
        <param-value>false</param-value>
    </init-param>

    Note that XSS prevention will still be in place in Tomcat 7; this just disables the additional mechanism
    implemented in DWR that conflicts with it.
 
    This is an issue for DWR 2.* with Tomcat 7.* (or earlier versions of Tomcat where useHttpOnly="true" is set.)