Skip to Content
Last modified by Agnease on 2026/06/08 18:44
From version 1.1
edited by Agnease
on 2026/05/26 07:41
Change comment: There is no comment for this version
To version 3.5
edited by Agnease
on 2026/06/08 18:16
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -xwiki-security-review
1 +What an XWiki Security Review Should Actually Include
Content
... ... @@ -1,0 +1,364 @@
1 +{{velocity}}
2 +#set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 +{{html clean="false"}}
4 +
5 + <section class="resource-header" aria-labelledby="hero-title">
6 + <div class="container">
7 + <div class="text-center">
8 + <div class="hero-kicker">
9 + <i class="fa fa-shield" aria-hidden="true"></i>
10 + XWiki security review
11 + </div>
12 + </div>
13 +
14 + <h1 id="hero-title">What an XWiki security review should actually include</h1>
15 +
16 + <p class="resource-summary">
17 + A working XWiki instance is not automatically a secure one. A proper review should look at versions,
18 + access rights, authentication, extensions, custom code, infrastructure and operational practices.
19 + </p>
20 + </div>
21 + </section>
22 +
23 + <section class="resource-page">
24 + <div class="container">
25 + <div class="resource-layout">
26 +
27 + <aside class="resource-sidebar" aria-label="Page summary">
28 + <h4>In this guide</h4>
29 + <ul>
30 + <li><a href="#why-it-matters">Why it matters</a></li>
31 + <li><a href="#what-to-review">What to review</a></li>
32 + <li><a href="#security-checklist">Security checklist</a></li>
33 + <li><a href="#review-output">What the review should produce</a></li>
34 + <li><a href="#when-to-review">When to run a review</a></li>
35 + <li><a href="#security-review-faq">FAQ</a></li>
36 + </ul>
37 + </aside>
38 +
39 + <article class="resource-content">
40 +
41 + <p>
42 + Many XWiki instances continue to work well from a user perspective while slowly accumulating security
43 + and governance risks. Users can still log in, search, edit pages and access documents, but that does not
44 + always mean the instance is properly secured or easy to maintain.
45 + </p>
46 +
47 + <p>
48 + Security risks are often hidden in less visible areas: outdated versions, inherited permissions,
49 + forgotten administrator accounts, overly powerful rights, old extensions, undocumented scripts,
50 + weak fallback access or backup assumptions that were never tested.
51 + </p>
52 +
53 + <div class="resource-note">
54 + <p>
55 + <strong>In practice:</strong> an XWiki security review should evaluate the XWiki version,
56 + access rights, authentication setup, installed extensions, custom code, infrastructure,
57 + backups, restore expectations and the operational practices used to maintain the instance.
58 + </p>
59 + </div>
60 +
61 + <p>
62 + An XWiki security review is a structured assessment of the wiki platform, its configuration,
63 + access model, authentication mechanisms, extensions, customizations and operational setup.
64 + The goal is to identify risks, maintenance weaknesses and upgrade blockers before they affect
65 + users or business-critical content.
66 + </p>
67 +
68 + <div class="resource-note">
69 + <p>
70 + <strong>The main point:</strong> an XWiki security review should not only check whether the application
71 + is online. It should evaluate the platform, the access model and the operational practices around it.
72 + </p>
73 + </div>
74 +
75 + <h2 id="why-it-matters">Why an XWiki security review matters</h2>
76 +
77 + <p>
78 + XWiki is often used as an internal knowledge base, intranet, documentation platform or controlled
79 + document system. In these cases, the platform may contain sensitive procedures, internal decisions,
80 + customer information, technical documentation, compliance records or business-critical workflows.
81 + </p>
82 +
83 + <p>
84 + The more important the content becomes, the more important it is to understand who can access it, who can
85 + change it, which customizations influence it and how safely the instance can be upgraded or restored.
86 + </p>
87 +
88 + <p>
89 + A security review helps identify risks before they become incidents, upgrade blockers or maintenance
90 + surprises. It also gives administrators a clearer view of the current state of the instance.
91 + </p>
92 +
93 + <h2 id="what-to-review">What should be reviewed</h2>
94 +
95 + <h3>1. Version and upgrade status</h3>
96 + <p>
97 + The current XWiki version should be reviewed together with the target upgrade path, installed extensions
98 + and infrastructure dependencies. An outdated instance is not only a maintenance concern. It can also mean
99 + that security fixes, compatibility improvements and platform hardening are missing.
100 + </p>
101 +
102 + <p>
103 + The review should also check whether upgrades are performed regularly or only when something breaks.
104 + A repeatable upgrade process is part of the security posture of a long-running XWiki instance.
105 + </p>
106 +
107 + <p>
108 + For more details on upgrade planning, see
109 + <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">why regular XWiki upgrades matter</a>.
110 + </p>
111 +
112 + <h3>2. Access rights and permission model</h3>
113 + <p>
114 + XWiki has a powerful access-rights system, but this flexibility needs a clear governance model. A review
115 + should check who has administration rights, who has script or programming rights, whether rights are
116 + assigned through groups, and whether page-level exceptions are still understandable.
117 + </p>
118 +
119 + <p>
120 + It is also important to review inherited rights, public areas, restricted spaces, old groups, inactive
121 + users and sensitive pages. Many permission problems do not come from one obvious mistake, but from years
122 + of small exceptions that nobody reviewed later.
123 + </p>
124 +
125 + <p>
126 + For a deeper look at this topic, see
127 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
128 + For a practical starting point, see
129 + <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">how to start an XWiki access-rights review</a>.
130 + </p>
131 +
132 + <h3>3. Authentication and identity management</h3>
133 + <p>
134 + Authentication should be reviewed beyond the simple question of whether users can log in. LDAP, Active
135 + Directory, OIDC, SAML, SSO and MFA setups all need to be checked together with group synchronization,
136 + fallback login options, local administrator accounts and recovery procedures.
137 + </p>
138 +
139 + <p>
140 + SSO is useful, but it does not automatically guarantee a clean access model. Authentication confirms who
141 + the user is. Authorization still depends on how XWiki groups and rights are configured.
142 + </p>
143 +
144 + <h3>4. Extensions and custom code</h3>
145 + <p>
146 + Installed extensions, custom applications, Velocity scripts, Groovy scripts, macros, sheets, templates,
147 + UI extensions and Java components are all part of the security and maintenance surface of the instance.
148 + </p>
149 +
150 + <p>
151 + A review should identify what is installed, what is customized, what is still used, what is documented and
152 + what needs special validation during upgrades. Custom code should be tracked, explained and tested, not
153 + discovered accidentally during an incident or a production upgrade.
154 + </p>
155 +
156 + <p>
157 + Customizations should also be reviewed from a maintenance perspective. See
158 + <a href="$xwiki.getURL('resources.xwiki-custom-development')">how to keep XWiki custom development maintainable across upgrades</a>.
159 + </p>
160 +
161 + <h3>5. Configuration, infrastructure and operations</h3>
162 + <p>
163 + The review should also cover the environment around XWiki: HTTPS and reverse proxy configuration, database
164 + access, filesystem and attachment storage, mail configuration, PDF export services, logs, monitoring,
165 + server access and separation between production and staging.
166 + </p>
167 +
168 + <p>
169 + Backups should be reviewed together with restore expectations. A backup strategy is incomplete if nobody
170 + knows what is included, how long recovery would take or whether the restore process has ever been tested.
171 + </p>
172 +
173 + <div class="resource-inline-cta">
174 + <p>
175 + <strong>Need a clearer view of your XWiki security posture?</strong>
176 + A structured review can check versions, access rights, authentication,
177 + extensions, custom code, infrastructure, backups and operational practices.
178 + </p>
179 + <a class="btn btn-secondary" href="$xwiki.getURL('contact.WebHome')">Request a security review</a>
180 + </div>
181 +
182 + <h2 id="security-checklist">XWiki security review checklist</h2>
183 +
184 + <p>
185 + A practical XWiki security review should cover both application-level and operational risks.
186 + The following checklist can be used as a starting point when reviewing a production instance.
187 + </p>
188 +
189 + <ul class="resource-checklist">
190 + <li>Check the current XWiki version, target version and upgrade path.</li>
191 + <li>Review installed extensions, outdated components and unsupported customizations.</li>
192 + <li>Audit administrator, script and programming rights.</li>
193 + <li>Review groups, inherited permissions and page-level exceptions.</li>
194 + <li>Validate authentication, SSO, MFA, fallback access and administrator recovery options.</li>
195 + <li>Identify custom scripts, templates, macros, UI extensions and Java components.</li>
196 + <li>Review public, internal and restricted areas.</li>
197 + <li>Check infrastructure, HTTPS, reverse proxy, database, filesystem and mail configuration.</li>
198 + <li>Confirm backup coverage, restore expectations and rollback procedures.</li>
199 + <li>Document findings and prioritize remediation actions.</li>
200 + </ul>
201 +
202 + <h2 id="review-output">What the review should produce</h2>
203 +
204 + <p>
205 + A useful security review should not only produce a list of detected problems. It should produce a practical action
206 + plan. Each finding should explain the risk, the affected area, the recommended action and the priority.
207 + </p>
208 +
209 + <p>
210 + Some findings may require immediate action, such as exposed administration rights or unsafe fallback
211 + access. Others may become planned improvements, such as cleaning old groups, documenting custom code,
212 + reviewing extensions or preparing the next upgrade.
213 + </p>
214 +
215 + <div class="resource-note">
216 + <p>
217 + <strong>A useful review should separate findings by priority:</strong> immediate risks,
218 + planned remediation, maintenance improvements and documentation gaps. This makes the result
219 + easier to act on instead of producing a generic list of observations.
220 + </p>
221 + </div>
222 +
223 + <p>
224 + The best outcome is a clearer, safer and more maintainable XWiki instance: one where administrators
225 + understand the access model, critical features are documented and future upgrades can be planned with
226 + fewer surprises.
227 + </p>
228 +
229 + <h2 id="when-to-review">When should an XWiki security review be done?</h2>
230 +
231 + <p>
232 + A review is especially useful before a major upgrade, after years of organic growth, after an authentication
233 + change, before exposing the instance more broadly, after a migration, or when the wiki becomes more
234 + business-critical than it was when first installed.
235 + </p>
236 +
237 + <p>
238 + It is also useful when administration responsibilities change. A new team should not have to guess how
239 + permissions, extensions, customizations and recovery procedures were configured years earlier.
240 + </p>
241 +
242 + <div class="resource-note">
243 + <p>
244 + <strong>Security review series:</strong>
245 + this article is the main overview. You can also read
246 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
247 + Future topics will cover authentication and access control, script and programming rights, backup validation,
248 + extension review and operational practices.
249 + </p>
250 + </div>
251 +
252 + <h2 id="security-review-faq">XWiki security review FAQ</h2>
253 +
254 + <h3>What should an XWiki security review include?</h3>
255 + <p>
256 + An XWiki security review should include the installed XWiki version, upgrade path,
257 + access rights, groups, authentication setup, installed extensions, custom code,
258 + infrastructure, backups, restore expectations and operational procedures.
259 + </p>
260 +
261 + <h3>Is an updated XWiki instance automatically secure?</h3>
262 + <p>
263 + No. Updating XWiki is important, but security also depends on permissions,
264 + authentication, extensions, custom code, infrastructure configuration, backups
265 + and how the instance is maintained.
266 + </p>
267 +
268 + <h3>Does SSO solve XWiki access control?</h3>
269 + <p>
270 + No. SSO helps authenticate users, but access control still depends on XWiki groups,
271 + inherited permissions, page-level rights and administrative privileges.
272 + </p>
273 +
274 + <h3>Why should custom code be reviewed?</h3>
275 + <p>
276 + Custom scripts, templates, macros, UI extensions and Java components can affect
277 + permissions, workflows, rendering, integrations and upgrade behavior. They should
278 + be identified, documented and tested.
279 + </p>
280 +
281 + <h3>When should an XWiki security review be done?</h3>
282 + <p>
283 + A review is useful before a major upgrade, after years of organic growth, after
284 + authentication changes, before exposing the wiki more broadly, or when the instance
285 + becomes business-critical.
286 + </p>
287 +
288 + <div class="resource-note">
289 + <p>
290 + Related resources:
291 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>,
292 + <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">why regular XWiki upgrades matter</a>
293 + and
294 + <a href="$xwiki.getURL('resources.xwiki-custom-development')">how to keep XWiki custom development maintainable across upgrades</a>.
295 + </p>
296 + </div>
297 +
298 + <div class="resource-cta">
299 + <h3>Need an XWiki security review?</h3>
300 + <p>
301 + If your XWiki instance has grown over time, contains sensitive content, uses custom code or depends on
302 + SSO, extensions and business-critical workflows, a structured review can help identify risks and define
303 + the safest next steps.
304 + </p>
305 + <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Request a security review</a>
306 + </div>
307 +
308 + </article>
309 +
310 + </div>
311 + </div>
312 + </section>
313 +
314 + <script type="application/ld+json">
315 + {
316 + "@context": "https://schema.org",
317 + "@type": "FAQPage",
318 + "mainEntity": [
319 + {
320 + "@type": "Question",
321 + "name": "What should an XWiki security review include?",
322 + "acceptedAnswer": {
323 + "@type": "Answer",
324 + "text": "An XWiki security review should include the installed XWiki version, upgrade path, access rights, groups, authentication setup, installed extensions, custom code, infrastructure, backups, restore expectations and operational procedures."
325 + }
326 + },
327 + {
328 + "@type": "Question",
329 + "name": "Is an updated XWiki instance automatically secure?",
330 + "acceptedAnswer": {
331 + "@type": "Answer",
332 + "text": "No. Updating XWiki is important, but security also depends on permissions, authentication, extensions, custom code, infrastructure configuration, backups and how the instance is maintained."
333 + }
334 + },
335 + {
336 + "@type": "Question",
337 + "name": "Does SSO solve XWiki access control?",
338 + "acceptedAnswer": {
339 + "@type": "Answer",
340 + "text": "No. SSO helps authenticate users, but access control still depends on XWiki groups, inherited permissions, page-level rights and administrative privileges."
341 + }
342 + },
343 + {
344 + "@type": "Question",
345 + "name": "Why should custom code be reviewed in XWiki?",
346 + "acceptedAnswer": {
347 + "@type": "Answer",
348 + "text": "Custom scripts, templates, macros, UI extensions and Java components can affect permissions, workflows, rendering, integrations and upgrade behavior. They should be identified, documented and tested."
349 + }
350 + },
351 + {
352 + "@type": "Question",
353 + "name": "When should an XWiki security review be done?",
354 + "acceptedAnswer": {
355 + "@type": "Answer",
356 + "text": "A review is useful before a major upgrade, after years of organic growth, after authentication changes, before exposing the wiki more broadly, or when the instance becomes business-critical."
357 + }
358 + }
359 + ]
360 + }
361 + </script>
362 +
363 +{{/html}}
364 +{{/velocity}}
xwiki-security-review.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.Admin
Size
... ... @@ -1,0 +1,1 @@
1 +1.3 MB
Content
Agnease.Code.SEODetailsClass[0]
metaDescription
... ... @@ -1,0 +1,1 @@
1 +Learn what an XWiki security review should include: version status, access rights, authentication, extensions, custom code, infrastructure, backups and operational practices.
metaTitle
... ... @@ -1,0 +1,1 @@
1 +What an XWiki Security Review Should Actually Include | Agnease