Skip to Content
Last modified by Agnease on 2026/06/08 18:44
From version 3.3
edited by Agnease
on 2026/06/02 11:04
Change comment: There is no comment for this version
To version 1.1
edited by Agnease
on 2026/05/26 07:41
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -What an XWiki Security Review Should Actually Include
1 +xwiki-security-review
Content
... ... @@ -1,360 +1,0 @@
1 -{{velocity}}
2 -#set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 -{{html clean="false"}}
4 -
5 - <section class="resource-header" aria-labelledby="hero-title">
6 - <div class="container">
7 - <div class="text-center">
8 - <div class="hero-kicker">
9 - <i class="fa fa-shield" aria-hidden="true"></i>
10 - XWiki security review
11 - </div>
12 - </div>
13 -
14 - <h1 id="hero-title">What an XWiki security review should actually include</h1>
15 -
16 - <p class="resource-summary">
17 - A working XWiki instance is not automatically a secure one. A proper review should look at versions,
18 - access rights, authentication, extensions, custom code, infrastructure and operational practices.
19 - </p>
20 - </div>
21 - </section>
22 -
23 - <section class="resource-page">
24 - <div class="container">
25 - <div class="resource-layout">
26 -
27 - <aside class="resource-sidebar" aria-label="Page summary">
28 - <h4>In this guide</h4>
29 - <ul>
30 - <li><a href="#why-it-matters">Why it matters</a></li>
31 - <li><a href="#what-to-review">What to review</a></li>
32 - <li><a href="#security-checklist">Security checklist</a></li>
33 - <li><a href="#review-output">What the review should produce</a></li>
34 - <li><a href="#when-to-review">When to run a review</a></li>
35 - <li><a href="#security-review-faq">FAQ</a></li>
36 - </ul>
37 - </aside>
38 -
39 - <article class="resource-content">
40 -
41 - <p>
42 - Many XWiki instances continue to work well from a user perspective while slowly accumulating security
43 - and governance risks. Users can still log in, search, edit pages and access documents, but that does not
44 - always mean the instance is properly secured or easy to maintain.
45 - </p>
46 -
47 - <p>
48 - Security risks are often hidden in less visible areas: outdated versions, inherited permissions,
49 - forgotten administrator accounts, overly powerful rights, old extensions, undocumented scripts,
50 - weak fallback access or backup assumptions that were never tested.
51 - </p>
52 -
53 - <div class="resource-note">
54 - <p>
55 - <strong>In practice:</strong> an XWiki security review should evaluate the XWiki version,
56 - access rights, authentication setup, installed extensions, custom code, infrastructure,
57 - backups, restore expectations and the operational practices used to maintain the instance.
58 - </p>
59 - </div>
60 -
61 - <p>
62 - An XWiki security review is a structured assessment of the wiki platform, its configuration,
63 - access model, authentication mechanisms, extensions, customizations and operational setup.
64 - The goal is to identify risks, maintenance weaknesses and upgrade blockers before they affect
65 - users or business-critical content.
66 - </p>
67 -
68 - <div class="resource-note">
69 - <p>
70 - <strong>The main point:</strong> an XWiki security review should not only check whether the application
71 - is online. It should evaluate the platform, the access model and the operational practices around it.
72 - </p>
73 - </div>
74 -
75 - <h2 id="why-it-matters">Why an XWiki security review matters</h2>
76 -
77 - <p>
78 - XWiki is often used as an internal knowledge base, intranet, documentation platform or controlled
79 - document system. In these cases, the platform may contain sensitive procedures, internal decisions,
80 - customer information, technical documentation, compliance records or business-critical workflows.
81 - </p>
82 -
83 - <p>
84 - The more important the content becomes, the more important it is to understand who can access it, who can
85 - change it, which customizations influence it and how safely the instance can be upgraded or restored.
86 - </p>
87 -
88 - <p>
89 - A security review helps identify risks before they become incidents, upgrade blockers or maintenance
90 - surprises. It also gives administrators a clearer view of the current state of the instance.
91 - </p>
92 -
93 - <h2 id="what-to-review">What should be reviewed</h2>
94 -
95 - <h3>1. Version and upgrade status</h3>
96 - <p>
97 - The current XWiki version should be reviewed together with the target upgrade path, installed extensions
98 - and infrastructure dependencies. An outdated instance is not only a maintenance concern. It can also mean
99 - that security fixes, compatibility improvements and platform hardening are missing.
100 - </p>
101 -
102 - <p>
103 - The review should also check whether upgrades are performed regularly or only when something breaks.
104 - A repeatable upgrade process is part of the security posture of a long-running XWiki instance.
105 - </p>
106 -
107 - <p>
108 - For more details on upgrade planning, see
109 - <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">why regular XWiki upgrades matter</a>.
110 - </p>
111 -
112 - <h3>2. Access rights and permission model</h3>
113 - <p>
114 - XWiki has a powerful access-rights system, but this flexibility needs a clear governance model. A review
115 - should check who has administration rights, who has script or programming rights, whether rights are
116 - assigned through groups, and whether page-level exceptions are still understandable.
117 - </p>
118 -
119 - <p>
120 - It is also important to review inherited rights, public areas, restricted spaces, old groups, inactive
121 - users and sensitive pages. Many permission problems do not come from one obvious mistake, but from years
122 - of small exceptions that nobody reviewed later.
123 - </p>
124 -
125 - <p>
126 - For a deeper look at this topic, see <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
127 - </p>
128 -
129 - <h3>3. Authentication and identity management</h3>
130 - <p>
131 - Authentication should be reviewed beyond the simple question of whether users can log in. LDAP, Active
132 - Directory, OIDC, SAML, SSO and MFA setups all need to be checked together with group synchronization,
133 - fallback login options, local administrator accounts and recovery procedures.
134 - </p>
135 -
136 - <p>
137 - SSO is useful, but it does not automatically guarantee a clean access model. Authentication confirms who
138 - the user is. Authorization still depends on how XWiki groups and rights are configured.
139 - </p>
140 -
141 - <h3>4. Extensions and custom code</h3>
142 - <p>
143 - Installed extensions, custom applications, Velocity scripts, Groovy scripts, macros, sheets, templates,
144 - UI extensions and Java components are all part of the security and maintenance surface of the instance.
145 - </p>
146 -
147 - <p>
148 - A review should identify what is installed, what is customized, what is still used, what is documented and
149 - what needs special validation during upgrades. Custom code should be tracked, explained and tested, not
150 - discovered accidentally during an incident or a production upgrade.
151 - </p>
152 -
153 - <p>
154 - Customizations should also be reviewed from a maintenance perspective. See
155 - <a href="$xwiki.getURL('resources.xwiki-custom-development')">how to keep XWiki custom development maintainable across upgrades</a>.
156 - </p>
157 -
158 - <h3>5. Configuration, infrastructure and operations</h3>
159 - <p>
160 - The review should also cover the environment around XWiki: HTTPS and reverse proxy configuration, database
161 - access, filesystem and attachment storage, mail configuration, PDF export services, logs, monitoring,
162 - server access and separation between production and staging.
163 - </p>
164 -
165 - <p>
166 - Backups should be reviewed together with restore expectations. A backup strategy is incomplete if nobody
167 - knows what is included, how long recovery would take or whether the restore process has ever been tested.
168 - </p>
169 -
170 - <div class="resource-inline-cta">
171 - <p>
172 - <strong>Need a clearer view of your XWiki security posture?</strong>
173 - A structured review can check versions, access rights, authentication,
174 - extensions, custom code, infrastructure, backups and operational practices.
175 - </p>
176 - <a class="btn btn-secondary" href="$xwiki.getURL('contact.WebHome')">Request a security review</a>
177 - </div>
178 -
179 - <h2 id="security-checklist">XWiki security review checklist</h2>
180 -
181 - <p>
182 - A practical XWiki security review should cover both application-level and operational risks.
183 - The following checklist can be used as a starting point when reviewing a production instance.
184 - </p>
185 -
186 - <ul class="resource-checklist">
187 - <li>Check the current XWiki version, target version and upgrade path.</li>
188 - <li>Review installed extensions, outdated components and unsupported customizations.</li>
189 - <li>Audit administrator, script and programming rights.</li>
190 - <li>Review groups, inherited permissions and page-level exceptions.</li>
191 - <li>Validate authentication, SSO, MFA, fallback access and administrator recovery options.</li>
192 - <li>Identify custom scripts, templates, macros, UI extensions and Java components.</li>
193 - <li>Review public, internal and restricted areas.</li>
194 - <li>Check infrastructure, HTTPS, reverse proxy, database, filesystem and mail configuration.</li>
195 - <li>Confirm backup coverage, restore expectations and rollback procedures.</li>
196 - <li>Document findings and prioritize remediation actions.</li>
197 - </ul>
198 -
199 - <h2 id="review-output">What the review should produce</h2>
200 -
201 - <p>
202 - A useful security review should not only produce a list of detected problems. It should produce a practical action
203 - plan. Each finding should explain the risk, the affected area, the recommended action and the priority.
204 - </p>
205 -
206 - <p>
207 - Some findings may require immediate action, such as exposed administration rights or unsafe fallback
208 - access. Others may become planned improvements, such as cleaning old groups, documenting custom code,
209 - reviewing extensions or preparing the next upgrade.
210 - </p>
211 -
212 - <div class="resource-note">
213 - <p>
214 - <strong>A useful review should separate findings by priority:</strong> immediate risks,
215 - planned remediation, maintenance improvements and documentation gaps. This makes the result
216 - easier to act on instead of producing a generic list of observations.
217 - </p>
218 - </div>
219 -
220 - <p>
221 - The best outcome is a clearer, safer and more maintainable XWiki instance: one where administrators
222 - understand the access model, critical features are documented and future upgrades can be planned with
223 - fewer surprises.
224 - </p>
225 -
226 - <h2 id="when-to-review">When should an XWiki security review be done?</h2>
227 -
228 - <p>
229 - A review is especially useful before a major upgrade, after years of organic growth, after an authentication
230 - change, before exposing the instance more broadly, after a migration, or when the wiki becomes more
231 - business-critical than it was when first installed.
232 - </p>
233 -
234 - <p>
235 - It is also useful when administration responsibilities change. A new team should not have to guess how
236 - permissions, extensions, customizations and recovery procedures were configured years earlier.
237 - </p>
238 -
239 - <div class="resource-note">
240 - <p>
241 - <strong>Security review series:</strong>
242 - this article is the main overview. You can also read
243 - <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
244 - Future topics will cover authentication and access control, script and programming rights, backup validation,
245 - extension review and operational practices.
246 - </p>
247 - </div>
248 -
249 - <h2 id="security-review-faq">XWiki security review FAQ</h2>
250 -
251 - <h3>What should an XWiki security review include?</h3>
252 - <p>
253 - An XWiki security review should include the installed XWiki version, upgrade path,
254 - access rights, groups, authentication setup, installed extensions, custom code,
255 - infrastructure, backups, restore expectations and operational procedures.
256 - </p>
257 -
258 - <h3>Is an updated XWiki instance automatically secure?</h3>
259 - <p>
260 - No. Updating XWiki is important, but security also depends on permissions,
261 - authentication, extensions, custom code, infrastructure configuration, backups
262 - and how the instance is maintained.
263 - </p>
264 -
265 - <h3>Does SSO solve XWiki access control?</h3>
266 - <p>
267 - No. SSO helps authenticate users, but access control still depends on XWiki groups,
268 - inherited permissions, page-level rights and administrative privileges.
269 - </p>
270 -
271 - <h3>Why should custom code be reviewed?</h3>
272 - <p>
273 - Custom scripts, templates, macros, UI extensions and Java components can affect
274 - permissions, workflows, rendering, integrations and upgrade behavior. They should
275 - be identified, documented and tested.
276 - </p>
277 -
278 - <h3>When should an XWiki security review be done?</h3>
279 - <p>
280 - A review is useful before a major upgrade, after years of organic growth, after
281 - authentication changes, before exposing the wiki more broadly, or when the instance
282 - becomes business-critical.
283 - </p>
284 -
285 - <div class="resource-note">
286 - <p>
287 - Related resources:
288 - <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">why regular XWiki upgrades matter</a>
289 - and
290 - <a href="$xwiki.getURL('resources.xwiki-custom-development')">how to keep XWiki custom development maintainable across upgrades</a>.
291 - </p>
292 - </div>
293 -
294 - <div class="resource-cta">
295 - <h3>Need an XWiki security review?</h3>
296 - <p>
297 - If your XWiki instance has grown over time, contains sensitive content, uses custom code or depends on
298 - SSO, extensions and business-critical workflows, a structured review can help identify risks and define
299 - the safest next steps.
300 - </p>
301 - <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Request a security review</a>
302 - </div>
303 -
304 - </article>
305 -
306 - </div>
307 - </div>
308 - </section>
309 -
310 - <script type="application/ld+json">
311 - {
312 - "@context": "https://schema.org",
313 - "@type": "FAQPage",
314 - "mainEntity": [
315 - {
316 - "@type": "Question",
317 - "name": "What should an XWiki security review include?",
318 - "acceptedAnswer": {
319 - "@type": "Answer",
320 - "text": "An XWiki security review should include the installed XWiki version, upgrade path, access rights, groups, authentication setup, installed extensions, custom code, infrastructure, backups, restore expectations and operational procedures."
321 - }
322 - },
323 - {
324 - "@type": "Question",
325 - "name": "Is an updated XWiki instance automatically secure?",
326 - "acceptedAnswer": {
327 - "@type": "Answer",
328 - "text": "No. Updating XWiki is important, but security also depends on permissions, authentication, extensions, custom code, infrastructure configuration, backups and how the instance is maintained."
329 - }
330 - },
331 - {
332 - "@type": "Question",
333 - "name": "Does SSO solve XWiki access control?",
334 - "acceptedAnswer": {
335 - "@type": "Answer",
336 - "text": "No. SSO helps authenticate users, but access control still depends on XWiki groups, inherited permissions, page-level rights and administrative privileges."
337 - }
338 - },
339 - {
340 - "@type": "Question",
341 - "name": "Why should custom code be reviewed in XWiki?",
342 - "acceptedAnswer": {
343 - "@type": "Answer",
344 - "text": "Custom scripts, templates, macros, UI extensions and Java components can affect permissions, workflows, rendering, integrations and upgrade behavior. They should be identified, documented and tested."
345 - }
346 - },
347 - {
348 - "@type": "Question",
349 - "name": "When should an XWiki security review be done?",
350 - "acceptedAnswer": {
351 - "@type": "Answer",
352 - "text": "A review is useful before a major upgrade, after years of organic growth, after authentication changes, before exposing the wiki more broadly, or when the instance becomes business-critical."
353 - }
354 - }
355 - ]
356 - }
357 - </script>
358 -
359 -{{/html}}
360 -{{/velocity}}
xwiki-security-review.png
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.Admin
Size
... ... @@ -1,1 +1,0 @@
1 -1.3 MB
Content
Agnease.Code.SEODetailsClass[0]
metaDescription
... ... @@ -1,1 +1,0 @@
1 -Learn what an XWiki security review should include: version status, access rights, authentication, extensions, custom code, infrastructure, backups and operational practices.
metaTitle
... ... @@ -1,1 +1,0 @@
1 -What an XWiki Security Review Should Actually Include | Agnease