Fixed type error when aborting a workflow

Fixed a type error when a workflow was aborted in Studio.

Uncaught TypeError: this$.backToListHandler$2GlD is not a function

(CMS-19133)

Fix StackoverflowError in Studio Server when starting sync workflow

Fixed a bug that caused a StackoverflowError in the Studio Server when a synchronization workflow was started for content with illegal cyclic master link structures.

(CMS-19119)

Third-Party Update: Spring Security

Spring Security has been updated to version 5.2.9.RELEASE to avoid a security vulnerability of the previous version (CVE-2021-22112).

(CMS-19098)

Third-Party Update: Tomcat

Tomcat has been updated to version 9.0.43 to avoid security vulnerabilities of the previous version (CVE-2020-17527, CVE-2021-25122, CVE-2021-25329).

(CMS-19082)

Third-Party Update: Jetty

Jetty has been updated to version 9.4.38.v20210224 to avoid a security vulnerability of the previous version (CVE-2020-27223).

(CMS-19081)

"Content Creation" settings not always taken into account for "Create New Content" Dialog

Due to a race condition the "Content Creation" Settings document wasn't always taken into account when suggestion a folder for the "Create New Content" dialog. This has been fixed now.

(CMS-19079)

Update of Mongo Java Driver

The thirdparty dependencies org.mongodb:mongodb-driver-legacy, org.mongodb:mongodb-driver-core and org.mongodb:bson have been updated from version 4.1.0 to 4.2.2.

(CMS-19077)

Usage of legacy theme descriptor no longer causes error in theme build

If you were still using a theme descriptor instead of the new (and recommended) theme configuration a recent upgrade of our third party tools caused the theme build to fail. This has been fixed now.

(CMS-19020)

Library no longer creates new folder when changing directories

The bug happened when changing into a different directory from the list or thumbnail view of the library and immediately double clicking or pressing "return" depending on the number of content items that need to be loaded before the new directory is displayed. This has now been fixed.

(CMS-19014)

Fixed QuickCreate Dialog Error

Fixed JS error in QuickCreate dialog that occured when the default name was applied.

(CMS-19005)

Third-Party Update: Netty

Netty has been updated to version 4.1.59.Final to avoid a security vulnerability of the previous version (CVE-2021-21290).

(CMS-18996)

Fixed Taxonomy Renaming

Fixed problem that taxonomy documents have not been renamed on change according to their value property.

(CMS-18987)

Cache eviction problem fixed in PageByPathAdapter

The related cache for the PageByPathAdapter was not evicted correctly, which may have cause memory problem.

(CMS-18966)

Embedded Blobs in RichText: Fixed Race-Condition Regarding Lock-Symbol

Due to timing issues you may have observed a lock-symbol representing an embedded Blob in RichText Property Fields in CoreMedia Studio for Blobs which are readable.

This was due to a timing issue, which has been fixed now.

(CMS-18945)

Pagegrid Editor shows no parent although a parent exists

Deleted parents are now correctly filtered in Studio Client when calculating the parent for a placement. ChildrenLinkListContentTreeRelation now uses the first content from the incoming links ("referrers") that isInProduction()==true .

(CMS-18926)

Custom RichText Style Classes: Fixed Possible Button-State Problems

This issue refers to Adding Custom RichText Style Classes as described in Studio Developer Manual: Having configured style-classes which are contained in others, you may have observed invalid button states in the toolbar of the RichText Property Field in CoreMedia Studio.

Example: If you have two classes color-black and background-color-black , you may have observed the state of color-black to be enabled, while only background-color-black got selected before.

This has been fixed now.

(CMS-18899)

Updated frontend dependencies

Frontend Workspace dependencies were upgraded to prevent a jest issue on mac OS.

(CMS-18888)

Underscore in folder name is no longer taken into account for properties files

Building the frontend workspace has led to problems regarding the file name of resource bundles if one of the folders has contained an underscore. This has been fixed now.

(CMS-18852)

Replacing deprecated configuration of Spring Boot

The Sprint Boot configuration server.use-forward-headers=true was replaced by server.forward-headers-strategy=native .

(CMS-18840)

Prefetch Configuration Fix

A bug in the lookup of content type specific prefetch configuration was fixed. The PrefetchConfigContentTypeDispatcher could have wrongly reported no content type specifc prefetch configuration due to parallel/unsynchronized access to PrefetchConfigContentTypeDispatcher#configuredContentTypes . With the fix, the lookup of prefetch settings now also uses more modern Settings API.

(CMS-18836)

Fixed bug that required exact case in LDAP user name for login

Fixed the bug that prevented LDAP users to log in with a user name that differed in case. It's now possible again to log in with a name that differs in case, if the LDAP user provider ignores case when returning a user for some name. Note, that the login for built-in users always requires exact case.

(CMS-18825)

Fixed CAE Feeder Application Start Delay

Fixed a bug that caused a long startup phase for the CAE Feeder.

(CMS-18823)

Third-Party Update: Checker Framework

The Checker Framework has been updated to version 3.7.1.

The Checker Framework can be used to verify usage of personal data during compilation as described in the Blueprint Developer Manual, section "Handling Personal Data". The new version is required for this to work with Java 11 versions above 11.0.6.

(CMS-18794)

Fixed Disabled ComboBox And Checkout On Tab Reuse

We fixed a bug where ComboBoxes were disabled after Studio tab reuse (sometimes even a document checkout happened).

(CMS-18793)

Fixed Non-Disappearing LoadMask on Studio Tab Reuse

We fixed a bug where a load mask stayed forever over an opened document if this document's name contained HTML-encoded characters.

(CMS-18792)

Fixed suppression of gRPC exceptions and prevented empty cache objects in catalog service

In previous versions, all types of gRPC status exceptions in the catalog service were catched and only logged with debug messages. This lead to empty catalog objects being cached.

When catalog objects cannot be found now, no empty objects are cached anymore and and an info message is logged. All other exceptions are not catched.

(CMS-18789)

The Studio Rab Reuse Default Limit Can Now be Overriden in Studio Plugins

We fixed a bug where the Studio tab reuse default limit (ReusableDocumentFormTabsPlugin) could not be overriden in Studio pluguns following the BlueprintFormsStudioPlugin.

(CMS-18785)

User Changes MongoDB Performance

The User Changes App , the Studio Server , and the Workflow Server make better use of MongoDB indices when CapList instances like "My Edited Content" are persisted in MongoDB. This improves the performance, and will reduce the MongoDB server load, especially if many such lists are stored in MongoDB.

(CMS-18759)

Third-Party Update: Jackson Databind

Jackson Databind has been updated to version 2.10.5.1 to avoid a security vulnerability of the previous version (CVE-2020-25649).

(CMS-18754)

Third-Party Update: Hibernate Core

Hibernate Core has been updated to version 5.4.27.Final to avoid a security vulnerability of the previous version (CVE-2020-25638).

(CMS-18752)

Third-Party Update: Groovy

Groovy has been updated to version 2.4.21 to avoid a security vulnerability of the previous version (CVE-2020-17521).

(CMS-18751)

Multi-Site: Enhance Robustness For Restricted Permission Scenarios

In previous releases the CoreMedia Multi-Site feature failed if in a given sites-structure any of the master-sites was unreadable by the current user. Most obvious symptom: In Studio this user with restricted permissions is unable to select a preferred site.

This has been fixed within Site#getMasterSite() which will now return null for unreadable master sites.

(CMS-18724)

Struct Editor: Blobs can now also be uploaded to Blob(-List)-Properties within Struct Lists

When using the upload blob dialog of the Struct Editor blob (list) properties nested within Struct lists are now properly handled. Before the fix the upload was just ignored.

(CMS-18719)

Fixed favicon image file upload error

Studio failed to upload favicon image files with mime types image/x-icon and image/vnd.microsoft.icon. This is fixed now.

(CMS-18717)

Ignore actuator paths for CSRF prevention

The actuator paths (with pattern /actuator/\*\* ) are now ignored for CSRF prevention to allow write operations on actuators (like setting log levels).

(CMS-18711)

Make InternalLinkWindow component more robust

The component InternalLinkWindow in Studio was not robust enough to handle missing values for the attribute '_xlink:show' in richtext. Now the default link type 'replace' is used.

(CMS-18708)

Fix warning which occurred during Studio Server Start

A warning (including a Stacktrace) was logged during the Start of Studio Server Failed to find Liquibase changeSet file for file . This has been fixed

(CMS-18707)

Columns of the user grid can now be resized

The columns of the user grid found inside the User Manager can now be resized.

(CMS-18673)

CodeResourceHandler now respects 'cae.single-node' for single Resources

com.coremedia.blueprint.cae.handlers.CodeResourceHandler#contentResource did not set the Cache-Control header correctly. A Blueprint CAE node configured with cae.single-node=false which is unable to serve the requested version of a resource now sends Cache-Control: no-store along with the outdated version of the resource.

(CMS-18636)

XML Importer

The XmlImporter's DifferencingTransformer supports struct properties now.

(CMS-18619)

Made TaxonomyResource Bean a Singleton

The TaxonomyResource bean was configured to be a prototype. It is now a singleton bean.

(CMS-18570)

Fixed Local Start for CAE Feeder

Fixed the bug that the CAE Feeder could not be started locally for development from an IntelliJ IDEA run configuration.

(CMS-18564)

Fixed Solr hostname and port disclosure with malicious REST request

It was possible to create a manipulated bad Studio search request which produces an internal server error with an error message text produced by Solr containing the hostname and port. This error is caught now.

(CMS-18530)

Metadata for type and interface extensions

Metadata information can now be added for type and interface extensions.

(CMS-18521)

Fixed missing 0 value in slider tip in position menu of advanced teasers

The vertical slider in the position menu of advanced teasers didn't show a 0 value in its tip, only void . This is fixed now.

(CMS-18457)

Make DifferencesWindow component scrollable

With too many differences the differences window did cut off entries outside the window view. This is fixed now.

(CMS-18412)

Configurable Limit for "My Edited Content"

The new Spring property "userchanges.max-length" for the User Changes App can be used to configure the maximum length of users' "My Edited Content" lists for automatic update by the User Changes App . If the maximum has been reached, no further edited contents will be added to the list by the User Changes App . The default is unlimited ( Integer#MAX_VALUE ) to keep the existing behavior, for backwards-compatibility.

It is recommended to configure a maximum that can still be handled by editors, and is a lot lower than the maximum number of contents that can be stored in a MongoDB document. The latter depends on the length of stored document IDs but can be estimated to something around 600.000 contents.

Also, the performance of the User Changes App has been improved when it needs to process many repository changes.

(CMS-18409)

Replicator state health indicator added to the Replication Servers

The replication server has now a health indicator added to reflect the state of the replication process. The indicator is available at :8081/actuator/replicator . The indicator will be set to:

In addition the indicator can switch to DOWN if the event lag between master-live-server and the replicator exceeds a threshold. The threshold can be configured using the property management.health.replicator.uncompleted-events-threshold . The threshold can be disabled by setting it to -1 , which is the default.

The indicator itself is disabled by default in the coremedia/content-server image as the image is also being used for content-management-server and master-live-server. In the docker-compose development setup the indicator has been enabled using the environment variable MANAGEMENT_HEALTH_REPLICATOR_ENABLED .

(CMS-18230)

Fixed Blueprint GuidCookieHandler

GuidCookieHandler, which is responsible to set a cookie to recognize a returning anonymous customer, reads GUID value from Cookie now instead of ThreadLocal, which led to not recognizing customers in some cases, i.e. after sending a Customer Review, the newly created Customer Review was not shown without multiple reloads.

(CMS-18159)

DeadLinkValidator returns multiple issues per content property

The DeadLinkValidator returned only the first issue for a given content property to validate. Now the validator has a property maxIssues with a default value of 20 for the maximum number of returned issues per content property. So if a content has a linklist property with 20 deleted content references, all 20 issues are returned in the default case.

(CMS-18042)

Fixed RSA key handling of Blueprint Elastic Social GuidCookieHandler

Fixed a bug in the code dealing with the private RSA key for the signed GUID served by com.coremedia.blueprint.elastic.social.cae.guid.GuidCookieHandler that caused OpenJDK newer than 11.0.6 to reject the configured private key if it wasn't created by the CAE itself.

(CMS-17311)

Show image upload errors

An image upload could have failed without showing any error message in the Studio. This is fixed now. A message box appears with an error text.

(CMS-17301)

Make BindPlugin robust against write errors

In rare situations when trying to write a value to an invalid struct, the BindPlugin received an AS error which was not caught and caused the whole Studio to be unusable. A reload was required. This is fixed now. The BindPlugin catches the error and reports it to the console.

(CMS-17198)

Fixed calculation of cardinality in ContentLinkListWrapper

If a struct entry did not exist the cardinality of the property was calculated as "-1". This has been fixed now so. For non existing struct properties the cardinality of link lists is now int.MAX_INT.

(CMS-15845)

Fixed Lookup of ViewTypes

Fixed issue with attribte paths of the ViewTypeSelectorForm . This attribute allowes to set fix looup paths for view type but included other folders of the type hierarchy anyway. The type hierarchy and the corresponding folder lookup is ignored now again.

(CMS-15167)

Ordered and unordered list can be both selected in richtext toolbar (overflow menu)

Button events in the RichtTextPropertyField are now passed to the containing toolbar. States between toolbar buttons and corresponding checkboxes in the toolbar overflow menu are now synced correctly.

(CMS-12955)

Fixed Translation Auto Merge for Deleted Content

Fixed the bug that Studio showed a warning about a merge conflict for a translation workflow, if a content item was deleted and removed from a link list in the master site.

(CMS-12430)