Release Notes / Version 10.2101
Table Of ContentsThird-Party Update: Apache Ant 1.10.9
Apache Ant has been updated to version 1.10.9, which fixes security vulnerability CVE-2020-11979.
(CMS-18365)
Updated to latest Spring Framework 5.2.9, Spring Boot 2.2.10, and others
The following third party party libraries have been updated to fix CVE-2020-5421 :
Spring Boot 2.2.10.RELEASE
Spring Framework 5.2.9.RELEASE
Spring Security 5.2.6.RELEASE
Apache Tomcat 9.0.38
Micrometer 1.3.14
Jetty 9.4.31.v20200723
Byte Buddy 1.10.14
Jakarta Servlet 4.0.4
Netty 4.1.52.Final
Caffeine 2.8.5
Jackson 2.10.5
Hibernate 5.4.21.Final
Mysql 8.0.21
Aspectjweaver 1.9.6
(CMS-18305)
Resolve dependency on examples-thirdparty-bom
Fixed dependencies of module examples.blueprint.
(CMS-18265)
Quote parameter in management-tools entrypoint chain
In order to run the management tools with parameters containing spaces, such as content paths, all scripts part of the chain must quote their parameters on the exec call.
If for example one wants to use the serverexport tool with a path containing a space this works now also as a part of the chain.
docker run --rm coremedia/management-tools \ tools/bin/cm serverexport -u admin -p admin \ "/Sites/Chef Corp"
(CMS-18185)
UAPI Reconnect
In some cases the UAPI was not able to reconnect after a Content Server restart because of HTTP response caching issues. This has been fixed.
(CMS-17996)
Third-Party Update: Jetty
Jetty has been updated to version 9.4.30 to avoid a security issue of the previous version (CVE-2019-17638).
(CMS-17836)
Translation Auto-Merge Keeps Order of Link Lists
Fixed a bug in the auto-merge functionality of translation workflows, which sometimes caused a wrong order of contents when changes from a placement link list were merged to a derived content.
(CMS-17515)
Autofill in browsers now finds correct field types
Two autofill behaviours have been fixed.
When the user wanted to input a password in the change password dialog while library was open the search of the library was focused when autofill was used. Now the fields are detected directly and support the autocompletion for
current-password
andnew-password
Chrome detected the StatefulDateField as an address field and suggested to put in addresses. Now chrome does not suggest addresses in this field.
(CMS-16773)
Copy mysql configuration files in Dockerfile using mysql user
To prevent access rights conflicts in some environments, the configuration files should be copied using the mysql user.
(CMS-16538)
Sort results in UAPI queries
It is possible to sort by parent folder id, place approval date and place approver in UAPI queries now.
(CMS-11314)