Release Notes / Version 10.2101
Table Of ContentsThird-Party Update: Tomcat
Tomcat has been updated to version 9.0.41 to avoid a security vulnerability of the previous version (CVE-2020-17527).
(CMS-18753)
Ignore actuator paths for CSRF prevention
The actuator paths (with pattern
/actuator/\*\*
) are now ignored for CSRF prevention to allow write operations on actuators (like setting log levels).
(CMS-18711)
CodeResourceHandler now respects 'cae.single-node' for single Resources
com.coremedia.blueprint.cae.handlers.CodeResourceHandler#contentResource
did not set the
Cache-Control
header correctly. A Blueprint CAE node configured with
cae.single-node=false
which is unable to serve the requested version of a resource now sends
Cache-Control: no-store
along with the outdated version of the resource.
(CMS-18636)
Fixed Dataview Initialization for Autowired Dependencies
Dataviews did not receive autowired dependencies of the origin class if the original content bean was replaced with an extended content bean class. Only customizations of the Blueprint which both extended
CMQueryListImpl
and replaced the original
"contentBeanFactory:CMQueryList"
content bean were affected by this bug.
(CMS-18615)
Fixed asset collection download
Added missing CsrfToken in the download portal for downloading the asset collection as zip file.
(CMS-18477)
TransformedBlobHandler sends uncacheable response if blob hash does not match
TransformedBlobHandler sends uncacheable response if blob hash does not match. The TransformedBlobHandler uses
HandlerBase#isSingleNode
and the external configuration option
cae.single-node
to control this behavior.
(CMS-18048)