close

Filter

loading table of contents...

Release Notes / Version 10.2104

Table Of Contents

CoreMedia Content Application Engine

Cache-Control strategy can use full request paths

The DefaultCacheControlStrategy can now be configured to use the full request path for pattern matching. When a request contains a semicolon in the path everything after a semicolon is cut in advance of applying the "for-url-pattern". This can be avoided by setting the "cae.cache-control.urlPath.removeSemicolonContent=false" configuration property. Additionally the "cae.cache-control.urlPath.useAlwaysFullPath" and "cae.cache-control.urlPath.urlDecode" configuration properties can be used to adapt the taken request URI path.

(CMS-19195)

Configure CORS allowed origins with Studio host for preview CAE

The documentation of the cae.cors.allowed-origins-for-url-pattern configuration property has been extended with a suggestion to configure it with the Studio host for preview CAE. Furthermore the default Studio host was added to the cae.cors.allowed-origins-for-url-pattern configuration property in the application-dev.properties of the preview CAE.

Please note that no similar configuration has been added to the default application.properties for the preview CAE, because we cannot anticipate allowed origins for production environments.

(CMS-18954)

Smooth migration from legacy to current hash generating strategy.

Since the existing DefaultSecureHashCodeGeneratorStrategy used for securing blob transformation was considered vulnerable to possible DoS attacks, a new default MD5SecureHashCodeGeneratorStrategy was introduced with version 10.2007.

The new MD5SecureHashCodeGeneratorStrategy wont match hashes created by the former DefaultSecureHashCodeGeneratorStrategy . Cached URLs would cause a HTTP 403 (forbidden) status code. Therefore CoreMedia now provides a smooth migration path by using a strategy which will accept hashes created by both, the DefaultSecureHashCodeGeneratorStrategy and the MD5SecureHashCodeGeneratorStrategy . New hashes will be created using the new MD5SecureHashCodeGeneratorStrategy .

The migration mode can be enabled by setting cae.hashing.migration-mode=true .

(CMS-18868)

TransformImageService is now able to convert images

A new method TransformImageService#transformWithDimensions(Content, String,String, int,int, String) has been introduced which additionally accepts an image extension to convert the blob to the appropriate image type while performing the transformation.

(CMS-18750)

Search Results

Table Of Contents