Password Storage BCrypt Configuration

By default, passwords of Content Server builtin users and of Elastic Social users are stored using the BCrypt password hashing algorithm from Spring Security with a work factor of 10. There's a security vulnerability in Spring Security (CVE-2022-22976 ) that makes hashes less secure, if you have changed the default configuration to use work factor 31 with configuration property cap.server.login.password-hash-algorithm for the Content Server or property elastic.social.password-hash-algorithm for Elastic Social . You don't need to take action, if you are using the default configuration or a BCrypt work factor less than 31.

Follow Section, “Password Storage BCrypt Configuration” for upgrade information.

(CMS-21792)

Log Level Change for Publication Failure

Publication failures were logged with level WARN in Content Management Server . This wrongly indicated an operational issue that would require action by the operational team, while it actually is a content issue that has to be handled by editorial staff. The log level has thus been changed to INFO . Feedback on publication failures in Studio and in command line tools remains unchanged.

Follow Section, “Log Level Change for Publication Failure” for upgrade information.

(CMS-21688)