Fix Security Issue: Library springfox-swagger updated

The Springfox libraries were updated from 2.9.2 to moste recent version 3.0.0. Please note, that due to to this update the access URL to the swagger ui has been moved. The new URL is: /swagger-ui/index.html (was /swagger-ui.html )

(CMS-21807)

Security Fix: Removal of Managed Library Okhttp

Due to the CVE report https://nvd.nist.gov/vuln/detail/CVE-2021-0341 , the library com.squareup.okhttp3:okhttp is no longer managed in middle-thirdparty-bom .

Follow Section, “Security Fix: Removal of Managed Library Okhttp” for upgrade information.

(CMS-21805)

Picture Local Setting 'disableCropping' now Supported by Link Building

The flag disableCropping in the local settings of a picture was not respected by the link building for the GraphQL property uriTemplate . This misbehaviour was fixed. Also, the delivery will now validate this flag. This means that uri with disabled cropping won't work when request the image with a cropName and width. As a consequence, this bugfix is considered breaking, as the validation may break previously working delivery image URLs!

Follow Section, “Picture Local Setting 'disableCropping' now Supported by Link Building ” for upgrade information.

(CMS-21765)

MediaController with Parameter Validation

The MediaController now validates the URL parameters 'id', 'propertyName', 'hash', 'cropName', 'width' and 'filename'. The missing validation was added for security reasons to prevent DoS attacks.

Follow Section, “MediaController with Parameter Validation” for upgrade information.

(CMS-21382)