Release Notes / Version 10.2107
Table Of ContentsCache-Control Strategy can use Full Request Paths
The
DefaultCacheControlStrategy
can now be configured to use the full request path for pattern matching. When a request contains a semicolon in the path everything after a semicolon is cut in advance of applying the "for-url-pattern". This can be avoided by setting the "cae.cache-control.urlPath.removeSemicolonContent=false" configuration property. Additionally the "cae.cache-control.urlPath.useAlwaysFullPath" and "cae.cache-control.urlPath.urlDecode" configuration properties can be used to adapt the taken request URI path.
(CMS-19195)
Configure CORS Allowed Origins with Studio Host for Preview CAE
The documentation of the
cae.cors.allowed-origins-for-url-pattern
configuration property has been extended with a suggestion to configure it with the Studio host for preview CAE. Furthermore the default Studio host was added to the
cae.cors.allowed-origins-for-url-pattern
configuration property in the
application-dev.properties
of the preview CAE.
Please note that no similar configuration has been added to the default
application.properties
for the preview CAE, because we cannot anticipate allowed origins for production environments.
(CMS-18954)
Smooth migration from legacy to current hash generating strategy.
Since the existing
DefaultSecureHashCodeGeneratorStrategy
used for securing blob transformation was considered vulnerable to possible DoS attacks, a new default
MD5SecureHashCodeGeneratorStrategy
was introduced with version 10.2007.
The new
MD5SecureHashCodeGeneratorStrategy
wont match hashes created by the former
DefaultSecureHashCodeGeneratorStrategy
. Cached URLs would cause a HTTP 403 (forbidden) status code.
Therefore CoreMedia now provides a smooth migration path by using a strategy which will accept hashes created by both, the
DefaultSecureHashCodeGeneratorStrategy
and the
MD5SecureHashCodeGeneratorStrategy
.
New hashes will be created using the new
MD5SecureHashCodeGeneratorStrategy
.
The migration mode can be enabled by setting
cae.hashing.migration-mode=true
.
(CMS-18868)
TransformImageService is now able to convert images
A new method
TransformImageService#transformWithDimensions(Content, String,String, int,int, String)
has been introduced which additionally accepts an image extension to convert the blob to the appropriate image type while performing the transformation.
(CMS-18750)