Third-Party Update: MySQL

MySQL was updated to version 8.0.28 in global/deployment/docker/mysql/Dockerfile .

(CMS-21110)

Update to coremedia/java-application-base

The base image coremedia/java-application-base has been updated to 2.4.2 . This update includes the JVM update to 11.0.14 .

(CMS-21075)

Third-Party Update: log4j-to-slf4j

The Log4J library log4j-to-slf4j has been updated to version 2.17.1.

Note that recent security vulnerabilities for Log4J like CVE-2021-44228 ("Log4Shell"), CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 do not affect the usage of the Log4J adapter library log4j-to-slf4j that is used in CMCC to forward logging via SLF4J to Logback.

(CMS-20645)

Third-Party Update: Apache Solr and Transitive Dependencies

Apache Solr has been updated to version 8.10.1.

For detailed changes of Apache Solr have a look at https://lucene.apache.org/solr/8_10_1/changes/Changes.html .

In previous releases, the Solr configuration contained a workaround for a bug in Solr 8.8.2, that has been fixed with the new version (SOLR-15192 / SOLR-13034). The workaround has been removed again in file apps/solr/modules/search/solr-config/src/main/app/configsets/content/conf/solrconfig.xml . For best performance, it's recommended to apply this change to custom copies of that file, by setting the enableLazyFieldLoading option back to true .

As part of this change, the following transitive dependencies have also been updated in CoreMedia applications to match versions used by SolrJ:

If you use these libraries in project code, please check their respective release notes for changes and upgrade information. No changes were necessary in the CoreMedia Blueprint for these updates.

(CMS-19802)