Third-Party Update: Postgresql

Updated the postgresql driver to 42.4.1 to benefit from latest security bugfixes.

(CMS-21995)

Third-Party Update: NGINX

The NGINX docker image has been updated to the latest version 1.23.1-alpine to avoid security issues of its OS base image.

In an upcoming CMCC release we will switch to a rolling tag to get updates of the OS base image with every build. We recommended that you manually switch to a rolling tag like 1.23-alpine to cope with the moving target of security vulnerabilities in the libraries of the underlying OS.

Among others, the update fixes: CVE-2022-32207 CVE-2022-28391 CVE-2022-27404 CVE-2022-28391 CVE-2022-1586 CVE-2022-1587

(CMS-21980)

Third-Party Update: Jetty

Jetty has been updated to version 9.4.48.v20220622 to avoid reported security vulnerabilities of previous versions.

(CMS-21930)

Documentation on How to Derive a Site

Deriving a new localized site in Studio can lead to several issues when content of the master site is not managed carefully. A new section Multi-Site Challenges | Deriving a Site in the Multi-Site Manual gives recommendations on how to perform the task in order to achieve best results.

(CMS-21773)

Third-Party Update : Drew Noakes Metadata Extractor

Third-party library com.drewnoakes:metadata-extractor has been updated to version 2.18.0 to avoid security vulnerabilities of the previous version.

(CMS-21627)

Third-Party Update: google-oauth-client

The third-party library com.google.oauth-client:google-oauth-client has been updated to 1.33.3 to avoid security vulnerability CVE-2021-22573.

(CMS-21579)