Headless won't Start with Deactivated P13N Extension

Due to a refactored component scan, two xml resources were not discovered anymore when the P13N extension is deactivated, which in turn caused a failed headless server start. This bugfix reinserts the missing resources.

(CMS-21843)

Security Fix: Thymeleaf Library Update

Due to the CVE report https://nvd.nist.gov/vuln/detail/CVE-2021-43466 , the libraries org.thymeleaf:thymeleaf and org.thymeleaf:thymeleaf-spring5 were updated to version 3.0.15.RELEASE

(CMS-21806)

Image Hash Calculation Leads to Client-Side Caching Problems

When the changing a crop (e.g. clipping), the hash of the image did not change and as a consequence the URL also did not change anymore. This led to the problem that browser caches did not invalidate their caches. This bugfix fixes the hash calculation.

(CMS-21800)

MediaController now sets Content-Disposition Header

When downloading binaries via HeadlessServers media endpoint, the HTTP header Content-Disposition is now set, when using the media endpoints with a filename.

Additionally the manual was complemented by the section 'MediaType Content Negotiation', explaining options to configure individually document types to suppress a Spring Web MVC default behaviour on potentially unsafe content types.

(CMS-21669)