loading table of contents...

Release Notes / Version 11.2110

Table Of Contents

CoreMedia Core

Deprecation: Obsolete classes in Workflow Java API

The following classes for customizing workflows have been deprecated in the Java API in package com.coremedia.workflow.common.util :

  • AbstractExternalManager

  • LongActionRegistry

  • RegisteringLongAction

  • SpringCollectiveLongAction

  • SpringDelegateAction

  • SpringDelegateLongAction

The methods hasManager and getManager of class com.coremedia.workflow.WfServer have also been deprecated.

For details, see the deprecation notices in the API documentation. To summarize, it's recommended to instead use Unified API interfaces to implement custom managers, and to use SpringAware*Action classes for actions that interact with the Spring context.


Added parametric HTTP endpoint to re-indexing CAE Feeder

The CAE Feeder application now has a specific parametric endpoint to trigger a re-indexing without using JMX. The endpoint is available at :40781/actuator/reindex and is enabled by default. To perform a partial re-indexing send a HTTP POST request i.e.

curl --request POST \
  --url http://localhost:40781/actuator/reindex \
  --header 'Content-Type: application/json' \
  --data '{
	"ids": "1234,5678",
	"contentTypes": "CMArticle,CMPicture",
	"query": "BELOW PATH '\''/Sites/Calista'\''"

See the Search Manual, section "Partial Reindexing of CAE Feeder Indices" for more information.


Update of MongoDB Java Driver to version 4.3.0

The thirdparty dependencies org.mongodb:mongodb-driver-legacy, org.mongodb:mongodb-driver-core and org.mongodb:bson have been updated from version 4.2.2 to 4.3.0.


Deprecation: ListDiff#elementEqual

In the Java API, method elementEqual of class com.coremedia.translate.workflow.ListDiff has been deprecated. Instead of overriding that method in a subclass, you can instead pass a predicate for equality to a constructor of that class.


Removal: Deprecation for SiteModel's siteIndicatorDepth in Multi-Site

We removed the deprecation notice for siteIndicatorDepth as part of the SiteModel .

As part of this change cm validate-multisite got extended by a new issue code:


The new issue-code is reported at level INFO and is triggered, when using a siteIndicatorDepth different to 0 (zero).


As part of CMS-9521 we deprecated siteIndicatorDepth for 2001.1 and changed the default to 0 (zero) rather than 1 (one), as we got aware that many editors struggled with site indicators being hidden in the "depth" of a site – which in the end caused corrupted sites.

Nevertheless, migrating existing content from a depth 1 to depth 0 may raise considerable migration effort, as you have to move all site indicators up one level in one step (while stopping editorial work) and then republish all your sites.

Because of this, we decided to remove the deprecation notice, so that we will support site indicator depths different to 0 also on in the future. The default which ships with CoreMedia Blueprint will stick to the recommended default 0 , though.


Third-Party Update: Apache Tika and Transitive Dependencies

Apache Tika has been updated to version 1.26. As part of this change, the following transitive dependencies of Apache Tika have been updated to match versions used by Tika. These updates fix known security vulnerabilities: CVE-2021-28657 (Tika), CVE-2021-27807 (PDFBox).

Updated dependencies:

  • 30.1.1-jre

  • org.apache.commons:commons-lang3: 3.12.0

  • org.apache.pdfbox:fontbox: 2.0.23

  • org.apache.pdfbox:pdfbox: 2.0.23

  • org.apache.pdfbox:pdfbox-tools: 2.0.23

  • org.apache.pdfbox:preflight: 2.0.23

  • org.apache.pdfbox:xmpbox: 2.0.23

  • org.apache.tika:tika-core: 1.25

  • org.apache.tika:tika-parsers: 1.25

  • org.bouncycastle:bcmail-jdk15on: 1.68

  • org.bouncycastle:bcpkix-jdk15on: 1.68

  • org.bouncycastle:bcprov-jdk15on: 1.68

  • org.ow2.asm:asm: 9.1

  • org.tukaani:xz: 1.9

If you use these libraries in project code, please check their respective release notes for changes and upgrade information. No changes were necessary in the CoreMedia Blueprint for these updates.


cm dump: Dump Text Blobs to Console

cm dump is now able to dump text blob values directly to console. Thus, if your object to dump provides a blob property and it stores some text (or alike) value (such as application/javascript ), you can trigger to write it to console by using:

--blob text

The default remains as is, i.e. blobs are just providing some details on MIME type and size. This is the same as calling cm dump with:

--blob plain


Added endpoint to disable/enable the replicator service

The replication-server application now has a specific endpoint to disable and enable the replicator service without using JMX. The endpoint is available at :8081/actuator/replicator and is enabled by default. To disable replication send a HTTP POST request i.e.

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"enable": false}'  \


Changed Content Feeder Configuration Properties

Some configuration properties of the Content Feeder have been renamed as part of an initiative to use Spring Boot's type-safe ConfigurationProperties . The old property names still work as before but some have been deprecated. It's not required to change your configuration now. If possible, we recommend to migrate to the new property names.

The following properties have been renamed

  • feeder.indexDeleted -> feeder.content.index-deleted

  • feeder.indexGroups -> feeder.content.index-groups

  • feeder.indexNameInTextBody -> feeder.content.index-name-in-textbody

  • feeder.indexReferrers -> feeder.content.index-referrers

  • feeder.partialUpdate.aspects -> feeder.content.partial-update-aspects

  • ->

  • ->

  • feeder.backgroundFeed.delay -> feeder.content.background-feed-delay

  • feeder.retryConnectToIndexDelay.seconds -> feeder.content.retry-connect-to-index-delay (new property takes milliseconds if not specified otherwise)

  • feeder.updateGroups.immediately -> feeder.content.update-groups-immediately

See also section 'Content Feeder Renamed Properties' in the reference chapter of the Search Manual for all deprecated and new property names.


Enhanced Encryption Algorithm For System Passwords

The encryption approach used by cm encryptpasswordproperty has been enhanced, so that you may use a more secure Cipher transformation to encode passwords than the default RSA without padding schema.

To use a better transformation such as RSA/ECB/OAEPWithSHA-256AndMGF1Padding , you may now add it as configuration option to your keystore properties file via CM_CIPHER_TRANSFORMATION , like:


For upgrade scenarios, a fallback exists for decoding passwords from old RSA transformation, so that you may update your passwords one by one.

To re-encode your passwords, use cm encryptpasswordproperty as described in Content Server Manual , section Password Property Encryption once you have set CM_CIPHER_TRANSFORMATION .


Removal: com.coremedia.elastic.core.test.Injection and core-test module

com.coremedia.elastic.core.test.Injection and core-test module is removed. use @InjectMocks , @Mock and @Spy and if this is not possible org.springframework.test.util.ReflectionTestUtils


New Validator: PossiblyMissingMasterReferenceValidator for Multi-Site

In certain scenarios it may happen, that you have a master content and derived content which miss a corresponding link from derived to master to signal the relationship. This state, if caused by accident, may cause duplicated contents to be created where you don't expect them.

The new validator PossiblyMissingMasterReferenceValidator detects such a state and will by default raise a warning in these states.

Depending on the perspective (if this content is regarded as master content or as derived content) you will get slightly different messages:

  • For master you may get: A content in derived site German (Germany) exists, which may miss a link to this content as its master: Orphaned Name.

  • For derived content you may get: A content in master site English (United States) exists, which should possibly be linked to as master: Orphaned Name. Consider setting an appropriate master version carefully. Most likely the current master version.

If for any reason, this analysis reports a false-positive, it will vanish as soon as you finished a translation of a given master content.

Upgrade Notice

No upgrade steps are required unless you consider these warnings irrelevant in your setup. In this case you may remove the bean possiblyMissingMasterReferenceValidator which comes with com.coremedia.cms.middle.blueprint.validators.ValidatorsConfiguration .

As an alternative you may customize the severity by setting possiblyMissingMasterReferenceFromMasterValidator.severity to INFO (it defaults to WARN ).

Extension Points

By default, the match strategy to search for similar contents is done by relative path. If you have different identity tokens (such as product IDs as property values) you may consider replacing the bean. A dedicated section exists in JavaDoc of explaining what possible extension points you may use.


This validator covers issues detected by cm tool validate-multisite :

  • MS-VALIDATION-6001 – Content not Used in Derived Site but some Content Exists

  • MS-VALIDATION-6003 – Content without Master but some Content Exists


validate-multisite Improvement

The output data for "MS-VALIDATION-8000 - Link Spanning Sites" has been enhanced with the site IDs of the content's site and the link target's site.


Search Results

Table Of Contents