Fixed Bug in LocalAndLinkedSettingsFinder

Class com.coremedia.blueprint.base.settings.impl.LocalAndLinkedSettingsFinder handles cyclic navigation structures and does no longer propagate com.coremedia.blueprint.base.tree.CycleInTreeRelationException to clients of com.coremedia.blueprint.base.settings.SettingsService .

(CMS-20313)

Update of coremedia-application-maven-plugin to 3.0.1

This update fixes an issue, where the plugin did not set the executable flags correctly for the cm executable in the target directory.

(CMS-19862)

Third-Party Update: Spring-Security

Due to a security issue ( https://nvd.nist.gov/vuln/detail/CVE-2021-22119 ) we updated spring-security from 5.3.9.RELEASE to 5.3.10.RELEASE. We are not aware of any incompatibilities.

(CMS-19702)

Fixed CAE Feeder deadlock for JMX access

Fixed a bug in the CAE Feeder that could lead to a deadlock when reading attribute InvalidationQueueSize of MBean ContentDependencyInvalidator via JMX.

(CMS-19642)

Third-Party Update: Apache PDFBox

Apache PDFBox has been updated to version 2.0.24 to avoid a security vulnerability of the previous version (CVE-2021-31812).

(CMS-19638)

CAE Feeder Performance Improvement

Fixed a bug in the CAE Feeder that led to reduced throughput, especially for larger indexes.

(CMS-19636)

Fixed Output for cm encryptpasswordproperty

cm encryptpasswordproperty failed to output more details especially in case of failures while encrypting or decrypting passwords.

This has been fixed.

Upgrade:

Unless you defined a custom EncryptionService , no upgrade steps are required.

For custom implementations of EncryptionService it is strongly recommended to override the default method EncryptionService.usingLogger(logger:Logger):EncryptionService , so that tools such as cm encryptpasswordproperty benefit from log messages provided by your custom service. Ensure to read the implementation specification carefully.

As alternative, you may want to adjust the tools-logging-configuration, so that your custom service is able to log to stdout.

(CMS-19531)

The 'property' column of the 'System' table has now the length 100

When a string property of a document type is observed it is registered in the 'System' table. To handle long document type and property names the 'property' column of the table has now the length of 100 instead of 50.

(CMS-19293)

Verbosity of publishall

Failures of the publishall tool are logged to a file, but have not been obvious for the user on stdout. Now, a concluding failure message is written to stdout.

(CMS-19275)

cm validate-multisite: Enhanced Robustness for Huge Multi-Site Setups

cm validate-multisite got enhanced for robustness in huge multi-site setups.

Instead of buffering issues in memory before they are stored to stdout and/or file, the output is now done immediately after an issue has been found.

Due to the change, the output to stdout has changed slightly, so that reported issues are mixed with status messages. For a better overview of actual issues found, it is recommended to dump the results into a tab-separated file using the --file CLI option.

(CMS-19272)

Blobs in structs get collected after version or content is destroyed

Previously, blobs that were referenced in a struct did not get garbage collected when the version containing the struct that was destroyed. This has been fixed.

(CMS-19160)

Fix import-user script if no user xml files found

The import-user script in the management-tools container now ignores an empty users dir in the import directory.

(CMS-19103)

Fixed Broken Order of Transformations

The list of image transformation variants is now returned sorted by name. This may lead to a different order of variants inside the Studio's Image Editor. To customize the order, change the struct list of variants in the settings document Responsive Image Settings .

(CMS-18680)

Fixed Solr hostname and port disclosure with malicious REST request

It was possible to create a manipulated bad Studio search request which produces an internal server error with an error message text produced by Solr containing the hostname and port. This error is caught now.

(CMS-18530)

Improve Studio robustness when no WorkflowRepository is available

When no WorkflowRepository was available in Studio some errors occurred. Now all accesses to the WorkflowRepository have been guarded by a null check to prevent errors.

(CMS-18237)

Fixed multi-threading issues in cleanrecyclebin tool

An issue has been fixed regarding the concurrent creation of directories.

(CMS-18163)

Fixed a bug in ObservedPropertyService leading to seemingly missing augmentations

Fixed a bug in the implementation of com.coremedia.cap.content.observe.ObservedPropertyService that lead to wrong cache entries of observed property values. If the cache key was evaluated in a request associated with a user session with limited rights, then the cache entry contained only the contents readable by that user. Because the Augmentation Service is using observed property values to find augmented content for a commerce ID, this could have lead to seemingly missing augmentations in the past.

(CMS-16741)

Encrypt Initial Passwords

The properties cap.server.initialPassword.* can be encrypted using the cm encryptpasswordproperty tool now.

(CMS-11312)

Fixed Content Feeder Handling of Destroyed Derived Content

Fixed a bug in the Content Feeder that could lead to an error while feeding a content item, if a derived content item was destroyed in the meantime. Exceptions about destroyed derived content items are now caught and do not cause problems for feeding.

(CMS-9058)