Release Notes / Version 11.2207
Table Of ContentsDeprecation: Obsolete classes in Workflow Java API
The following classes for customizing workflows have been deprecated in the Java API in package
com.coremedia.workflow.common.util
:
AbstractExternalManager
LongActionRegistry
RegisteringLongAction
SpringCollectiveLongAction
SpringDelegateAction
SpringDelegateLongAction
The methods
hasManager
and
getManager
of class
com.coremedia.workflow.WfServer
have also been deprecated.
For details, see the deprecation notices in the API documentation. To summarize, it's recommended to instead use Unified API interfaces to implement custom managers, and to use
SpringAware*Action
classes for actions that interact with the Spring context.
(CMS-20233)
Added parametric HTTP endpoint to re-indexing CAE Feeder
The CAE Feeder application now has a specific parametric endpoint to trigger a re-indexing without using JMX.
The endpoint is available at
:40781/actuator/reindex
and is enabled by default. To perform a partial re-indexing send a HTTP POST request i.e.
curl --request POST \ --url http://localhost:40781/actuator/reindex \ --header 'Content-Type: application/json' \ --data '{ "ids": "1234,5678", "contentTypes": "CMArticle,CMPicture", "query": "BELOW PATH '\''/Sites/Calista'\''" }'
See the Search Manual, section "Partial Reindexing of CAE Feeder Indices" for more information.
(CMS-19831)
Update of MongoDB Java Driver to version 4.3.0
The thirdparty dependencies org.mongodb:mongodb-driver-legacy, org.mongodb:mongodb-driver-core and org.mongodb:bson have been updated from version 4.2.2 to 4.3.0.
(CMS-19758)
Deprecation: ListDiff#elementEqual
In the Java API, method
elementEqual
of class
com.coremedia.translate.workflow.ListDiff
has been deprecated. Instead of overriding that method in a subclass, you can instead pass a predicate for equality to a constructor of that class.
(CMS-19502)
Removal: Deprecation for SiteModel's siteIndicatorDepth in Multi-Site
We removed the deprecation notice for
siteIndicatorDepth
as part of the
SiteModel
.
As part of this change
cm validate-multisite
got extended by a new issue code:
MS-VALIDATION-4009
–DISCOURAGED_PROPERTY_VALUE
The new issue-code is reported at level
INFO
and is triggered, when using a
siteIndicatorDepth
different to
0
(zero).
Motivation
As part of CMS-9521 we deprecated
siteIndicatorDepth
for 2001.1 and changed the default to
0
(zero) rather than
1
(one), as we got aware that many editors struggled with site indicators being hidden in the "depth" of a site – which in the end caused corrupted sites.
Nevertheless, migrating existing content from a depth 1 to depth 0 may raise considerable migration effort, as you have to move all site indicators up one level in one step (while stopping editorial work) and then republish all your sites.
Because of this, we decided to remove the deprecation notice, so that we will support site indicator depths different to
0
also on in the future. The default which ships with CoreMedia Blueprint will stick to the recommended default
0
, though.
(CMS-19378)
Third-Party Update: Apache Tika and Transitive Dependencies
Apache Tika has been updated to version 1.26. As part of this change, the following transitive dependencies of Apache Tika have been updated to match versions used by Tika. These updates fix known security vulnerabilities: CVE-2021-28657 (Tika), CVE-2021-27807 (PDFBox).
Updated dependencies:
com.google.guava:guava: 30.1.1-jre
org.apache.commons:commons-lang3: 3.12.0
org.apache.pdfbox:fontbox: 2.0.23
org.apache.pdfbox:pdfbox: 2.0.23
org.apache.pdfbox:pdfbox-tools: 2.0.23
org.apache.pdfbox:preflight: 2.0.23
org.apache.pdfbox:xmpbox: 2.0.23
org.apache.tika:tika-core: 1.25
org.apache.tika:tika-parsers: 1.25
org.bouncycastle:bcmail-jdk15on: 1.68
org.bouncycastle:bcpkix-jdk15on: 1.68
org.bouncycastle:bcprov-jdk15on: 1.68
org.ow2.asm:asm: 9.1
org.tukaani:xz: 1.9
If you use these libraries in project code, please check their respective release notes for changes and upgrade information. No changes were necessary in the CoreMedia Blueprint for these updates.
(CMS-19202)
cm dump: Dump Text Blobs to Console
cm dump
is now able to dump text blob values directly to console. Thus, if your object to dump provides a blob property and it stores some text (or alike) value (such as
application/javascript
), you can trigger to write it to console by using:
--blob text
The default remains as is, i.e. blobs are just providing some details on MIME type and size. This is the same as calling
cm dump
with:
--blob plain
(CMS-18880)
Added endpoint to disable/enable the replicator service
The replication-server application now has a specific endpoint to disable and enable the replicator service without using JMX.
The endpoint is available at
:8081/actuator/replicator
and is enabled by default. To disable replication send a HTTP POST request i.e.
curl -X POST \ -H "Content-Type: application/json" \ -d '{"enable": false}' \ http://localhost:8081/actuator/replicator
(CMS-18545)
Changed Content Feeder Configuration Properties
Some configuration properties of the
Content Feeder
have been renamed as part of an initiative to use Spring Boot's type-safe
ConfigurationProperties
. The old property names still work as before but some have been deprecated. It's not required to change your configuration now. If possible, we recommend to migrate to the new property names.
The following properties have been renamed
feeder.indexDeleted
->feeder.content.index-deleted
feeder.indexGroups
->feeder.content.index-groups
feeder.indexNameInTextBody
->feeder.content.index-name-in-textbody
feeder.indexReferrers
->feeder.content.index-referrers
feeder.partialUpdate.aspects
->feeder.content.partial-update-aspects
feeder.management.user
->feeder.content.management.user
feeder.management.password
->feeder.content.management.password
feeder.backgroundFeed.delay
->feeder.content.background-feed-delay
feeder.retryConnectToIndexDelay.seconds
->feeder.content.retry-connect-to-index-delay
(new property takes milliseconds if not specified otherwise)feeder.updateGroups.immediately
->feeder.content.update-groups-immediately
See also section 'Content Feeder Renamed Properties' in the reference chapter of the Search Manual for all deprecated and new property names.
(CMS-17957)
Enhanced Encryption Algorithm For System Passwords
The encryption approach used by
cm encryptpasswordproperty
has been enhanced, so that you may use a more secure
Cipher
transformation to encode passwords than the default
RSA
without padding schema.
To use a better transformation such as
RSA/ECB/OAEPWithSHA-256AndMGF1Padding
, you may now add it as configuration option to your keystore properties file via
CM_CIPHER_TRANSFORMATION
, like:
CM_KEYSTORE_PASSWORD=<KEYSTORE_PASSWORD> CM_KEY_ALIAS=<KEY_ALIAS> CM_KEY_PASSWORD=<KEY_PASSWORD> CM_CIPHER_TRANSFORMATION=RSA/ECB/OAEPWithSHA-256AndMGF1Padding
For upgrade scenarios, a fallback exists for decoding passwords from old
RSA
transformation, so that you may update your passwords one by one.
To re-encode your passwords, use
cm encryptpasswordproperty
as described in
Content Server Manual
, section
Password Property Encryption
once you have set
CM_CIPHER_TRANSFORMATION
.
(CMS-17851)
Removal: com.coremedia.elastic.core.test.Injection and core-test module
com.coremedia.elastic.core.test.Injection
and core-test module is removed. use
@InjectMocks
,
@Mock
and
@Spy
and if this is not possible
org.springframework.test.util.ReflectionTestUtils
(CMS-16834)
New Validator: PossiblyMissingMasterReferenceValidator for Multi-Site
In certain scenarios it may happen, that you have a master content and derived content which miss a corresponding link from derived to master to signal the relationship. This state, if caused by accident, may cause duplicated contents to be created where you don't expect them.
The new validator
PossiblyMissingMasterReferenceValidator
detects such a state and will by default raise a warning in these states.
Depending on the perspective (if this content is regarded as master content or as derived content) you will get slightly different messages:
For master you may get: A content in derived site German (Germany) exists, which may miss a link to this content as its master: Orphaned Name.
For derived content you may get: A content in master site English (United States) exists, which should possibly be linked to as master: Orphaned Name. Consider setting an appropriate master version carefully. Most likely the current master version.
If for any reason, this analysis reports a false-positive, it will vanish as soon as you finished a translation of a given master content.
Upgrade Notice
No upgrade steps are required unless you consider these warnings irrelevant in your setup. In this case you may remove the bean
possiblyMissingMasterReferenceValidator
which comes with
com.coremedia.cms.middle.blueprint.validators.ValidatorsConfiguration
.
As an alternative you may customize the severity by setting
possiblyMissingMasterReferenceFromMasterValidator.severity
to
INFO
(it defaults to
WARN
).
Extension Points
By default, the match strategy to search for similar contents is done by relative path. If you have different identity tokens (such as product IDs as property values) you may consider replacing the bean. A dedicated section exists in JavaDoc of
com.coremedia.rest.cap.validators.PossiblyMissingMasterReferenceValidator
explaining what possible extension points you may use.
validate-multisite
This validator covers issues detected by
cm
tool
validate-multisite
:
MS-VALIDATION-6001
– Content not Used in Derived Site but some Content ExistsMS-VALIDATION-6003
– Content without Master but some Content Exists
(CMS-16043)
validate-multisite Improvement
The output data for "MS-VALIDATION-8000 - Link Spanning Sites" has been enhanced with the site IDs of the content's site and the link target's site.
(CMS-11136)