Release Notes / Version 11.2207
Table Of ContentsFixed Bug in LocalAndLinkedSettingsFinder
Class
com.coremedia.blueprint.base.settings.impl.LocalAndLinkedSettingsFinder
handles cyclic navigation structures and does no longer propagate
com.coremedia.blueprint.base.tree.CycleInTreeRelationException
to clients of
com.coremedia.blueprint.base.settings.SettingsService
.
(CMS-20313)
Update of coremedia-application-maven-plugin to 3.0.1
This update fixes an issue, where the plugin did not set the executable flags correctly for the
cm
executable in the
target
directory.
(CMS-19862)
Third-Party Update: Spring-Security
Due to a security issue ( https://nvd.nist.gov/vuln/detail/CVE-2021-22119 ) we updated spring-security from 5.3.9.RELEASE to 5.3.10.RELEASE. We are not aware of any incompatibilities.
(CMS-19702)
Fixed CAE Feeder deadlock for JMX access
Fixed a bug in the
CAE Feeder
that could lead to a deadlock when reading attribute
InvalidationQueueSize
of MBean
ContentDependencyInvalidator
via JMX.
(CMS-19642)
Third-Party Update: Apache PDFBox
Apache PDFBox has been updated to version 2.0.24 to avoid a security vulnerability of the previous version (CVE-2021-31812).
(CMS-19638)
CAE Feeder Performance Improvement
Fixed a bug in the CAE Feeder that led to reduced throughput, especially for larger indexes.
(CMS-19636)
Fixed Output for cm encryptpasswordproperty
cm encryptpasswordproperty
failed to output more details especially in case of failures while encrypting or decrypting passwords.
This has been fixed.
Upgrade:
Unless you defined a custom
EncryptionService
, no upgrade steps are required.
For custom implementations of
EncryptionService
it is strongly recommended to override the default method
EncryptionService.usingLogger(logger:Logger):EncryptionService
, so that tools such as
cm encryptpasswordproperty
benefit from log messages provided by your custom service. Ensure to read the implementation specification carefully.
As alternative, you may want to adjust the tools-logging-configuration, so that your custom service is able to log to stdout.
(CMS-19531)
The 'property' column of the 'System' table has now the length 100
When a string property of a document type is observed it is registered in the 'System' table. To handle long document type and property names the 'property' column of the table has now the length of 100 instead of 50.
(CMS-19293)
Verbosity of publishall
Failures of the
publishall
tool are logged to a file, but have not been obvious for the user on stdout. Now, a concluding failure message is written to stdout.
(CMS-19275)
cm validate-multisite: Enhanced Robustness for Huge Multi-Site Setups
cm validate-multisite
got enhanced for robustness in huge multi-site setups.
Instead of buffering issues in memory before they are stored to stdout and/or file, the output is now done immediately after an issue has been found.
Due to the change, the output to stdout has changed slightly, so that reported issues are mixed with status messages. For a better overview of actual issues found, it is recommended to dump the results into a tab-separated file using the
--file
CLI option.
(CMS-19272)
Blobs in structs get collected after version or content is destroyed
Previously, blobs that were referenced in a struct did not get garbage collected when the version containing the struct that was destroyed. This has been fixed.
(CMS-19160)
Fix import-user script if no user xml files found
The
import-user
script in the management-tools container now ignores an empty users dir in the import directory.
(CMS-19103)
Fixed Broken Order of Transformations
The list of image transformation variants is now returned sorted by name. This may lead to a different order of variants inside the Studio's Image Editor. To customize the order, change the struct list of variants in the settings document Responsive Image Settings .
(CMS-18680)
Fixed Solr hostname and port disclosure with malicious REST request
It was possible to create a manipulated bad Studio search request which produces an internal server error with an error message text produced by Solr containing the hostname and port. This error is caught now.
(CMS-18530)
Improve Studio robustness when no WorkflowRepository is available
When no
WorkflowRepository
was available in Studio some errors occurred. Now all accesses to the
WorkflowRepository
have been guarded by a
null
check to prevent errors.
(CMS-18237)
Fixed multi-threading issues in cleanrecyclebin tool
An issue has been fixed regarding the concurrent creation of directories.
(CMS-18163)
Fixed a bug in ObservedPropertyService leading to seemingly missing augmentations
Fixed a bug in the implementation of
com.coremedia.cap.content.observe.ObservedPropertyService
that lead to wrong cache entries of observed property values. If the cache key was evaluated in a request associated with a user session with limited rights, then the cache entry contained only the contents readable by that user.
Because the Augmentation Service is using observed property values to find augmented content for a commerce ID, this could have lead to seemingly missing augmentations in the past.
(CMS-16741)
Encrypt Initial Passwords
The properties
cap.server.initialPassword.*
can be encrypted using the
cm encryptpasswordproperty
tool now.
(CMS-11312)
Fixed Content Feeder Handling of Destroyed Derived Content
Fixed a bug in the Content Feeder that could lead to an error while feeding a content item, if a derived content item was destroyed in the meantime. Exceptions about destroyed derived content items are now caught and do not cause problems for feeding.
(CMS-9058)