Release Notes / Version 11.2301
Table Of ContentsThird-Party Update: commons-dbcp2
Apache commons-dbcp2 has been updated to version 2.9.0 to avoid a security issue of the previous version.
(CMS-21148)
Third-Party Update: PostgreSQL JDBC Driver
The PostgreSQL JDBC driver has be updated to version 42.3.3 to avoid security issues of the previous version (CVE-2022-21724, GHSA-673j-qm5f-xpv8).
(CMS-21140)
Fixed a bug preventing apps to shutdown properly
Apps using the CoreMedia cache sometimes failed to destroy the cache instance leaving a thread named "coremedia-cache-CacheTimer" behind. This thread is now terminated when the spring application context shuts down.
(CMS-21009)
Third-Party Update: Tomcat
Tomcat has been updated to version 9.0.58 to avoid security vulnerabilities of the previous version.
(CMS-20961)
Third-Party Update: Spring Boot 2.5.8
In order to benefit from the improvements of the latest version of the Spring framework and to prepare for making use of the new features various 3rd party libraries have been updated.
Caffeine 2.9.3
GSON 2.8.9
Hibernate 5.4.33
HttpCore 4.4.15
Micrometer 1.7.7
Spring Boot 2.5.8
Spring Data 2021.0.7
Spring Framework 5.3.14
Spring Security 5.5.4
XmlUnit2 2.8.4
(CMS-20686)
Updated Protocol Buffers for Java to 3.19.3
Updated
com.google.protobuf:protobuf-java
dependencies to version 3.19.3 to fix known security vulnerabilities.
(CMS-20685)
Third-Party Update : Jackson
Jackson has been updated to version 2.12.6 to avoid security vulnerabilities of the previous version.
(CMS-20646)
Third-Party Update: ImageIO 3.8.2
In order to benefit from the latest security improvements the third-party library ImageIO was updated to version 3.8.2
(CMS-20627)
Shared HCL/WCS Commerce Proxy enhancements
The blueprint based
commerce-proxy
in the Docker deployment was enhanced to better support shared HCL/WCS Commerce setups where multiple CMS systems share a single commerce system. Product Asset URLs using the
catalogimage
path are now postprocessed in the
commerce proxy
and the hostname is now correctly set to the proxied CMS hostname instead of the default
cmsHost
that is configured in the commerce system.
(CMS-20592)
Root Category Preview
We fixed the preview for the virtual root categories that do not have a corresponding shop URL. Instead of the previously rendered error, we now render its placements as a content page through the storefront. The layout is not acurate but it should give editorial users enough preview possibilities to create placement content that is used for inheritance to other subcategories.
(CMS-20430)
Images: Parameters in MIME types fixed
During transformation a lookup by MIME type must be done to find MIME type specific implementations. The MIME type was compared with parameters. MIME types are syntactically allowed to have parameters (see RFC 2046) but for images no parameters are specified. Unfortunately if there were parameters no specific implementation could be found even if it was possible to transform the image.
Now the MIME type parameters are ignored for the lookup.
(CMS-20198)
Fixed a bug preventing replacement of CAE richtext filter beans
BlueprintRichtextFiltersConfiguration
does no longer expose richtext filter beans by their implementation types. It no longer references the richtext filter beans by type. It uses the filter bean names as qualifiers instead.
(CMS-19471)
Calista and Aurora UK site removed
The English / United Kingdom ("en_UK") demo content for Calista and Aurora Augmentation has been removed. The reason is that a default HCL Commerce system does not provide "en_UK" out of the box. When using the UK sites in Studio, the preview always showed the "en_US" storefront and pulled fragments from the "en_US" site. Any content changes made in the "en_UK" site were not reflected in the preview and this confused editorial users in a demo or testing scenario. This removal only affects demo content.
(CMS-18634)