Release Notes / Version 11.2304
Table Of ContentsFixed Bug in "cm content-uuid-import'
Fixed a bug in the command-line tool to import content UUIDs (
cm content-uuid-import
) that could cause failures like
IndexOutOfBoundsException
.
(CMS-22464)
Third-Party Update: postgresql Driver
postgresql has been updated to version 42.4.3 to avoid reported security vulnerabilities of previous versions.
(CMS-22444)
Third-Party Update: Woodstox
FasterXML Woodstox has been updated to version 6.4.0 to avoid security vulnerabilities of previous versions.
(CMS-22314)
Third-Party Update: gRPC and Protobuf-Java Dependencies
The dependencies for the commerce adapter connections have been updated to their latest versions fix known vulnerabilities:
gRPC dependencies: 1.49.2
Protobuf-Java: 3.21.7
(CMS-22228)
Fixed Studio Search Information Disclosure
Original exception messages from Solr, which contain sensitive information in some cases, are no longer passed to clients through Studio Server REST Endpoints.
(CMS-22212)
Third-Party Update: FasterXML Jackson Dependencies
The FasterXML Jackson dependencies have been updated to version 2.13.4 to fix a known vulnerability.
(CMS-22210)
Content UUID Migration Includes Folders
Previously, tools for content UUID migration ( content-uuid-export , generate-content-uuid-map , and content-uuid-import ) would not transfer UUIDs for folders. With the update, folder IDs are now included, too. UUID export data created with the current version of content-uuid-export should not be used with older versions of the mapping and import tools, though.
(CMS-22185)
Bugfix: Content UUID Migration Tooling Fails on Missing UUIDs
Content UUID migration tool content-uuid-export failed, if any of the export contents did not have a UUID assigned yet. This is fixed by creating new UUIDs on-the-fly during export for those contents that are missing a UUID and storing these newly created UUIDs in the Content Management Server database. Log output of content-uuid-export reports the number of generated UUIDs, should this happen during export. Generating a lot of missing UUIDs, however, can slow down export severely.
(CMS-22144)
Third-Party Update: Postgresql
Updated the postgresql driver to 42.4.1 to benefit from latest security bugfixes.
(CMS-21995)
Third-Party Update: NGINX
The NGINX docker image has been updated to the latest version 1.23.1-alpine to avoid security issues of its OS base image.
In an upcoming CMCC release we will switch to a rolling tag to get updates of the OS base image with every build. We recommended that you manually switch to a rolling tag like 1.23-alpine to cope with the moving target of security vulnerabilities in the libraries of the underlying OS.
Among others, the update fixes: CVE-2022-32207 CVE-2022-28391 CVE-2022-27404 CVE-2022-28391 CVE-2022-1586 CVE-2022-1587
(CMS-21980)
Derive Site Robustness: Handle Links to Destroyed Contents
While links to destroyed contents should be prevented, actions such as Derive Site should be robust to handle them.
Derive Site has been hardened accordingly, which means:
links to destroyed contents are kept as is (and should be fixed afterwards)
links to destroyed master contents are rewritten as expected to the new master content
(CMS-21932)
Documentation on How to Derive a Site
Deriving a new localized site in Studio can lead to several issues when content of the master site is not managed carefully. A new section Multi-Site Challenges | Deriving a Site in the Multi-Site Manual gives recommendations on how to perform the task in order to achieve best results.
(CMS-21773)
New ServerExport Option to Export Files in Lowercase
Use option
--lowercase
to store the exported content using lowercase filenames.
This option can be helpful to mitigate problems with non-case-sensitive file systems.
The paths are kept unique by appending a hash to the stored file name.
The converted path will not affect the reimport of the exported files.
(CMS-21408)
The Content Feeder Now Also Feeds String Lists And Considers Nested Structs
StructFeedablePopulator has been extended to also feed all keys, strings and string lists in nested structs or struct lists. Of course it is necessary that the respective content is re-indexed before these properties are searchable.
(CMS-20981)
Cleaned up application-mls-local.properties
The property
repository.url
and its helper property
content-management-server.host
in
application-mls-local.properties
have been superfluous ever since and have now been deleted.
(CMS-20106)
Fixed CAE Feeder Possible Deadlock
Fixed a bug that could lead to a dead lock of the CAE Feeder in case of cyclic navigation structures.
(CMS-19571)