Release Notes / Version 11.2307
Table Of ContentsUpdated (embedded) Tomcat to 9.0.70
Embedded Tomcat has been updated to version 9.0.70 (see Changelog Tomcat 9.0.70 ) to prevent known vulnerabilities.
Please be aware that Tomcat >= 9.0.69 serves cookies with dates formatted as required by RFC 6265 (see
Changelog Tomcat 9.0.69
). This may have to be respected in HTTP client implementations. When e.g. the
Apache HttpClient
is used and cookies are retrieved via the
CookieStore
, the cookie specification must be set to
standard
- see
RequestConfig.Builder#setCookieSpec
and
CookieSpecs
.
(CMS-22519)
Updated (Embedded) Tomcat to 9.0.68
Updated (Embedded) Tomcat to version 9.0.68 to prevent potential CVE-2022-42252, although we don't use the vulnerable setting
rejectIllegalHeader
.
(CMS-22354)
Added Nullability Annotations to Validator and ValidationService
Nullability annotations are added to Validator and ValidationService. Fixed a possible NullPointerException in com.coremedia.blueprint.common.services.validation.AbstractValidator.
(CMS-22183)
Fixed Atom Feed Validation
Added missing mandatory fields
id
and
updated
to Atom feed.
By this change, the optional fields
pubDate
and
dc:date
were also added to the RSS feed.
(CMS-21318)
Bugfix: Image Map Hotzones Misplaced when "Fit Image to Crop"
Image Map hotzones could be misplaced in CAE and Headless Server rendering, if " Fit image to crop " is active on corresponding image. This change resolves the issue. Existing image map hotzones do not need to be changed.
(CMS-19436)