Release Notes / Version 11.2307
Table Of ContentsUpdated Spring Framework to version 5.3.26
Updated Spring Framework to version 5.3.26 in order to mitigate CVE-2023-20860 and CVE-2023-20861.
(CMS-22852)
CKEditor 5 36.0.1
CKEditor 5 has been updated to 36.0.1. The update is included in the version 14.0.2 of the CoreMedia plugins. For further information see the release notes of 14.0.2.
(CMS-22748)
Possible NullPointerException fixed for Markup in Structs XLIFF export
You may observe a
NullPointerException
when exporting Markup in Structs to XLIFF. This is caused by newly created Markup nodes in Struct properties, that didn't get a value yet.
This issue has been fixed. Markup properties in Struct that are
null
as value are not tried to be exported anymore.
(CMS-22725)
Fixed Cache Bug that causes RecursiveCacheLookUpException
Fixed a bug in the central CoreMedia cache component, that can cause sporadic failures when evaluating cached values from multiple threads under high load. Cache evaluations could have failed with a RecursiveCacheLookUpException, because computations were incorrectly identified as being cyclic computations that could loop endlessly. This has been fixed now.
(CMS-22672)
Fixed LdapUserProvider Configuration
Due to a bug in
LdapUserProvider
, the configuration properties
cap.server.userproviders[n].java.naming.referral cap.server.userproviders[n].java.naming.ldap.version
had no effect. Now they are supported. For backward compatible behaviour, delete these properties from the configuration of your contentservers. (You probably did not set them anyway, because the defaults are appropriate in most cases.)
The support of
java.naming.referral
should also improve the default behaviour of the ActiveDirectoryUserProviders, when they encounter referrals. This typically happens if LDAP groups have many (e.g. >1500, depends on the AD version) direct members, or if LDAP users are direct members of many groups.
Moreover, the configuration property
cap.server.userprovidersn.java.naming.security.protocol
is now passed as JNDI connection parameter
java.naming.security.protocol
, as it is recommended by the JNDI documentation. LDAP over SSL (ldaps) worked also before, because the property is considered in an additional way.
(CMS-22638)
Fix Solr Configuration for Replication Handler
The Solr configuration files (solrconfig.xml) for CAE and Studio indices have been fixed to not configure example credentials for basic authentication for the Solr replication anymore. These settings had been introduced accidentally and caused problems when trying to override them externally.
(CMS-22550)
Updated OWASP Dependency Check Maven Plugin
The OWASP Dependency Check Maven Plugin has been updated from 7.4.4 to 8.1.2 - see
Dependency-Check 8.0.0 Upgrade Notice (for customers using an externally hosted OWASP database instead of the embedded H2 database)
(CMS-21947)