Third-Party Update: commons-dbcp2

Apache commons-dbcp2 has been updated to version 2.9.0 to avoid a security issue of the previous version.

(CMS-21148)

Third-Party Update: PostgreSQL JDBC Driver

The PostgreSQL JDBC driver has be updated to version 42.3.3 to avoid security issues of the previous version (CVE-2022-21724, GHSA-673j-qm5f-xpv8).

(CMS-21140)

Fixed a bug preventing apps to shutdown properly

Apps using the CoreMedia cache sometimes failed to destroy the cache instance leaving a thread named "coremedia-cache-CacheTimer" behind. This thread is now terminated when the spring application context shuts down.

(CMS-21009)

Third-Party Update: Tomcat

Tomcat has been updated to version 9.0.58 to avoid security vulnerabilities of the previous version.

(CMS-20961)

Third-Party Update: Spring Boot 2.5.8

In order to benefit from the improvements of the latest version of the Spring framework and to prepare for making use of the new features various 3rd party libraries have been updated.

(CMS-20686)

Updated Protocol Buffers for Java to 3.19.3

Updated com.google.protobuf:protobuf-java dependencies to version 3.19.3 to fix known security vulnerabilities.

(CMS-20685)

Third-Party Update : Jackson

Jackson has been updated to version 2.12.6 to avoid security vulnerabilities of the previous version.

(CMS-20646)

Third-Party Update: ImageIO 3.8.2

In order to benefit from the latest security improvements the third-party library ImageIO was updated to version 3.8.2

(CMS-20627)

Shared HCL/WCS Commerce Proxy enhancements

The blueprint based commerce-proxy in the Docker deployment was enhanced to better support shared HCL/WCS Commerce setups where multiple CMS systems share a single commerce system. Product Asset URLs using the catalogimage path are now postprocessed in the commerce proxy and the hostname is now correctly set to the proxied CMS hostname instead of the default cmsHost that is configured in the commerce system.

(CMS-20592)

Root Category Preview

We fixed the preview for the virtual root categories that do not have a corresponding shop URL. Instead of the previously rendered error, we now render its placements as a content page through the storefront. The layout is not acurate but it should give editorial users enough preview possibilities to create placement content that is used for inheritance to other subcategories.

(CMS-20430)

Images: Parameters in MIME types fixed

During transformation a lookup by MIME type must be done to find MIME type specific implementations. The MIME type was compared with parameters. MIME types are syntactically allowed to have parameters (see RFC 2046) but for images no parameters are specified. Unfortunately if there were parameters no specific implementation could be found even if it was possible to transform the image.

Now the MIME type parameters are ignored for the lookup.

(CMS-20198)

Fixed a bug preventing replacement of CAE richtext filter beans

BlueprintRichtextFiltersConfiguration does no longer expose richtext filter beans by their implementation types. It no longer references the richtext filter beans by type. It uses the filter bean names as qualifiers instead.

(CMS-19471)

Calista and Aurora UK site removed

The English / United Kingdom ("en_UK") demo content for Calista and Aurora Augmentation has been removed. The reason is that a default HCL Commerce system does not provide "en_UK" out of the box. When using the UK sites in Studio, the preview always showed the "en_US" storefront and pulled fragments from the "en_US" site. Any content changes made in the "en_UK" site were not reflected in the preview and this confused editorial users in a demo or testing scenario. This removal only affects demo content.

(CMS-18634)