Fixed Bug in "cm content-uuid-import'

Fixed a bug in the command-line tool to import content UUIDs (cm content-uuid-import) that could cause failures like IndexOutOfBoundsException.

(CMS-22464)

Third-Party Update: postgresql Driver

postgresql has been updated to version 42.4.3 to avoid reported security vulnerabilities of previous versions.

(CMS-22444)

Third-Party Update: Woodstox

FasterXML Woodstox has been updated to version 6.4.0 to avoid security vulnerabilities of previous versions.

(CMS-22314)

Third-Party Update: gRPC and Protobuf-Java Dependencies

The dependencies for the commerce adapter connections have been updated to their latest versions fix known vulnerabilities:

(CMS-22228)

Third-Party Update: FasterXML Jackson Dependencies

The FasterXML Jackson dependencies have been updated to version 2.13.4 to fix a known vulnerability.

(CMS-22210)

Content UUID Migration Includes Folders

Previously, tools for content UUID migration (content-uuid-export, generate-content-uuid-map, and content-uuid-import) would not transfer UUIDs for folders. With the update, folder IDs are now included, too. UUID export data created with the current version of content-uuid-export should not be used with older versions of the mapping and import tools, though.

(CMS-22185)

Bugfix: Content UUID Migration Tooling Fails on Missing UUIDs

Content UUID migration tool content-uuid-export failed, if any of the export contents did not have a UUID assigned yet. This is fixed by creating new UUIDs on-the-fly during export for those contents that are missing a UUID and storing these newly created UUIDs in the Content Management Server database. Log output of content-uuid-export reports the number of generated UUIDs, should this happen during export. Generating a lot of missing UUIDs, however, can slow down export severely.

(CMS-22144)

Third-Party Update: Postgresql

Updated the postgresql driver to 42.4.1 to benefit from latest security bugfixes.

(CMS-21995)

Third-Party Update: NGINX

The NGINX docker image has been updated to the latest version 1.23.1-alpine to avoid security issues of its OS base image.

In an upcoming CMCC release we will switch to a rolling tag to get updates of the OS base image with every build. We recommended that you manually switch to a rolling tag like 1.23-alpine to cope with the moving target of security vulnerabilities in the libraries of the underlying OS.

Among others, the update fixes: CVE-2022-32207 CVE-2022-28391 CVE-2022-27404 CVE-2022-28391 CVE-2022-1586 CVE-2022-1587

(CMS-21980)

Derive Site Robustness: Handle Links to Destroyed Contents

While links to destroyed contents should be prevented, actions such as Derive Site should be robust to handle them.

Derive Site has been hardened accordingly, which means:

(CMS-21932)

Documentation on How to Derive a Site

Deriving a new localized site in Studio can lead to several issues when content of the master site is not managed carefully. A new section Multi-Site Challenges | Deriving a Site in the Multi-Site Manual gives recommendations on how to perform the task in order to achieve best results.

(CMS-21773)

New ServerExport Option to Export Files in Lowercase

Use option --lowercase to store the exported content using lowercase filenames. This option can be helpful to mitigate problems with non-case-sensitive file systems. The paths are kept unique by appending a hash to the stored file name. The converted path will not affect the reimport of the exported files.

(CMS-21408)

The Content Feeder Now Also Feeds String Lists And Considers Nested Structs

StructFeedablePopulator has been extended to also feed all keys, strings and string lists in nested structs or struct lists. Of course it is necessary that the respective content is re-indexed before these properties are searchable.

(CMS-20981)

Cleaned up application-mls-local.properties

The property repository.url and its helper property content-management-server.host in application-mls-local.properties have been superfluous ever since and have now been deleted.

(CMS-20106)

Fixed CAE Feeder Possible Deadlock

Fixed a bug that could lead to a dead lock of the CAE Feeder in case of cyclic navigation structures.

(CMS-19571)