Release Notes / Version 11.2310
Table Of ContentsReplaced invocations of deprecated and breaking Spring Security code
With the update to Spring Security 5.8, there're a number of deprecations whose invocations have been replaced:
Instead of extending the deprecated
org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper, thecom.coremedia.livecontext.hybrid.CookieLevelerFilter.HttpServletResponseCookieAwareclass now extends its super classorg.springframework.security.web.util.OnCommittedResponseWrapper. The overrides of the abstract methods have been applied to reflect the same implementation.Usages of the deprecated
org.springframework.security.config.annotation.web.configurers.CsrfConfigurer#ignoringAntMatcherssecurity builder
methods have been replaced withorg.springframework.security.config.annotation.web.configurers.CsrfConfigurer#ignoringRequestMatchersandorg.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String).Usages of the deprecated
org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequestssecurity builder
methods have been replaced withorg.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeHttpRequests(including chainedaccess method calls).Usages of the deprecated
org.springframework.security.config.annotation.web.builders.HttpSecurity#requestMatchersecurity builder
methods have been replaced withorg.springframework.security.config.annotation.web.builders.HttpSecurity#securityMatcher.Usages of the deprecated
org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#antMatcherssecurity builder
methods have been replaced withorg.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#requestMatchersandorg.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String).
Follow Section, “Replaced invocations of deprecated and breaking Spring Security code” for upgrade information.
(CMS-22524)
Replaced deprecated WebSecurityConfigurerAdapter
For the default CAE:
Follow Section, “Replaced deprecated WebSecurityConfigurerAdapter” for upgrade information.
(CMS-22461)
P2TagFilter Deprecated and Replaced by ReservedClassToElementFilter
Class P2TagFilter had a bug with additional
attributes (except class). With this change,
processing of CoreMedia Rich Text to generate XHTML is no longer
performed by P2TagFilter but
ReservedClassToElementFilter. Blueprint's default
rich text filter configuration has been adjusted accordingly. Class
P2TagFilter is now deprecated.
Follow Section, “P2TagFilter Deprecated and Replaced by ReservedClassToElementFilter” for upgrade information.
(CMS-22251)
Removed UnknownMimetypeCharacterEncodingFilter
Removed class
com.coremedia.blueprint.cae.filter.UnknownMimetypeCharacterEncodingFilter
as it is not used with embedded tomcat.
(CMS-14235)
Updated Tomcat version to 9.0.71 and changed property names
Tomcat has been updated to version 9.0.71 (see Changelog Tomcat 9.0.71) to prevent known vulnerabilities.
Follow Section, “Updated Tomcat version to 9.0.71 and changed property names” for upgrade information.
(CMS-22521)
Guess mime-type from extension for local development resources in the CAE
For the local code resources it is assumed that guessing the mime-type based on the file extension is more robust than guessing based on file content.
Follow Section, “Guess mime-type from extension for local development resources in the CAE” for upgrade information.
(CMS-22433)
