Headless won't Start with Deactivated P13N Extension

Due to a refactored component scan, two xml resources were not discovered anymore when the P13N extension is deactivated, which in turn caused a failed headless server start. This bugfix reinserts the missing resources.

(CMS-21843)

Image Hash Calculation Leads to Client-Side Caching Problems

When the changing a crop (e.g. clipping), the hash of the image did not change and as a consequence the URL also did not change anymore. This led to the problem that browser caches did not invalidate their caches. This bugfix fixes the hash calculation.

(CMS-21800)

MediaController now sets Content-Disposition Header

When downloading binaries via HeadlessServers media endpoint, the HTTP header Content-Disposition is now set, when using the media endpoints with a filename.

Additionally the manual was complemented by the section 'MediaType Content Negotiation', explaining options to configure individually document types to suppress a Spring Web MVC default behaviour on potentially unsafe content types.

(CMS-21669)

Fixed Security Issues

Fixed Security Issues in JsonPreviewController.

(CMS-21340)

Changed Return Type of Authors Field to CMPerson

Changed the return type of the authors field in CMTeasable to CMPerson. This is not breaking, since the previous type was CMTeasable, which is the superclass of CMPerson.

(CMS-21187)