Updated Tomcat

Updated Tomcat to 9.0.80, see https://tomcat.apache.org/tomcat-9.0-doc/changelog.html for more information.

(CMS-23476)

cm serverimport flushes more often

Especially when importing huge content-sets in a multi-site environment, you may have observed out-of-memory-errors.

To reduce the memory consumption, an internal optimization has been applied to cm serverimport, so that it flushes changes more often to the server while updating the imported content.

(CMS-23311)

cm serverexport: Base Directory Created On Demand (Again)

Since several releases, when invoking cm serverexport given a base-directory that does not exist yet, no exported contents were available afterward (but serverexport reported successful export).

This has been fixed. The folder is now created on demand again, if not yet existing.

(CMS-23303)

Banned Dependency: net.sf.jtidy:jtidy

pkg:maven/net.sf.jtidy:jtidy@r938 is affected by CVE-2023-34623, a possible denial-of-service (DoS) attack with deeply nested DOM structures.

We validated that the deprecated CoreMedia Site Manager application is affected, as soon as authorized editors or services add rich text documents containing deeply nested DOM nodes.

As only the deprecated application is affected, which is only open for administrative usage, we took the following countermeasures:

If your Blueprint customizations are affected by this change, you have the following options:

(CMS-23203)

Removed transitive dependency snappy-java

snappy-java is a dependency of Zookeeper, which is used by Solr for SolrCloud. It's not used for the Solr standalone or Solr Leader/Follower setup. The latter is used in CMCC/S, hence it's not actually needed and was removed to avoid (false-positive) CVE reports for that dependency.

(CMS-23169)

Removal of Elastic Social models from search index

Models are now removed from the search index, if Model#remove() is invoked and a corresponding search index exists.

(CMS-21419)