Changed UserProvider Setup Policy

If a UserProvider fails to setup, the contentserver used to run nevertheless, which led to accidental deactivation of users. Now, the contentserver does not go online any longer if a UserProvider fails to setup.

Follow Section, “Changed UserProvider Setup Policy” for upgrade information.

(CMS-25871)

Editorial Comments Database Change

Due to new deprecations in Hibernate and to follow best practices, we adjusted the database schema for editorial-comments.

Follow Section, “Editorial Comments Database Change” for upgrade information.

(CMS-25739)

Remove Groovy dependency management from blueprint parent POMs

The dependency management entries for the org.codehaus.groovy:groovy-:2.4.21 in all .blueprint-parent POMs were unused and thus have been removed.

(CMS-25707)

bulkpublish -ab now also withdraws the base folder

Straightened bulkpublish parameters: All operations are now including the base folder(s).

Follow Section, “bulkpublish -ab now also withdraws the base folder” for upgrade information.

(CMS-25484)

CKEditor 5 Version Update

Wrong HTML

(CMS-25371)

Reverted behavioral change of BELOW folder queries in the QueryService

The documentation of the UAPI QueryService stated that a "BELOW folder" condition also matches the folder itself. As this was only true for some corner cases, the implementation had been adjusted with 2304.1 to match the documentation.

Follow Section, “Reverted behavioral change of BELOW folder queries in the QueryService” for upgrade information.

(CMS-25362)

Updated Spring Security

Updated Spring Security to a version higher than 6.3.1 or 6.2.5 (see dependency updates for the concrete version). In that course the beans 'unauthenticatedRequestMatcher' and 'csrfIgnoringRequestMatcher' of type org.springframework.security.web.util.matcher.RequestMatcher have been replaced by beans of type List<RequestMatcher> named 'unauthenticatedRequestMatchers' and 'csrfIgnoringRequestMatchers' respectively. This change is only breaking for projects which have customized one of these two matcher beans. These projects must now customize the new list beans instead.

(CMS-25278)

Removed deprecations for commons-cli

Usage of deprecated classes from dependency commons-cli:commons-cli habe been replaced. Now the DefaultParser is used for parsing input of Commandline tools. As the DefaultParser handles short and long options more strictly, existing command line calls, that worked before, may now result in errors. The command line tools should only be used as described in documentation.

(CMS-25098)

Upgraded Mockito to 5.13.0

Upgraded Mockito to 5.13.0. A small number of unit tests may have to be adjusted because mockito now checks for unused stubbings even stricter than before.

(CMS-25089)

Removed Management of Maven WAR Plugin

Configuration of the “maven-war-plugin” has been removed. If your project still builds WAR files, please manage the “maven-war-plugin” in your maven parent files.

(CMS-23945)