Release Notes / Version 12.2506.0
Table Of ContentsConfigured limit for part count in multipart/form-data requests
A limit of 15 parts for multipart/form-data requests has been configured for the CAE.
Follow Section, “Configured limit for part count in multipart/form-data requests” for upgrade information.
(CMS-28098)
Optimized Blob Link Building
Starting with CMCC 2401.1, blob links of the Blueprint CAE (generated
by
com.coremedia.blueprint.cae.handlers.TransformedBlobHandler#buildLink)
are sensitive to responsive image settings. Therefore, building the
link requires a transformation incl. streaming the original blob each
time, because the settings may have changed. This turned out to be a
severe performance issue, so we reverted this behaviour.
Follow Section, “Optimized Blob Link Building” for upgrade information.
(CMS-27414)
Freemarker: make class resolver configurable
The configuration of Freemarker’s
new_builtin_class_resolver
is now by default allows_nothing instead of
unrestricted and configurable by setting the
property freemarker.new_builtin_class_resolver to
either unrestricted, safer or
allows_nothing for security reasons. See
https://freemarker.apache.org/docs/api/freemarker/template/Configuration.html
and
https://freemarker.apache.org/docs/app_faq.html
for more information.
Note that this fix was applied for security reasons and is only breaking for projects using Freemarker templates with java code execution.
(CMS-27252)
Avoid Auto-wiring on Spring Beans with Scope "Prototype"
A bug in the Spring framework may lead to problems with initialization
of members annotated with @Autowired when it comes
to beans of scope prototype. Content beans (or
any Spring bean with scope prototype, for that
matter) should thus not use autowired members. Auto-wiring on
prototype beans in the Blueprint has been
exchanged by explicit dependency injection.
Follow Section, “Avoid Auto-wiring on Spring Beans with Scope "Prototype"” for upgrade information.
(CMS-26015)
Generalized CORS properties for delivery applications
The CORS configuration properties for the CoreMedia delivery applications have been generalized.
Follow Section, “Generalized CORS properties for delivery applications” for upgrade information.
(CMS-25644)
