Magnolia Cloud updates 2018
This page lists the updates for Magnolia Cloud in 2018. Click on an entry to see details or .
Configuring root domain redirect rules
You can now configure your own root domain redirect rules in the cockpit.
Choose your own automatic backup time
You can now choose a specific time for the automatic backup of your environments to be scheduled in line with your project requirements. The default automatic backup time is 01:00 UTC.
Contact the Magnolia Cloud Support team to tell them your needs.
Magnolia CORE 5.7.1 and 5.6.8
With this update, you can use Magnolia CORE 5.7.1 and Magnolia CORE 5.6.8 when setting up your environments in the cloud.
Maintenance mode in cockpit
When Magnolia is conducting a support or maintenance operation requiring downtime, we now switch your subscription package to maintenance mode. You can only view your package when it is in maintenance mode. A message indicating that your package is temporarily in maintenance mode is displayed in the subscription package overview page:
|
The Magnolia Cloud Support team will always contact you to schedule any downtime required in advance. |
Magnolia CORE 5.7
With this update, you can use Magnolia CORE 5.7 when setting up your environments in the cloud.
Content Security Policy header issue
We introduced a Content Security Policy (CSP) header in Magnolia 5.6.6. Configuring CSP involves adding the Content-Security-Policy HTTP header to a web page. It helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.
If your Magnolia Cloud environment is running on Magnolia 5.6.6, you may encounter problems where admin central and apps that load external scripts fail to load. This is because the CSP header value restricts eval() execution and Vaadin, on which Magnolia is based, needs to invoke eval() to function correctly.
If you upgrade your Magnolia Cloud environment to Magnolia CORE 5.7, a new default header that fixes this issue is added.
If necessary, we recommend you customize the header to define your own whitelist.
To avoid this issue when using a 5.6.6 environment:
-
Manually update the
Content-Security-Policyproperty value in the Configuration app:From: default-src `self' `unsafe-inline' To:
default-src `self' `unsafe-inline' `unsafe-eval' https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com ; img-src `self' data:;
-
Remove the X-Content-Security-Policy header property (no longer required).
The final configuration should look similar to this:
| Node name | Value |
|---|---|
server |
|
filters# |
|
cspHeader# |
|
headers# |
|
Content-Security-Policy# |
default-src `self' `unsafe-inline' `unsafe-eval' https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com ; img-src `self' data:; |
Magnolia CORE 5.6.6
With this update, you can use Magnolia CORE 5.6.6 when setting up your environments in the cloud.
Content of Integration and UAT environments not publicly accessible
Access to content on the Integration and UAT environment public instances can now be restricted.
During the on-boarding process, Magnolia asks you for a whitelist of IP addresses for these environments to limit access to only those who need it. For example, your employees tasked with developing and testing work.
We have restricted access for security reasons and to prevent content on the Integration and UAT environment public instances being unnecessarily indexed by search robots.
Security vulnerabilities fixed
We have fixed several security issues with this release. We keep details of this kind of fix private in line with our Security Policy.
Contact our Support team if you need more information.
Magnolia CORE 5.6.5
With this update, you can use Magnolia CORE 5.6.5 when setting up your environments in the cloud.
Upgrading Magnolia
Upgrade your cloud environments directly from the cockpit when a new version of Magnolia is released and available on the Cloud (as is the case for Magnolia CORE 5.6.5 in this update).
Logging improvements
Filter the logs you want to display in the View logs page by start date and time, end date and time or in a given date and time frame.
Use the Download button to download the logs displayed in TXT format.
Log levels are now working as expected from Magnolia 5.6.5 on. For more information, see Managing cloud log levels.
Developers can also use the REST API logs endpoint to get Magnolia
cloud instance logs and integrate them with external tools. For more
information, see
Using
REST to access cloud logs.
HTTPS URL for Git repository
The link to the git repository displayed in the Additional information section of the cockpit is now an HTTPS link to avoid issues with SSH keys.
[For example: [https://<username>@git.magnolia-cms.com/scm/odc/magnolia-docs.git](https://git.magnolia-cms.com/projects/ODC/repos/magnolia-docs/browse)]\{.diff-block-target diff-block-context}
Sticker to differentiate environment instances
We have introduced a sticker in the author instances to help you distinguish between Live, UAT and Integration environments:
Magnolia CORE 5.5.8 and 5.6.3
With this update, you can use Magnolia CORE 5.5.8 or Magnolia CORE 5.6.3 when setting up your environments in the cloud .
Logging improvements
Magnolia cloud offers a log view to help you troubleshoot your instances and ensure the quality of your website.
From the Manage environments section, you can View logs for each running Public and Author instance.
For more information, see Managing cloud log levels.