Release notes for Magnolia CMS 6.2.12
LTS release • Delivered on September 27, 2021 • Changelog: 20462
Magnolia CMS 6.2.12 is a bug-fixing and security release that also delivers a number of updates and improvements.
Connector Pack and Special Feature updates
-
Analytics Connector Pack 1.2.2 and 1.1.2 released on September 20, 2021.
-
Live Copy 3.2.6 released on September 23, 2021.
See the Connector Pack and Special Feature changelog for details on these releases.
Internationalization in Content Editor module (beta version)
To allow internationalization of content in the Stories app, we have released version 2.1-beta of the Content Editor module.
<dependency> <groupId>info.magnolia.editor</groupId> <artifactId>content-editor-parent</artifactId> <version>2.1-beta</version> </dependency>
If you want to try it out in your webapp, you need to replace the default Magnolia 5 UI version of the module.
Support for Magnolia 6 UI in Blossom module
Version 3.4.5 of the Blossom module expands support for Magnolia 6 UI. For more details, see Blossom module release notes and Blossom module: Updating to Magnolia 6.2.
Improvements
SPA libraries reach template endpoints by default
The SPA front-end helpers now communicate with Magnolia without manual role setup.
The magnolia-spa-rendering
submodule of the Pages module grants the rest-anonymous
role GET
access to its
template-annotations
and template-definitions
endpoints.
Previously, browsers would report CORS issues or unauthorized access.
Global path-based locking implemented
Path-based locking in the magnolia-publishing-core
module has been deprecated and replaced with a global path-based locking implementation in the magnolia-core
module.
A number of dependencies have also been updated. For this, we have released version 1.2 of the Publishing Transactional module (compatible only with Magnolia 6.2.12+).
Support added for WebP images
As of this release, Magnolia supports the webp
output format. To align dependencies, we have released version 3.5.0 of the
Imaging module (compatible only with Magnolia 6.2.12+).
Complex move operations possible for CanMoveRuleDefinition
info.magnolia.ui.availability.rule.CanMoveRuleDefinition
now uses info.magnolia.ui.contentapp.browser.drop.AlwaysTrueDropConstraintDefinition
by default.
For more information about the class, see dropConstraint
.
DAM link field can be used for assets or folders
You can now use damLinkField
to select an asset or folder. To restrict the field to assets only, see the commented-out lines in the
DAM chooser
.
Move action reinstated in DAM module
In the DAM Core module,
cutContentAction
has been replaced with the more intuitive moveAction
of Magnolia 5 UI.
Multi-selection possible in chooser dialog
This release comes with a new preconfigured multi field definition. info.magnolia.ui.field.JcrMultiLinkFieldDefinition
(jcrMultiLinkField
) allows you
to select multiple values of a single type in a chooser dialog
to be stored as an array in a single JCR property. For more information, see Multi field.
Resources can be selected from file system and classpath
A new preconfigured link field definition makes it possible to select resources from the file system and classpath.
Here is an example of how to use info.magnolia.resources.app.field.ResourceLinkFieldDefinition
(resourceLinkField
) to link to a resource:
form:
properties:
resource:
$type: resourceLinkField
label: Choose a resource
Validation messages can be configured for upload field
You can use the new typeAbortMessage
and sizeAbortMessage
properties in info.magnolia.ui.field.UploadFieldDefinition
to configure validation messages for allowedMimeTypePattern
and maxUploadSize
respectively.
allowedMimeTypePattern is now a comma-separated list of MIME types where all types are allowed by default.
|
For more information, see Common upload field properties.
Light rich text field can be customized
Version 2.0.2 of the Content Editor module allows you to customize the light rich text field. For example, you can change the color of the field, toggle the typing direction, or enable the CKEditor-native spell checker. See Light rich text field: Customization for more details.
The light rich text field is used as a text block in the Stories app or in custom implementations of the Content Editor.
Notable bug fixes
-
Preview as visitor now works with any default JVM language (MGNLPN-564).
-
The DAM chooser does not crash anymore when the MIME type of an asset is missing (MGNLDAM-902).
-
Users can no longer move a page they are not allowed to create (PAGES-444).
-
Deleting a page does not throw an error in
MetaDataBasedTemplateDefinitionAssignment
(PAGES-333). -
Page/component dialogs and column filters are populated only once as
PageTemplateDataProvider
is no longer automatically refreshed on value context changes (PAGES-334). -
The SPA template annotations endpoint now resolves only template annotations whose nodes have template definitions (PAGES-503).
-
Deleting a property in the JCR Browser app does not delete the parent node or publish changes to the public instance (MGNLUI-6811).
-
In the Edit user profile dialog, the email address you enter is now validated using
emailValidator
(MGNLUI-6269). -
Previously selected items in the grid are not randomly deselected when a user clicks outside any of the selection checkboxes (MGNLUI-6800).
-
Items in select fields are no longer automatically sorted. To sort these items, you must now set
info.magnolia.ui.datasource.optionlist.OptionListDefinition#sort
totrue
(MGNLUI-6672). -
Selected items in twin-column fields are readable again in Chrome (MGNLUI-6568).
-
converterClass
is not ignored anymore in link fields wheretextInputAllowed
is set totrue
(MGNLUI-6834). -
Input text is now saved for all languages in link fields where
textInputAllowed
is set totrue
(MGNLUI-6862). -
When using converted Magnolia 5 UI link fields in Magnolia 6 UI apps,
textInputAllowed
is automatically set totrue
for compatibility reasons (MGNLUI-6835). -
When a dialog contains fields with i18n content, the footer no longer disappears on switching between languages multiple times (MGNLUI-6583).
-
Admincentral does not freeze anymore after the first login (MGNLUI-6736).
-
The CORS filter now precedes the URI security filter in the Magnolia filter chain (MAGNOLIA-8180).
Third-party library updates
This release comes with the following third-party library updates to fix some security and compatibility issues:
-
Bouncy Castle updated to 1.68 (BUILD-519).
-
FreeMarker updated to 2.3.31 (BUILD-541).
-
Groovy updated to 3.0.9 (BUILD-535).
-
Jackrabbit updated to 2.20.3 (BUILD-413).
-
JCodec updated to 0.2.5 (BUILD-518).
-
jsoup updated to 1.14.2 (BUILD-508).
-
Swagger Core updated to 2.1.10 (BUILD-538).
-
XStream updated to 1.4.18 (BUILD-512).
We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.
Security advisory
We have fixed a security vulnerability to prevent potential remote code execution (RCE) attacks. We keep the details of that fix private in line with our security policy. Contact our Support team if you need more information.
BUILD-541 (restricted access)
Others
Known issues
If you are upgrading from an earlier version, read the Upgrading to Magnolia page first and check the Known issues page.
Updated modules
-
Barebones Tomcat Bundle 1.2.5
-
Blossom 3.4.5
-
Community Edition 6.2.12
-
Content Editor 2.0.2
-
DAM 3.0.10
-
Demo Projects 1.6.3
-
DX Core 6.2.12
-
Imaging 3.5.0
-
Language Bundles 1.1.6
-
Magnolia 6.2.12
-
Pages 6.2.11
-
Personalization 2.0.11
-
Publishing 1.3.1
-
Publishing Transactional 1.2
-
Resources 3.0.5
-
REST Framework 2.2.9
-
Site 1.4.2
-
Third-party library BOM 6.2.12
-
UI 6.2.12
Acknowledgements
The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Matei "Mal" Badanoiu, Wolf Bubenik, Vincenzo Cerbone, Christopher Chard, Antti Hietala, Stefan Huettenrauch, Marian-Razvan Ilisanu, Siarhei Ivanou, Marvin Kerkhoff, Lee Salter, Daniel Schneeberger, Frank Sommer, Ioannis Spyronis, Vivian Steller, Simon Tourville, Bohdan Valentovic, Jeffrey van der Heide and Jörg Wirsig.