Release notes for Magnolia CMS 6.2.38

LTS release • Delivered on August 24, 2023 • Changelog: 22320

Magnolia CMS 6.2.38 is primarily a bug-fixing and security release. We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.

Announcements

Improvements

  • MAGNOLIA-9024 External control of file path or name (CWE-73)

  • MGNLCACHE-304 Deserialization of untrusted data (CWE-502)

  • MGNLCE-363 Improper output neutralization for logs (CWE-117)

Bug fixes

Miscellaneous

Byte Buddy

These tickets are related to replacing certain libraries with Byte Buddy equivalents. By default, the commons proxy, proxy toys, and cglib libraries are no longer used. However, you can enable previous implementations using:

-Dmagnolia.cglib.fallback=true

Tomcat

Third-party library updates

Updated modules

  • Admincentral 6.2.33

  • Admincentral legacy 6.2.22

  • Cache 5.9.7

  • Community Edition 6.2.38

  • Content Translation Support 2.5.10

  • Demo Projects 1.6.9

  • Diff 2.2.6

  • DX Core 6.2.38

  • GraphQL 1.1.4

  • Imaging 3.5.9

  • Magnolia 6.2.37

  • Mail 5.6.1

  • Pages 6.2.30

  • Periscope 1.2.10

  • Personalization 2.1.9

  • Publishing 1.3.11

  • REST Framework 2.2.22

  • Third-party library BOM 6.2.38

  • UI 6.2.38

  • Workflow 6.0.10

Acknowledgements

The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better.

Thanks a mill!

Special thanks go out to James Alexander, David Caviedes Marquez, and Frank Sommer.

Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules