Release notes for Magnolia CMS 6.2.38
LTS release • Delivered on August 24, 2023 • Changelog: 22320
Magnolia CMS 6.2.38 is primarily a bug-fixing and security release. We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.
Announcements
-
SSO module
3.1.6
was released on August 23, 2023. -
Live Copy
3.2.12
was released on August 21, 2023. -
The DAM Connector Pack
1.1.5
was released on August 2, 2023.
Improvements
-
MAGNOLIA-9024 External control of file path or name (CWE-73)
-
MGNLCACHE-304 Deserialization of untrusted data (CWE-502)
-
MGNLCE-363 Improper output neutralization for logs (CWE-117)
Bug fixes
-
MAGNOLIA-9031 The Definitions app should show problems when the dialog field is
$type
-
ADMINCTR-450 Magnolia session timeout issue is wrong
-
MGNLDIFF-147 SSRF fix
Miscellaneous
Byte Buddy
-
MAGNOLIA-8976 Remove/replace Proxytoys
-
MAGNOLIA-8977 Replace Apache Commons Proxy
-
MAGNOLIA-8978 Replace cglib with ByteBuddy
-
MGNLSITE-195 Replace Apache Commons Proxy
-
MGNLSITE-196 Replace cglib with ByteBuddy
These tickets are related to replacing certain libraries with Byte Buddy equivalents. By default, the commons proxy, proxy toys, and cglib libraries are no longer used. However, you can enable previous implementations using:
-Dmagnolia.cglib.fallback=true
Tomcat
-
MGNLTOMCAT-34 Updated Tomcat to
v9.0.79
Third-party library updates
-
BUILD-1088 Updated to GraphQL Java
18.6
-
BUILD-1115 Updated to okio
3.4.0+
-
BUILD-1125 Updated to JackRabbit
2.20.11
Updated modules
-
Admincentral
6.2.33
-
Admincentral legacy
6.2.22
-
Cache
5.9.7
-
Community Edition
6.2.38
-
Content Translation Support
2.5.10
-
Demo Projects
1.6.9
-
Diff
2.2.6
-
DX Core
6.2.38
-
GraphQL
1.1.4
-
Imaging
3.5.9
-
Magnolia
6.2.37
-
Mail
5.6.1
-
Pages
6.2.30
-
Periscope
1.2.10
-
Personalization
2.1.9
-
Publishing
1.3.11
-
REST Framework
2.2.22
-
Third-party library BOM
6.2.38
-
UI
6.2.38
-
Workflow
6.0.10
Acknowledgements
The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better.
Special thanks go out to James Alexander, David Caviedes Marquez, and Frank Sommer.