Release notes for Magnolia CMS 6.2.41

LTS release • Delivered on December 15, 2023 • Page updated on January 17, 2024 • Changelog: 22675

Magnolia CMS 6.2.41 is primarily a bug-fixing and security release. We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.

Do not upgrade to this version of Magnolia if you use the . character in usernames or use emails as usernames. We strongly recommend you wait for the release of Magnolia CMS 6.2.42, planned soon. For the next release date, see Releases.

This issue doesn’t concern customers using the SSO module, because SSO doesn’t store usernames in JCR. However, the Magnolia Services sso-connector may be affected.

For more details about the issue, see Magnolia 6.2.41 known issues.

Announcements

Cloudinary 1.2

Cloudinary 1.2 released on December 15, 2023.

Commerce Connector Pack 1.3.6

Commerce Connector Pack 1.3.6 was released on November 30, 2023.

Improvements

Downloading multiple assets

With Magnolia 6.2.41, you can now download multiple files in the Assets app. Authors can find more information about how it works in our Managing assets documentation section. For configuration details, see DAM JCR Configuration.

Editing page properties at anytime

Another new feature in this release is increased possibilities to edit page properties. You can now open the Page properties dialog from both the browser and page editing views at any time.

  • PAGES-282 Allow 'Edit page properties' at anytime from the page editor

Other improvements

  • MAGNOLIA-7358 Performance: Resource origin should include fewer resources by default

  • MAGNOLIA-9145 Subnodes shouldn’t be included in a JSON response for inherited node that is filtered out by the predicateClass for freemarker

  • MAGNOLIA-9159 Performance: Publishing site configuration shouldn’t trigger module restart

  • MGNLRES-300 resfn methods extended to get resource links
    For more information, see resfn templating functions.

  • MGNLUI-7994 Disable drag&drop in content-type app by decoration
    For more information, see Content view properties.

  • SECURITY-64 Migrate Security app to new framework

    This release includes a new Security app migrated to the 6 UI framework. The new app (named security-app, as opposed to security) does _not appear by default. You can enable the new security-app by decoration in /security-app/decorations/admincentral/config.yaml

    Note that some deprecated Magnolia 5.6 code was also removed in connection to this change.

    Expand for default configuration details

    For example, you can edit the Security app configuration file in the Resources app. The sample here shows the default configuration, with the newer security-app hidden.

    /security-app/decorations/admincentral/config.yaml
    layout: (1)
  hiddenApps:
    security-app: security-app
  groups:
    - name: admin
      apps:
        security: security
appLauncherLayout: (2)
  groups:
    - name: manage
      apps:
        - name: security
  hiddenApps:
    security-app: security-app
    1 Use layout if you are using the modern App Launcher layout (6 UI).
    2 Use appLauncherLayout if you are using the older App Launcher layout (5 UI).

Bug fixes

  • MAGNOLIA-8821 and MGNLCACHE-348 VirtualURI mapping to URL with non-ascii characters fails

  • MAGNOLIA-9139 and PAGES-1494 Area inheritance: maxComponents and type:single inconsistent

  • MAGNOLIA-9191 Problem with public usernames containing +

  • MAGNOLIA-9202 JCRPropertyHidingPredicate could hide also properties not specified by its parent node type (for example, jcr:title)

  • MGNLEE-828 Compromised JS files only checked if they are zipped

  • MGNLMAIL-190 Can’t use special characters in mail subject

  • MGNLUI-8425 Import as YAML fails on Windows

  • MULTISITE-180 Default port is added to HTTPS links

  • PAGES-1407 Subnodes shouldn’t be included in a JSON response for inherited node that is filtered out by the predicateClass

  • PAGES-1524 Disabled area should not render content

Miscellaneous

Third-party library updates

  • BUILD-1130 Update to okhttp 4.12

  • BUILD-1181 Manage Kotlin dependencies in bom

    This Kotlin update fixes the known WebP image request issue in Magnolia 6.2.40.

  • BUILD-1189 Update to Derby 10.14.3.0

  • BUILD-1194 Update to htmlunit 3.9.0

  • MGNLEESOLR-230 CVE reports discovered by nightly cve scan about solr-solrj-8.11.1

  • bouncycastleVersion to version 1.77

  • com.cedarsoftware:json-io to version 4.19.1

  • com.google.auto.factory:auto-factory to version 1.1.0

  • com.maxmind.geoip2:geoip2 to version 2.17.0

  • commons-cli:commons-cli to version 1.6.0

  • commons-io:commons-io to version 2.15.1

  • commons-validator:commons-validator to version 1.8.0

  • imageioVersion to version 3.10.1

  • jackrabbitVersion to version 2.20.13

  • net.bytebuddy:byte-buddy to version 1.14.10

  • org.apache.commons:commons-lang3 to version 3.14.0

  • org.apache.commons:commons-text to version 1.11.0

  • org.apache.logging.log4j:log4j-bom to version 2.22.0

  • org.htmlunit:neko-htmlunit to version 3.9.0

  • org.jetbrains.kotlin:kotlin-bom to version 1.9.21

  • org.jsoup:jsoup to version 1.17.1

  • org.junit:junit-bom to version 5.10.1

  • restEasyVersion to version 5.0.9.Final

  • software.amazon.awssdk:bom to version 2.21.37

  • swaggerCoreVersion to version 2.2.19

  • swaggerParserVersion to version 2.1.19

Updated modules

  • Barebones Tomcat Bundle 1.2.23

  • Cache 5.9.9

  • Community Edition 6.2.41

  • Content Editor 2.1.8

  • DAM 3.0.28

  • Demo Projects 1.6.10

  • DX Core 6.2.41

  • Magnolia 6.2.41

  • Mail 5.6.2

  • Multisite 2.1.3

  • Pages 6.2.33

  • Password Manager 1.2.7

  • REST Framework 2.2.24

  • Resources 3.0.10

  • Security 6.2.19

  • Solr Search Provider 6.1.8

  • Third-party library BOM 6.2.41

  • UI 6.2.41

Acknowledgements

The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better.

Thanks a mill!

Special thanks go out to Riste Drangovski, Philipp Gaschuetz, Mirek Ingr, Kathrin Kaufleitner, Marvin Kerkhoff, David Martin, Matthias Müller, and Bernhard Rössler.

Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules