Release notes for Magnolia CMS 6.2.41
LTS release • Delivered on December 15, 2023 • Page updated on January 17, 2024 • Changelog: 22675
Magnolia CMS 6.2.41 is primarily a bug-fixing and security release. We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.
Do not upgrade to this version of Magnolia if you use the This issue doesn’t concern customers using the SSO module, because SSO doesn’t store usernames in JCR.
However, the Magnolia Services For more details about the issue, see Magnolia 6.2.41 known issues. |
Announcements
Cloudinary 1.2
Cloudinary 1.2
released on December 15, 2023.
Commerce Connector Pack 1.3.6
Commerce Connector Pack 1.3.6
was released on November 30, 2023.
Improvements
Downloading multiple assets
With Magnolia 6.2.41
, you can now download multiple files in the Assets app.
Authors can find more information about how it works in our Managing assets documentation section.
For configuration details, see DAM JCR Configuration.
-
MGNLDAM-1217 Download multiple assets at the same time
Editing page properties at anytime
Another new feature in this release is increased possibilities to edit page properties. You can now open the Page properties
dialog from both the browser and page editing views at any time.
-
PAGES-282 Allow 'Edit page properties' at anytime from the page editor
Other improvements
-
MAGNOLIA-7358 Performance: Resource origin should include fewer resources by default
-
MAGNOLIA-9145 Subnodes shouldn’t be included in a JSON response for inherited node that is filtered out by the
predicateClass
for freemarker -
MAGNOLIA-9159 Performance: Publishing site configuration shouldn’t trigger module restart
-
MGNLRES-300
resfn
methods extended to get resource links
For more information, seeresfn
templating functions. -
MGNLUI-7994 Disable drag&drop in content-type app by decoration
For more information, see Content view properties. -
SECURITY-64 Migrate Security app to new framework
This release includes a new Security app migrated to the 6 UI framework. The new app (named
security-app
, as opposed tosecurity
) does _not appear by default. You can enable the newsecurity-app
by decoration in/security-app/decorations/admincentral/config.yaml
Note that some deprecated Magnolia 5.6 code was also removed in connection to this change.
Expand for default configuration details
For example, you can edit the Security app configuration file in the Resources app. The sample here shows the default configuration, with the newer security-app hidden.
/security-app/decorations/admincentral/config.yaml
layout: (1) hiddenApps: security-app: security-app groups: - name: admin apps: security: security appLauncherLayout: (2) groups: - name: manage apps: - name: security hiddenApps: security-app: security-app
1 Use layout
if you are using the modern App Launcher layout (6 UI).2 Use appLauncherLayout
if you are using the older App Launcher layout (5 UI).
Bug fixes
-
MAGNOLIA-8821 and MGNLCACHE-348
VirtualURI
mapping to URL with non-ascii characters fails -
MAGNOLIA-9139 and PAGES-1494 Area inheritance:
maxComponents
andtype:single
inconsistent -
MAGNOLIA-9191 Problem with public usernames containing
+
-
MAGNOLIA-9202
JCRPropertyHidingPredicate
could hide also properties not specified by its parent node type (for example,jcr:title
) -
MGNLEE-828 Compromised JS files only checked if they are zipped
-
MGNLMAIL-190 Can’t use special characters in mail subject
-
MGNLUI-8425 Import as YAML fails on Windows
-
MULTISITE-180 Default port is added to HTTPS links
-
PAGES-1407 Subnodes shouldn’t be included in a JSON response for inherited node that is filtered out by the
predicateClass
-
PAGES-1524 Disabled area should not render content
Miscellaneous
-
MGNLTOMCAT-37 Update Tomcat to version
9.0.84
Third-party library updates
-
BUILD-1130 Update to okhttp
4.12
-
BUILD-1181 Manage Kotlin dependencies in bom
This Kotlin update fixes the known WebP image request issue in Magnolia 6.2.40.
-
BUILD-1189 Update to Derby
10.14.3.0
-
BUILD-1194 Update to htmlunit
3.9.0
-
MGNLEESOLR-230 CVE reports discovered by nightly cve scan about
solr-solrj-8.11.1
-
bouncycastleVersion
to version1.77
-
com.cedarsoftware:json-io
to version4.19.1
-
com.google.auto.factory:auto-factory
to version1.1.0
-
com.maxmind.geoip2:geoip2
to version2.17.0
-
commons-cli:commons-cli
to version1.6.0
-
commons-io:commons-io
to version2.15.1
-
commons-validator:commons-validator
to version1.8.0
-
imageioVersion
to version3.10.1
-
jackrabbitVersion
to version2.20.13
-
net.bytebuddy:byte-buddy
to version1.14.10
-
org.apache.commons:commons-lang3
to version3.14.0
-
org.apache.commons:commons-text
to version1.11.0
-
org.apache.logging.log4j:log4j-bom
to version2.22.0
-
org.htmlunit:neko-htmlunit
to version3.9.0
-
org.jetbrains.kotlin:kotlin-bom
to version1.9.21
-
org.jsoup:jsoup
to version1.17.1
-
org.junit:junit-bom
to version5.10.1
-
restEasyVersion
to version5.0.9.Final
-
software.amazon.awssdk:bom
to version2.21.37
-
swaggerCoreVersion
to version2.2.19
-
swaggerParserVersion
to version2.1.19
Updated modules
-
Barebones Tomcat Bundle
1.2.23
-
Cache
5.9.9
-
Community Edition
6.2.41
-
Content Editor
2.1.8
-
DAM
3.0.28
-
Demo Projects
1.6.10
-
DX Core
6.2.41
-
Magnolia
6.2.41
-
Mail
5.6.2
-
Multisite
2.1.3
-
Pages
6.2.33
-
Password Manager
1.2.7
-
REST Framework
2.2.24
-
Resources
3.0.10
-
Security
6.2.19
-
Solr Search Provider
6.1.8
-
Third-party library BOM
6.2.41
-
UI
6.2.41
Acknowledgements
The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better.
Special thanks go out to Riste Drangovski, Philipp Gaschuetz, Mirek Ingr, Kathrin Kaufleitner, Marvin Kerkhoff, David Martin, Matthias Müller, and Bernhard Rössler.