Magnolia Cloud updates 2018

This page lists the updates for Magnolia Cloud in 2018. Click on an entry to see details or .

Configuring root domain redirect rules

You can now configure your own root domain redirect rules in the cockpit.

Choose your own automatic backup time

You can now choose a specific time for the automatic backup of your environments to be scheduled in line with your project requirements. The default automatic backup time is 01:00 UTC.

Contact the Magnolia Cloud Support team to tell them your needs.

Magnolia CORE 5.7.1 and 5.6.8

With this update, you can use Magnolia CORE 5.7.1 and Magnolia CORE 5.6.8 when setting up your environments in the cloud.

Maintenance mode in cockpit

When Magnolia is conducting a support or maintenance operation requiring downtime, we now switch your subscription package to maintenance mode. You can only view your package when it is in maintenance mode. A message indicating that your package is temporarily in maintenance mode is displayed in the subscription package overview page:

The Magnolia Cloud Support team will always contact you to schedule any downtime required in advance.

Magnolia CORE 5.7

With this update, you can use Magnolia CORE 5.7 when setting up your environments in the cloud.

Content Security Policy header issue

We introduced a Content Security Policy (CSP) header in Magnolia 5.6.6. Configuring CSP involves adding the Content-Security-Policy HTTP header to a web page. It helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.

If your Magnolia Cloud environment is running on Magnolia 5.6.6, you may encounter problems where admin central and apps that load external scripts fail to load. This is because the CSP header value restricts eval() execution and Vaadin, on which Magnolia is based, needs to invoke eval() to function correctly.

image

If you upgrade your Magnolia Cloud environment to Magnolia CORE 5.7, a new default header that fixes this issue is added.

If necessary, we recommend you customize the header to define your own whitelist.

To avoid this issue when using a 5.6.6 environment:

  1. Manually update the Content-Security-Policy property value in the Configuration app:

    From: default-src `self' `unsafe-inline'

    To:

    default-src `self' `unsafe-inline' `unsafe-eval' https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com ; img-src `self' data:;

  2. Remove the X-Content-Security-Policy header property (no longer required).

The final configuration should look similar to this:

Node name Value

server

filters#

cspHeader#

headers#

Content-Security-Policy#

default-src `self' `unsafe-inline' `unsafe-eval' https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com ; img-src `self' data:;

Magnolia CORE 5.6.6

With this update, you can use Magnolia CORE 5.6.6 when setting up your environments in the cloud.

Content of Integration and UAT environments not publicly accessible

Access to content on the Integration and UAT environment public instances can now be restricted.

During the on-boarding process, Magnolia asks you for a whitelist of IP addresses for these environments to limit access to only those who need it. For example, your employees tasked with developing and testing work.

We have restricted access for security reasons and to prevent content on the Integration and UAT environment public instances being unnecessarily indexed by search robots.

Security vulnerabilities fixed

We have fixed several security issues with this release. We keep details of this kind of fix private in line with our Security Policy.

Contact our Support team if you need more information.

Magnolia CORE 5.6.5

With this update, you can use Magnolia CORE 5.6.5 when setting up your environments in the cloud.

Upgrading Magnolia

Upgrade your cloud environments directly from the cockpit when a new version of Magnolia is released and available on the Cloud (as is the case for Magnolia CORE 5.6.5 in this update).

Logging improvements

Filter the logs you want to display in the View logs page by start date and time, end date and time or in a given date and time frame.

Use the Download button to download the logs displayed in TXT format.

Log levels are now working as expected from Magnolia 5.6.5 on. For more information, see Managing cloud log levels.

Developers can also use the REST API logs endpoint to get Magnolia cloud instance logs and integrate them with external tools. For more information, see Using REST to access cloud logs.

HTTPS URL for Git repository

The link to the git repository displayed in the Additional information section of the cockpit is now an HTTPS link to avoid issues with SSH keys.

Sticker to differentiate environment instances

We have introduced a sticker in the author instances to help you distinguish between Live, UAT and Integration environments:

image

Magnolia CORE 5.5.8 and 5.6.3

With this update, you can use Magnolia CORE 5.5.8 or Magnolia CORE 5.6.3 when setting up your environments in the cloud .

Logging improvements

Magnolia cloud offers a log view to help you troubleshoot your instances and ensure the quality of your website.

image

From the Manage environments section, you can View logs for each running Public and Author instance.

For more information, see Managing cloud log levels.

Response time and performance improvements

We have optimized how we use Apache Tomcat for Magnolia cloud to provide better performance and scalability.

+
Feedback

Legacy Cloud

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the Magnolia Cloud docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules