Release notes for Magnolia CMS 6.2.1

LTS release • Delivered on May 19, 2020 • Page updated on October 11, 2023 • Changelog: 11443

Magnolia CMS 6.2.1 is a bug-fixing and security release that also delivers the following improvements:

REST-related improvements

REST Client module refactored

A number of optimizations have been implemented in the REST Client module that improve the behavior of RestClient and RestClientFactory. In the API, the getWebTarget() method has been deprecated and the following methods have been introduced:

  • register(name, component): allows registering a custom component on demand, such as response/request filters.

  • unregister(name): allows unregistering a custom component.

  • isClose(): allows checking whether a client is available for use.

  • close(): allows closing a client after its use. Note that if a client is retrieved from RestClientFactory#createClientIfAbsent(), there is no need to close it manually.

MGNLRESTCL-151

REST-based $type aliases renamed

In the UI Framework REST Extensions module, the $type aliases for the fields that handle offline data sources have been renamed to jsonLinkField and jsonComboBoxField.

MGNLRESTUI-25

Handling of missing Content-Type header

A warning is logged whenever a REST API does not return a Content-Type header. The REST Client module comes with a new responseContentType property that allows you to set the header in case it is missing in a response.

MGNLRESTCL-123

Using custom query parameters in REST calls

Additional custom query parameters can be passed to and issued with a REST call without the need to configure the parameters in a YAML definition file.

MGNLRESTCL-68

Improvements in 6 UI framework

Additional complex field transformers ported to 6 UI framework

Two 5 UI complex field transformers have been ported to the Magnolia 6 UI framework, DelegatingMultiValueSubnodeTransformer and MultiValueSubChildrenNodePropertiesTransformer. In the 6 UI, they are both handled by jcrChildNodeProvider.

MGNLUI-5801

New supportI18N property in jcrChildNodeProvider

The supportI18N property has only been introduced to support reading compatibility data from Magnolia 5 UI. Setting supportI18N to false is necessary in certain compatibility configurations (for example, when porting configurations that use Magnolia 5 UI multi field transformers). The property is otherwise scheduled for deprecation in a future release.

When you set the supportI18N property of jcrChildNodeProvider to false, all localized nodes of a field that uses jcrChildNodeProvider will have a single field entry that nests different localized child nodes.

root
└── nodes
    ├── item1_de
    ├── item2_de
    ├── item1_fr
    └── item2_fr

When you do not change the default true value of supportI18N, each localized node of a field that uses jcrChildNodeProvider will have its own field entry that nests respective localized child nodes.

root
├── nodes_de
│   ├── item1_de
│   └── item2_de
└── nodes_fr
    ├── item1_fr
    └── item2_fr

MGNLUI-5821

Updates in Blossom module

We have fixed an issue in the Blossom module and adapted the module for use in Magnolia 6.2 and beyond. For more details, see our Blossom module release notes.

BLOSSOM-261, BLOSSOM-257

Dependency on Content API removed from Solr module

In the Solr Search Provider module, we have removed dependencies on the old Content API that prevented Magnolia from starting when the module was included in a webapp.

MGNLEESOLR-140

Third-party library updates

This release comes with third-party library updates to fix some security and compatibility issues as well as improve performance. The following are the most notable updates:

We keep the details of security-related fixes private in line with our security policy. Contact our Support team if you need more information.

Notable bug fixes

  • In the Cache module, CacheResponseWrapper did not retrieve contentType correctly (MGNLCACHE-38).

  • In the Publishing module, nodes appeared in the wrong order after publishing a single page (PUBLISHING-79).

    This fix, coming with version 1.2.1 of the Publishing module, reverts part of a previous commit that addressed the issue. It is therefore highly probable that there is no node order issue in version 1.2 of the module either, which you may keep using in Magnolia 6.2.1.

    On the author instance, editors can move nodes to change the order in which they are stored in JCR. Since Magnolia does not track node order history, it is impossible to keep the same order of nodes on the public instance if you publish just one node that has been moved on the author instance. To make sure that the orders of nodes on both instances are aligned, always publish the parent node of any nodes you moved.

  • In the Magnolia Templating Essentials (MTE) module, images could not be displayed due to NoSuchMethodError (MTE-114).

  • In the Segments and Personas apps of the Personalization module and in the Pages app, column filtering was not available (MGNLUI-5671).

  • In the UI module:

    • LinkFieldDefinition did not extend ComboBoxFieldDefinition and could not use its properties (MGNLUI-5798).

    • Toolbar icons for some configuration properties such as alignment, color and fonts were not displayed in the rich text field. With this fix, ckeditor.js has been updated from version 4.13.0 to 4.14.0 (MGNLUI-4072).

Others

Additional security improvements

Stateless protection against login CSRF attack

A stateless technique is now used to protect against any login CSRF attack. See Double Submit Cookie for more information.

When requesting a Magnolia login page before a session is created after authentication, a CSRF token is temporarily kept in a cookie in the client browser. That token is generated with each GET request before login. When the login form is submitted to the server with a POST request, the cookie token is matched against the value coming from the request.

To improve security, a salted hash is used for the cookie so that an attacker will not be able to re-create the cookie value from the plain token without knowledge of the server secrets.

MAGNOLIA-7660 (restricted access)

API incompatibilities

The improvements in this release generated a few API incompatibilities. For details, see the following links:

Known issues

If you are upgrading from an earlier version, read the Upgrading to Magnolia 6.2.x page first and check the Known issues page.

Virtual URI mappings not working if too many are configured

To mitigate an issue caused by having more than 500 configured virtual URI mappings in light modules, a WARN-level message is now logged when a DirectoryWatcher overflow occurs (MAGNOLIA-7762). We also recommend to keep the number of files in a single folder below 100 and to use folder hierarchies whenever possible. For the upcoming fix, see MAGNOLIA-7798.

Documentation screenshot updates

Some of the screenshots in the documentation still show the legacy Magnolia 5 UI. Please bear with us as we work to update them.

Updated modules

  • Advance Cache 2.3.1

  • Backup 2.4.1

  • Blossom 3.4

  • Cache 5.9.1

  • Community Edition 6.2.1

  • Content Dependencies 2.0.1

  • Content Tags 2.0.1

  • DAM 3.0.1

  • Diff 2.2.1

  • DX Core 6.2.1

  • Image Recognition 1.2.1

  • Imaging 3.4.3

  • LDAP Connector 1.10.3

  • Magnolia 6.2.1

  • Mail 5.5.4

  • Multisite 2.1.1

  • Pages 6.2.1

  • Password Manager 1.2.4

  • Periscope 1.2.1

  • Personalization 2.0.1

  • Publishing 1.2.1

  • Resources 3.0.1

  • REST Client 2.0.1

  • REST Client UI 1.0.1

  • Scheduler 2.3.4

  • Site 1.3.1

  • Solr Search Provider 5.2.3

  • Templating Essentials 1.5

  • Text Classification 1.1.1

  • Third-party library BOM 6.2.1

  • UI 6.2.1

  • Usage Metrics 1.1.1

Acknowledgements

The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Le Bao Duy, Oliver Böhrs, Tytgat Christian, Kathrin Kaufleitner, Marvin Kerkhoff, Alex Plouff and Diana Racho.

Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules