Release notes for Magnolia CMS 6.2.10

LTS release • Delivered on June 29, 2021 • Changelog: 20351

Magnolia CMS 6.2.10 is a bug-fixing release that comes earlier than planned to patch a security vulnerability related to GET requests. The release also delivers a number of updates and improvements.

New Special Feature: A/B/n Testing

This week, we are happy to announce the release of the A/B/n Testing Special Feature.

A/B/n Testing brings native testing capabilities to Magnolia and helps you make decisions about your content based on real visitor data. A marketer-friendly A/B/n Testing app enables you to quickly create and manage your tests in a single location.

Magnolia A/B/n Testing is compatible with Magnolia 6.2.4+ and is subject to special licensing. Contact your Magnolia representative for more information.

GraphQL module bundled with magnolia-dx-core-demo-webapp

On May 25, 2021, we announced the general availability of the GraphQL module. As always, the easiest way to install the module is with Maven.

From this release, the GraphQL module comes bundled with magnolia-dx-core-demo-webapp. For more information, see also Magnolia delivers GraphQL: another step to free the front end from the back end.

Improvements

Travel Demo uses new MTK2 with Magnolia 6 UI dialogs

With this release, we have introduced magnolia-templating-kit-2 (MTK2) that uses Magnolia 6 UI dialogs for pages and components. The Travel Demo now works with MTK2, and the templates and dialogs of magnolia-templating-kit (MTK) are deprecated.

While both MTK2 and MTK are currently bundled, any demo-webapp comes with MTK2 only.

In the Magnolia 5 UI Pages app (magnolia-pages-app-compatibility), any page template that uses Magnolia 6 UI dialogs now appears only in the Magnolia 6 UI Pages app (magnolia-pages-app).

Login via GET disabled by default

Logging in with query parameters using the GET method is now disabled by default. Trying to do so results in a 401 Unauthorized error.

To allow GET or other HTTP methods, add them as a list to info.magnolia.cms.security.auth.login.FormLogin#allowedMethods. See this configuration as an example.

Enable other methods in the form login via allowedMethods only on non-production systems.

MAGNOLIA-8115 (restricted access)

Changes in light modules automatically observed in Definitions app

The Definitions app is now automatically refreshed on any YAML change when the magnolia.develop configuration property is set to true.

New mode property in nodeNameValidator

info.magnolia.ui.editor.validator.NodeNameValidatorDefinition#mode allows you to validate JCR node names as unique for:

  • Siblings of the currently selected node when editing an existing node (mode=EDIT).

  • Children of the currently selected node when adding a new node (mode=ADD).

Notable bug fixes

  • Synchronization no longer fails when you move or rename a node. Instead, synchronization is completed before a log warning displays all nodes that could not be synchronized (MGNLSYNC-58).

  • To better handle dependency problems and runtime exceptions (MAGNOLIA-6442):

    • In info.magnolia.objectfactory.guice.GuiceUtils, the hasExplicitBindingFor() method checks Injector for null before retrieving an explicit binding key.

    • In info.magnolia.objectfactory.guice.GuiceComponentProviderBuilder, the log error triggered when a module configuration fails to load now catches Throwable instead of CreationException.

  • When you create a page with a name that already exists, you get a validation error at the JCR root level as well (MGNLUI-6735).

  • In info.magnolia.commands.impl.RestorePreviousVersionCommand, the getPreviousVersion() method checks VersionIterator for null before restoring the previous version (MAGNOLIA-8108).

  • Login and logout no longer incorrectly redirect from HTTPS to HTTP if behind proxy (MAGNOLIA-8112).

Third-party library updates

This release comes with the following third-party library updates to fix some security and compatibility issues:

  • PDFBox updated to 2.0.24 (BUILD-475).

  • Preflight and XmpBox (two subprojects of PDFBox) updated to 2.0.24 (BUILD-476).

  • XStream updated to 1.4.17 (BUILD-470).

We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.

Others

Known issues

If you are upgrading from an earlier version, read the Upgrading to Magnolia page first and check the Known issues page.

Documentation screenshot updates

Some of the screenshots in the documentation still show the legacy Magnolia 5 UI. Please bear with us as we work to update them.

Updated modules

  • Advanced Cache 2.3.3

  • Cache 5.9.4

  • Community Edition 6.2.10

  • Content Editor 1.3.8

  • Definitions App 2.1.2

  • Demo Projects 1.6

  • DX Core 6.2.10

  • License 1.7.4

  • Magnolia 6.2.10

  • Pages 6.2.9

  • Password Manager 1.2.5

  • Personalization 2.0.8

  • Publishing 1.2.7

  • Synchronization 1.9.2

  • Templating Essentials 2.0

  • Third-party library BOM 6.2.10

  • UI 6.2.10

Acknowledgements

The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Thomas Duffey, Fabrizio Giustina and Frank Sommer.

Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules