Release notes for Magnolia CMS 6.2.12
Magnolia CMS 6.2.12 is a bug-fixing and security release that also delivers a number of updates and improvements.
Connector Pack and Special Feature updates
Analytics Connector Pack 1.2.2 and 1.1.2 released on September 20, 2021.
Live Copy 3.2.6 released on September 23, 2021.
See the Connector Pack and Special Feature changelog for details on these releases.
Internationalization in Content Editor module (beta version)
To allow internationalization of content in the Stories app, we have released version 2.1-beta of the Content Editor module.
<dependency> <groupId>info.magnolia.editor</groupId> <artifactId>content-editor-parent</artifactId> <version>2.1-beta</version> </dependency>
If you want to try it out in your webapp, you need to replace the default Magnolia 5 UI version of the module.
Support for Magnolia 6 UI in Blossom module
Version 3.4.5 of the Blossom module expands support for Magnolia 6 UI. For more details, see Blossom module release notes and Blossom module: Updating to Magnolia 6.2.
SPA libraries reach template endpoints by default
The SPA front-end helpers now communicate with Magnolia without manual role setup.
magnolia-spa-rendering submodule of the Pages module grants the
GET access to its
Previously, browsers would report CORS issues or unauthorized access.
Global path-based locking implemented
Path-based locking in the
module has been deprecated and replaced with a global path-based locking implementation in the
A number of dependencies have also been updated. For this, we have released version 1.2 of the Publishing Transactional module (compatible only with Magnolia 6.2.12+).
Support added for WebP images
As of this release, Magnolia supports the
webp output format. To align dependencies, we have released version 3.5.0 of the
Imaging module (compatible only with Magnolia 6.2.12+).
Complex move operations possible for
info.magnolia.ui.availability.rule.CanMoveRuleDefinition now uses
info.magnolia.ui.contentapp.browser.drop.AlwaysTrueDropConstraintDefinition by default.
For more information about the class, see
DAM link field can be used for assets or folders
You can now use
damLinkField to select an asset or folder. To restrict the field to assets only, see the commented-out lines in the
Move action reinstated in DAM module
In the DAM Core module,
cutContentAction has been replaced with the more intuitive
moveAction of Magnolia 5 UI.
Multi-selection possible in chooser dialog
This release comes with a new preconfigured multi field definition.
jcrMultiLinkField) allows you
to select multiple values of a single type in a chooser dialog
to be stored as an array in a single JCR property. For more information, see Multi field.
Resources can be selected from file system and classpath
A new preconfigured link field definition makes it possible to select resources from the file system and classpath.
Here is an example of how to use
resourceLinkField) to link to a resource:
form: properties: resource: $type: resourceLinkField label: Choose a resource
Validation messages can be configured for upload field
You can use the new
sizeAbortMessage properties in
to configure validation messages for
For more information, see Common upload field properties.
Light rich text field can be customized
Version 2.0.2 of the Content Editor module allows you to customize the light rich text field. For example, you can change the color of the field, toggle the typing direction, or enable the CKEditor-native spell checker. See Light rich text field: Customization for more details.
The light rich text field is used as a text block in the Stories app or in custom implementations of the Content Editor.
Notable bug fixes
Preview as visitor now works with any default JVM language (MGNLPN-564).
The DAM chooser does not crash anymore when the MIME type of an asset is missing (MGNLDAM-902).
Users can no longer move a page they are not allowed to create (PAGES-444).
Deleting a page does not throw an error in
Page/component dialogs and column filters are populated only once as
PageTemplateDataProvideris no longer automatically refreshed on value context changes (PAGES-334).
The SPA template annotations endpoint now resolves only template annotations whose nodes have template definitions (PAGES-503).
Deleting a property in the JCR Browser app does not delete the parent node or publish changes to the public instance (MGNLUI-6811).
In the Edit user profile dialog, the email address you enter is now validated using
Previously selected items in the grid are not randomly deselected when a user clicks outside any of the selection checkboxes (MGNLUI-6800).
Items in select fields are no longer automatically sorted. To sort these items, you must now set
Selected items in twin-column fields are readable again in Chrome (MGNLUI-6568).
converterClassis not ignored anymore in link fields where
textInputAllowedis set to
Input text is now saved for all languages in link fields where
textInputAllowedis set to
When using converted Magnolia 5 UI link fields in Magnolia 6 UI apps,
textInputAllowedis automatically set to
truefor compatibility reasons (MGNLUI-6835).
When a dialog contains fields with i18n content, the footer no longer disappears on switching between languages multiple times (MGNLUI-6583).
Admincentral does not freeze anymore after the first login (MGNLUI-6736).
The CORS filter now precedes the URI security filter in the Magnolia filter chain (MAGNOLIA-8180).
Third-party library updates
This release comes with the following third-party library updates to fix some security and compatibility issues:
Bouncy Castle updated to 1.68 (BUILD-519).
FreeMarker updated to 2.3.31 (BUILD-541).
Groovy updated to 3.0.9 (BUILD-535).
Jackrabbit updated to 2.20.3 (BUILD-413).
JCodec updated to 0.2.5 (BUILD-518).
jsoup updated to 1.14.2 (BUILD-508).
Swagger Core updated to 2.1.10 (BUILD-538).
XStream updated to 1.4.18 (BUILD-512).
We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.
We have fixed a security vulnerability to prevent potential remote code execution (RCE) attacks. We keep the details of that fix private in line with our security policy. Contact our Support team if you need more information.
BUILD-541 (restricted access)
If you are upgrading from an earlier version, read the Upgrading to Magnolia page first and check the Known issues page.
See the 6.2.12 changelog for all the changes.
Barebones Tomcat Bundle 1.2.5
Community Edition 6.2.12
Content Editor 2.0.2
Demo Projects 1.6.3
DX Core 6.2.12
Language Bundles 1.1.6
Publishing Transactional 1.2
REST Framework 2.2.9
Third-party library BOM 6.2.12
The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Matei "Mal" Badanoiu, Wolf Bubenik, Vincenzo Cerbone, Christopher Chard, Antti Hietala, Stefan Huettenrauch, Marian-Razvan Ilisanu, Siarhei Ivanou, Marvin Kerkhoff, Lee Salter, Daniel Schneeberger, Frank Sommer, Ioannis Spyronis, Vivian Steller, Simon Tourville, Bohdan Valentovic, Jeffrey van der Heide and Jörg Wirsig.