Release notes for Magnolia CMS 6.2.14

Magnolia CMS 6.2.14 is a bug-fixing and security release that also delivers a number of updates and improvements.

Connector Pack and Special Feature updates

  • Live Copy 3.2.7 released on December 13, 2021.

See the Connector Pack and Special Feature changelog for details on that release.

Improvements

i18n easier with Copy blocks

We have released version 2.1-beta2 of the Content Editor module, which adds the Copy blocks button to the language selector. The button allows you to easily create a new language variant of a story by reusing the blocks from the original language version.

For more details, see Copy blocks button.

External SPA

With the release of SPA front-end helpers 1.2.0, we are also pleased to announce the general availability of the Magnolia External SPA capability, making it possible for your SPA project to be running or hosted on a remote server.

New CSRF filter implementation

CsrfTokenSecurityFilter has been deprecated and replaced with CsrfCookieTokenFilter and CsrfSessionTokenFilter. These two classes cover the following functionality:

Splitting the functionality across two classes simplifies implementation, allowing bypasses to be configured more specifically. Both filters define a CSRF token strategy that exposes methods for creating, validating and renewing tokens. The default strategy is HmacCsrfToken.

Fully revamped slider field

The slider field has been modified as follows to address several issues:

  • A tooltip displays the current value on the slider as you drag the handle.

  • The field layout works properly when the SliderFieldDefinition#min property is set to a value other than 0.

  • A new SliderFieldDefinition#title property allows you to set a title for the slider.

  • A new displayStepSize property in SliderFieldDefinition replaces the deprecated gridStepSize property.

See Slider field for more information.

Rich text field moved to magnolia-ui-framework-jcr module

RichTextFieldDefinition has been moved from magnolia-ui-framework to magnolia-ui-framework-jcr as it depends heavily on the JCR API. This binary incompatible change has fixed an issue in the rich text field where the current link to an item was not preselected in the chooser dialog when editing that link.

The class and package names remain the same, so you are not affected at runtime. If you have custom code, you may need to add the magnolia-ui-framework-jcr dependency after upgrading to Magnolia 6.2.14.

Editable JCR property types

The new EditPropertyActionDefinition allows you to edit JCR property types. In the JCR Browser app, you can now choose to edit property types inline or via the action bar.

The Date property type must follow the ISO 8601 standard.

More accessible icons for publication status

The publication status icons have been redesigned to improve accessibility. See Publication status for the new icons.

Notable bug fixes

Third-party library updates

This release comes with the following third-party library updates to fix some security and compatibility issues:

  • AutoFactory updated to 1.0.1 (BUILD-582).

  • AutoService updated to 1.0.1 (BUILD-591).

  • CKEditor updated to 4.17.1 (MGNLUI-6944).

  • EasyUploads updated to 8.0.1 (BUILD-593).

  • EvoInflector updated to 1.2.2 (BUILD-594).

  • Gson updated to 2.8.9 (BUILD-585).

  • GwtMockito updated to 1.1.9 (BUILD-601).

  • Jackrabbit, Derby and Tika updated to 2.20.4, 10.14.2.0 and 1.27 respectively (BUILD-570).

  • Log4j updated to 2.15.0 (BUILD-603).

We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.

Security advisory

To prevent XSS exploits, we have changed how HTTP request content is escaped. For more details, see Security: HTTP requests.

MAGNOLIA-8238 (restricted access)

Others

Known issues

If you are upgrading from an earlier version, read the Upgrading to Magnolia page first and check the Known issues page.

Documentation screenshot updates

Some of the screenshots in the documentation still show the legacy Magnolia 5 UI. Please bear with us as we work to update them.

Changelog

See the 6.2.14 changelog for all the changes.

Updated modules

  • Community Edition 6.2.14

  • DAM 3.0.12

  • Demo Projects 1.6.5

  • DX Core 6.2.14

  • Icons 25

  • Imaging 3.5.2

  • Language Bundles 1.1.8

  • Magnolia 6.2.14

  • Multisite 2.1.2

  • Pages 6.2.13

  • Personalization 2.0.13

  • Publishing 1.3.3

  • REST Framework 2.2.10

  • Soft Locking 3.1.1

  • Synchronization 2.0

  • Templating Essentials 2.0.1

  • Third-party library BOM 6.2.14

  • UI 6.2.14

Acknowledgements

The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Christopher Chard, Simon Curty, Thomas Duffey, Marvin Kerkhoff, Jens Kolb, Eduard Lehel Reichenberger, Ulrich Scheel, Fabian Schneider, Frank Sommer, Vivian Steller, Sebastian Tauch, Simon Tourville, Jeffrey van der Heide, Jörg Wirsig and Pascal Zingg.

Feedback