Release notes for Magnolia CMS 6.2.55

LTS release • Delivered on February 20, 2025 • Changelog: 15391

Magnolia 6.2.55 is primarily a bug-fixing and security release, which includes breaking changes related to FreeMarker directives and content rendering.

You can also find which modules were updated including a list of unbundled modules released since the previous version of Magnolia.

As with any Magnolia release, this release also delivers critical bug and security fixes. We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.

Breaking changes

The improvements and fixes shipped with this release have also introduced the following breaking changes.

Security hardening of template scripts

Content is available in template scripts via templating functions and, for the most part, automatically encoded. Before this release, we identified some directives that weren’t compliant with this security encoding. To fix this, escaping content to enable encoding is now set by default for all directives.

  • MAGNOLIA-9563 Inconsistency in encoding content via templating functions and renderer

You can run the following Groovy script to identify whether your template scripts are affected. If you’re affected, you can disable the encoding fixes by setting the new magnolia.templating.escaping property to compatibility. See Configuration management for more details.

Alternatively, you can update the template scripts to use the new encoded content.

import info.magnolia.objectfactory.Components;
import info.magnolia.resourceloader.ResourceOrigin;
import info.magnolia.resourceloader.util.ResourcePredicates;
import java.util.regex.Pattern;

PATTERNS = [Pattern.compile("cmsfn.(contentByPath|contentById|nodeByPath|nodeById|search|simpleSearch)"),
            Pattern.compile("searchfn.(searchPages|searchContent)"),
            Pattern.compile("catfn.(getCategories|getRelatedCategories|getContentByCategory|getCategoryNodeByName)")]

origin = Components.getComponent(ResourceOrigin.class);
resources = origin.find("/", ResourcePredicates.pathMatchesGlob("/**/*.ftl")).toList();
for (resource in resources) {
    if (searchIn(resource) > 0) {
        println resource.getPath();
    }
}


def searchIn(resource) {
    def count = 0
    resource.openReader().withCloseable { reader ->
        reader.eachLine { line ->
            PATTERNS.each{ PATTERN ->
                def matcher = PATTERN.matcher(line)
                while (matcher.find()) count++
            }
        }
    }
    return count
}

Improvements

  • MAGNOLIA-9581 Optimized index of the mgnlVersion workspace. This helps reduce the disk footprint and CPU usage on version actions.

    Requires re-indexing of the mgnlVersion workspace to take effect.

Bug fixes

  • Assets with a Japanese name throw an exception on download and preview

  • MAGNOLIA-9540 Adding mgnl:contentNode to aggregates in the website index configuration to improve search indexing

    For more, see Website indexing configuration file.

  • MAGNOLIA-9554 Imported content may end up not being publishable

  • MAGNOLIA-9557 ObservationBasedDelayedExecutor can cause lock contention

    JCR-backed apps rely on the JCR observation definition to refresh the grid when users save changes. We’ve improved the observation event handling flow by avoiding potential lock contention around Magnolia-level event buffers in heavy load situations.

  • MGNLDAM-1596 Unicode character can’t be encoded as it’s outside the permitted range

  • MGNLDEMO-458 Security fix for Magnolia demo

  • MGNLUI-9098 Export action forces browser reload

  • MGNLUI-9129 Editing a user on the Security app removes the password, making login impossible

  • MULTISITE-209 Sites aren’t correctly registered when starting an instance for the first time

Third-party library updates

This release comes with third-party library updates, see the Magnolia Third-party library BOM 6.2.55.

Notable updates

Updated modules

Bundled modules included with this release. You can also see Unbundled modules released since Magnolia 6.2.54 which include Live Copy 3.2.18 and others.

  • Categorization 2.9.2

  • Community Edition 6.2.55

  • DAM 3.0.40

  • DX Core 6.2.55

  • Demo Projects 1.6.12

  • Imaging 3.5.11

  • Magnolia 6.2.55

  • Multisite 2.1.6

  • Solr Search Provider 6.1.13

  • Third-party library BOM 6.2.55

  • UI 6.2.55

Unbundled modules

Unbundled modules released since Magnolia 6.2.54.

  • Live Copy 3.2.18 was released on January 21, 2025. For more information, see the changelog.

  • Marketing Automation module 1.0.5 was released on February 6, 2025. For more information, see the changelog.

  • URL Translation module 6.2.8 was released on January 29, 2025. For more information, see the changelog.

Acknowledgements

The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better.

Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules