Release notes for Magnolia CMS 6.2.60

LTS release • Delivered on June 13, 2025 • Changelog: 17800

Magnolia 6.2.60 is primarily a bug-fixing and security release, which also introduces a new filter called ipSecurity. We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.

Improvements

  • MAGNOLIA-7918 Extract ipSecurity functionality out of uriSecurity filter to a separate filter

    For more, see IP security.

Bug fixes

  • MAGNOLIA-6923 Content-Type header not set when serving binaries from a website

  • MAGNOLIA-9080 Duplicate CSRF cookies after server-side forward

  • MAGNOLIA-9399 Charset being set for Content-Type header in responses for asset requests

  • MAGNOLIA-9460 BasicLogin handler doesn’t filter out Bearer authentication

  • MAGNOLIA-9550 Download allows Content-Type sniffing

  • MGNLPN-830 Memory leak in personalization-traits module

  • MGNLREST-844 Reference resolvers don’t seem to respect the workspace ACL bypass

  • MGNLUI-6879 UI unresponsive after saving a jcrMultiField on a node with many subnodes

  • MGNLUI-9200 Order of items not preserved when several items are moved after a selected item

  • TASKMGMT-71 Many publishing tasks scheduled at the same time sometimes results in one of them not being published

Third-party library updates

This release comes with third-party library updates. See the Magnolia Third-party library BOM 6.2.60.

Notable updates

  • BUILD-1025 Upgrade to SnakeYAML 2

    There are several changes between SnakeYAML 1.x and 2.x which are explicitly noted as backwards-incompatible or have the potential to break existing code due to altered behavior.

    These include API changes, changes in default behavior, and security-driven restrictions. The breaking changes primarily affect:

    • Low-level API users (for example, custom parsers or tag handling).

    • Applications serializing JavaBeans with read-only properties.

    • Code deserializing untrusted YAML without explicit constructor configurations.

    If you plan to update SnakeYAML in your project, consider the changes first. For more details, see snakeyaml / Changes on Bitbucket.

  • MGNLTOMCAT-55 Update org.apache.tomcat:tomcat to version 9.0.106

Updated modules

Bundled modules included with this release.

  • Cache 5.9.22

  • Community Edition 6.2.60

  • Content Editor 2.1.14

  • DAM 3.0.43

  • DX Core 6.2.60

  • Imaging 3.5.13

  • License 1.8.2

  • Magnolia 6.2.60

  • Personalization 2.1.18

  • REST Framework 2.2.31

  • Resources 3.0.12

  • Task Management 1.2.12

  • Third-party library BOM 6.2.60

  • UI 6.2.60

  • Webhooks 1.0.4

Unbundled modules

Unbundled modules released since Magnolia 6.2.59.

Acknowledgements

The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better.

Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules