Release notes for Magnolia CMS 6.2.1
LTS release • Delivered on May 19, 2020 • Page updated on October 11, 2023 • Changelog: 11443
Magnolia CMS 6.2.1 is a bug-fixing and security release that also delivers the following improvements:
REST-related improvements
REST Client module refactored
A number of optimizations have been implemented in the
REST Client module
that improve the behavior of RestClient
and RestClientFactory
. In
the API, the getWebTarget()
method has been deprecated and the
following methods have been introduced:
-
register(name, component)
: allows registering a custom component on demand, such as response/request filters. -
unregister(name)
: allows unregistering a custom component. -
isClose()
: allows checking whether a client is available for use. -
close()
: allows closing a client after its use. Note that if a client is retrieved fromRestClientFactory#createClientIfAbsent()
, there is no need to close it manually.
REST-based $type aliases renamed
In the
UI
Framework REST Extensions module, the $type aliases for the fields that
handle offline data sources have been renamed to jsonLinkField
and
jsonComboBoxField
.
Handling of missing Content-Type
header
A warning is logged whenever a REST API does not return a Content-Type
header. The REST Client
module comes with a new responseContentType
property that allows you
to set the header in case it is missing in a response.
Improvements in 6 UI framework
Additional complex field transformers ported to 6 UI framework
Two 5 UI complex field transformers have been ported to the Magnolia 6
UI framework, DelegatingMultiValueSubnodeTransformer
and
MultiValueSubChildrenNodePropertiesTransformer
. In the 6 UI, they are
both handled by jcrChildNodeProvider
.
New supportI18N
property in jcrChildNodeProvider
The supportI18N
property has only been introduced to support reading compatibility data from Magnolia 5 UI.
Setting supportI18N
to false
is necessary in certain compatibility configurations (for example, when porting configurations
that use Magnolia 5 UI multi field transformers).
The property is otherwise scheduled for deprecation in a future release.
When you set the supportI18N
property of jcrChildNodeProvider
to false
,
all localized nodes of a field that uses jcrChildNodeProvider
will have a
single field entry that nests different localized child nodes.
root └── nodes ├── item1_de ├── item2_de ├── item1_fr └── item2_fr
When you do not change the default true
value of supportI18N
, each localized node of a field that
uses jcrChildNodeProvider
will have its own field entry that nests respective localized child nodes.
root ├── nodes_de │ ├── item1_de │ └── item2_de └── nodes_fr ├── item1_fr └── item2_fr
Updates in Blossom module
We have fixed an issue in the Blossom module and adapted the module for use in Magnolia 6.2 and beyond. For more details, see our Blossom module release notes.
Dependency on Content
API removed from Solr module
In the Solr Search Provider
module, we have removed dependencies on the old Content
API that
prevented Magnolia from starting when the module was included in a
webapp.
Third-party library updates
This release comes with third-party library updates to fix some security and compatibility issues as well as improve performance. The following are the most notable updates:
-
Hibernate Validator updated to 6.1.4.Final (BLOSSOM-264).
-
log4j-bom updated to 2.13.2 (BUILD-387).
-
Tika updated to 1.24.1 (BUILD-389).
We keep the details of security-related fixes private in line with our security policy. Contact our Support team if you need more information.
Notable bug fixes
-
In the Cache module,
CacheResponseWrapper
did not retrievecontentType
correctly (MGNLCACHE-38). -
In the Publishing module, nodes appeared in the wrong order after publishing a single page (PUBLISHING-79).
This fix, coming with version 1.2.1 of the Publishing module, reverts part of a previous commit that addressed the issue. It is therefore highly probable that there is no node order issue in version 1.2 of the module either, which you may keep using in Magnolia 6.2.1.
On the author instance, editors can move nodes to change the order in which they are stored in JCR. Since Magnolia does not track node order history, it is impossible to keep the same order of nodes on the public instance if you publish just one node that has been moved on the author instance. To make sure that the orders of nodes on both instances are aligned, always publish the parent node of any nodes you moved.
-
In the Magnolia Templating Essentials (MTE) module, images could not be displayed due to
NoSuchMethodError
(MTE-114). -
In the Segments and Personas apps of the Personalization module and in the Pages app, column filtering was not available (MGNLUI-5671).
-
In the UI module:
-
LinkFieldDefinition
did not extendComboBoxFieldDefinition
and could not use its properties (MGNLUI-5798). -
Toolbar icons for some configuration properties such as alignment, color and fonts were not displayed in the rich text field. With this fix,
ckeditor.js
has been updated from version 4.13.0 to 4.14.0 (MGNLUI-4072).
-
Others
Additional security improvements
Stateless protection against login CSRF attack
A stateless technique is now used to protect against any login CSRF attack. See Double Submit Cookie for more information.
When requesting a Magnolia login page before a session is created after
authentication, a CSRF token is temporarily kept in a cookie in the
client browser. That token is generated with each GET
request before
login. When the login form is submitted to the server with a POST
request, the cookie token is matched against the value coming from the
request.
To improve security, a salted hash is used for the cookie so that an attacker will not be able to re-create the cookie value from the plain token without knowledge of the server secrets.
MAGNOLIA-7660 (restricted access)
API incompatibilities
The improvements in this release generated a few API incompatibilities. For details, see the following links:
Known issues
If you are upgrading from an earlier version, read the Upgrading to Magnolia 6.2.x page first and check the Known issues page.
Virtual URI mappings not working if too many are configured
To mitigate an issue caused by having more than 500 configured virtual
URI mappings in light modules, a WARN-level message is now logged when a
DirectoryWatcher
overflow occurs
(MAGNOLIA-7762). We
also recommend to keep the number of files in a single folder below 100
and to use folder hierarchies whenever possible. For the upcoming fix,
see MAGNOLIA-7798.
Updated modules
-
Advance Cache 2.3.1
-
Backup 2.4.1
-
Blossom 3.4
-
Cache 5.9.1
-
Community Edition 6.2.1
-
Content Dependencies 2.0.1
-
Content Tags 2.0.1
-
DAM 3.0.1
-
Diff 2.2.1
-
DX Core 6.2.1
-
Image Recognition 1.2.1
-
Imaging 3.4.3
-
LDAP Connector 1.10.3
-
Magnolia 6.2.1
-
Mail 5.5.4
-
Multisite 2.1.1
-
Pages 6.2.1
-
Password Manager 1.2.4
-
Periscope 1.2.1
-
Personalization 2.0.1
-
Publishing 1.2.1
-
Resources 3.0.1
-
REST Client 2.0.1
-
REST Client UI 1.0.1
-
Scheduler 2.3.4
-
Site 1.3.1
-
Solr Search Provider 5.2.3
-
Templating Essentials 1.5
-
Text Classification 1.1.1
-
Third-party library BOM 6.2.1
-
UI 6.2.1
-
Usage Metrics 1.1.1
Acknowledgements
The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Le Bao Duy, Oliver Böhrs, Tytgat Christian, Kathrin Kaufleitner, Marvin Kerkhoff, Alex Plouff and Diana Racho.