Magnolia 6.2.41 known issues

Endless redirect loop due to incorrect URL encoding

If a redirect URL is used after a login, the protocol portion of the URL is wrongly encoded (from http:// to http%3A//), which generates an endless redirect loop. This happens because the redirection scheme doesn’t take into account absolute URLs.

A workaround solution is to ignore compressing the redirect URL by bypassing the GZip filter.

Users whose names contain . can’t log in

After upgrading to 6.2.41, there is an issue where users with usernames containing the . character can’t log in. This issue especially affects customers who use emails as usernames, as these frequently contain ..

An error similar to this is thrown instead:

ERROR 18.12.2023 10:14:24 -- Failed to execute$3@36581e97 session operation with Unclosed group near index 28

The issue is caused by MAGNOLIA-9191 and is addressed in MAGNOLIA-9233. We aim to resolve this issue with the release of Magnolia CMS 6.2.42, planned soon. For the next release date, see Releases.

SSO impact

This issue doesn’t concern customers using the SSO module, because SSO doesn’t store usernames in JCR.

However, the Magnolia Services sso-connector may be affected.


To bypass this issue, create a Groovy script that reverts the application of the problematic quoting from the ACL paths for each user. For example, the script below removes quoting from the ACL paths for each user (\Q and \E).

We recommend you:

  • Back up your user data before running the Groovy script.

  • Log all the changes that the script makes.

Groovy script example
import info.magnolia.jcr.predicate.NodeTypePredicate;

session = ctx.getJCRSession('users')

users = NodeUtil.collectAllChildren(session.getRootNode(), new NodeTypePredicate("mgnl:user"))

users.each { user ->
    node = NodeUtil.unwrap(user)
    aclNode = node.getNode("acl_users")
    pathNodes = NodeUtil.collectAllChildren(aclNode)
    pathNodes.each{pathNode ->
        path = pathNode.getProperty("path").getValue().getString()
        newPath = path.replace("\\Q","")
        newPath = newPath.replace("\\E","")
        pathNode.setProperty("path", newPath)

Duplicate Security app in modern App Launcher layout

We migrated the Security app to the Magnolia 6 UI framework in SECURITY-64. For those using the classic App Launcher layout, the new Security app does not appear by default. However, those using the modern App Launcher layout, see the new Security app as a duplicate under the "Custom" grouping.

To remove this duplicate Security app from your App Launcher:

  1. Go to any light module.

  2. Add the following decoration for AdminCentral.

        security: security-app (1)
    1 security-app represents the new Security app.

DX Core



This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules