Jahia 7.3.9 Release Notes
October 8, 2024
What's new?
- Several third-party libraries have been upgraded to benefit from their latest security fixes. See the changelog below for the details.
Upgrading from a previous version?
Spring bean modifications
If you have customized your application context in the file digital-factory-config/jahia/applicationcontext-custom.xml , please consult the list of changes we made in our Spring beans as you might need to update your configuration.
Updated modules and libraries
Library upgrades
The following libraries were updated between Jahia 7.3.8.0 and Jahia 7.3.9.0.
| Library | Version in Jahia 7.3.8.0 | Version in Jahia 7.3.9.0 |
|---|---|---|
| ant | 1.10.9 | 1.10.11 |
| jodconverter | 4.3.0 | 4.4.2 |
| tika | 1.26 | 1.27 |
| xstream | 1.4.16 | 1.4.18 |
Updated modules
The following modules were updated between Jahia 7.3.8.0 and Jahia 7.3.9.0.
| Module | Version in Jahia 7.3.8.0 | Version in Jahia 7.3.9.0 |
|---|---|---|
| CSRF Guard | 1.3.0 | 1.4.0 |
| Default | 7.8.0 | 7.9.0 |
| GraphQL Provider | 1.8.0 | 1.10.0 |
| External Provider | 3.4.0 | 3.5.0 |
| Module Manager | 1.4.0 | 1.5.0 |
| Server Settings | 8.5.0 | 8.6.0 |
| Tools | 2.6.0 | 2.8.0 |
| Tools EE | 2.1.0 | 2.2.0 |
| Webflow Filter | Ø | 1.1.0 |
Jahia 7.3.9.0 - Changelog
Security
For more detail about the minor library upgrades, see the Updated modules and libraries section above.
- Upgraded Tika to 1.27 (including dependent libraries)
- Upgraded jodconverter to 4.4.2
- Upgraded XStream to 1.4.18
- Upgraded ant to 1.10.11
- Fixed a Remote Code Execution vulnerability in Spring Web Flow by adding a Webflow filter (see below)
- Fixed zip slip vulnerability when extracting archives
Core
- Fixed issue with hidden property on Initializer with addMixin
- Fixed issue with custom dynamic value initializer
- Fixed memory issue when a lot of JCR events are replayed
- Fixed memory issue with jgroups
- Improved JCRFilterTag to prevent some exceptions
Anthracite Theme
- Fixed issue with column titles not displayed in legacy managers
Edit Mode
- Fixed buttons disappearing in image picker
Login
- Fixed issue with remember me option at login
Rendering
- Fixed invalid captcha issue
Roles and permissions
- Fixed issue with external permissions not created
- Added the possibility to search users from local site and global level to change its roles and permissions
- Fix permission issue deleting siteusers with same name in another site
- Fixed issue with site level external ACE not updated when the related ACE is moved to another site
Rules
- Fixed rule engine corruption at startup
- Fixed issue with rules not using the good node to execute the action
- Fixed rules engine issues due to dependant rules across modules
Visibility
- Fixed issue with search results count when visibility is active
Workflow
- Fixed issue with duplicated entries leading to workflows not visible to users
Modules - Changelog
Default (7.9.0)
- Added the possibility to search users from local site and global level to change its roles and permissions
External Provider (3.5.0)
- Fixed issue with mixin subnodes removed after the removal of another mixin
GraphQL Core (1.10.0)
- Fixed issue when filtering a multi-valued property
GraphQL Core (1.9.1)
- Added a Jahia node under admin in the GraphQL schema to support administrative operations
Jahia CSRF Guard (1.4.0)
- Fixed issue with filtering not applied on SEO urls
Module Manager (1.5.0)
- Improved the refresh handling for modules with dependencies
Server Settings (8.6.0)
- Fixed issue with resource URL leading to a 404
Tools (2.8.0)
- Added tool to debug the modules start level
Tools (2.7.0)
- Fixed issue with database connections not released in JCR Integrity Tool
Tools EE (2.2.0)
- Fixed memory issue with jgroups
Webflow Filter (1.1.0)
- Added a new filter to detect invalid parameters and block the webflow request