Jahia 7.3.9 Release Notes

November 14, 2023

What's new?

  • Several third-party libraries have been upgraded to benefit from their latest security fixes. See the changelog below for the details.

Spring bean modifications

If you have customized your application context in the file digital-factory-config/jahia/applicationcontext-custom.xml , please consult the list of changes we made in our Spring beans as you might need to update your configuration.

Library upgrades

The following libraries were updated between Jahia and Jahia

Library Version in Jahia Version in Jahia
ant 1.10.9 1.10.11
jodconverter 4.3.0 4.4.2
tika 1.26 1.27
xstream 1.4.16 1.4.18


Updated modules

The following modules were updated between Jahia and Jahia

Module Version in Jahia Version in Jahia
CSRF Guard 1.3.0 1.4.0
Default 7.8.0 7.9.0
GraphQL Provider 1.8.0 1.10.0
External Provider 3.4.0 3.5.0
Module Manager 1.4.0 1.5.0
Server Settings 8.5.0 8.6.0
Tools 2.6.0 2.8.0
Tools EE 2.1.0 2.2.0
Webflow Filter Ø 1.1.0

Jahia - Changelog


For more detail about the minor library upgrades, see the Updated modules and libraries section above.
  • Upgraded Tika to 1.27 (including dependent libraries)
  • Upgraded jodconverter to 4.4.2
  • Upgraded XStream to 1.4.18
  • Upgraded ant to 1.10.11
  • Fixed a Remote Code Execution vulnerability in Spring Web Flow by adding a Webflow filter (see below)
  • Fixed zip slip vulnerability when extracting archives


  • Fixed issue with hidden property on Initializer with addMixin
  • Fixed issue with custom dynamic value initializer
  • Fixed memory issue when a lot of JCR events are replayed
  • Fixed memory issue with jgroups
  • Improved JCRFilterTag to prevent some exceptions

Anthracite Theme

  • Fixed issue with column titles not displayed in legacy managers

Edit Mode

  • Fixed buttons disappearing in image picker


  • Fixed issue with remember me option at login


  • Fixed invalid captcha issue

Roles and permissions

  • Fixed issue with external permissions not created
  • Added the possibility to search users from local site and global level to change its roles and permissions
  • Fix permission issue deleting siteusers with same name in another site
  • Fixed issue with site level external ACE not updated when the related ACE is moved to another site


  • Fixed rule engine corruption at startup
  • Fixed issue with rules not using the good node to execute the action
  • Fixed rules engine issues due to dependant rules across modules


  • Fixed issue with search results count when visibility is active


  • Fixed issue with duplicated entries leading to workflows not visible to users

Modules - Changelog

Default (7.9.0)

  • Added the possibility to search users from local site and global level to change its roles and permissions

External Provider (3.5.0)

  • Fixed issue with mixin subnodes removed after the removal of another mixin

GraphQL Core (1.10.0)

  • Fixed issue when filtering a multi-valued property

 GraphQL Core (1.9.1)

  • Added a Jahia node under admin in the GraphQL schema to support administrative operations

Jahia CSRF Guard (1.4.0)

  • Fixed issue with filtering not applied on SEO urls

Module Manager (1.5.0)

  • Improved the refresh handling for modules with dependencies

Server Settings (8.6.0)

  • Fixed issue with resource URL leading to a 404

Tools (2.8.0)

  • Added tool to debug the modules start level

 Tools (2.7.0)

  • Fixed issue with database connections not released in JCR Integrity Tool

Tools EE (2.2.0)

  • Fixed memory issue with jgroups

Webflow Filter (1.1.0)

  • Added a new filter to detect invalid parameters and block the webflow request