Jahia 8.1.3 Release Notes

January 31, 2024

What's new?

Jahia 8.1.3 is a maintenance release that includes various bug fixes. Several third-party libraries have been upgraded to benefit from their latest security fixes. It also comes with a couple improvements:

  • Folders, and their structure, can now be uploaded directly by drag and drop in jContent! No need to zip a folder, upload it and then unzip it.
  • The Crop / Rotate / Resize options for images are now available in a modal. The features and behavior remain unchanged, we have only changed the way they are presented.
  • Module management administration screen:
    • Using configuration files, you can now disable the start/stop/deploy/undeploy module operations in this interface, for instance to prevent a critical module from being stopped. You can use version ranges, per module, to configure the list of disabled operations. This only applies for the Module management administration UI, as the OSGi console and module management API are not impacted by this feature.
    • You can display info or warning messages at the top of the module administration page, using a yml or configuration file
  • Introduced dedicated permissions for the admin node in Graphql Provider, this allows for additional fine-tuning of the access for mutations and queries using this node.
  • Introduced a new permission in Personal API Tokens, to restrict access to "My API tokens"
Content Editor 4.1 is compatible with Jahia 8.1.3. It is not included by default in this Jahia version, but can be downloaded from the store. Learn more about Content Editor 4.1

Rewrite rules configuration

In jahia-page-composer 1.8.0 (packaged with Jahia 8.1.3.0), the global category flag use-query-string="true" was added to keep the query parameters when there's a redirection in Jahia. As it affects all the rewrite rules and all the urls, we made the decision to roll back this change and worked on another fix that only affects rules related to Jahia edit mode. We strongly encourage to upgrade jahia-page-composer to version 1.11.0.

Library upgrades

The following librairies were updated between Jahia 8.1.2.0 and Jahia 8.1.3.0

Library Version in Jahia 8.1.2.0 Version in Jahia 8.1.3.0
Apache Commons Test 1.8.0 1.10.0
Apache Shiro 1.8.0 1.10.0
Apache Tika 1.28.2 1.28.4
DB Driver - MariaDB 2.7.2 3.0.7
DB Driver - MSSQL 9.2.1.jre8 11.2.0.jre8
DB Driver - MySQL 8.0.27 8.0.30
DB Driver - Oracle 18.3.0.0 21.1.0.0
DB Driver - PostgreSQL 42.3.6 42.5.0
Woodstox ASL 3.2.7  

 

Updated modules

The following modules were updated between Jahia 8.1.2.0 and Jahia 8.1.3.0

Module Version in Jahia 8.1.2.0 Version in Jahia 8.1.3.0
App Shell 2.6.0 2.7.0
Bootstrap Core 4.2.0 4.2.1
Bootstrap Components 4.2.0 4.2.1
CKEditor 4.17.1-jahia8-2 4.19.1-jahia8-2
Content Editor 3.4.0 3.4.2
Content Security Policy 2.2.0 2.3.0
Default 8.5.0 8.6.0
External Provider 4.3.0 4.4.0
External Provider Modules 4.3.0 4.4.0
External Provider Users and Groups 2.1.0 2.2.0
External Provider VFS 4.3.0 4.4.0
Graphql Provider 2.11.0 2.14.0
Jahia Administration 1.5.0 1.6.0
Jahia CSRF Guard 3.0.0 3.2.0
Jahia Dashboard 1.5.0 1.6.0
Jahia Page Composer 1.7.0 1.8.0
Jahia Repository Explorer 1.3.0 1.4.0
Jahia UI Root 1.6.0 1.7.0
Jahia User Entries 1.3.0 1.4.0
jContent 2.7.0 2.8.0
Module Manager 2.5.0 2.6.0
Personal API Tokens 1.1.0 1.3.0
Roles Manager 8.3.0 8.4.0
Security Filter Tools 2.2.0 2.3.0
Server Settings 9.4.0 9.5.0
Site Settings 8.4.0 8.5.0
Site Settings SEO 3.3.0 3.5.0

Security

Core

  • Added debug logs when cache dependencies limit is exceeded
  • Increased the number of allowed JDBC connection to match the default tomcat configuration
  • Removed usage of jquery 2.1.4
  • Added a method, in WorkflowObservationManager, to remove a workflow listener
  • Fixed deadlock issue "Waiting for final start level to be reached" at Jahia startup
  • Fixed concurrency issue with minified files being created at the same time by different users
  • Fixed issue with provisioning in cluster
  • Fixed Page Composer language switcher not being updated when changing the language directly in the site
  • Updated DB drop script to only try to drop a table if it exists
  • Fixed issue with site users not able to log in
  • Fixed ImageMagick URL used in Jahia Docker images
  • Fixed out of memory error when moving a long list of categories
  • Fixed encoding issue of the query string when redirecting to the default vanity URL
  • Fixed encoding issue in the cache key part generator with template:module tag
  • Fixed issue with spring validation groups by using a new resolver mechanism
  • Fixed issue with Jackson annotation by delegating class mapping to OSGi
  • Fixed backup/restore issue with "org.ops4j.pax.url.mvn.cfg"
  • Removed jahiaToolManagerUsername and jahiaToolManagerPassword from jahia.properties
  • Fixed issue with rules registration/unregistration when multiple modules have same display name
  • Removed wstx-asl-3.2.7 library due to conflict with woodstox-core-6.2.8
  • Fixed ordering of multiple values in import/export

Modules included in the upgrade - Changelog

App Shell (2.7.0)

  • Fixed issue with site users not able to log in

CkEditor (4.19.1-jahia8-2)

  • Upgraded ckeditor4 from 4.17.1 to 4.19.1

Content Editor (3.4.2)

  • Made Content Editor 3.4 compatible with Apollo 3

Content Security Policy (2.3.0)

  • Added nonce injection mechanism

Default (8.6.0)

  • Fixed issue when removing a group with special characters in role management panel

External Provider (4.4.0)

  • Upgraded packages to fix javascript vulnerabilities
  • Fixed issue when retrieving property type from external data provider
  • Fixed issue in external data provider queries where hasNode would return true for properties

External Provider Users and Groups (2.2.0)

  • Upgraded packages to fix javascript vulnerabilities

GraphQL Provider (2.14.0)

  • Added missing description to GraphQL admin permissions

Jahia Administration (1.6.0)

  • Upgraded packages to fix javascript vulnerabilities
  • Fixed javascript error in site switcher when accessing "Administration > Sites"
  • Fixed issue when switching sites from panel not enabled on target site
  • Fixed issue with site users not able to log in

Jahia CSRF Guard (3.2.0)

  • Updated the token holder to store the tokens in the session
  • Minified CSRFGuard template javascript to save space

Jahia Page Composer (1.8.0)

  • Fixed issue with special characters in system name
  • Fixed issue with site users not able to log in
  • Fixed issue with query parameter not preserved

Jahia Repository Explorer (1.4.0)

  • Upgraded packages to fix javascript vulnerabilities

Jahia UI Root (1.7.0)

  • Upgraded packages to fix javascript vulnerabilities

Jahia User Entries (1.4.0)

  • Upgraded packages to fix javascript vulnerabilities

jContent (2.8.0)

  • Various improvements for the new Content Editor pickers support (4.1.0)
  • Moved image editor to a modal
  • Added the time in last modification date
  • Replaced view icon by dropdown
  • Added download modal (with download link in staging and in live)
  • Replaced the "Zip" folder/file feature with a more efficient "Download as zip" feature
  • Improved the image resizing tool by using the current image resolution as max value
  • Fixed issue when publishing modification or deletion of several items
  • Fixed issue when publishing the deletion of multiple files/content
  • Fixed the size of the horizontal scrollbar in Firefox
  • Fixed issue with site users not able to log in

Module Manager (2.6.0)

  • Added a configuration to prevent customers from doing some operations in the module UI
  • Prevented deployment of “disabled” modules from the UI / store tab
  • Added a configuration to allow display of info and warning messages in Jahia Module Administration screen
  • Upgraded packages to fix javascript vulnerabilities
  • Fixed validation error when deleting a forge

Personal API Tokens (1.3.0)

  • Added a new permission "Personal api tokens" (under "Developer tools") to restrict access to "My API tokens"
  • Added French and German translations
  • Upgraded packages to fix javascript vulnerabilities
  • Added noImportExport mixin to prevent export of the tokens

Roles Manager (8.4.0)

  • Upgraded packages to fix javascript vulnerabilities

Security Filter Tools (2.3.0)

  • Upgraded packages to fix javascript vulnerabilities

Server Settings (9.5.0)

  • Upgraded packages to fix javascript vulnerabilities
  • Removed import of db_settings.png in repository.xml

Site Settings (8.5.0)

  • Upgraded packages to fix javascript vulnerabilities

Site Settings SEO (3.5.0)

  • Fixed issue with vanity URLs starting with an integer
  • Fixed flickering when reloading VanityURL dashboard

Modules - Changelog

The following modules have been released along with the Jahia 8.1.3 release and are not automatically updated when upgrading to 8.1.3, but can easily be updated from the administration.

Bootstrap3 (4.2.1) Core & Components

  • Fixed issue with incorrect tag used to display sub view

Distributed Sessions (3.4.0)

  • Removed dependency to jahia-csrf-guard

Server Availability Manager (2.3.0)

  • Added new SearchIndex probe returning statistics about performance of search indices (more details here: Monitoring your servers)