Jahia 8.2.2 Release Notes
What's new?
Jahia 8.2.2 is a maintenance release primarily addressing security-related issues detailed in September security patch page.
Adopting this release is expected to be simple for environments already running Jahia 8.2.1.
Breaking changes
This release includes two changes that could be considered breaking, depending on your environment.
Stricter file upload validations
This release introduces stricter file upload checks configurable via the property jahiaSecuredFileUpload in the jahia.properties file.
In Jahia 8.1.9.0, this property is set to true by default. Make sure to review the documentation available in the jahia.properties file to determine if and how you are impacted. This documentation is also accessible here.
CSRF protection in /modules/api/bundles
In this release, we removed the ability for /modules/api/bundles to rely on sessions for authentication, which typically means that it will not be possible to call this endpoint from Web UIs.
We expect this use case to be extremely rare (if not inexistent) since this endpoint was primariraly created to support Jahia orchestration use cases, which are unaffected by this change. This endpoint is still reachable via other Jahia authentication mechanism (token, basic auth).
Updated modules in 8.2.2
No modules were updated between Jahia 8.2.1.0 and Jahia 8.2.2.0
Updated libraries in 8.2.2
The following librairies were updated between Jahia 8.2.1.0 and Jahia 8.2.2.0
| Library | Jahia 8.2.1.0 | Jahia 8.2.2.0 |
|---|---|---|
| Apache Commons Beanutils | 1.9.4 | 1.11.0 |
| Apache Commons Compress | 1.25.0 | 1.27.1 |
| Apache Commons FileUpload | 1.3.3 | 1.6.0 |
| Apache Commons IO | 2.14.0 | 2.16.1 |
| Apache Commons Lang3 | 3.12.0 | 3.18.0 |
| Apache log4j2 | 2.17.2 | 2.23.1 |
| Apache Tika Parser | 2.9.1 | 2.9.3 |
| Apache Tomcat | 9.0.104 | 9.0.107 |
| Apache Commons VFS | 2.4.1 | 2.10.0 |
| aws-java-sdk-s3 | 1.12.272 | 1.12.787 |
| PostgreSQL driver | 42.7.5 | 42.7.7 |
| Jackson Core | 2.15.2 | 2.19.0 |
| Joda Time | 2.10.13 | 2.14.0 |
| snakeyaml | 2.2 | 2.4 |
Jahia 8.2.2 - Changelog
Docker
- ✨ Simplified Jahia configuration during startup of the Docker images and removed unnecessary dependencies
Security
- ✨ Introduced a stricter mechanism to validate file uploads, configurable using the jahiaSecuredFileUpload property. This configuration is true by default. Please see the "Breaking Changes" section of this document.