Written by The Jahia Team
 
Developers
Sysadmins
   Estimated reading time:

What's new?

Jahia 8.0.1 is a maintenance release that includes various bug fixes and some notable improvements to Jahia 8:

Actions

We performed an internal security review of our core actions and have deprecated certain actions and protected others. You might need to update your configuration if you've extended one of our actions.

  • By default, all our actions are now restricted to PUT. You can explicitly declare that GET is allowed in your spring file with requiredMethods="GET,POST".
  • For the following actions we explicitly allow GET:
    • checkClipboard.do
    • getWorkflowTasks.do
    • languagesCount.do
    • matchingTags.do
    • generateEventIcs.do
    • getLinkCheckingResults.do
  • The following is a list of deprecated actions:
    • commentTask.do
    • executeTask.do
    • lock.do
    • lockEditableFile.do
    • move.do
    • startPublicationWorkflow.do
    • startWorkflow.do
    • unlock.do
    • addMemberToAcl.do
    • addMemberToGroup.do
    • addPrincipalsInRoles.do
    • autoPublication.do
    • checkClipboard.do
    • cleanClipboard.do
    • createBoard.do
    • getWorkflowTasks.do
    • multipleCopy.do
    • multipleCut.do
    • multipleDelete.do
    • multiplePaste.do
    • multiplePublish.do
    • publish.do
    • adminCreateSite.do
    • adminDeleteSite.do
    • adminEditSite.do

EL 3 support

  • Jahia 8 comes with an upgraded version of pax-web-jsp (for compatibility reasons with the upgraded version of Karaf provided with Jahia 8) which contains an embedded version of Jasper (JSP engine) and EL 3.0
  • Static fields and methods reference support in EL 3.0 are disabled by default on new installations. If you are migrating from a previous version, you can disable it by adding -Djavax.el.class-resolution.disableOnLowerCase=true in the start options of Jahia. Note that if you do not disable it, the DEBUG logs will show which JSPs to update.
  • Some of our JSPs have been updated to optimize EL resolutions like in the news and the search modules

Jahia tools

  • Jahia tools are now accessible with Jahia users instead of a single dedicated user. Find out more.

Jahia 8.0.0.0 >> 8.0.1.0 - Changelog

Security

  • Improved protection on actions against CSRF attacks

Core

  • Improved browsing performance by optimizing some EL statements
  • Set org.atmosphere.interceptor.HeartbeatInterceptor.heartbeatFrequencyInSeconds via a variable in jahia.properties
  • Disabled EL3 feature by default (support of Static Field and Method Reference)
  • Addressed an issue with session expiry
  • Added CSRF tokens to secure the Core actions
  • Fixed known issue preventing Jahia from restarting with SQL Server
  • Fixed session handling used for API calls
  • Added ability to set id attribute in login and search forms
  • Fixed issue when starting a bundle in the default cluster group by preventing module operations from failing when state cannot be persisted
  • Fixed issue with openJDK 1.8_262 by upgrading icu4j
  • Fixed random infinite loading after login on a site with a server name
  • Fixed dependentProperties on choiceList selection

Page Composer

  • Fixed issue with Live button after renaming the system name for a page
  • Fixed access to backend to users with apostrophe in name
  • Fixed the broken navigation after switching between sites in additional accordion
  • Fixed issue on site node when debug log is activated
  • Fixed issue in default infinite pager by updating the js scroll condition to greater than or equal to instead of absolute equality
  • Removed duplicate fields on inherited mixin

Page Model

  • Fixed issue with template field when using a page model in Content Editor

Module Management

  • Added a work in progress panel while uploading module

Rendering

  • Improved the logging to trace issues with template resolution

Studio

  • Fixed the default groupID of new module/templates to use org.foo.modules
  • Fixed issue with node types editing
  • Fixed issue with copy/pasting primary nodetype definition in Studio

Jahia Tools

  • Made /tools accessible to Jahia users instead of a single dedicated user

User Dashboard

  • Fixed workflow with LDAP users

Anthracite Theme

  • Fixed display of headline in the publication review screen
  • Fixed a missing scrollbar in edit engine screens on Chrome

Installer

  • Upgraded the Tomcat version provided by the installer to 9.0.34
  • Fixed links to the Academy in the installer

Docker

  • Removed the /tools credentials in Docker images

Modules - Changelog

App Shell (2.1.0)

  • Fixed browser cache issue with js bundle files
  • Removed Jahia-Deploy-On-Site tag as it could lead to an issue with languages during a remote publication

Bootstrap3 (4.1.0)

  • Fixed broken links in bootstrap3-tabs

CKEditor (4.13.1)

  • Fixed empty macros menu by adding back jQuery in CKEditor

Distributed Sessions (3.1.0)

  • Improve reliability of distributed-sessions in jahia 8

GraphQL (2.1.0)

  • Added a GraphQL endpoint to create JCR nodes without saving them

Jahia UI modules (1.1.0)

  • Removed Jahia-Deploy-On-Site tag as it could lead to an issue with languages during a remote publication

JAX-RS OSGi Extender (3.1.0)

  • Fixed API call issue by avoiding embedding JARs into bundle provided by jax-rs jahia feature

jContent (2.1.0)

  • Fixed issue with empty accordion when editing system name and publishing
  • Updated the "unpublication" icon in jContent menu
  • Fixed missing label while deleting a folder
  • Fixed size of icons in contextual menus
  • Fixed secondary action-menu
  • Fixed issue with contextual menu
  • Fixed deletion of a multi-selection
  • Fixed issue with deletion of a non published folder that had published content
  • Restricted Jahia-Deploy-On-Site tag to system-site as it could lead to an issue with languages during a remote publication

LDAP Connector (4.1.0)

  • Fixed NonSerializableException while failing to create LDAP connection

Macros (8.1.0)

  • Replace Spring by OSGi

Rating (3.1.0)

  • Replace Spring by OSGi

Remote Publication (9.1.0)

  • Fixed journal inconsistency in remote publication with AB test on a page

Roles and Permissions (8.1.0)

  • Fixed labels in the Roles and Permissions tab
  • Updated the LDAP documentation link to the correct Academy page

Maven archetypes (4.2)

  • Updated the archetype for template sets to work with V8