Jahia 8.1.1 Release Notes
Additional details were added in regards to the use of distributed sessions with the JSESSIONID cookie.
What's new?
Jahia 8.1.1 is a maintenance release that includes various bug fixes. Several third-party libraries have been upgraded to benefit from their latest security fixes.
Upgrading from a previous version?
JSESSIONID and Distributed Sessions
When using the distributed session module, the JSESSIONID
cookie used to persist the user session has been renamed to DISTRIBUTED_JSESSIONID
and no JSESSIONID
cookie will be present. This change is transparent for most environments, but extra caution should be taken for environments with custom implementation modifying or using the JSESSIONID
cookie.
Environments without the distributed sessions module are not impacted.
Updated modules and libraries
Library upgrades
The following librairies were updated between Jahia 8.1.0.0 and Jahia 8.1.1.0
Library | Version in Jahia 8.1.0.0 | Version in Jahia 8.1.1.0 |
---|---|---|
Apache Log4j2 | 2.10.0 | 2.17.1 |
Apache Shiro | 1.7.1 | 1.8.0 |
Apache Tomcat | 9.0.52 | 9.0.55 |
Google Protobuf Java | 3.15.3 | 3.16.1 |
OPS4J Pax Logging | 1.11.9 | 1.11.13 |
Updated modules
The following modules were updated between Jahia 8.1.0.0 and Jahia 8.1.1.0
Module | Version in Jahia 8.1.0.0 | Version in Jahia 8.1.1.0 |
---|---|---|
App Shell | 2.4.0 | 2.5.0 |
CKEditor | 4.13.1-jahia8-3 | 4.17.1-jahia8-1 |
Content Editor | 3.3.0 | 3.4.0 |
Content Security Policy | 2.1.0 | 2.2.0 |
Default | 8.4.0 | 8.5.0 |
External Provider | 4.2.0 | 4.3.0 |
Graphql Provider | 2.7.0 | 2.9.0 |
Jahia Administration | 1.4.0 | 1.5.0 |
Jahia Category Manager | 1.1.0 | 1.2.0 |
Jahia CSRF Guard | 2.3.0 | 2.4.0 |
Jahia Clustering | 8.1.0.0 | 8.1.0.2 |
Jahia Dashboard | 1.4.0 | 1.5.0 |
Jahia Page Composer | 1.5.0 | 1.6.0 |
Jahia UI Root | 1.4.0 | 1.5.0 |
Jahia Repository Explorer | 1.2.0 | 1.3.0 |
Jahia User Entries | 1.1.0 | 1.2.0 |
jContent | 2.5.0 | 2.6.0 |
LDAP | 4.3.0 | 4.4.0 |
Location | 3.1.0 | 3.2.0 |
Macros | 8.1.0 | 8.2.0 |
Module Manager | 2.3.0 | 2.4.0 |
News | 3.3.0 | 3.4.0 |
Roles Manager | 8.2.0 | 8.3.0 |
Site Settings | 8.3.0 | 8.4.0 |
Site Settings SEO | 3.1.0 | 3.2.0 |
Tools | 4.0.0 | 4.1.0 |
User Dashboard | 8.3.0 | 8.4.0 |
Jahia 8.1.1.1 >> 8.1.1.3 - Changelog
Core
- Upgraded commons-text from 1.8 to 1.10 to fix a critical vulnerability (see Security Patch - October 2022)
- Fixed deadlock issue "Waiting for final start level to be reached" at Jahia startup
Jahia 8.1.1.1 >> 8.1.1.2 - Changelog
Security
- Fixed issue with Jahia installation not possible without internet connection
- Fixed issue with cluster node synchronisation when using provisioning
Jahia 8.1.1.0 >> 8.1.1.1 - Changelog
Security
- Backported security fix to our fork for Spring beans 3.2.18
- Upgraded Tomcat from 9.0.55 to 9.0.62
Jahia 8.1.0.0 >> 8.1.1.0 - Changelog
Security
- Optimized some regular expressions when cleaning internal tags in HTML
- Upgraded Apache Shiro from 1.7.1 to 1.8.0
- Fixed macros regex to prevent backtracking
- Upgraded log4j to 2.17.1 and pax-logging to 1.11.13
- Updated protobuf-java to 3.16.1
Core
- Improved Jahia performances by tuning JVM options (add link to Academy)
- Added configuration for Hazelcast Management Center
- Upgrade to bndtools 6.1 and maven-bundle-plugin 5.1.2
- Prevented the creation of new Tomcat sessions from Atmosphere servlet handshake
- Fixed issue with Cellar configuration file name containing spaces
- Fixed Cluster synchronization at the Atmosphere Jgroups Channel level
- Updated Spring Transaction library to fix a compilation issue
- Fixed issue with the maintenanceMode Jahia property not taken into account
- Remove duplicate static resources in the 'head' tag if they also exist in 'body'
- Fixed undeletion issue with internationalized contents
- Added a refresh of the updated bundle instead of the dependencies to cleanup OSGI wiring
- Fixed issue with dynamic initializer not available until the module is started
- Fixed issue with buttons that cannot be unchecked in Content Editor advanced panel
- Fixed issue with validation error messages not in the right language in Content Editor
- Fixed issue while browsing a website in live in its default language when urlRewriteRemoveCmsPrefix = false
- Fixed issue with modules not started in some cases (when multiple versions are installed) after fileinstall initial startup
- Fixed link provided in the integrity message when deleting a content in use
- Fixed issue when using date facets in external data provider
- Removed mandatory language check for publication when node is marked for deletion
- Added logs in servlet filters for errors that were not catched
- Fixed wiring issue at startup when upgrading JDK from 8 to 11
- Removed publication info when copying/pasting a node
- Added ClientAbortException in excluded from thread dump exceptions
- Fixed preview not displayed for "all fields required" content type
- Prevented override of Yaml configuration file when restarting cluster nodes
- Fixed issue with area constraints not always taken into account when displaying the buttons to add a content
- Fixed issue preventing adding new loggers in log4j Administration
Content Editor
- Removed delete button from list ordering in legacy edit interface
Import/Export
- Fixed export issue caused by broken references to EDP nodes
- Fixed export issue when fieldnames begin with a numeric character
- Fixed cross site references issue during import
- Fixed import site stuck because of a SVG file
Publication
- Added the number of items to be unpublished in the workflow dashboard popup
- Removed useless warning log "This node doesn't exist in this language" when a page is not published
Search
- Removed nofulltext on j:nodename, so that the system name will be shown in the results
Server/Site Administration
- Flushing all caches now also empties the generated-resources folder
- Removed mail-1.4.7.jar (as javax.mail-1.6.1.jar is already deployed)
Workflows
- Fixed a 404 error when opening a preview from the workflow dashboard
Installer
- Upgraded packaged Tomcat to 9.0.55
- Improved Jahia performances by tuning JVM options (more details here)
- Added the formatMsgNoLookups Log4j2 option in the Tomcat startup options
Modules included in the upgrade to 8.1.1.0 - Changelog
AppShell (2.6.0)
- Improved handling of non existing JS files while loading modules, to prevent 404 or white screens
CKEditor (4.17.1)
- Upgraded CKEditor from 4.13.1 to 4.17.1
- Fixed issue with Phone Link type created as undefined
Content Editor (3.4.0)
- Created a 3 dots button for single fields providing the copy to other languages action
- Added new action "Copy to other languages"
- Added a color picker
- Improved error logging to display more information
- Improved error handling to return the default configuration when the CKEditor configuration cannot be read
- Improved dropdown choicelists by adding a search and a filter on it
- Updated the label for the classification section from "Categories" to "Classification"
- Fixed issue with content type restrictions being displayed on all content types
- Fixed issue with incorrect language being used in advanced options
- Fixed issue with choicelists containing long values
- Fixed issue when updating a content in a language that modify the publication status of the other languages
- Fixed issue with datepicker format not taken into account
- Fixed order of mixins in Content Editor
- Fixed issue in editor form by checking that the definition match before getting values
- Fixed issue with navMenu items not selectable in the page picker
Content Security Policy (2.2.0)
- Fixed reporting issue when Jahia is deployed under non-root webcontext
CSRF guard (2.4.0)
- Changed module-type of jahia-csrf-guard to "system"
- Removed csrf token from error.html pages
- Added possibility to set CSRFGuard properties
External data provider (4.3.0 depends on Jahia 8.1.1)
- Fixed potential memory leak with JCR sessions
- Added a refresh of external sessions on embedded extensionSessions
GraphQL (2.9.0 depends on Jahia 8.1.1)
- Added homePage field on site query to get the home page node
- Added new parameters to the GraphQL renderedContent field: "isEditMode" and "mainResourcePath"
- Added the ability to publish all nodes down the tree via a GraphQL mutation
- Improved error logging to display more information
- Added possibility to specify a behaviour at API level when a content already exists during an import
- Restored error handling behaviour in nodesById and nodesByPath
Jahia Tools (4.1.0)
- Fixed issue with Action's class names not displayed in the tools when exposed as OSGi service
- Updated search results label in query tools to avoid confusion
Jahia UI Root (1.5.0)
- Improved error page when trying to access non existing urls
jContent (2.6.0)
- New file icons
- Added possibility to specify a behaviour at API level when a content already exists during an import
- Fix issue with modified dates not correctly displayed
- Fixed calculation issue when resizing in image editor
- Added % to invalid chars and an error message in the Create Folder dialog
LDAP Provider (4.4.0)
- Prevented LDAP from returning all results with incompatible criteria
Macros (8.2.0)
- Fixed macros regex to prevent backtracking
Module Manager (2.4.0)
- Fixed encoding issue for URLs coming from stores
Page Composer (1.6.0)
- Fixed issue leading to an error screen when the property j:isHomePage is missing on a page
- Fixed issue with page composer url when it contains a query string
Site Settings SEO (3.2.0)
- Removed useless green and red checks in inputs
- Fixed issue when jmix:vanityUrlMapped is enabled but without any vanity URL on the node
- Fixed onblur issue during creation of Vanity URLs in content editor
- Fixed margins issue in Vanity URLs panel in content editor
User Dashboard (8.4.0)
- Added logic to display home page for preview link for users without edit access
Modules - Changelog
Location (3.2.0)
- Fixed creation of location when geocoding mixin is activated
News (3.4.0)
- Fixed locale format for pubDate in RSS template