Jahia 8.1.1 Release Notes

March 11, 2022
Release notes correction
Additional details were added in regards to the use of distributed sessions with the JSESSIONID cookie.

What's new?

Jahia 8.1.1 is a maintenance release that includes various bug fixes. Several third-party libraries have been upgraded to benefit from their latest security fixes. 


Upgrading from a previous version?

JSESSIONID and Distributed Sessions

When using the distributed session module, the JSESSIONID cookie used to persist the user session has been renamed to DISTRIBUTED_JSESSIONID and no JSESSIONID cookie will be present. This change is transparent for most environments, but extra caution should be taken for environments with custom implementation modifying or using the JSESSIONID cookie.

Environments without the distributed sessions module are not impacted.

Library upgrades

The following librairies were updated between Jahia and Jahia

Library Version in Jahia Version in Jahia
Apache Log4j2 2.10.0 2.17.1
Apache Shiro 1.7.1 1.8.0
Apache Tomcat 9.0.52 9.0.55
Google Protobuf Java 3.15.3 3.16.1
OPS4J Pax Logging 1.11.9 1.11.13


Updated modules

The following modules were updated between Jahia and Jahia

Module Version in Jahia Version in Jahia
App Shell 2.4.0 2.5.0
CKEditor 4.13.1-jahia8-3 4.17.1-jahia8-1
Content Editor 3.3.0 3.4.0
Content Security Policy 2.1.0 2.2.0
Default 8.4.0 8.5.0
External Provider 4.2.0 4.3.0
Graphql Provider 2.7.0 2.9.0
Jahia Administration 1.4.0 1.5.0
Jahia Category Manager 1.1.0 1.2.0
Jahia CSRF Guard 2.3.0 2.4.0
Jahia Clustering
Jahia Dashboard 1.4.0 1.5.0
Jahia Page Composer 1.5.0 1.6.0
Jahia UI Root 1.4.0 1.5.0
Jahia Repository Explorer 1.2.0 1.3.0
Jahia User Entries 1.1.0 1.2.0
jContent 2.5.0 2.6.0
LDAP 4.3.0 4.4.0
Location 3.1.0 3.2.0
Macros 8.1.0 8.2.0
Module Manager 2.3.0 2.4.0
News 3.3.0 3.4.0
Roles Manager 8.2.0 8.3.0
Site Settings 8.3.0 8.4.0
Site Settings SEO 3.1.0 3.2.0
Tools 4.0.0 4.1.0
User Dashboard 8.3.0 8.4.0

Jahia >> - Changelog


  • Upgraded commons-text from 1.8 to 1.10 to fix a critical vulnerability (see Security Patch - October 2022)
  • Fixed deadlock issue "Waiting for final start level to be reached" at Jahia startup

Jahia >> - Changelog


  • Fixed issue with Jahia installation not possible without internet connection
  • Fixed issue with cluster node synchronisation when using provisioning

Jahia >> - Changelog


For more details, see Security Patch - April 2022.
  • Backported security fix to our fork for Spring beans 3.2.18
  • Upgraded Tomcat from 9.0.55 to 9.0.62

Jahia >> - Changelog


For more detail about the minor library upgrades, see the Updated modules and libraries section above.
  • Optimized some regular expressions when cleaning internal tags in HTML
  • Upgraded Apache Shiro from 1.7.1 to 1.8.0
  • Fixed macros regex to prevent backtracking
  • Upgraded log4j to 2.17.1 and pax-logging to 1.11.13
  • Updated protobuf-java to 3.16.1


  • Improved Jahia performances by tuning JVM options (add link to Academy)
  • Added configuration for Hazelcast Management Center
  • Upgrade to bndtools 6.1 and maven-bundle-plugin 5.1.2
  • Prevented the creation of new Tomcat sessions from Atmosphere servlet handshake
  • Fixed issue with Cellar configuration file name containing spaces
  • Fixed Cluster synchronization at the Atmosphere Jgroups Channel level
  • Updated Spring Transaction library to fix a compilation issue
  • Fixed issue with the maintenanceMode Jahia property not taken into account
  • Remove duplicate static resources in the 'head' tag if they also exist in 'body'
  • Fixed undeletion issue with internationalized contents
  • Added a refresh of the updated bundle instead of the dependencies to cleanup OSGI wiring
  • Fixed issue with dynamic initializer not available until the module is started
  • Fixed issue with buttons that cannot be unchecked in Content Editor advanced panel
  • Fixed issue with validation error messages not in the right language in Content Editor
  • Fixed issue while browsing a website in live in its default language when urlRewriteRemoveCmsPrefix = false
  • Fixed issue with modules not started in some cases (when multiple versions are installed) after fileinstall initial startup
  • Fixed link provided in the integrity message when deleting a content in use
  • Fixed issue when using date facets in external data provider
  • Removed mandatory language check for publication when node is marked for deletion
  • Added logs in servlet filters for errors that were not catched
  • Fixed wiring issue at startup when upgrading JDK from 8 to 11
  • Removed publication info when copying/pasting a node
  • Added ClientAbortException in excluded from thread dump exceptions
  • Fixed preview not displayed for "all fields required" content type
  • Prevented override of Yaml configuration file when restarting cluster nodes
  • Fixed issue with area constraints not always taken into account when displaying the buttons to add a content
  • Fixed issue preventing adding new loggers in log4j Administration

Content Editor

  • Removed delete button from list ordering in legacy edit interface


  • Fixed export issue caused by broken references to EDP nodes
  • Fixed export issue when fieldnames begin with a numeric character
  • Fixed cross site references issue during import
  • Fixed import site stuck because of a SVG file


  • Added the number of items to be unpublished in the workflow dashboard popup
  • Removed useless warning log "This node doesn't exist in this language" when a page is not published


  • Removed nofulltext on j:nodename, so that the system name will be shown in the results

Server/Site Administration

  • Flushing all caches now also empties the generated-resources folder
  • Removed mail-1.4.7.jar (as javax.mail-1.6.1.jar is already deployed)


  • Fixed a 404 error when opening a preview from the workflow dashboard


  • Upgraded packaged Tomcat to 9.0.55
  • Improved Jahia performances by tuning JVM options (more details here)
  • Added the formatMsgNoLookups Log4j2 option in the Tomcat startup options

Modules included in the upgrade to - Changelog

AppShell (2.6.0)

  • Improved handling of non existing JS files while loading modules, to prevent 404 or white screens

CKEditor (4.17.1)

  • Upgraded CKEditor from 4.13.1 to 4.17.1
  • Fixed issue with Phone Link type created as undefined

Content Editor (3.4.0)

  • Created a 3 dots button for single fields providing the copy to other languages action
  • Added new action "Copy to other languages"
  • Added a color picker
  • Improved error logging to display more information
  • Improved error handling to return the default configuration when the CKEditor configuration cannot be read
  • Improved dropdown choicelists by adding a search and a filter on it
  • Updated the label for the classification section from "Categories" to "Classification"
  • Fixed issue with content type restrictions being displayed on all content types
  • Fixed issue with incorrect language being used in advanced options
  • Fixed issue with choicelists containing long values
  • Fixed issue when updating a content in a language that modify the publication status of the other languages
  • Fixed issue with datepicker format not taken into account
  • Fixed order of mixins in Content Editor
  • Fixed issue in editor form by checking that the definition match before getting values
  • Fixed issue with navMenu items not selectable in the page picker

Content Security Policy (2.2.0)

  • Fixed reporting issue when Jahia is deployed under non-root webcontext

CSRF guard (2.4.0)

  • Changed module-type of jahia-csrf-guard to "system"
  • Removed csrf token from error.html pages
  • Added possibility to set CSRFGuard properties

External data provider (4.3.0 depends on Jahia 8.1.1)

  • Fixed potential memory leak with JCR sessions
  • Added a refresh of external sessions on embedded extensionSessions

GraphQL (2.9.0 depends on Jahia 8.1.1)

  • Added homePage field on site query to get the home page node
  • Added new parameters to the GraphQL renderedContent field: "isEditMode" and "mainResourcePath"
  • Added the ability to publish all nodes down the tree via a GraphQL mutation
  • Improved error logging to display more information
  • Added possibility to specify a behaviour at API level when a content already exists during an import
  • Restored error handling behaviour in nodesById and nodesByPath

Jahia Tools (4.1.0)

  • Fixed issue with Action's class names not displayed in the tools when exposed as OSGi service
  • Updated search results label in query tools to avoid confusion

Jahia UI Root (1.5.0)

  • Improved error page when trying to access non existing urls

jContent (2.6.0)

  • New file icons
  • Added possibility to specify a behaviour at API level when a content already exists during an import
  • Fix issue with modified dates not correctly displayed
  • Fixed calculation issue when resizing in image editor
  • Added % to invalid chars and an error message in the Create Folder dialog

LDAP Provider (4.4.0)

  • Prevented LDAP from returning all results with incompatible criteria

Macros (8.2.0)

  • Fixed macros regex to prevent backtracking

Module Manager (2.4.0)

  • Fixed encoding issue for URLs coming from stores

Page Composer (1.6.0)

  • Fixed issue leading to an error screen when the property j:isHomePage is missing on a page
  • Fixed issue with page composer url when it contains a query string

Site Settings SEO (3.2.0)

  • Removed useless green and red checks in inputs
  • Fixed issue when jmix:vanityUrlMapped is enabled but without any vanity URL on the node
  • Fixed onblur issue during creation of Vanity URLs in content editor
  • Fixed margins issue in Vanity URLs panel in content editor

User Dashboard (8.4.0)

  • Added logic to display home page for preview link for users without edit access

Modules - Changelog

The following modules have been released along with the Jahia 8.1.1 release, and are part of the Discovery installation. These modules are not automatically updated when upgrading to 8.1.1, but can easily be updated from the administration.

Location (3.2.0)

  • Fixed creation of location when geocoding mixin is activated

News (3.4.0)

  • Fixed locale format for pubDate in RSS template