Jahia 8.1.2 Release Notes

June 21, 2022

What's new?

Jahia 8.1.2 is a maintenance release that includes various bug fixes. Several third-party libraries have been upgraded to benefit from their latest security fixes. It also comes with a couple improvements:

  • A definition check has been introduced, at module deployment, to ensure that the newly deployed versions are compatible with the previous one, and so with the already created content
    • it is however possible to bypass this verification and force the module deployment
    • A similar verification is also done when the started version of a module is using incompatible definitions, provided by a upper version of the module
    • Find about more in the Module definition checks page
  • A new validInLanguage parameter has been added to the GraphQL API, to ensure that the returned nodes are not deactivated in the given language. Find out more in our GraphQL documentation page
  • The publication screen now better highlights the number of items to be deleted as part of the publication

Library upgrades

The following librairies were updated between Jahia 8.1.1.0 and Jahia 8.1.2.0

Library Version in Jahia 8.1.1.0 Version in Jahia 8.1.2.0
Apache Commons IO 2.8.0 2.11.0
Apache HttpClient 4.5.9 4.5.13
Apache HttpClient5 5.1.1 5.1.3
Apache HttpCore 4.4.11 4.4.15
Apache HttpCore5 5.1.1 5.1.3
Apache Log4j 2.17.1 2.17.2
Apache Tika 1.27 1.28.2
Apache Tomcat 9.0.55 9.0.62
DB Driver - MariaDB 2.7.2 2.7.2
DB Driver - MySQL 8.0.23 8.0.27
DB Driver - PostgreSQL 42.2.19 42.3.6
FasterXML Jackson 2.10.5 2.13.3
Google Gson 2.8.6 2.8.9
Google JSR305 3.0.1 3.0.2
Jaxen 1.1.1 1.2.0
Jdom 1.1 1.1.3
Jdom2 2.0.6 2.0.6.1
Jericho HTML Parser 3.3 3.4
Neko HTML 1.9.21 1.9.22.noko2
SLF4j 1.7.31 1.7.36
Thoughworks XStream 1.4.18 1.4.19

 

Updated modules

The following modules were updated between Jahia 8.1.1.0 and Jahia 8.1.2.0

Module Version in Jahia 8.1.1.0 Version in Jahia 8.1.2.0
App Shell 2.5.0 2.6.0
CKEditor 4.17.1-jahia8-1 4.17.1-jahia8-2
Graphql Provider 2.9.0 2.11.0
Jahia CSRF Guard 2.4.0 3.0.0
Jahia Page Composer 1.6.0 1.7.0
Jahia User Entries 1.2.0 1.3.0
jContent 2.6.0 2.7.0
LDAP 4.4.0 4.5.0
Module Manager 2.4.0 2.5.0
Site Settings SEO 3.2.0 3.3.0
Tools 4.1.0 4.2.0

Jahia 8.1.2.1 >> 8.1.2.3 - Changelog

Core

  • Upgraded commons-text from 1.8 to 1.10 to fix a critical vulnerability (see Security Patch - October 2022)
  • Fixed deadlock issue "Waiting for final start level to be reached" at Jahia startup

Jahia 8.1.2.0 >> 8.1.2.1 - Changelog
Jahia 8.1.2.1 fixes an issue only appearing when upgrading directly from Jahia 7.3.x to 8.1.2, both on Jahia Cloud and on-premises. Thus, it is not necessary to upgrade from 8.1.2.0 to 8.1.2.1. However it is necessary for Jahia 8.1.2.0 customers to upgrade Content Editor to version 3.4.1, as it includes a fix for a bug appearing in Jahia 8.1.2.0, and this can be done via the Module Manager UI as this version is available in the Jahia Store.

Core

  • Removed definitions checks from Jahia provisioning scripts

Content Editor (3.4.1)

  • Fixed issue with additional entries not showing up in the pickers with infinite scrolling

Security

  • Added a max size limit to 100MB and a max entries limit to 1024 for zip files to prevent zip bombs
  • Upgraded javascript dependencies to fix security vulnerabilities in Jahia Core
  • Upgraded Tomcat to 9.0.62 and backported security fix to our fork for Spring beans 3.2.18 (For more details, see Security Patch - April 2022)

Library upgrades

  • Removed smack library from being packaged
  • Upgraded commons-io from 2.8.0 to 2.11.0
  • Upgraded gson from 2.8.6 to 2.8.9
  • Upgraded httpclient5/httpcore5 from 5.1.1 to 5.1.3
  • Upgraded httpclient from 4.5.9 to 4.5.13
  • Upgraded httpcore from 4.4.11 to 4.4.15
  • Upgraded jackson libraries from 2.10.5 to 2.13.3
  • Upgraded jaxen from 1.1.1 to 1.2.0
  • Upgraded jdom from 1.1 to 1.1.3
  • Upgraded jdom2 from 2.0.6 to 2.0.6.1
  • Upgraded jericho-html from 3.3 to 3.4
  • Upgraded jsr305 from 3.0.1 to 3.0.2
  • Upgraded log4j from 2.17.1 to 2.17.2
  • Upgraded mariadb driver from 2.7.2 to 2.7.3
  • Upgraded mysql driver from 8.0.23 to 8.0.27
  • Upgraded postgresql driver from 42.2.19 to 42.3.6
  • Upgraded nekohtml from 1.9.21 to 1.9.22.noko2
  • Upgraded slf4j from 1.7.31 to 1.7.36
  • Upgraded tika from 1.27 to 1.28.2 (including dependent libraries)
  • Upgraded xstream from 1.4.18 to 1.4.19

Core

  • Added more information on deleted content when requesting publication
  • Added a way to detect potential issues in a module before its installation + an option to bypass the checks (More details here)
  • Added "Do not edit" comment in configuration file by default
  • Added option to remove jars of uninstalled modules
  • Added "View content tab" permission to the translator role
  • Updated the logging to ignore invalid tokens
  • Updated sizes of path and title in Usages tab
  • Removed unused password policy rules
  • Fixed issue when saving URL link to a file with an anchor in a richtext
  • Fixed issue with redirection missing context after a logout
  • Fixed issue with accentuated characters by using the NFC normalization when saving filename into Jahia
  • Fixed issue with Vanity URLs being copied when doing JCR node copy
  • Fixed error with permission check when saving external site domain
  • Fixed issue with journal janitor to clean old revisions only on processing node
  • Fixed issue with cluster node synchronisation when using provisioning
  • Fixed issue when importing content with special characters
  • Fixed issue with color of date icon in visibility popup
  • Fixed issue with OneDrive archives not being unzipped
  • Fixed issue with file's title not saved by processing internationalized properties with default locale

Docker

  • Added the ability to bind the properties files as a Docker volume

Installer

  • Upgraded Tomcat from 9.0.55 to 9.0.62
  • Fixed issue with Jahia installation not possible without internet connection

Page Composer

  • Fixed issue with visibility layer header
  • Fixed issue with refresh when moving a page
  • Fixed inconsistency by not displaying paste button when user does not have permission
  • Fixed issue with mobile view button showing even if channel module is stopped

JCR Search

  • Added a way to use customized excerpt processor for JCR search

Server/Site Administration

  • Added a fullscreen option for the legacy site settings (without sidebar and toolbars) (More details here)

Modules included in the upgrade to 8.1.2.0 - Changelog

AppShell (2.6.0)

  • Upgraded to Apollo3
  • Improved performances when flushing the cache key

CKEditor (4.17.1-jahia8-2)

  • Updated plugins to prepare the upcoming version of Content Editor (4.0.0)

CSRF Guard (3.0.0)

  • Upgraded OWASP csrfguard from 3.1.0 to csrfguard 4.1.4
  • Allowed TokenPerPage to be configured

GraphQL DXM Provider (2.11.0)

  • Added a max size limit to 100MB and a max entries limit to 1024 for zip files to prevent zip bombs

Jahia Page Composer (1.7.0)

  • Upgraded javascript dependencies to fix security vulnerabilities

Jahia User Entries (1.3.0)

  • Fixed issue with redirection missing context after a logout

jContent (2.7.0)

  • Improved search to return content with a dot in its system name
  • Fixed parsing error for style assets
  • Fixed rendering issue in preview for .docx
  • Fixed issue with publish to all languages not available if the content is already published in the current language

LDAP Connector (4.5.0)

  • Upgraded spring-ldap-core from 2.3.4 to 2.3.8

Module Management (2.5.0)

  • Added definition check of started modules when accessing the module management UI (only enabled by default in production mode)

SDL Generator tools (2.2.0)

  • Updated the webpack configuration following library upgrades

Site Settings SEO (3.3.0)

  • Fixed error when moving a vanity URL

Jahia Tools (4.2.0)

  • Updated module to import org.apache.commons.io.file after commons-io upgrade in Jahia Core