Jahia 8.1.2 Release Notes
June 21, 2022
What's new?
Jahia 8.1.2 is a maintenance release that includes various bug fixes. Several third-party libraries have been upgraded to benefit from their latest security fixes. It also comes with a couple improvements:
- A definition check has been introduced, at module deployment, to ensure that the newly deployed versions are compatible with the previous one, and so with the already created content
- it is however possible to bypass this verification and force the module deployment
- A similar verification is also done when the started version of a module is using incompatible definitions, provided by a upper version of the module
- Find about more in the Module definition checks page
- A new
validInLanguage
parameter has been added to the GraphQL API, to ensure that the returned nodes are not deactivated in the given language. Find out more in our GraphQL documentation page - The publication screen now better highlights the number of items to be deleted as part of the publication
Updated modules and libraries in 8.1.2.0
Library upgrades
The following librairies were updated between Jahia 8.1.1.0 and Jahia 8.1.2.0
Library | Version in Jahia 8.1.1.0 | Version in Jahia 8.1.2.0 |
---|---|---|
Apache Commons IO | 2.8.0 | 2.11.0 |
Apache HttpClient | 4.5.9 | 4.5.13 |
Apache HttpClient5 | 5.1.1 | 5.1.3 |
Apache HttpCore | 4.4.11 | 4.4.15 |
Apache HttpCore5 | 5.1.1 | 5.1.3 |
Apache Log4j | 2.17.1 | 2.17.2 |
Apache Tika | 1.27 | 1.28.2 |
Apache Tomcat | 9.0.55 | 9.0.62 |
DB Driver - MariaDB | 2.7.2 | 2.7.2 |
DB Driver - MySQL | 8.0.23 | 8.0.27 |
DB Driver - PostgreSQL | 42.2.19 | 42.3.6 |
FasterXML Jackson | 2.10.5 | 2.13.3 |
Google Gson | 2.8.6 | 2.8.9 |
Google JSR305 | 3.0.1 | 3.0.2 |
Jaxen | 1.1.1 | 1.2.0 |
Jdom | 1.1 | 1.1.3 |
Jdom2 | 2.0.6 | 2.0.6.1 |
Jericho HTML Parser | 3.3 | 3.4 |
Neko HTML | 1.9.21 | 1.9.22.noko2 |
SLF4j | 1.7.31 | 1.7.36 |
Thoughworks XStream | 1.4.18 | 1.4.19 |
Updated modules
The following modules were updated between Jahia 8.1.1.0 and Jahia 8.1.2.0
Module | Version in Jahia 8.1.1.0 | Version in Jahia 8.1.2.0 |
---|---|---|
App Shell | 2.5.0 | 2.6.0 |
CKEditor | 4.17.1-jahia8-1 | 4.17.1-jahia8-2 |
Graphql Provider | 2.9.0 | 2.11.0 |
Jahia CSRF Guard | 2.4.0 | 3.0.0 |
Jahia Page Composer | 1.6.0 | 1.7.0 |
Jahia User Entries | 1.2.0 | 1.3.0 |
jContent | 2.6.0 | 2.7.0 |
LDAP | 4.4.0 | 4.5.0 |
Module Manager | 2.4.0 | 2.5.0 |
Site Settings SEO | 3.2.0 | 3.3.0 |
Tools | 4.1.0 | 4.2.0 |
Jahia 8.1.2.1 >> 8.1.2.3 - Changelog
Core
- Upgraded commons-text from 1.8 to 1.10 to fix a critical vulnerability (see Security Patch - October 2022)
- Fixed deadlock issue "Waiting for final start level to be reached" at Jahia startup
Jahia 8.1.2.0 >> 8.1.2.1 - Changelog
Jahia 8.1.2.1 fixes an issue only appearing when upgrading directly from Jahia 7.3.x to 8.1.2, both on Jahia Cloud and on-premises. Thus, it is not necessary to upgrade from 8.1.2.0 to 8.1.2.1. However it is necessary for Jahia 8.1.2.0 customers to upgrade Content Editor to version 3.4.1, as it includes a fix for a bug appearing in Jahia 8.1.2.0, and this can be done via the Module Manager UI as this version is available in the Jahia Store.
Core
- Removed definitions checks from Jahia provisioning scripts
Content Editor (3.4.1)
- Fixed issue with additional entries not showing up in the pickers with infinite scrolling
Jahia 8.1.1.0 >> 8.1.2.0 - Changelog
Security
- Added a max size limit to 100MB and a max entries limit to 1024 for zip files to prevent zip bombs
- Upgraded javascript dependencies to fix security vulnerabilities in Jahia Core
- Upgraded Tomcat to 9.0.62 and backported security fix to our fork for Spring beans 3.2.18 (For more details, see Security Patch - April 2022)
Library upgrades
- Removed smack library from being packaged
- Upgraded commons-io from 2.8.0 to 2.11.0
- Upgraded gson from 2.8.6 to 2.8.9
- Upgraded httpclient5/httpcore5 from 5.1.1 to 5.1.3
- Upgraded httpclient from 4.5.9 to 4.5.13
- Upgraded httpcore from 4.4.11 to 4.4.15
- Upgraded jackson libraries from 2.10.5 to 2.13.3
- Upgraded jaxen from 1.1.1 to 1.2.0
- Upgraded jdom from 1.1 to 1.1.3
- Upgraded jdom2 from 2.0.6 to 2.0.6.1
- Upgraded jericho-html from 3.3 to 3.4
- Upgraded jsr305 from 3.0.1 to 3.0.2
- Upgraded log4j from 2.17.1 to 2.17.2
- Upgraded mariadb driver from 2.7.2 to 2.7.3
- Upgraded mysql driver from 8.0.23 to 8.0.27
- Upgraded postgresql driver from 42.2.19 to 42.3.6
- Upgraded nekohtml from 1.9.21 to 1.9.22.noko2
- Upgraded slf4j from 1.7.31 to 1.7.36
- Upgraded tika from 1.27 to 1.28.2 (including dependent libraries)
- Upgraded xstream from 1.4.18 to 1.4.19
Core
- Added more information on deleted content when requesting publication
- Added a way to detect potential issues in a module before its installation + an option to bypass the checks (More details here)
- Added "Do not edit" comment in configuration file by default
- Added option to remove jars of uninstalled modules
- Added "View content tab" permission to the translator role
- Updated the logging to ignore invalid tokens
- Updated sizes of path and title in Usages tab
- Removed unused password policy rules
- Fixed issue when saving URL link to a file with an anchor in a richtext
- Fixed issue with redirection missing context after a logout
- Fixed issue with accentuated characters by using the NFC normalization when saving filename into Jahia
- Fixed issue with Vanity URLs being copied when doing JCR node copy
- Fixed error with permission check when saving external site domain
- Fixed issue with journal janitor to clean old revisions only on processing node
- Fixed issue with cluster node synchronisation when using provisioning
- Fixed issue when importing content with special characters
- Fixed issue with color of date icon in visibility popup
- Fixed issue with OneDrive archives not being unzipped
- Fixed issue with file's title not saved by processing internationalized properties with default locale
Docker
- Added the ability to bind the properties files as a Docker volume
Installer
- Upgraded Tomcat from 9.0.55 to 9.0.62
- Fixed issue with Jahia installation not possible without internet connection
Page Composer
- Fixed issue with visibility layer header
- Fixed issue with refresh when moving a page
- Fixed inconsistency by not displaying paste button when user does not have permission
- Fixed issue with mobile view button showing even if channel module is stopped
JCR Search
- Added a way to use customized excerpt processor for JCR search
Server/Site Administration
- Added a fullscreen option for the legacy site settings (without sidebar and toolbars) (More details here)
Modules included in the upgrade to 8.1.2.0 - Changelog
AppShell (2.6.0)
- Upgraded to Apollo3
- Improved performances when flushing the cache key
CKEditor (4.17.1-jahia8-2)
- Updated plugins to prepare the upcoming version of Content Editor (4.0.0)
CSRF Guard (3.0.0)
- Upgraded OWASP csrfguard from 3.1.0 to csrfguard 4.1.4
- Allowed TokenPerPage to be configured
GraphQL DXM Provider (2.11.0)
- Added a max size limit to 100MB and a max entries limit to 1024 for zip files to prevent zip bombs
Jahia Page Composer (1.7.0)
- Upgraded javascript dependencies to fix security vulnerabilities
Jahia User Entries (1.3.0)
- Fixed issue with redirection missing context after a logout
jContent (2.7.0)
- Improved search to return content with a dot in its system name
- Fixed parsing error for style assets
- Fixed rendering issue in preview for .docx
- Fixed issue with publish to all languages not available if the content is already published in the current language
LDAP Connector (4.5.0)
- Upgraded spring-ldap-core from 2.3.4 to 2.3.8
Module Management (2.5.0)
- Added definition check of started modules when accessing the module management UI (only enabled by default in production mode)
SDL Generator tools (2.2.0)
- Updated the webpack configuration following library upgrades
Site Settings SEO (3.3.0)
- Fixed error when moving a vanity URL
Jahia Tools (4.2.0)
- Updated module to import org.apache.commons.io.file after commons-io upgrade in Jahia Core