Jahia 8.1.3 Release Notes
January 31, 2024
What's new?
Jahia 8.1.3 is a maintenance release that includes various bug fixes. Several third-party libraries have been upgraded to benefit from their latest security fixes. It also comes with a couple improvements:
- Folders, and their structure, can now be uploaded directly by drag and drop in jContent! No need to zip a folder, upload it and then unzip it.
- The Crop / Rotate / Resize options for images are now available in a modal. The features and behavior remain unchanged, we have only changed the way they are presented.
- Module management administration screen:
- Using configuration files, you can now disable the start/stop/deploy/undeploy module operations in this interface, for instance to prevent a critical module from being stopped. You can use version ranges, per module, to configure the list of disabled operations. This only applies for the Module management administration UI, as the OSGi console and module management API are not impacted by this feature.
- You can display info or warning messages at the top of the module administration page, using a yml or configuration file
- Introduced dedicated permissions for the admin node in Graphql Provider, this allows for additional fine-tuning of the access for mutations and queries using this node.
- Introduced a new permission in Personal API Tokens, to restrict access to "My API tokens"
Content Editor 4.1 is compatible with Jahia 8.1.3. It is not included by default in this Jahia version, but can be downloaded from the store. Learn more about Content Editor 4.1
Rewrite rules configuration
In jahia-page-composer 1.8.0 (packaged with Jahia 8.1.3.0), the global category flag
use-query-string="true"
was added to keep the query parameters when there's a redirection in Jahia. As it affects all the rewrite rules and all the urls, we made the decision to roll back this change and worked on another fix that only affects rules related to Jahia edit mode. We strongly encourage to upgrade jahia-page-composer to version 1.11.0.Updated modules and libraries in 8.1.3.0
Library upgrades
The following librairies were updated between Jahia 8.1.2.0 and Jahia 8.1.3.0
Library | Version in Jahia 8.1.2.0 | Version in Jahia 8.1.3.0 |
---|---|---|
Apache Commons Test | 1.8.0 | 1.10.0 |
Apache Shiro | 1.8.0 | 1.10.0 |
Apache Tika | 1.28.2 | 1.28.4 |
DB Driver - MariaDB | 2.7.2 | 3.0.7 |
DB Driver - MSSQL | 9.2.1.jre8 | 11.2.0.jre8 |
DB Driver - MySQL | 8.0.27 | 8.0.30 |
DB Driver - Oracle | 18.3.0.0 | 21.1.0.0 |
DB Driver - PostgreSQL | 42.3.6 | 42.5.0 |
Woodstox ASL | 3.2.7 |
Updated modules
The following modules were updated between Jahia 8.1.2.0 and Jahia 8.1.3.0
Module | Version in Jahia 8.1.2.0 | Version in Jahia 8.1.3.0 |
---|---|---|
App Shell | 2.6.0 | 2.7.0 |
Bootstrap Core | 4.2.0 | 4.2.1 |
Bootstrap Components | 4.2.0 | 4.2.1 |
CKEditor | 4.17.1-jahia8-2 | 4.19.1-jahia8-2 |
Content Editor | 3.4.0 | 3.4.2 |
Content Security Policy | 2.2.0 | 2.3.0 |
Default | 8.5.0 | 8.6.0 |
External Provider | 4.3.0 | 4.4.0 |
External Provider Modules | 4.3.0 | 4.4.0 |
External Provider Users and Groups | 2.1.0 | 2.2.0 |
External Provider VFS | 4.3.0 | 4.4.0 |
Graphql Provider | 2.11.0 | 2.14.0 |
Jahia Administration | 1.5.0 | 1.6.0 |
Jahia CSRF Guard | 3.0.0 | 3.2.0 |
Jahia Dashboard | 1.5.0 | 1.6.0 |
Jahia Page Composer | 1.7.0 | 1.8.0 |
Jahia Repository Explorer | 1.3.0 | 1.4.0 |
Jahia UI Root | 1.6.0 | 1.7.0 |
Jahia User Entries | 1.3.0 | 1.4.0 |
jContent | 2.7.0 | 2.8.0 |
Module Manager | 2.5.0 | 2.6.0 |
Personal API Tokens | 1.1.0 | 1.3.0 |
Roles Manager | 8.3.0 | 8.4.0 |
Security Filter Tools | 2.2.0 | 2.3.0 |
Server Settings | 9.4.0 | 9.5.0 |
Site Settings | 8.4.0 | 8.5.0 |
Site Settings SEO | 3.3.0 | 3.5.0 |
Jahia 8.1.2.0 >> 8.1.3.0 - Changelog
Security
- Upgraded Apache Commons Text from 1.8 to 1.10 to fix a critical vulnerability (see Security Patch - October 2022)
- Upgraded Apache Shiro from 1.8 to 1.10 to fix a critical vulnerability (see Security Patch - November 2022)
Core
- Added debug logs when cache dependencies limit is exceeded
- Increased the number of allowed JDBC connection to match the default tomcat configuration
- Removed usage of jquery 2.1.4
- Added a method, in WorkflowObservationManager, to remove a workflow listener
- Fixed deadlock issue "Waiting for final start level to be reached" at Jahia startup
- Fixed concurrency issue with minified files being created at the same time by different users
- Fixed issue with provisioning in cluster
- Fixed Page Composer language switcher not being updated when changing the language directly in the site
- Updated DB drop script to only try to drop a table if it exists
- Fixed issue with site users not able to log in
- Fixed ImageMagick URL used in Jahia Docker images
- Fixed out of memory error when moving a long list of categories
- Fixed encoding issue of the query string when redirecting to the default vanity URL
- Fixed encoding issue in the cache key part generator with template:module tag
- Fixed issue with spring validation groups by using a new resolver mechanism
- Fixed issue with Jackson annotation by delegating class mapping to OSGi
- Fixed backup/restore issue with "org.ops4j.pax.url.mvn.cfg"
- Removed jahiaToolManagerUsername and jahiaToolManagerPassword from jahia.properties
- Fixed issue with rules registration/unregistration when multiple modules have same display name
- Removed wstx-asl-3.2.7 library due to conflict with woodstox-core-6.2.8
- Fixed ordering of multiple values in import/export
Modules included in the upgrade - Changelog
App Shell (2.7.0)
- Fixed issue with site users not able to log in
CkEditor (4.19.1-jahia8-2)
- Upgraded ckeditor4 from 4.17.1 to 4.19.1
Content Editor (3.4.2)
- Made Content Editor 3.4 compatible with Apollo 3
Content Security Policy (2.3.0)
- Added nonce injection mechanism
Default (8.6.0)
- Fixed issue when removing a group with special characters in role management panel
External Provider (4.4.0)
- Upgraded packages to fix javascript vulnerabilities
- Fixed issue when retrieving property type from external data provider
- Fixed issue in external data provider queries where hasNode would return true for properties
External Provider Users and Groups (2.2.0)
- Upgraded packages to fix javascript vulnerabilities
GraphQL Provider (2.14.0)
- Added missing description to GraphQL admin permissions
Jahia Administration (1.6.0)
- Upgraded packages to fix javascript vulnerabilities
- Fixed javascript error in site switcher when accessing "Administration > Sites"
- Fixed issue when switching sites from panel not enabled on target site
- Fixed issue with site users not able to log in
Jahia CSRF Guard (3.2.0)
- Updated the token holder to store the tokens in the session
- Minified CSRFGuard template javascript to save space
Jahia Page Composer (1.8.0)
- Fixed issue with special characters in system name
- Fixed issue with site users not able to log in
- Fixed issue with query parameter not preserved
Jahia Repository Explorer (1.4.0)
- Upgraded packages to fix javascript vulnerabilities
Jahia UI Root (1.7.0)
- Upgraded packages to fix javascript vulnerabilities
Jahia User Entries (1.4.0)
- Upgraded packages to fix javascript vulnerabilities
jContent (2.8.0)
- Various improvements for the new Content Editor pickers support (4.1.0)
- Moved image editor to a modal
- Added the time in last modification date
- Replaced view icon by dropdown
- Added download modal (with download link in staging and in live)
- Replaced the "Zip" folder/file feature with a more efficient "Download as zip" feature
- Improved the image resizing tool by using the current image resolution as max value
- Fixed issue when publishing modification or deletion of several items
- Fixed issue when publishing the deletion of multiple files/content
- Fixed the size of the horizontal scrollbar in Firefox
- Fixed issue with site users not able to log in
Module Manager (2.6.0)
- Added a configuration to prevent customers from doing some operations in the module UI
- Prevented deployment of “disabled” modules from the UI / store tab
- Added a configuration to allow display of info and warning messages in Jahia Module Administration screen
- Upgraded packages to fix javascript vulnerabilities
- Fixed validation error when deleting a forge
Personal API Tokens (1.3.0)
- Added a new permission "Personal api tokens" (under "Developer tools") to restrict access to "My API tokens"
- Added French and German translations
- Upgraded packages to fix javascript vulnerabilities
- Added noImportExport mixin to prevent export of the tokens
Roles Manager (8.4.0)
- Upgraded packages to fix javascript vulnerabilities
Security Filter Tools (2.3.0)
- Upgraded packages to fix javascript vulnerabilities
Server Settings (9.5.0)
- Upgraded packages to fix javascript vulnerabilities
- Removed import of db_settings.png in repository.xml
Site Settings (8.5.0)
- Upgraded packages to fix javascript vulnerabilities
Site Settings SEO (3.5.0)
- Fixed issue with vanity URLs starting with an integer
- Fixed flickering when reloading VanityURL dashboard
Modules - Changelog
The following modules have been released along with the Jahia 8.1.3 release and are not automatically updated when upgrading to 8.1.3, but can easily be updated from the administration.
Bootstrap3 (4.2.1) Core & Components
- Fixed issue with incorrect tag used to display sub view
Distributed Sessions (3.4.0)
- Removed dependency to jahia-csrf-guard
Server Availability Manager (2.3.0)
- Added new SearchIndex probe returning statistics about performance of search indices (more details here: Monitoring your servers)