Jahia 8.1.4 Release Notes
What's new?
Jahia 8.1.4 is a maintenance release that includes various bug fixes. A couple third-party libraries have been upgraded to benefit from their latest security fixes.
In Page Composer, it is now possible to configure the threshold to display a single "Any Content" button in Page Composer to create content, instead of displaying one button per available content type, by setting the value in the jahia.ui.createChildrenDirectButtons.limit
property, in the jahia.properties file. The default value has been updated from 3 to 5.
It is now possible to declare dependencies as optional. This is useful when “additional” features of a module require another module to be operational (e.g. a module providing a custom probe for the Server Availability Manager), but the module shall still be started and active even if these optional dependencies are not met. This is documented in the Package dependencies and exports page.
The Jahia 8.1.4.0 docker images can now be used for development purposes on macOS ARM architectures.
Rewrite rules configuration
use-query-string="true"
was added to keep the query parameters when there's a redirection in Jahia. As it affects all the rewrite rules and all the urls, we made the decision to roll back this change and worked on another fix that only affects rules related to Jahia edit mode. We strongly encourage to upgrade jahia-page-composer to version 1.11.0.Updated modules and libraries in 8.1.4.0
Library upgrades
The following librairies were updated between Jahia 8.1.3.0 and Jahia 8.1.4.0
Library | Version in Jahia 8.1.3.0 | Version in Jahia 8.1.4.0 |
---|---|---|
Apache Standard Taglib | 1.1.2 | 1.2.5 |
Apache Tika | 1.28.4 | 1.28.5 |
Apache Tomcat | 9.0.62 | 9.0.71 |
DB Driver - MariaDB | 3.0.7 | 3.0.9 |
DB Driver - MySQL | 8.0.31 | 8.0.32 |
DB Driver - PostgreSQL | 42.5.0 | 42.5.2 |
Jackson | 2.13.3 | 2.14.2 |
Protobuf Java | 3.21.0 | 3.21.12 |
Updated modules
The following modules were updated between Jahia 8.1.3.0 and Jahia 8.1.4.0
Module | Version in Jahia 8.1.3.0 | Version in Jahia 8.1.4.0 |
---|---|---|
App Shell | 2.7.0 | 2.8.0 |
CKEditor | 4.19.1-jahia8-2 | 4.19.1-jahia8-3 |
Content Editor | 3.4.2 | 3.5.0 |
Content Security Policy | 2.3.0 | 2.4.0 |
Content Retrieval | 8.0.0 | 8.1.0 |
Clustering | 8.1.0.4 | 8.1.0.7 |
External Provider | 4.4.0 | 4.5.0 |
External Provider Modules | 4.4.0 | 4.5.0 |
External Provider Users and Groups | 2.2.0 | 2.3.0 |
External Provider VFS | 4.4.0 | 4.5.0 |
Graphql Provider | 2.14.0 | 2.18.0 |
Jahia Administration | 1.6.0 | 1.7.0 |
Jahia CSRF Guard | 3.2.0 | 3.3.0 |
Jahia Dashboard | 1.6.0 | 1.7.0 |
Jahia Dashboard Docs | 1.1.0 | 1.2.0 |
Jahia Page Composer | 1.8.0 | 1.9.0 |
jContent | 2.8.0 | 2.10.0 |
LDAP | 4.5.0 | 4.6.0 |
Module Manager | 2.6.0 | 2.7.0 |
Personal API Tokens | 1.3.0 | 1.4.0 |
Profile | 8.0.0 | 8.1.0 |
Remote Publish | 9.3.0 | 9.5.0 |
Roles Manager | 8.4.0 | 8.5.0 |
Security Filter Tools | 2.3.0 | 2.4.0 |
Server Settings | 9.5.0 | 9.6.0 |
Site Settings | 8.5.0 | 8.6.0 |
Tools | 4.2.0 | 4.3.0 |
Jahia 8.1.3.0 >> 8.1.4.0 - Changelog
Security
- Improved zip management to prevent partial path traversal and better handle fabricated zip files
- Fixed issue with Tomcat 404 error page being shown instead of Jahia's one
- Fixed issue with CORS parameters overriden upon startup
- Upgraded commons-text library used in our Docker images to 1.10 to fix a critical vulnerability
Core
- Updated Apache Cellar to use a replicated map instead of a distributed map for the bundle synchronization
- Upgraded MariaDB driver from 3.0.7 to 3.0.9
- Upgraded PostgreSQL driver from 42.5.0 to 42.5.2
- Upgraded MySQL driver from 8.0.31 to 8.0.32
- Replaced MySQL connector mysql-connector-java by new mysql-connector-j
- Upgraded protobuf-java from 3.21.0 to 3.21.12
- Upgraded Jackson libraries from 2.13.3 to 2.14.2
- Upgraded Tika from 1.28.4 to 1.28.5 (including dependent libraries)
- Upgraded internally used JSP Standard Tag Library to 1.2.5
- Added a new property jahia.ui.createChildrenDirectButtons.limit (Default value is 5) to control the maximum number of buttons displayed in places where you can create content nodes of different types before displaying a generic single button "Any content"
- Added logs to trace the JCR node cache load
- Improved the system name generation by replacing sequences of special characters by "-" but without one at the beginning or the end
- Fixed issue with creation of non publishable node
- Fixed errors when using x:set tag by providing Xalan packages in OSGi framework bootdelegation
- Fixed issue with choice list when undeploying a template
- Fixed provisioning issue when reinstalling a module already installed in the same version (and not in snapshot)
- Fixed issue with library not found when compiling module by adding JSTL and Spring Web MVC as direct dependencies to Jahia modules
- Fixed issue in Jahia content history missing 'deleted' operations
- Fixed membershipCache expiration issue for LDAP Users/groups
- Fixed issue with addCookie call when workspace is not set by using live by default
- Fixed issue with refresh page button position in Page Composer
- Fixed rendering issue in Page Composer when scrolling down the page tree
- Fixed issue with repository explorer link not using the default UI theme
- Improved core robustness when accessing references with invalid constraints
Docker
- Improved our Docker build process to build multi platform images
- Fixed vulnerabilities in our Docker images by using an Ubuntu base image for Tomcat
Installer
- Upgraded packaged Tomcat from 9.0.62 to 9.0.71
Modules included in the upgrade - Changelog
App Shell (2.8.0)
- Fixed issue with custom login/error pages handling
CkEditor (4.19.1-jahia8-3)
- Disabled wsc spellcheck plugin and use native spellchecking instead
Content Editor (3.5.0)
- Fixed error when editing a content which has a broken reference
- Fixed slow display of pages in the editorial link picker
Content Security Policy (2.4.0)
- Updated jahia-depends property to have more accurate dependencies
Content Retrieval (8.1.0)
- Updated jahia-depends property to have more accurate dependencies
External Provider (4.5.0)
- Updated jahia-depends property to have more accurate dependencies
External Provider Users and Groups (2.3.0)
- Updated jahia-depends property to have more accurate dependencies
GraphQL DXM Provider (2.18.0)
- Fixed error when editing a content which has a broken reference
Also introduced in GraphQL DXM Provider (2.17.0):
- Added new endpoint to provide details about the platform used by Jahia
- Added new endpoints to get and update Roles and ACL
- Fixed loading error when content usages cannot be retrieved
- Fixed issue with mime type not correctly resolved for unzipped files
Also introduced in GraphQL DXM Provider (2.16.0):
- Fixed issue when editing a content with broken references
- Fixed inconsistencies in GraphQL schema when redeploying a module or deleting/restarting a container
- Added debug logs to trace addition and removal of extensions
Also introduced in GraphQL DXM Provider (2.15.0):
- Improved zip management to prevent partial path traversal and better handle fabricated zip files
- Added new endpoint to access background jobs
- Added new entrypoint to get available translations for a node
- Fixed issue with query not using fallback language
- Fixed issue when unzipping in jContent on a Windows server
- Fixed issue when unzipping folder with sub folders in jContent
- Fixed issue with javascript not loaded while rendering in preview
Jahia Administration (1.7.0)
- Updated jahia-depends property to have more accurate dependencies
Jahia CSRF Guard (3.3.0)
- Improved the header check to prevent polluting errors in Chrome
Jahia Dashboard (1.7.0)
- Updated jahia-depends property to have more accurate dependencies
Jahia Dashboard Docs (1.2.0)
- Updated jahia-depends property to have more accurate dependencies
Jahia Page Composer (1.9.0)
- Updated jahia-depends property to have more accurate dependencies
jContent (2.10.0)
- Introduced search in dropdown for site and language switchers
- Fixed errors in the js console when clicking on a card
- Fixed issue with action buttons being displayed when preview is opened
Also introduced in jContent (2.9.0):
- Various improvements for the new Content Editor support (4.2.0)
- Added drag and drop to move files and folders to other folders
- Improved contextual menu display time
- Fixed issue with javascript not loaded while rendering in preview
- Fixed icon for download in jContent's 3 dot menu
LDAP (4.6.0)
- Fixed issue with cache flush for LDAP across cluster by inheriting Jahia default cache config
Module Manager (2.7.0 depends on Jahia 8.1.4)
- Updated jahia-depends property to have more accurate dependencies
- Added logs to trace activity of wiring refresh
- Added a warning message in the UI when a module has multiple versions
- Introduced an "optional" property in jahia-depends
- Added the optional dependencies with their statuses in the UI
Personal API Tokens (1.4.0)
- Updated jahia-depends property to have more accurate dependencies
Profile (8.1.0)
- Updated jahia-depends property to have more accurate dependencies
Remote Publish (9.5.0)
- Added the possibility to provide a list of modules to be excluded from the remote publication verification phase (set skipVerificationForModules to a list of comma separated modules in org.jahia.modules.remotepublish.cfg)
- Updated jahia-depends property to have more accurate dependencies
Roles Manager (8.5.0)
- Updated jahia-depends property to have more accurate dependencies
Security Filter Tools (2.4.0)
- Updated jahia-depends property to have more accurate dependencies
Server Settings (9.6.0)
- Updated jahia-depends property to have more accurate dependencies
Site Settings (8.6.0)
- Updated jahia-depends property to have more accurate dependencies
- Added group name as tooltip in the membership list
Tools (4.3.0 depends on Jahia 8.1.4)
- Improved JCR integrity tools to log invalid reference errors
- Improved Karaf command line tool privileges to match Karaf console's privileges
- Added a feature in the tools to remove jars of uninstalled modules
- Added missing referencing nodes in the JCR integrity tool
- Fixed management of RenderFilter from the tools