Jahia 8.1.4 Release Notes

What's new?

Jahia 8.1.4 has never been made available as breaking changes and security issues were identified before we actually published this version. It has been replaced by Jahia 8.1.5.0

Jahia 8.1.4 is a maintenance release that includes various bug fixes. A couple third-party libraries have been upgraded to benefit from their latest security fixes.

In Page Composer, it is now possible to configure the threshold to display a single "Any Content" button in Page Composer to create content, instead of displaying one button per available content type, by setting the value in the jahia.ui.createChildrenDirectButtons.limit property, in the jahia.properties file. The default value has been updated from 3 to 5.

It is now possible to declare dependencies as optional. This is useful when “additional” features of a module require another module to be operational (e.g. a module providing a custom probe for the Server Availability Manager), but the module shall still be started and active even if these optional dependencies are not met. This is documented in the Package dependencies and exports page.

The Jahia 8.1.4.0 docker images can now be used for development purposes on macOS ARM architectures.

Rewrite rules configuration

In jahia-page-composer 1.8.0 (packaged with Jahia 8.1.3.0), the global category flag use-query-string="true" was added to keep the query parameters when there's a redirection in Jahia. As it affects all the rewrite rules and all the urls, we made the decision to roll back this change and worked on another fix that only affects rules related to Jahia edit mode. We strongly encourage to upgrade jahia-page-composer to version 1.11.0.

Updated modules and libraries in 8.1.4.0

Library upgrades

The following librairies were updated between Jahia 8.1.3.0 and Jahia 8.1.4.0

Library	Version in Jahia 8.1.3.0	Version in Jahia 8.1.4.0
Apache Standard Taglib	1.1.2	1.2.5
Apache Tika	1.28.4	1.28.5
Apache Tomcat	9.0.62	9.0.71
DB Driver - MariaDB	3.0.7	3.0.9
DB Driver - MySQL	8.0.31	8.0.32
DB Driver - PostgreSQL	42.5.0	42.5.2
Jackson	2.13.3	2.14.2
Protobuf Java	3.21.0	3.21.12

Updated modules

The following modules were updated between Jahia 8.1.3.0 and Jahia 8.1.4.0

Module	Version in Jahia 8.1.3.0	Version in Jahia 8.1.4.0
App Shell	2.7.0	2.8.0
CKEditor	4.19.1-jahia8-2	4.19.1-jahia8-3
Content Editor	3.4.2	3.5.0
Content Security Policy	2.3.0	2.4.0
Content Retrieval	8.0.0	8.1.0
Clustering	8.1.0.4	8.1.0.7
External Provider	4.4.0	4.5.0
External Provider Modules	4.4.0	4.5.0
External Provider Users and Groups	2.2.0	2.3.0
External Provider VFS	4.4.0	4.5.0
Graphql Provider	2.14.0	2.18.0
Jahia Administration	1.6.0	1.7.0
Jahia CSRF Guard	3.2.0	3.3.0
Jahia Dashboard	1.6.0	1.7.0
Jahia Dashboard Docs	1.1.0	1.2.0
Jahia Page Composer	1.8.0	1.9.0
jContent	2.8.0	2.10.0
LDAP	4.5.0	4.6.0
Module Manager	2.6.0	2.7.0
Personal API Tokens	1.3.0	1.4.0
Profile	8.0.0	8.1.0
Remote Publish	9.3.0	9.5.0
Roles Manager	8.4.0	8.5.0
Security Filter Tools	2.3.0	2.4.0
Server Settings	9.5.0	9.6.0
Site Settings	8.5.0	8.6.0
Tools	4.2.0	4.3.0

Jahia 8.1.3.0 >> 8.1.4.0 - Changelog

Security

Improved zip management to prevent partial path traversal and better handle fabricated zip files
Fixed issue with Tomcat 404 error page being shown instead of Jahia's one
Fixed issue with CORS parameters overriden upon startup
Upgraded commons-text library used in our Docker images to 1.10 to fix a critical vulnerability

Core

Updated Apache Cellar to use a replicated map instead of a distributed map for the bundle synchronization
Upgraded MariaDB driver from 3.0.7 to 3.0.9
Upgraded PostgreSQL driver from 42.5.0 to 42.5.2
Upgraded MySQL driver from 8.0.31 to 8.0.32
Replaced MySQL connector mysql-connector-java by new mysql-connector-j
Upgraded protobuf-java from 3.21.0 to 3.21.12
Upgraded Jackson libraries from 2.13.3 to 2.14.2
Upgraded Tika from 1.28.4 to 1.28.5 (including dependent libraries)
Upgraded internally used JSP Standard Tag Library to 1.2.5
Added a new property jahia.ui.createChildrenDirectButtons.limit (Default value is 5) to control the maximum number of buttons displayed in places where you can create content nodes of different types before displaying a generic single button "Any content"
Added logs to trace the JCR node cache load
Improved the system name generation by replacing sequences of special characters by "-" but without one at the beginning or the end
Fixed issue with creation of non publishable node
Fixed errors when using x:set tag by providing Xalan packages in OSGi framework bootdelegation
Fixed issue with choice list when undeploying a template
Fixed provisioning issue when reinstalling a module already installed in the same version (and not in snapshot)
Fixed issue with library not found when compiling module by adding JSTL and Spring Web MVC as direct dependencies to Jahia modules
Fixed issue in Jahia content history missing 'deleted' operations
Fixed membershipCache expiration issue for LDAP Users/groups
Fixed issue with addCookie call when workspace is not set by using live by default
Fixed issue with refresh page button position in Page Composer
Fixed rendering issue in Page Composer when scrolling down the page tree
Fixed issue with repository explorer link not using the default UI theme
Improved core robustness when accessing references with invalid constraints

Docker

Improved our Docker build process to build multi platform images
Fixed vulnerabilities in our Docker images by using an Ubuntu base image for Tomcat

Installer

Upgraded packaged Tomcat from 9.0.62 to 9.0.71

Modules included in the upgrade - Changelog

App Shell (2.8.0)

Fixed issue with custom login/error pages handling

CkEditor (4.19.1-jahia8-3)

Disabled wsc spellcheck plugin and use native spellchecking instead

Content Editor (3.5.0)

Fixed error when editing a content which has a broken reference
Fixed slow display of pages in the editorial link picker

Content Security Policy (2.4.0)

Updated jahia-depends property to have more accurate dependencies

Content Retrieval (8.1.0)

Updated jahia-depends property to have more accurate dependencies

External Provider (4.5.0)

Updated jahia-depends property to have more accurate dependencies

External Provider Users and Groups (2.3.0)

Updated jahia-depends property to have more accurate dependencies

GraphQL DXM Provider (2.18.0)

Fixed error when editing a content which has a broken reference

Also introduced in GraphQL DXM Provider (2.17.0):

Added new endpoint to provide details about the platform used by Jahia
Added new endpoints to get and update Roles and ACL
Fixed loading error when content usages cannot be retrieved
Fixed issue with mime type not correctly resolved for unzipped files

Also introduced in GraphQL DXM Provider (2.16.0):

Fixed issue when editing a content with broken references
Fixed inconsistencies in GraphQL schema when redeploying a module or deleting/restarting a container
Added debug logs to trace addition and removal of extensions

Also introduced in GraphQL DXM Provider (2.15.0):

Improved zip management to prevent partial path traversal and better handle fabricated zip files
Added new endpoint to access background jobs
Added new entrypoint to get available translations for a node
Fixed issue with query not using fallback language
Fixed issue when unzipping in jContent on a Windows server
Fixed issue when unzipping folder with sub folders in jContent
Fixed issue with javascript not loaded while rendering in preview

Jahia Administration (1.7.0)

Updated jahia-depends property to have more accurate dependencies

Jahia CSRF Guard (3.3.0)

Improved the header check to prevent polluting errors in Chrome

Jahia Dashboard (1.7.0)

Updated jahia-depends property to have more accurate dependencies

Jahia Dashboard Docs (1.2.0)

Updated jahia-depends property to have more accurate dependencies

Jahia Page Composer (1.9.0)

Updated jahia-depends property to have more accurate dependencies

jContent (2.10.0)

Introduced search in dropdown for site and language switchers
Fixed errors in the js console when clicking on a card
Fixed issue with action buttons being displayed when preview is opened

Also introduced in jContent (2.9.0):

Various improvements for the new Content Editor support (4.2.0)
Added drag and drop to move files and folders to other folders
Improved contextual menu display time
Fixed issue with javascript not loaded while rendering in preview
Fixed icon for download in jContent's 3 dot menu

LDAP (4.6.0)

Fixed issue with cache flush for LDAP across cluster by inheriting Jahia default cache config

Module Manager (2.7.0 depends on Jahia 8.1.4)

Updated jahia-depends property to have more accurate dependencies
Added logs to trace activity of wiring refresh
Added a warning message in the UI when a module has multiple versions
Introduced an "optional" property in jahia-depends
Added the optional dependencies with their statuses in the UI

Personal API Tokens (1.4.0)

Updated jahia-depends property to have more accurate dependencies

Profile (8.1.0)

Updated jahia-depends property to have more accurate dependencies

Remote Publish (9.5.0)

Added the possibility to provide a list of modules to be excluded from the remote publication verification phase (set skipVerificationForModules to a list of comma separated modules in org.jahia.modules.remotepublish.cfg)
Updated jahia-depends property to have more accurate dependencies

Roles Manager (8.5.0)

Updated jahia-depends property to have more accurate dependencies

Security Filter Tools (2.4.0)

Updated jahia-depends property to have more accurate dependencies

Server Settings (9.6.0)

Updated jahia-depends property to have more accurate dependencies

Site Settings (8.6.0)

Updated jahia-depends property to have more accurate dependencies
Added group name as tooltip in the membership list

Tools (4.3.0 depends on Jahia 8.1.4)

Improved JCR integrity tools to log invalid reference errors
Improved Karaf command line tool privileges to match Karaf console's privileges
Added a feature in the tools to remove jars of uninstalled modules
Added missing referencing nodes in the JCR integrity tool
Fixed management of RenderFilter from the tools