Jahia 8.1.5 Release Notes

January 31, 2024

What's new?

Jahia is a maintenance release replacing Jahia, which has never been made available

Jahia 8.1.5 is a maintenance release based on the scope of, with added fixes regarding some XSS vulnerability issues identified in the back office interfaces. The breaking changes initially introduced in Jahia have been removed from Jahia

Jahia release notes

Rewrite rules configuration

In jahia-page-composer 1.8.0 (packaged with Jahia, the global category flag use-query-string="true" was added to keep the query parameters when there's a redirection in Jahia. As it affects all the rewrite rules and all the urls, we made the decision to roll back this change and worked on another fix that only affects rules related to Jahia edit mode. We strongly encourage to upgrade jahia-page-composer to version 1.11.0.

Upgrading from a previous version?

Prevent usage of '<' and '>' characters for system names

Starting with Jahia, the characters '<' and '>' cannot be used anymore for node names, as they could be used for xss attacks.

Nodes containing these characters may not be editable in Content Editor, as Content Editor 4.3.0 does not allow them for the system name property. The following query can be used to identify nodes containing these characters:

select * from [nt:base] where localname() like '%>%' or localname() like '%<%' 

We strongly recommend to rename such nodes proactively, so these characters are not used anymore.

Library upgrades

The following librairies were updated between Jahia and Jahia

Library Version in Jahia Version in Jahia
Apache Felix Web Console 4.3.16-jahia1 4.3.16-jahia2
The list of upgraded libraries between and can be found in the Jahia Release notes page

Updated modules

The following modules were updated between Jahia and Jahia

Module Version in Jahia Version in Jahia
App Shell 2.8.0 2.8.1
JCR REST API 3.1.0 3.2.0
Profile 8.0.0 8.2.0
Site Settings 8.5.0 8.7.0
Tools 4.2.0 4.4.0
User Dashboard 8.4.0 8.5.0
The list of updated modules between and can be found in the Jahia Release notes page


  • Prevent usage of '<' and '>' in node names
  • Escape characters to protect user properties from XSS attacks


  • Improved the GraphQL patch mechanism to wait for the GraphQL service to be available before running the patches
  • Avoid resolutions when displaying configurations in the OSGi Configuration Manager
The to changelog can be found in the Jahia Release notes page

Modules included in the upgrade - Changelog

App Shell (2.8.1)

  • Fixed issue with custom login/error pages handling

JCR REST API (3.2.0)

  • Prevent usage of '<' and '>' in node names

Profile (8.2.0)

  • Protect user properties from XSS attacks

Site Settings (8.7.0)

  • Protect user properties from XSS attacks

Tools (4.4.0 depends on Jahia 8.1.4+)

  • Fixed issue with target and action not being reset when switching workspace

User Dashboard (8.5.0)

  • Protect user properties from XSS attacks

Modules - Changelog

The following modules have been released along with the Jahia 8.1.5 release and are not automatically updated when upgrading to 8.1.5, but can easily be updated from the administration.

Server Availability Manager (2.6.0)

  • Improved ClusterConsistency probe to return cellar state (more details here)