Jahia 8.1.6 Release Notes

What's new?

Jahia 8.1.6 is a maintenance release that includes various bug fixes and a couple improvements:

.webp thumbnails are now displayed in jContent
The deletion modal has been reworked in jContent, however the one in Page Composer remains the same
Developers can now find the target of setting panels, and jContent context menu actions, by looking at the html source of an element: this will simplify the registration of custom setting panels and actions!
- See Adding settings pages and Understanding Jahia's component registry

The procedure Updating module versions with minimal downtime has been updated and simplified.

Due to an issue in a library used by Jahia (Mvel2), versions prior to 8.1.6.0 are not compatible with JVM versions starting with "11+" like the one provided by OpenJDK 11 GA ("11+28"). This issue has been fixed in Jahia 8.1.6.0.

Rewrite rules configuration

In jahia-page-composer 1.8.0 (packaged with Jahia 8.1.3.0), the global category flag use-query-string="true" was added to keep the query parameters when there's a redirection in Jahia. As it affects all the rewrite rules and all the urls, we made the decision to roll back this change and worked on another fix that only affects rules related to Jahia edit mode. We strongly encourage to upgrade jahia-page-composer to version 1.11.0.

Updated modules and libraries in 8.1.6.0

Library upgrades

The following librairies were updated between Jahia 8.1.5.0 and Jahia 8.1.6.0

Library	Version in Jahia 8.1.5.0	Version in Jahia 8.1.6.0
Apache Tomcat	9.0.71	9.0.75
DB Driver - MySQL	8.0.32	8.0.33
DB Driver - MSSQL	9.2.1.jre8	9.4.1.jre8
DB Driver - Oracle	21.1.0.0	21.9.0.0
DB Driver - PostgreSQL	42.5.2	42.6.0
Mvel2	2.1.7	2.1.7.Jahia1
Xalan	2.7.2	2.7.3

Updated modules

The following modules were updated between Jahia 8.1.5.0 and Jahia 8.1.6.0

Module	Version in Jahia 8.1.5.0	Version in Jahia 8.1.6.0
CKEditor	4.19.1-jahia8-3	4.21.0-jahia8-5
Content Editor	3.5.0	3.6.0
Clustering	8.1.0.7	8.1.0.8
External Provider	4.5.0	4.6.0
External Provider Modules	4.5.0	4.6.0
External Provider VFS	4.5.0	4.6.0
Graphql Provider	2.18.0	2.19.0
Jahia Administration	1.6.0	1.8.0
Jahia Category Manager	1.2.0	1.3.0
Jahia CSRF Guard	3.3.0	3.4.0
Jahia Dashboard	1.7.0	1.8.0
Jahia Developer Tools	1.0.0	1.1.0
Jahia Page Composer	1.9.0	1.10.0
Jahia Repository Explorer	1.4.0	1.5.0
Jahia UI Root	1.7.0	1.8.0
Jahia User Entries	1.4.0	1.5.0
jContent	2.10.0	2.11.0
Module Manager	2.7.0	2.8.0
Remote Publish	9.5.0	9.7.0
SDL generator Tools	2.2.0	2.3.0
Server Settings	9.6.0	9.7.0
Server Settings EE	9.2.0	9.3.0
Site Settings SEO	3.5.0	4.2.0

Jahia 8.1.6.0 >> 8.1.6.1 - Changelog

Core

Disabled Apache Karaf RMI to address vulnerability (see Security Patch - August 8th, 2023)
Updated Apache Shiro to 1.12.0 to address vulnerability (see Security Patch - August 30th, 2023)
Addressed a CSRF vulnerability (see Security Patch - August 30th, 2023)
Addressed a GraphQL vulnerability (see Security Patch - August 30th, 2023)

Jahia 8.1.5.0 >> 8.1.6.0 - Changelog

Security

Applied admin permissions on these endpoints: findUser, findUsersAndGroups, findUsersAndGroupsInAcl
Fixed XSS vulnerability in GWT page composer

Core

Upgraded mvel2 from 2.1.7 to 2.1.7.Jahia1 to fix an issue preventing usage of JVM version starting with "11+" (like in OpenJDK 11 GA: 11+28)
Upgraded xalan and serializer from 2.7.2 to 2.7.3
Upgraded MySQL driver from 8.0.32 to 8.0.33
Upgraded MSSQL driver from 9.2.1.jre8 to 9.4.1.jre8
Upgraded PostgreSQL driver from 42.5.2 to 42.6.0
Upgraded Oracle driver from 21.1.0.0 to 21.9.0.0
Removed unused dependency to jstl-1.2
Added the history tab in Repository Explorer
Added a new property to prevent initJahiaContext from being injected in live mode (more details here)
Added registry target, and key, in the html attribute of setting panels and jContent actions
Hide stacktrace in html if not in dev mode
Removed unused jahia.find.propertiesToSkip property
Removed unexpected stream close when exporting site with a groovy script
Fixed issue with event listener using nodetypes filtering that were not receiving property events on i18n properties
Fixed memory leak when using JCRTemplate.doExecute function with guest user
Fixed usage of jcr:cd with space in filename or folder
Fixed issue where the extra div for main module break further changes in tags under body
Fixed issue with external events being skipped during cluster journal sync
Fixed issue with file caching when no lastModifiedDate is provided by using the current date
Fixed issue with Template titles coming from a resource bundle (jmix:rbTitle) that were displayed

Docker

Added additional exposed port (8000) in Docker image (used by Tomcat JPDA debugging by default)
When using Jahia in Docker, fixed improper shutdown on UNIX-based platforms when using a kill command

External Data Provider

Fixed the zip being corrupted when downloading as zip files and folders from a mount point

Import/Export

Fixed issue when importing an unstructured content from the edit mode

Installer

Upgraded Tomcat from 9.0.71 to 9.0.75

Module Management

Added option to install/start/stop/uninstall bundles locally on a cluster node using modules API and provisioning
Fixed sequence order (stop, refresh, start) during module start operation

Sitemap

Fixed memory leak issue on sitemap generation

Modules included in the upgrade - Changelog

CKEditor (4.21.0-jahia8-5)

Upgraded ckeditor4 from 4.19.1 to 4.21.0
Fixed issue with Macros menu not being displayed

Content Editor (3.6.0)

Fixed wrong publication icon

Default skins (8.1.0)

Updated jahia-depends property to have more accurate dependencies

GraphQL DXM Provider (2.19.0)

Introduced a new GraphQL node to fetch journal revisions and cluster in sync status
A version is now created when uploading a file to replace an existing one
Fixed issue with a translated property being duplicated after internationalization of the related content

Jahia Administration (1.8.0)

Added registry target, and key, in the html attribute of the setting panel

Jahia Category Manager (1.3.0)

Added registry target, and key, in the html attribute of the setting panel

Jahia CSRF Guard (3.4.0)

Upgraded csrfguard to 4.3.0 to add support for multiple domain origin

Jahia Dashboard (1.8.0)

Added registry target, and key, in the html attribute of the setting panel

Jahia Developer Tools (1.1.0)

Added registry target, and key, in the html attribute of the setting panel
Upgraded webpack to version 5.78.0
Upgraded ui-extender to version 1.0.6
Upgraded data-helper to version 1.0.7
Added a dependency to jahia-ui-root

Jahia Page Composer (1.10.0)

Added registry target, and key, in the html attribute of the setting panel
Fixed an issue with the iframe error check returning a 404 when the metadata starts with "40*" in Page Composer
Removed the multiple "redirect=false" parameter added to the url when refreshing Page Composer

Jahia Repository Explorer (1.5.0)

Added registry target, and key, in the html attribute of the setting panel

Jahia UI Root (1.8.0)

Added registry target, and key, in the html attribute of the setting panel
Disabled authoring UI when read-only mode is enabled
Fixed issue with left navigation icons that were not displayed on small screens
Fixed "Page not found" error when switching sites in Page Composer

Jahia User Entries (1.5.0)

Added registry target, and key, in the html attribute of the setting panel
Fixed logout issue when using a custom LogoutUrlProvider

jContent (1.11.0)

Added registry target, and key, in the html attribute of the setting panel
Upgraded ui-extender to version 1.0.9
Upgraded data-helper to version 1.1.2
Upgraded Apollo client to version 3.5.10
Added a dependency to app-shell 2.6.0+
Improved the jContent header design in responsive mode and when there's a multiple selection
Added a new modal for content deletion
Added the display of a modal when clicking on an external link
Added a dropdown with selected items in the action toolbar
The selection in jContent can now be cleared using the escape key
Keep selection in jContent when switching between list and structured views
Thumbnails of .webp and images with no file extension are now displayed
New check preventing files with special characters from being uploaded
Improved the display of small images (width < 200px) in thumbnail view
A version is now created when uploading a file to replace an existing one
Fixed an issue with content that couldn't be pasted due to faulty content type restriction check
Fixed issue with the publication menu not refreshed after replacing a file

Module Manager (2.8.0)

Fixed issue when searching for "Download" in the module manager administration that returned all modules
Avoid module administration UI crash when something goes wrong during a module startup

Remote Publish (9.7.0)

Fixed issue with origin header value when using a context

SDL Generator Tools (2.3.0)

Updated jahia-depends property to have more accurate dependencies

Server Settings (9.7.0)

Upgraded to webpack5 and removed compat mode from appshell
Upgraded webpack to version 5.78.0
Upgraded ui-extender to version 1.0.6
Added a dependency to app-shell
Fixed XSS vulnerability when importing a file

Server Settings EE (9.3.0)

Upgraded to webpack5 and removed compat mode from appshell
Upgraded webpack to version 5.78.0
Upgraded ui-extender to version 1.0.6
Added a dependency to app-shell

Site Settings SEO (4.2.0)

Upgraded data-helper to version 1.1.4
Upgraded Apollo client to version 3.5.10
Added a dependency to app-shell 2.6.0+

Modules - Changelog

The following modules have been released along with the Jahia 8.1.6 release and are not automatically updated when upgrading to 8.1.6, but can easily be updated from the administration.

CMIS Provider (3.3.0 - depends on Jahia 8.1.5)

Improved XML parser to use a secured one
Disabled the sample mount point config file, generating harmless logs at startup

SAML Authentication Valve (2.4.0 - depends on Jahia 8.1.5)

Upgraded xalan from 2.7.2 to 2.7.3
Fixed issue with incorrect redirection path provided in the cookie