Jahia 8.1.6 Release Notes
January 31, 2024
What's new?
Jahia 8.1.6 is a maintenance release that includes various bug fixes and a couple improvements:
- .webp thumbnails are now displayed in jContent
- The deletion modal has been reworked in jContent, however the one in Page Composer remains the same
- Developers can now find the target of setting panels, and jContent context menu actions, by looking at the html source of an element: this will simplify the registration of custom setting panels and actions!
The procedure Updating module versions with minimal downtime has been updated and simplified.
Due to an issue in a library used by Jahia (Mvel2), versions prior to 8.1.6.0 are not compatible with JVM versions starting with "11+" like the one provided by OpenJDK 11 GA ("11+28"). This issue has been fixed in Jahia 8.1.6.0.
Rewrite rules configuration
In jahia-page-composer 1.8.0 (packaged with Jahia 8.1.3.0), the global category flag
use-query-string="true"
was added to keep the query parameters when there's a redirection in Jahia. As it affects all the rewrite rules and all the urls, we made the decision to roll back this change and worked on another fix that only affects rules related to Jahia edit mode. We strongly encourage to upgrade jahia-page-composer to version 1.11.0.Updated modules and libraries in 8.1.6
Library upgrades
The following librairies were updated between Jahia 8.1.5.0 and Jahia 8.1.6.0
Library | Version in Jahia 8.1.5.0 | Version in Jahia 8.1.6.0 |
---|---|---|
Apache Tomcat | 9.0.71 | 9.0.75 |
DB Driver - MySQL | 8.0.32 | 8.0.33 |
DB Driver - MSSQL | 9.2.1.jre8 | 9.4.1.jre8 |
DB Driver - Oracle | 21.1.0.0 | 21.9.0.0 |
DB Driver - PostgreSQL | 42.5.2 | 42.6.0 |
Mvel2 | 2.1.7 | 2.1.7.Jahia1 |
Xalan | 2.7.2 | 2.7.3 |
Updated modules
The following modules were updated between Jahia 8.1.5.0 and Jahia 8.1.6.0
Module | Version in Jahia 8.1.5.0 | Version in Jahia 8.1.6.0 |
---|---|---|
CKEditor | 4.19.1-jahia8-3 | 4.21.0-jahia8-5 |
Content Editor | 3.5.0 | 3.6.0 |
Clustering | 8.1.0.7 | 8.1.0.8 |
External Provider | 4.5.0 | 4.6.0 |
External Provider Modules | 4.5.0 | 4.6.0 |
External Provider VFS | 4.5.0 | 4.6.0 |
Graphql Provider | 2.18.0 | 2.19.0 |
Jahia Administration | 1.6.0 | 1.8.0 |
Jahia Category Manager | 1.2.0 | 1.3.0 |
Jahia CSRF Guard | 3.3.0 | 3.4.0 |
Jahia Dashboard | 1.7.0 | 1.8.0 |
Jahia Developer Tools | 1.0.0 | 1.1.0 |
Jahia Page Composer | 1.9.0 | 1.10.0 |
Jahia Repository Explorer | 1.4.0 | 1.5.0 |
Jahia UI Root | 1.7.0 | 1.8.0 |
Jahia User Entries | 1.4.0 | 1.5.0 |
jContent | 2.10.0 | 2.11.0 |
Module Manager | 2.7.0 | 2.8.0 |
Remote Publish | 9.5.0 | 9.7.0 |
SDL generator Tools | 2.2.0 | 2.3.0 |
Server Settings | 9.6.0 | 9.7.0 |
Server Settings EE | 9.2.0 | 9.3.0 |
Site Settings SEO | 3.5.0 | 4.2.0 |
Jahia 8.1.6.1 >> 8.1.6.2 - Changelog
- Fixed a compatibility issue between Jahia page composer and Chrome 128+ when accessing content via links
Jahia 8.1.6.0 >> 8.1.6.1 - Changelog
Core
- Disabled Apache Karaf RMI to address vulnerability (see Security Patch - August 8th, 2023)
- Updated Apache Shiro to 1.12.0 to address vulnerability (see Security Patch - August 30th, 2023)
- Addressed a CSRF vulnerability (see Security Patch - August 30th, 2023)
- Addressed a GraphQL vulnerability (see Security Patch - August 30th, 2023)
Jahia 8.1.5.0 >> 8.1.6.0 - Changelog
Security
- Applied admin permissions on these endpoints: findUser, findUsersAndGroups, findUsersAndGroupsInAcl
- Fixed XSS vulnerability in GWT page composer
Core
- Upgraded mvel2 from 2.1.7 to 2.1.7.Jahia1 to fix an issue preventing usage of JVM version starting with "11+" (like in OpenJDK 11 GA: 11+28)
- Upgraded xalan and serializer from 2.7.2 to 2.7.3
- Upgraded MySQL driver from 8.0.32 to 8.0.33
- Upgraded MSSQL driver from 9.2.1.jre8 to 9.4.1.jre8
- Upgraded PostgreSQL driver from 42.5.2 to 42.6.0
- Upgraded Oracle driver from 21.1.0.0 to 21.9.0.0
- Removed unused dependency to jstl-1.2
- Added the history tab in Repository Explorer
- Added a new property to prevent initJahiaContext from being injected in live mode (more details here)
- Added registry target, and key, in the html attribute of setting panels and jContent actions
- Hide stacktrace in html if not in dev mode
- Removed unused jahia.find.propertiesToSkip property
- Removed unexpected stream close when exporting site with a groovy script
- Fixed issue with event listener using nodetypes filtering that were not receiving property events on i18n properties
- Fixed memory leak when using JCRTemplate.doExecute function with guest user
- Fixed usage of jcr:cd with space in filename or folder
- Fixed issue where the extra div for main module break further changes in tags under body
- Fixed issue with external events being skipped during cluster journal sync
- Fixed issue with file caching when no lastModifiedDate is provided by using the current date
- Fixed issue with Template titles coming from a resource bundle (jmix:rbTitle) that were displayed
Docker
- Added additional exposed port (8000) in Docker image (used by Tomcat JPDA debugging by default)
- When using Jahia in Docker, fixed improper shutdown on UNIX-based platforms when using a kill command
External Data Provider
- Fixed the zip being corrupted when downloading as zip files and folders from a mount point
Import/Export
- Fixed issue when importing an unstructured content from the edit mode
Installer
- Upgraded Tomcat from 9.0.71 to 9.0.75
Module Management
- Added option to install/start/stop/uninstall bundles locally on a cluster node using modules API and provisioning
- Fixed sequence order (stop, refresh, start) during module start operation
Sitemap
- Fixed memory leak issue on sitemap generation
Modules included in the upgrade - Changelog
CKEditor (4.21.0-jahia8-5)
- Upgraded ckeditor4 from 4.19.1 to 4.21.0
- Fixed issue with Macros menu not being displayed
Content Editor (3.6.0)
- Fixed wrong publication icon
Default skins (8.1.0)
- Updated jahia-depends property to have more accurate dependencies
GraphQL DXM Provider (2.19.0)
- Introduced a new GraphQL node to fetch journal revisions and cluster in sync status
- A version is now created when uploading a file to replace an existing one
- Fixed issue with a translated property being duplicated after internationalization of the related content
Jahia Administration (1.8.0)
- Added registry target, and key, in the html attribute of the setting panel
Jahia Category Manager (1.3.0)
- Added registry target, and key, in the html attribute of the setting panel
Jahia CSRF Guard (3.4.0)
- Upgraded csrfguard to 4.3.0 to add support for multiple domain origin
Jahia Dashboard (1.8.0)
- Added registry target, and key, in the html attribute of the setting panel
Jahia Developer Tools (1.1.0)
- Added registry target, and key, in the html attribute of the setting panel
- Upgraded webpack to version 5.78.0
- Upgraded ui-extender to version 1.0.6
- Upgraded data-helper to version 1.0.7
- Added a dependency to jahia-ui-root
Jahia Page Composer (1.10.0)
- Added registry target, and key, in the html attribute of the setting panel
- Fixed an issue with the iframe error check returning a 404 when the metadata starts with "40*" in Page Composer
- Removed the multiple "redirect=false" parameter added to the url when refreshing Page Composer
Jahia Repository Explorer (1.5.0)
- Added registry target, and key, in the html attribute of the setting panel
Jahia UI Root (1.8.0)
- Added registry target, and key, in the html attribute of the setting panel
- Disabled authoring UI when read-only mode is enabled
- Fixed issue with left navigation icons that were not displayed on small screens
- Fixed "Page not found" error when switching sites in Page Composer
Jahia User Entries (1.5.0)
- Added registry target, and key, in the html attribute of the setting panel
- Fixed logout issue when using a custom LogoutUrlProvider
jContent (1.11.0)
- Added registry target, and key, in the html attribute of the setting panel
- Upgraded ui-extender to version 1.0.9
- Upgraded data-helper to version 1.1.2
- Upgraded Apollo client to version 3.5.10
- Added a dependency to app-shell 2.6.0+
- Improved the jContent header design in responsive mode and when there's a multiple selection
- Added a new modal for content deletion
- Added the display of a modal when clicking on an external link
- Added a dropdown with selected items in the action toolbar
- The selection in jContent can now be cleared using the escape key
- Keep selection in jContent when switching between list and structured views
- Thumbnails of .webp and images with no file extension are now displayed
- New check preventing files with special characters from being uploaded
- Improved the display of small images (width < 200px) in thumbnail view
- A version is now created when uploading a file to replace an existing one
- Fixed an issue with content that couldn't be pasted due to faulty content type restriction check
- Fixed issue with the publication menu not refreshed after replacing a file
Module Manager (2.8.0)
- Fixed issue when searching for "Download" in the module manager administration that returned all modules
- Avoid module administration UI crash when something goes wrong during a module startup
Remote Publish (9.7.0)
- Fixed issue with origin header value when using a context
SDL Generator Tools (2.3.0)
- Updated jahia-depends property to have more accurate dependencies
Server Settings (9.7.0)
- Upgraded to webpack5 and removed compat mode from appshell
- Upgraded webpack to version 5.78.0
- Upgraded ui-extender to version 1.0.6
- Added a dependency to app-shell
- Fixed XSS vulnerability when importing a file
Server Settings EE (9.3.0)
- Upgraded to webpack5 and removed compat mode from appshell
- Upgraded webpack to version 5.78.0
- Upgraded ui-extender to version 1.0.6
- Added a dependency to app-shell
Site Settings SEO (4.2.0)
- Upgraded data-helper to version 1.1.4
- Upgraded Apollo client to version 3.5.10
- Added a dependency to app-shell 2.6.0+
Modules - Changelog
The following modules have been released along with the Jahia 8.1.6 release and are not automatically updated when upgrading to 8.1.6, but can easily be updated from the administration.
CMIS Provider (3.3.0 - depends on Jahia 8.1.5)
- Improved XML parser to use a secured one
- Disabled the sample mount point config file, generating harmless logs at startup
SAML Authentication Valve (2.4.0 - depends on Jahia 8.1.5)
- Upgraded xalan from 2.7.2 to 2.7.3
- Fixed issue with incorrect redirection path provided in the cookie