Jahia 8.0.3 Release Notes
December 21, 2021
What's new?
Jahia 8.0.3 is a maintenance release that includes various bug fixes and some notable improvements to Jahia 8:
- New permissions have been introduced to hide entries in the context menu for pages and content in Page Composer and jContent, allowing you to configure roles with only the actions that you need.
- New Docker images have been created for Jahia 8.0.3.0. The new images improve integration with Jahia features, such as better support for database vendors. The new images are intended for production, development and discovery use.
- System administrators and dev-ops can now use our new provisioning API to orchestrate the startup of their Jahia. By providing a manifest detailing a sequential step of actions (such as install modules, sites, configure Jahia, and execute scripts) Jahia is able to reach production in a reproducible manner without any manual intervention.
- Documentation about the new images and provisioning API is available in the new DevOps section on the Academy.
- Several third-party libraries have been upgraded to benefit from their latest security fixes. See the changelog below for the details.
Upgrading from a previous version?
New provisioning system
When upgrading to 8.0.3.0+, you may notice that system modules are removed from the <data>/modules folder. This does not mean that modules are removed from the system. Default module installation now relies on the new provisioning system, using scripts in <data>/patches/provisioning folder (the <data>/modules folder is now empty by default).
New permissions for the context menu entries
Jahia 8.0.3 provides a new set of permissions providing more control over the entries/actions available in the context menu of pages and content items in Page Composer and jContent. Now you can create roles with simplified permissions, typically for occasional contributors. These permissions are available for the edit roles, under Permissions on current site>User interface>jContent action
For instance, you can remove the Export and Import entries from the context menu of pages and content.
These new permissions act as a second level of permissions, on top of the Permissions on current node>Basic permissions>All basic permissions>Write which were used by previous Jahia versions and are still required with Jahia 8.0.3+.
When upgrading to Jahia 8.0.3, these new permissions are added by default to the edit roles, and should be transparent to you, as they are added on top of existing ones.
If you have roles allow creating and editing content, but for which you have revoked the
Create page action, you should verify this setting after the upgrade.jQuery 3.6.0
Version 8.1.0 of the jQuery module now also includes jQuery 3.6.0, as well as the previously embedded 3.4.1 and 1.12.4 versions. When upgrading to Jahia 8.0.3, the jQuery version remains unchanged in your environment (so it keeps the version previously in use). In order to start using jQuery 3.6.0, you need to update the jahia.jquery.version in the jahia.properties file.
MySQL users
If you're using MySQL, when upgrading to 8.0.3.0+, you may notice a Multiple primary key defined - java.sql.SQLSyntaxErrorException: Multiple primary key defined error.
This error is expected and has no impact as the script, common to MariaDB and MySQL, checks if indices already exist. This check is not possible with MySQL, thus the error.
Updated modules and libraries
Library upgrades
The following librairies were updated between Jahia 8.0.2.0 and Jahia 8.0.3.0
| Library | Version in Jahia 8.0.2.0 | Version in Jahia 8.0.3.0 |
|---|---|---|
| DB driver - Derby | 10.12.1.1 | 10.14.2.0 |
| DB driver - MSSQL | 6.4.0.jre8 | 9.2.1.jre8 |
| DB driver - MySQL | 5.1.48 | 8.0.23 |
| DB driver - Oracle | 12.2.0.1 | 18.3.0.0 |
| DB driver - PostgreSQL | 42.2.9 | 42.2.19 |
| DB driver - MariaDB | 2.4.1 | 2.7.2 |
| protobuf-java | 2.5.0 | 3.15.3 |
| jasypt | 1.9.1 | 1.9.3 |
| commons-beanutils | 1.8.3 | 1.9.4 |
| hibernate-validator | 5.0.1 | 5.4.3 |
| hibernate-validator-annotation-processor | 5.0.1 | 5.4.3 |
| classmate | 0.8.0 | 1.3.1 |
| Saxon-HE | 9.9.1-5 | 10.3 |
| xstream | 1.4.11 | 1.4.16 |
| xpp3_min / mxparser | 1.1.4c | 1.2.1 |
| woodstox-core | 4.0.8 | 6.2.4 |
| stax2-api | 3.0.2 | 4.2.1 |
| jna | 5.5.0 | 5.8.0 |
| groovy | 2.5.6 | 2.5.14 |
| groovy-dateutil | 2.5.6 | 2.5.14 |
| groovy-json | 2.5.6 | 2.5.14 |
| groovy-jsr223 | 2.5.6 | 2.5.14 |
| groovy-xml | 2.5.6 | 2.5.14 |
| httpclient | 4.5.9 | 4.5.13 |
| httpcore | 4.4.11 | 4.4.13 |
| jackson-annotations | 2.9.9 | 2.9.10 |
| jackson-core | 2.9.9 | 2.9.10 |
| jackson-databind | 2.9.9.3 | 2.9.10.8 |
| shiro-cache | 1.6.0 | 1.7.1 |
| shiro-config-core | 1.6.0 | 1.7.1 |
| shiro-config-ogdl | 1.6.0 | 1.7.1 |
| shiro-core | 1.6.0 | 1.7.1 |
| shiro-crypto-cipher | 1.6.0 | 1.7.1 |
| shiro-crypto-core | 1.6.0 | 1.7.1 |
| shiro-crypto-hash | 1.6.0 | 1.7.1 |
| shiro-event | 1.6.0 | 1.7.1 |
| shiro-lang | 1.6.0 | 1.7.1 |
| shiro-spring | 1.6.0 | 1.7.1 |
| shiro-web | 1.6.0 | 1.7.1 |
| encoder | 1.2.2 | 1.2.3 |
| maven-model | 3.0.5 | 3.3.9 |
| plexus-utils | 2.0.6 | 3.0.22 |
| tika-core | 1.24.1-jahia1 | 1.26 |
| tika-parsers | 1.24.1 | 1.26 |
| asm | 7.0 | 9.1 |
| bcmail-jdk15on | 1.65 | 1.68 |
| bcpkix-jdk15on | 1.65 | 1.68 |
| bcprov-jdk15on | 1.65 | 1.68 |
| commons-io | 2.4 | 2.8.0 |
| commons-lang3 | 3.10 | 3.12.0 |
| commons-logging | 1.1.1 | 1.2 |
| fontbox | 2.0.19 | 2.0.23 |
| pdfbox | 2.0.19 | 2.0.23 |
| pdfbox-tools | 2.0.19 | 2.0.23 |
| xmpbox | 2.0.19 | 2.0.23 |
| preflight | 2.0.19 | 2.0.23 |
| metadata-extractor | 2.13.0 | 2.15.0.1 |
| xmpcore-shaded | 6.1.10 | 6.1.11 |
| isoparser | 1.9.41.2 | 1.9.41.4 |
| jcommander | 1.78 | 1.81 |
| vorbis-java-core | 0.8 | removed |
| vorbis-java-tika | 0.8 | removed |
| jcip-annotations | none | 1.0 |
Updated modules
The following modules were updated between Jahia 8.0.2.0 and Jahia 8.0.3.0
| Module | Version in Jahia 8.0.2.0 | Version in Jahia 8.0.3.0 |
|---|---|---|
| App Shell | 2.2.0 | 2.3.0 |
| Calendar | 3.1.0 | 3.2.0 |
| Content Editor | 3.1.0 | 3.2.0 |
| CSRF Guard | 2.1.0 | 2.2.0 |
| Digitall | 2.0.0 | 2.1.0 |
| External Provider | 4.0.0 | 4.1.0 |
| Graphql Core Provider | 2.3.0 | 2.5.0 |
| Jahia Administration | 1.2.0 | 1.3.0 |
| Jahia Dashboard | 1.2.0 | 1.3.0 |
| Jahia Page Composer | 1.2.0 | 1.3.0 |
| Jahia Repository Explorer | 1.1.0 | 1.2.0 |
| jahia-ui-root | 1.2.0 | 1.3.0 |
| jContent | 2.2.0 | 2.4.0 |
| jquery | 8.0.0 | 8.1.0 |
| Module Manager | 2.1.0 | 2.2.0 |
| Remotepublish | 9.1.0 | 9.2.0 |
| SEO | 8.0.0 | 8.1.0 |
| Server Settings | 9.2.0 | 9.3.0 |
| Server Settings EE | 9.0.0 | 9.1.0 |
| Site Settings | 8.2.0 | 8.3.0 |
| Tools | 3.1.0 | 3.2.0 |
| Tools EE | 3.0.0 | 3.1.0 |
| User Dashboard | 8.2.0 | 8.3.0 |
Jahia 8.0.2.0 >> 8.0.3.0 - Changelog
Security
For more details about the minor library upgrades, see the Updated modules and libraries section above.
- Minor upgrades of vulnerable 3rd party libraries
- Updated Saxon library to guard TransformerFactory against XXE attacks
- Fixed the core to prevent Path Traversal Injection
- Fixed the core to prevent Cross Site Scripting (XSS)
- Allowed (whitelist) types xstream can deserialize
Core
- Moved image exif-data under Metadata section
- Added support for specifying range/lower bound version restrictions on dependencies (jahia-depends)
- Moved database scripts for External Data Provider and Remote Publication in the modules
- Fixed concurrency error with Work In Progress
- Added a maintenance page when Jahia is in full read-only mode
- Deprecated Find and FindPrincipal servlet. They will be removed in the next major version release.
- Added missing MariaDB SQL patch
- Fixed a versioning tab issue by using the type from the configuration
- Fixed encoding issue on Action redirecting to URL
- Fixed publication of sub-content in Work in progress mode
- Added setting to prevent blocking of non-ASCII characters in URLs
- Fixed issue with missing j:file property leading to errors in VanityURL dashboard
- Upgrade commons-logging to 1.2
- Fixed an issue requiring cache to be cleared when switching between Jahia versions on same URL
- Site export occurs now in the folder configured with the property jahiaExportsDiskPath
Installer
- Replace Jahia build number with commit hash
Edit Mode
- Fixed missing paste action in the contextual menu
- Fixed edit engine issue with default value in choicelist initializers
Installer
- Replace build number with commit hash
Roles and Permissions
- Added a check for site level permissions
- Added Page Composer access permission
- Created new Page tree actions permission and moved Create page action under the permission
- Added Edit page and Export page permissions
- Added drag and drop permission
- Added page tree permissions in Page Composer
- Added permissions on jContent specific actions
- Added a permission on translate action
Publication
- Updated Publish workflow labels to Publish now
- Updated the publication modal to use workflow panel to initiate publication
Jahia 8.0.3.0 >> 8.0.3.1 - Changelog
Core
- Fixed issue with jahia-license-tools bundle not started after upgrade when the server has no internet access
- Removed old version of pax-web-features (7.2.11) making Jahia docker images unable to start without internet connection
Workflows
- Fixed issue with workflows not visible by avoiding duplicated users/groups
Modules included in the upgrade - Changelog
App Shell (2.3.0)
- Apollo client library is now available in window.jahia Javascript object
Content Editor (3.2.0)
- Added support of helpers for fieldset and mixin
- Added missing icons in 3 dots menu
- Fixed buttons overlaying the content in image picker
- Fixed issue with $currentSite in choiceList nodes path not working with jContent
- Fixed issue with the saving of Advanced options tab removing the Work In Progress flag
- Fixed issue with mixins without properties not displayed in the expected section
- Fixed issue with mandatory fields in error not highlighted
- Fixed white screen when editing system name on slider item
- Fixed ordering in content type selector
- Fixed issue with misplaced content when dragging and dropping
- Added back the 3 dots menu in file picker
CSRF Guard (2.2.0)
- Fixed incompatibility with IE11
External Data Provider
- Added database scripts from Core
GraphQL (2.5.0)
- Fixed issue with broken dashboard when upgrading the module
Jahia Admnistration (1.3.0)
- Added progress indicator while waiting to load in Administration and 1st level navigation
Jahia Dashboard (1.3.0)
- Updated the dashboard to no longer return installed modules when authenticated as guest
Jahia Page Composer (1.3.0)
- Added progress indicator while waiting to load in Administration and 1st level navigation
- Fixed a bug that was causing a 404 in Page Composer when changing the system name of the home page
- Fixed 404 issue in Page Composer when siteKey is used as page system name
Jahia Repository Explorer (1.2.0)
- Restored the ability to access the repository in live by passing workspace=live in the URL
Jahia UI Root (1.3.0)
- Added progress indicator while waiting to load in Administration and 1st level navigation
- Added error boundaries to prevent Jahia UI from crashing in case of exception
jContent (2.4.0)
- Added error boundaries to prevent Jahia UI from crashing in case of exception
- Fixed broken PDF thumbnail
- Fixed content and media folders ordering in jContent left tree by now ordering alphabetically
- Fixed display issue with language dropdown when sitename is very long
- Added an automatic closing of the upload confirmation popup after 5 seconds
- Fixed issue with missing search title when opening in new tab
- Added progress indicator while waiting to load in Administration and 1st level navigation
jquery (8.1.0)
- Added jQuery 3.6.0
Module Manager (2.2.0)
- Fixed module import issue when reimporting after an interruption
- Added logs when the server is restarted with [persisted-bundles].dorestore
Remote Publication (9.2.0)
- Improved the logs when an invalid definition blocks the remote publication
- Added database scripts from Core
SEO (8.1.0)
- Removed the URL mapping rule for news from the seo module
Server Administration (9.3.0)
- Added filter in the error page to hide properties containing "pass" or "password" (case insensitive) in their name
Server Administration EE (9.1.0)
- Fixed permission check on legacy UI for license upload button
Site Settings (8.3.0)
- Adapted the module to work with jQuery 3.6.0
Tools (3.2.0)
- Fixed issue when changing CKEditor configuration
Tools EE (3.1.0)
- Updated to be ready for the new Docker images
User Dashboard (8.3.0)
- Added missing labels in My Dashboard for French, Spanish, Portuguese, and Italian
Modules - Changelog
The following modules have been released along with the Jahia 8.0.3 release, and are part of the Discovery installation. These modules are not automatically updated when upgrading to 8.0.3, but can easily be updated from the administration.
Calendar (3.2.0)
- Adapted the module to work with jQuery 3.6.0
Digitall (2.1.0)
- Added the missing j:file property
News (3.2.0)
- Moved rule to automatically generate vanity urls from seo to news module