dotCMS 21.04
Available: Apr 25, 2021
Demo starter image: 20210408
Empty starter image: 20210408
dotCMS 21.04 is a release which includes several improvements, and fixes for several issues in previous releases.
Announcements, Deprecations and Breaking Changes
- dotCMS 21.04 still requires Java 8 in order to run properly. That said, we expect that within the next 3 months, dotCMS will be deprecating support for Java 8 and instead require Java 11 to run. We will keep the community posted.
- Breaking Change: The UserProxy table in the database is now deprecated.
- The table is still available, but no new data will be added to it starting in this release and the get method will no longer work.
- The UserProxy table will be removed all together within the next 3 months.
Changes in dotCMS 21.04
Push publishing authentication now uses API tokens. This means that it is no longer necessary to configure the “receiver” in a Push Publish architecture, just have a valid admin token.- If you are upgrading, any existing push publishing configuration will continue to work normally and will be maintained.
- There is a `Get Token` utility on the Endpoint screen that can be used to generate and retrieve a valid token from the receiving server.
- To change Push Publishing Environments to use the "Receive From" configuration instead of automated authorization tokens, set the following `USE_JWT_TOKEN_IN_PUSH_PUBLISH` in the `dotmarketing-config.properties` file to `FALSE`.
Improvements in dotCMS 21.04
- Added an "Additional Information" map/json field on the User object that can be used to store additional user information. See the User Registration Plugin for an example of how to use this in code.
- Added "Don't show this again" checkbox to Edit User Page.(#20090)
- Added the ability to override portal.properties attributes with environmental variables.(#20068)
- Allow mail session to be configured via environmental variables.(#19813)
- Created a new container called the System Container this container allows all Content Types. (#19080)
- Improved logging messages for Get Token action in the Add Endpoints tab. (#20194)
- JSON Tool parsing improvements were added. (#20164)
Fixes
The 21.04 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.04, please visit the dotCMS Github Repository.
Issue | Conditions | Github Link |
---|---|---|
Icon selector didn't recognize value | The problem occurred went attempting to paste a value in the icon selector. | #20157 |
User permissions were not acting as expected | Occurred when the user has a content type tool group permission. | #20156 |
The System Roles screen were showing an error instead of filtering | This error occured when the role item itself was clicked on. | #20139 |
Cluster IDs containing underscores were causing errors | This occured when the cluster ID had a underscore. | #20122 |
Get Token tool sometimes invalidated a user's session | Issue occured when adding a new endpoint on the reciever side for Push Publishing, and the Get Token tool was used. | #20117 |
Anonymous users couldn't fire specific actions when calling the Workflow API | This only occured when the specific action ID was used to execute that action. | #20053 |
Logger didn't work for OSGI plugin in specific situations | Occurred when the logger was undeployed and redeployed. | #20039 |
Screen didn't scroll when moving fields on the Content Type page. | Occured when dragging and dropping fields. | #20020 |
Invalid time zones were available for customers to use causing errors | Errors happened when an invalid timezone was chosen in the Basic Config tab of the Configuration Screen. | #20013 |
The "Send an Email" sub-action fails if executed before "Save content" sub-action | This failure only occurs when the Send email sub-action is used before the Save content sub-action. | #19993 |
Performance issues in GraphQL | Occurred when the server was under extreme load. | #19974 |
Timezone configuration was not being respected | Occured when using date time fields. | #19951 |
Content Type REST API was not accepting field variables | This specifically occured when someone attempted to create a single call to create Content Type that includes a WYSIWYG field with tinyMCE field variables. | #19376 |
Page was not able to be published when specific content was added | Occured when the content added to the page had a future push publish date. | #19511 |
Dotcontent viewtool returned the wrong language in certain situations | The dotcontent viewtool method, pullRelated, was not honoring the languageId that was passed in. | #19774 |
URL validation for new pages under Site root was wrong in certain situations | This occured when a new page was created with the same name as an existing page. | #19831 |
Re-adding parent relationship in certain situations threw an error | Happened when a parent relationship was removed then re-added. | #19913 |
SAML Authentication created a new user instead of logging someone in. | Happened intermittently specifically when the SAML user ID was different from the user ID in dotCMS. | #19992 |
To view more information on these and other issues, please visit the dotCMS Github repository.
dotCMS 21.03
Available: Mar 15, 2021
Demo starter image: 20210312
Empty starter image: 20210312
dotCMS 21.03 is a release which includes several improvements, and fixes for several issues in previous releases.
Announcements and Deprecations
- A Breaking Change was caused by having the secure flag set on cookies sent securely and having the httponly flag set on all cookies. This could cause issues when updating from a previous version. See Improvements in dotCMS Section for more information.
- This version of dotCMS ships with Tomcat 9. Any plugins or overrides that specify files in the tomcat directory tomcat-8.5.32 will need to be updated.
- A related breaking change concerns Tomcat's out-of-the-box security settings; by default, the HTTP Header Security Filters have been configured as follows:
Attribute Value hstsEnabled
true
hstsMaxAgeSeconds
3600
hstsIncludeSubDomains
true
antiClickJackingEnabled
true
antiClickJackingOption
SAMEORIGIN
blockContentTypeSniffingEnabled
true
xssProtectionEnabled
true
- dotCMS 21.03 still requires Java 8 in order to run properly. That said, we expect that within the next 3 months, dotCMS will be deprecating support for Java 8 and instead require Java 11 to run. We will keep the community posted.
New Features
The following new features have been added in dotCMS 21.03:
- A new Tool called "Getting Started" has been added to dotCMS.
- The tool will be shown when admins log into dotCMS for the first time.
- This tool will supply admins with relavant examples and resources to get started with dotCMS quickly and easily.
- Admins will be able to dismiss this tool if they don't feel they need it.
Improvements in dotCMS 21.03
- Added three informational fields to the relationship field popup; direction of the cardinality relationship, is this content the parent or chilld, and what related content type field is this relationship connected to.(#18706)
- Upgraded security and infrastructure by upgrading to Tomcat 9.(#19241)
- Configured Tomcat for improved security out of the box. (#20058)
- Included a new "Generate Metadata" button in SAML app.(#19503)
- Improved personalization in GraphQL to better handle URL maps and personalization.(#19508)
- Added a "Download" button to the log files tab in the maintenance tool.(#19560)
- Created a component allowing users to preview material icons before they choose one.(#19592)
- Improved our infrastructure by upgrading to Gradle 4.10.2 . (#19714)
- Made XStream initialization static so less resources are now needed. (#19715)
- Made the password reset feature more robust by removing the use of a token. (#19877)
- Improved logging in the JSON Tool. (#19927)
- Increased security when sending cookies. (#20063)
Fixes
The 21.03 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.03, please visit the dotCMS Github Repository.
Issue | Conditions | Github Link |
---|---|---|
Using website navigation while editing a page returned the user to the wrong place | The problem occurred under specific conditions when using page navigation in page edit mode. | #19737 |
Field variable tab on content type showed as in use incorrectly | Occurred when the field variable is edited, the window is closed and then the same field is edited again. | #19556 |
SQL Viewtool was not returning results | Occurred in newer versions of dotCMS. | #19746 |
Thumbnail creater not working for .pdf files | A page would have to be specified in the thumbnail link for a thumbnail to show. | #19753 |
Logout page did not show when active session was left open | When an active session was left open without activity for a long time a blank page with 404 in the corner showed. | #19772 |
Inability to log into dotCMS with SAML | When the SAML IDP sent a User ID with the wrong format the issue occurred. | #19773 |
Errors sometimes occurred when push publishing a bundle | Occurred when a bundle was created then immediatly pushed. | #19791 |
Depth of 3 or more doesn't return for self related content | Showed when depth of 3 or more is added to the tail of a self related call. | #19796 |
Content Type tabs missing frame | Occurred when viewing fields or permissions on a content type. | #19824 |
Error shows for when viewing a page | Arose when a limited user tried to create content in a language that isn't the default, then someone tried to view the content in that language. | #19854 |
Relate button hid in relation content search | Occurred when a user scrolled in the relationship content search. | #19880 |
Google Translate sub action was sending an error | Happened when creating a workflow sub action using the "Translate Content subaction. | #19910 |
Forgot and reset password actions did not show an error | Error failed to show when the the password requirements were not met. | #19916 |
Recover password incorrectly redirected to sign in page | Appeared once a recovery email was sent. | #19917 |
Error showed on every page request | Showed when `ENABLE_NAV_PERMISSION_CHECK` was set to true in `dotmarketing-config-ext.properties`. | #19926 |
Adding a folder to the root directory threw an error | Happened when a folder was added to the root direcotry in the site browser. | #19934 |
Error showed in content type | Occurred when a new field was added to the Content Type. | #19987 |
User prevented from logging out | Happened when a logged in tab was closed and opened again. | #19991 |
Error was sometimes thrown when Elastic Search was used | Happened intermittently often with memory or network issues. | #19992 |
Element stuck to cursor in drag and drop disappeared | Showed up in Content Type section when adding a field. | #20015 |
Errors showed when running a time machine snapshot | Occurred when trying to run a past time machine snapshot. | #20041 |
To view more information on these and other issues, please visit the dotCMS Github repository.
dotCMS 21.02.2
Available: Feb 25, 2021
Demo starter image: 20210106
Empty starter image: 20210113
dotCMS 21.02.2 is a release which includes several improvements, and fixes for several issues in previous releases.
Improvements in dotCMS 21.02.2
- Created a new endpoint to remove a layout from a role. (#19581)
- The ability to customize TinyMCE and set it systemwide is now part of dotCMS. (#19651)
- The filtering of related content items returned in GraphQl is now available. (#19652)
- Enhanced logging messages for the deletion of roles. (#19664)
- Built a history tab in the template detail screen. (#19668)
- Allow the /api/content/search endpoint to accept POST parameters; this avoids having to URL encode your content queries. Also added curl examples of this to the content query dialog box. (#19691)
- Improved resiliency to rules in push publishing, minimizing errors. (#19679)
- Upgraded the edit page experience with multiple improvements including better drag and drop. (#19711)
- Included a new endpoint in which a specific inode is passed and that version is deleted. (#19776)
- Added the ability to close all dialog boxes in template portlet with the ESC key. (#19838)
- Revamped the legacy template UI, moved it to Angular. Templates can now be designed using the same layout tool as pages.(#19087)
- Ingesting a push publish bundle is now a stateful job and acts like a queue. This will prevent multiple bundles from being imported at a single time which can cause errors and performance issues. (#18722)
- Vanity Url redirects can now include parameters.(#19564)
- Updated translations.(#19823)
Fixes
The 21.02.2 release includes fixes for the following reported issues. For a list of issues addressed in dotCMS 21.02.2, please visit the dotCMS Github Repository.
- Fixed an issue that caused an error when creating a page on a site without templates. (#19999)
- Fixed an issue that caused an error when editing a page and selecting any persona in order to create a personalized version of the page. (#20009)
- Fixed an issue that sometimes prevented the value of a field from being saved when it was created in the content type with the variable name properties. (#18073)
- Fixed an issue that sometimes prevented a new user from being given permissions on folders. (#18208)
- Fixed an issue that sometimes prevented a single quote from being accepted in the name of a content type. new user from being given permissions on folders. (#18241)
- Fixed an issue that sometimes caused push publishing errors when multiples users were attempting to push publish at the same time. (#18722)
- Fixed an issue that sometimes caused apps to break when Elastic Search was unavailable. (#19515)
- Fixed an issue that prevented $dotcontent.pull from returning over 10,000 content items. (#19527)
- Fixed an issue that sometimes prevented the Network tab on dotCMS instances from responding. (#19547)
- Fixed an issue that prevented parameters from being passed when a 301 or 302 vanity URL was used. (#19564)
- Fixed an issue that caused the push publish batch button to select all content items on the site instead of all of the content items on that specific page. (#19620)
- Fixed an issue that caused rules to always be forced pushed even when they were excluded in the push publishing filter. (#19648)
- Fixed an issue that prevented the Language, Device and Persona dropdowns buttons from hiding when the browser window shrunk while in Edit Page. (#19656)
- Fixed an issue that caused scroll problems in the content search when tag fields are used. (#19688)
- Fixed an issue that prevented "Push Publish" and "Add to Bundle" options from showing when you add a rule to a page. (#19708)
- Fixed an issue that caused a blank screen to be presented after the "Pick Design" or "Advanced" dialog boxes were closed on the template list. (#19713)
- Fixed an issue that prevented the thumbnail from loading when a new page was created whose template has a thumbnail. (#19727)
- Fixed an issue that prevented the portlet title from updating when navigating through the backend. (#19792)
- Fixed an issue that prevented the user from being redirected to "Edit Page" after creating and publishing a new page. (#19812)
- Fixed an issue that prevented "No Results" from showing when the user searches the template list for something with no results. (#19839)
- Fixed an issue that prevented the template portlet from refreshing when the site is changed. (#19840)
- Fixed an issue that prevented the creation or editing of an advanced template in Safari. (#19841)
- Fixed an issue that prevented the template list to return templates from sites other than the current one. (#19845)
- Fixed an issue that caused an error to show when attempting to see details of a container. (#19867)
- Fixed an issue which could cause problems switching over to a new index in clustered instances.(#19738)
- Fixed an issue that sometimes prevented a custom layout included in a push publish from showing on the reciever.(#19890)
- Fixed an issue that caused errors when reindexing on an instance with an empty starter. (#19959)
To view more information on these and other issues, please visit the dotCMS Github repository.
Announcements and Deprecations
- dotCMS 21.02.1 still requires Java 8 in order to run properly. That said, we expect that within the next 6 months, dotCMS will be deprecating support for Java 8 and instead require Java 11 to run. We will keep the community posted.
- The next version of dotCMS will ship with Tomcat 9. Starting with the next version, any plugins or overrides that specify files in the tomcat directory tomcat-8.5.32 will need to be updated.
dotCMS 21.01
Available: Jan 10, 2021
Demo starter image: 20210106
Empty starter image: 20201217
dotCMS 21.01 is a minor release which includes several minor improvements, and fixes for several issues in previous releases.
Fixes
The 21.01 release includes fixes for the following reported issues. For a list of issues addressed in dotCMS 21.01, please visit the dotCMS Github Repository.
- Fixed an issue which prevented a valid license from being recognized for some servers in a cluster. (#18860)
- Fixed an issue which prevented content from appearing when using the advance search option, select, on the Content Search screen.(#19337)
- Fixed an issue which sometimes caused unpublished related content to appear in Preview Mode / Live mode when pushed to a static site. (#19044)
- Fixed an issue which sometimes prevented a bundle from being deleted when it contains thousands of items. (#19378)
- Fixed an issue which caused contentlets to return in a lucene query even if they do not have the tag searched for. (#19458)
- Fixed an issue that sometimes prevented contentlets from returning in a query when it had a unique text field that included dashes. (#19489)
- Fixed an issue that sometimes prevented content from being push published when it was manually selected. (#19571) ( #19634)
- Fixed an issue that sometimes caused bundling to fail when content was added to a bundle and a user tried to push or download the bundle. ( #19636)
- Fixed an issue that sometimes caused the Content API to not return the name or title when ID was entered in the call. ( #19639)
- Fixed an issue that could have prevented dotCMS from starting up. (#19653)
- Fixed an issue that sometimes caused an error when a page was edited in a foreign language but the page only existed in the default language. (#19686)
- Fixed an issue in EMA app that caused an error when proxying the request to a 3rd party server. (#19709)
- Fixed an issue that sometimes caused GraphQL to freeze when push publishing new content. (#19660)
- Fixed an issue that sometimes caused an error when GraphQL was queried via a relationship with another Content Type and the query included a Category field on a File Content Type. (#19728)
- Fixed an issue that sometimes caused a SQL error when a user tried to browse by a specific content type using the filter in the content types portlet. (#19744)
- Fixed an issue that sometimes caused an error when a user defined a new content type with a variable name that was the same as a default variable used on the backend. (#19725)
- Added the ability to get a token to the Add Endpoint screen to streamline push publishing. (#19275)
- Improved behavior of SAML log out screen. (#19299 )
- Added Import button on Application listing configuration page. (#19517)
- Improved the speed of the CVS Importer tool. (#19536)
- Improved how the database handles content from deleted users. (#19555)
- Improved logging messages. (#19566 )(#19621)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 21.01
dotCMS 20.11.1
Available: Dec 2, 2020 Demo starter image: 20201119
dotCMS 20.11.1 is a minor release which includes fixes for an issue in previous releases.
Fixes
The 20.11.1 release includes a fix for the following reported issue. For a list of issues addressed in dotCMS 20.11.1, please visit the dotCMS Github Repository.
- Reverted a prior fix (#19558) to prevent an issue which could cause push publishing to fail under certain conditions. (#19634)
To view more information on these and other issues, please visit the dotCMS Github repository.
dotCMS 20.11
Available: Nov 23, 2020 Demo starter image: 20201119
dotCMS 20.11 is a minor release which includes several minor improvements, and fixes for several issues in previous releases.
Changes to Default Behavior
- Changed default location for generated image to /assets.
The following differences in default behavior in dotCMS 20.11 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.
Fixes
The 20.11 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 20.11, please visit the dotCMS Github Repository.
- Fixed an issue which prevented a file added to a binary field from saving in the form. (#18346)
- Fixed an issue which sometimes caused errors when changing the version of a piece of content. (#18550)
- Fixed an issue which sometimes prevented page personalization from showing up when using legacy containers. (#19285)
- Fixed an issue which sometimes reordered fields in a content type. (#18834)
- Fixed an issue that sometimes prevented GraphQL from retrieving image information. (#19449)
- Fixed an issue that sometimes caused existing URL maps on newly upgraded systems to throw an error. (#19452)
- Fixed an issue that sometimes caused push publishing to fail due to file-based containers. (#19497)
- Fixed an issue that prevented the deletion of conditions in rules. (#19538)
- Fixed an issue that caused the layout editor to look abnormal when coming from the edit page. (#19540)
- Fixed an issue that sometimes caused the login username field to appear as a selector. (#19585)
- Fixed an issue that prevented task details from showing up in the workflow portlet. (#19598)
To view more information on these and other issues, please visit the dotCMS Github repository.
Removed Features
- The scheduler portlet is now read only and ability to schedule quartz jobs from the backend of dotCMS has been removed. Customers who want to schedule custom quartz jobs should create them via osgi. See this document for more information.
- Added secrets exporter and importer which encrypts and decrypts files as json for CMS Admins. (#18236)
- Added endpoints to the GraphQl API to get page information. (#18297)
- Added default vtl files allowing users to be able to create content with a new out of the box dotCMS instance. (#19086)
- Added the ability to shut down a dotCMS instance from the console.(#19319)
- Update theme to PrimeNG 10 from PrimeNG7. (#19341)
- Added a tool to show cache size estimates catagorized by object and region. . (#19379)
- Added parameters to the api/v1/templates endpoint. (#19421)
- Folder's default file type is now based on the parent folder's default file type. (#19410)
- Changed naming logic for upgrade tasks. (#19424)
- Added a button type to allow intergration with third-party systems. (#19439)(#19440)
- Added Create Export buttons on site listing configuration page. (#19490)
- Resized the visitor location map pop-up in rules to be wider. (#19539)
- Implemented WebDAV improvements. (#19428)
Additional Changes and Improvements in dotCMS 20.11
dotCMS 20.10.1
Available: Nov 4, 2020 Demo starter image: 20200925
dotCMS 20.10.1 is a minor release which includes several minor improvements, and fixes for several issues in previous releases.
Changes to Default Behavior
The following differences in default behavior in dotCMS 20.10.1 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.
- The cancel option has been removed for the push publishing integrity check.
- In previous versions, a user could cancel an integrity check while it was in progress.
- With dotCMS 20.10.1, a user can not longer cancel an integrity check once it is in progress.
- The Receive-From section has been removed from the publishing enviroments section of the control panel.
- Jsontool.generate now returns velocity by default instead of JSON.
- In previous versions, the publishing environments section of the control panel would state what enviroment would be the reciever of the push publishing data.
- With dotCMS 20.10.1, a user can now use JWT in the authentication process for publishing eviroments instead
- For more information, please see Additional Changes.
- Users with SAML configured will now see a logout screen user.
- If a user with SAML configured logs out they will be sent to a logout page.
- When a browser timeouts for user with SAML configured,the user will see no change until they refresh, then they will see a logout page.
- For more information, please see Additional Changes.
Privacy and Security Updates
The following changes in dotCMS 20.10.1 fix potential security or privacy issues which have been identified by dotCMS. For more details on any of these issues, please contact dotCMS Support.
- Fixed a security vulnerability which could allow an authenticated user to exploit a weakness in certain API calls.
- In addition to the fix in dotCMS 20.10.1, a plugin which mitigates the vulnerability has been created for all affected dotCMS versions (all release from 5.0.3 to 5.3.9), which can be applied without a server restart.
- Mitigation has already been performed for all dotCMS Cloud customers.
- Detailed information on this vulnerability, including a link to the patch plugin, will be provided in a Security Issue notice on the Known Security Issues page once all on-premesis customers have had an opportunity to apply the patch.
It's important to understand that some security issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.
Fixes
The 20.10.1 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 20.10.1, please visit the dotCMS Github Repository.
- Fixed an issue which could prevent push publishing when attempting to fix a folder conflict. (#19471)
- Fixed an issue which could prevent the permissions tab from displaying for a limited user. (#19364)
- Fixed an issue which could temporarily prevent the file list from refreshing after an image is added. (#19335)
- Fixed an issue which could prevent display of an appropriate error to appear when adding a file to a folder with filters. (#19182)
- Fixed an issue causing the wrong filter name to appear in bundle details. (#19075)
- Fixed an issue causing the Integrity Checker to fail when JWT was used for Push Publishing authentication. (#18690)
- Fixed an issue preventing SVG images from displaying correctly in the UI. (#18656)
- Fixed an issue that sometimes cause errors when integity checker was run on dotCMS clusters. (#18554)
- Fixed an issue causing the JSONTool to return a single content item instead of a list. (#18505)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 20.10.1
- Added endpoints to the Page API to support operations on the Query Tool. (#18314)
- Added endpoints to the Bundle API to support operations on Creating a Bundle. (#19321)
- Added fireRules parameter at page level of the GraphQL API.(#19219)
- Updated the logout for SAML users to return users to a new logout page.(#19098)
- Added JWT support to push publishing authentication. (#16796)
- Updated HTTP Client to Angular 10.(#19073)
- dotCMS is now fully ARM supported. (#19192)
- The cache is now flushed when the push publishing filter files are changed. (#19152)
dotCMS 5.3.9
Available: Oct 7, 2020 Demo starter image: 20200925
dotCMS 5.3.9 is a minor release which includes several minor improvements, and fixes for several issues in previous releases.
Changes to Default Behavior
The following differences in default behavior in dotCMS 5.3.9 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.
- The Permissions required to edit Categories have been changed.
- In pervious versions, a user could not create top-level Categories without Edit Permissions rights for Categories on the System Host (All Hosts).
- With dotCMS 5.3.9, permissions have been changed to allow you to give non-administrative users the ability to create and edit top-level Categories. The permissions required to edit Categories are now the following:
- Create Top-Level Category: Publish rights for Categories on the System Host (All Hosts).
- Create Subcategory: Publish rights for Categories on the parent Category.
- Edit Any Category: Edit rights for the Category to be edited.
- Unused Elasticsearch
_text
fields have been removed. _text
fields in the index, which were created by default in previous versions but not used by dotCMS, are no longer created by default.- Creation of these fields can be re-enabled by setting the
CREATE_TEXT_INDEX_FIELD_FOR_NON_TEXT_FIELDS
configuration property totrue
. - For more information, please see the Github issue.
Fixes
The 5.3.9 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.9, please visit the dotCMS Github Repository.
- Fixed an issue preventing pagination of content displayed in the add content popup in the Page Editor (#19304)
- Fixed an issue which could cause extra content to be exported in some circumstances when creating a new starter.zip (#19300)
- Fixed an issue preventing the use of the "UPLOAD NEW FILE" button when setting the value for Image and File fields (#19181)
- Fixed an issue which could temporarily prevent a changed layout from displaying properly when changing the view in the Page Editor (#19165)
- Fixed an issue which could cause errors when using a File-based Container on a Site other than the Default Host (#18780)
- Fixed an issue which prevented display of content added to a Container when the Template was changed to one that used the same Container (#18607)
- Fixed an issue preventing the use of the
#dotParse()
directive in Custom Fields when the included file was on a different Site (#18573) - Fixed an issue causing improper display of the Page Editor toolbar in Edit mode on some screen sizes (#18203)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.3.9
- Improved Permissions used to control access to Top-level Categories (#8538)
- For more information, please see Default Behavior Changes, above.
- Improved the display of error messages when some types of runtime exceptions are encountered (#19310)
- Updated the release Docker images to enable execution on ARM architecture (#19334)
- Improved error handling when the Apps Secret Store file became corrupted (#19302)
- Added several minor improvements to the dotCMS starter site that ships with the release (#19289)
- Made some minor improvements to the GraphQL Page API (#18990, #19190)
- Improved GraphQL cache handling to improve performance in a cluster (#19255)
- Restricted access to SAML App metadata (#19157)
- Although exposing the SAML metadata poses no known security risks, access to this data was restricted to support a security posture of restricted data access by default.
- Added endpoints to the Page API to support operations on Templates (#19096)
- These endpoints are currently intended for internal use only; official support for customer use may be provided in later versions.
- Reduced the default size of Elasticsearch indexes by removing unused fields (#18988)
- For more information, please see Default Behavior Changes, above.
- Added a REST endpoint enabling App configuration to be imported from and exported to external files, for backup and portability (#18237).
dotCMS 5.3.8
Available: Sep 17, 2020 Demo starter image: 20200909
dotCMS 5.3.8 is a minor release which includes several minor improvements, and fixes for several issues in previous releases.
Important: With the release of dotCMS 5.3.8, support for using dotCMS with MySQL is officially deprecated. Please see below for more information.
Fixes
The 5.3.8 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.8, please visit the dotCMS Github Repository.
- Fixed an issue which could cause performance issues, and in some cases application hangs, due to Apps configuration (#19282)
- Fixed an issue which could sometimes prevent the content list from being shown in the content selection modal (#19263)
- Fixed an issue preventing display of available actions in the batch action modal after executing a Workflow Action directly in Content Search (#19257)
- Fixed an issue which could cause content to be removed from a Page when the same content was edited within another Page (#19245, #19212, #19213)
- Fixed an issue which could cause errors to be generated when using GraphQL to pull content containing Binary fields (#19240)
- Fixed an issue which could prevent Push Publishing from working properly when the content being pushed already existed in an archived state on the receiver (#18920, #19221)
- Fixed an issue which could cause editing of a VTL file in Page edit mode under specific circumstances (#19220)
- Fixed an issue which caused errors editing content on a Page if the Content Type used a #}dotParse directive in the tinymceprops field variable (#19214)
- Fixed an issue which could cause results to stop displaying in Content Search after sorting on a field for which no content contains a value (#19210, #19169)
- Fixed an issue preventing the use of GraphQL in Community Edition (#19206)
- Fixed an issue preventing display of "Language" and "Host" Search fields when relating content on Content Types with multiple relationship fields (#19204)
- Fixed an incorrect Site name in the starter site (#19203)
- Fixed an issue preventing display of Binary images on the front-end of the site if the working version of the content is not the same as the live version (#19201)
- Fixed an issue which could cause some Categories to be lost when exporting and then importing content (#19195)
- Fixed an issue which could prevent content from saving if no value existed in a non-required Tag field (#19189)
- Fixed an issue prevented the changing of Loggers with the LoggerResource if the classes were not in the classpath (#19183)
- Fixed an issue preventing limited users from creating content in languages other than the default language (#19155)
- Fixed an issue preventing Vanity URLs from being evaluated in the proper order (#19147)
- Fixed an issue preventing the Push Publish modal from working from some screens (#19133)
- Fixed an issue prevented second-level (grandchild) category values from being returned with content in multiple REST API calls (#19121)
- Fixed an issue which could cause elevated server load if multiple background operations were executed in a short period of time (#19006)
- Fixed an issue which could sometimes prevent some content items from being added to the Elasticsearch index (#18951)
To view more information on these and other issues, please visit the dotCMS Github repository.
Deprecated Features
The following features have been officially deprecated in dotCMS 5.3.8. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.
- Support for MySQL has been deprecated.
- Future features may not be supported in MySQL, and fixes for issues which are not security- or privacy-related may not be fixed for systems running on MySQL.
- Support for MySQL may be fully removed in a future release.
- This tool can simplify the migration from MySQL to PostgreSQL. It is believed to work in most cases, though it has not been tested with significantly old versions of the software. It is still recommended, as it is generally, that you make backups before performing any major operation on a database.
Additional Changes and Improvements in dotCMS 5.3.8
- Added several new fields to the GraphQL Page API (#19159, #19143, #19136, #19108)
- The following new properties were added:
layout
render
urlContentMap
ViewAs
- Improved Apps to allow the storage of multi-line secrets (hidden fields) (#19074)
- Reordered the tabs in the Publishing Queue to show the most-commonly used tab (Status/History) first (#19071)
- Moved configuration for Google Translate (and the Translate Workflow Sub-Action) to the Apps feature (#19061)
- Added a new REST endpoint to retrieve an entire folder tree (#18964)
dotCMS 5.3.7
Available: Aug 25, 2020 Demo starter image: 20200818
dotCMS 5.3.7 is a minor update which includes several improvements and minor fixes for several issues in previous releases.
New Features
The following new features have been added in dotCMS 5.3.7:
- New Apps Integrations feature
- The new Apps Tool allows developers to create and manage information used to integrate with third-party applications and external servers.
- Apps supports custom configurations which can be managed through the back-end UI, a secure Secrets repository, and a REST API to integrate those configurations with your own plugins.
- The dotCMS 5.3.7 starter site ships with several built-in Apps as examples; for more information on these, please see the Apps Tool in the dotCMS starter or demo site.
- When you upgrade to dotCMS 5.3.7, all administrative users with access to the Maintenance Tool (Control Panel -> Maintenance) will automatically be given access to the Apps tool.
- If you wish to change which users have access to the Apps Tool, or if you wish to hide it from existing users, you can modify which Roles have access to it through the Roles & Tools screen (Control Panel -> Roles & Tools) just like any other Tool.
- For more information, please see the Roles and Tools documentation.
- For more information on Apps, please see the Apps Integrations documentation.
- New Environment Variable Configuration capability
- You can now set or override dotCMS configuration with environment variables, allowing easy changing of dotCMS properties in standard Docker images
- For more information, please see the Changing Configuration Properties documentation.
- New GraphQL Additions and Improvements
- The GraphQL interface has been enhanced with several new features and improvements, including:
- New BaseType Interfaces allow return of dotCMS Base Types.
- Added a total results count to all GraphQL results, to aid in handling pagination.
- Improved the Site field in the GraphQL response to include all content fields added to the Host Content Type.
- For more information on all of these additions, please see the GraphQL documentation.
Fixes
The 5.3.7 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.7, please visit the dotCMS Github Repository.
- Fixed an issue preventing proper use of cluster Autowire when Hazelcast discovery was enabled (#19163)
- Fixed an issue which could prevent display of the Template Designer for Sites with certain characters in the Aliases field (#19123)
- Fixed an issue preventing use of the Cancel button when editing existing Content Type fields (#19120)
- Fixed an issue preventing display of some Content Types in the Content Search Tool under certain conditions (#19118)
- Fixed an issue preventing display and editing of Task details in the Tasks Tool (#19117)
- Fixed an issue preventing the insertion of links in the WYSIWYG Field when using Community Edition (#19102)
- Fixed an issue preventing scrolling of the Tools menu when the back-end UI navigation was collapsed (#19030)
- Fixed an issue preventing the Push Publish popup from displaying in the Page editor (#18678)
- Fixed an issue causing the Permission tab to incorrectly display (but not allow editing) for users without "Edit Permissions" rights to the content (#18583)
- Fixed an issue some UI problems when adding Content Types with reserved names (#18474)
- Fixed an issue preventing the use of "force unlock" by administrators in the Page editor (#18204)
- Fixed an issue causing incorrect display of some portions of the Page editor on smaller screens (#18203)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.3.7
- Improved validation of YAML formatting on Push Publish Filter configuration files (#18986)
- Added a REST API endpont that returns a list of users based on selected Roles (#18979)
- For more information, please see the REST API Endpoints documentation.
- Added information about the default language to the response from the
/api/v2/languages
endpoint (#18969)
dotCMS 5.3.6.1
Available: Aug 13, 2020 Demo starter image: 20200512
dotCMS 5.3.6.1 is a maintenance release which includes a fix for one minor issue with the 5.3.6 release which may affect some larger sites.
Fixes
The 5.3.6.1 release includes fixes for the following reported issues. For a list of issues addressed in dotCMS 5.3.6.1, please visit the dotCMS Github Repository.
- Fixed an issue which could sometimes cause reindexing to fail on sites with many content type fields (#19092)
To view more information on these and other issues, please visit the dotCMS Github repository.
dotCMS 5.3.6
Available: Aug 11, 2020 Demo starter image: 20200512
dotCMS 5.3.6 is a maintenance release which adds one new feature, removes one deprecated feature, and includes several minor fixes and improvements.
New Features
The following features have been added in dotCMS 5.3.6:
- New Push Publishing Notifications
- dotCMS will now automatically notify a user when a Push Publishing operation they initiated either succeeds or fails.
- Notifications will be displayed automatically in a popup, and can be viewed in the notification history window (accessible via the "bell" icon in the top-right corner of the back-end UI).
Fixes
The 5.3.6 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.6, please visit the dotCMS Github Repository.
- Fixed an issue preventing the creation of links in the WYSIWYG field editor (#19041)
- Fixed an issue which caused the Push Publishing Filters to be removed when the deploy-plugins.sh script was run (#19037)
- Fixed an issue which could cause a reindex to time out on sites with very large numbers of Content Type fields (#19033)
- Fixed an issue preventing drag-and-drop of images into WYSIWYG fields (#19018)
- Fixed an issue allowing users to delete a just-archived Page, even if no Workflow Action existed to perform a delete (#19015)
- Fixed an issue which could cause an error when fetching a contentType collection with no content via GraphQL (#18977)
- Fixed an issue which could prevent selection of a file-based-Container when the title did not match the file name (#18921)
- Fixed an issue which prevented proper front-end operation when running AdoptOpenJDK v8u262b10 (#18917)
- Fixed an issue which incorrectly allowed creation of Content Type fields with variable named "host" (#18882)
- Fixed an issue which could sometimes cause some Containers to not display any content (#18855)
- Fixed an issue preventing the Time Machine from respecting Publish and Expire dates in content displayed by Widgets (#18795)
- Fixed an issue which could prevent the Available Workflow Actions button from working in specific circumstances (#18697)
- Fixed an issue which could cause relationships on a receiver to get temporarily out-of-sync with the sender in specific circumstances (#18571)
To view more information on these and other issues, please visit the dotCMS Github repository.
Features and Dependencies Removed from dotCMS 5.3.6
A number of previously-deprecated features and dependencies have been removed from dotCMS 5.3.6.
For customers which only use the standard dotCMS distribution, these changes will likely have no impact. However for customers which build dotCMS from source or who use custom plugins, these changes may impact your build process. If you do build dotCMS or custom plugins, please review the below list to identify any dependencies which may affect your build process.
Removed Features
- The Workflow Actions Code field has been removed.
- Customers who have existing Workflow Actions that use the Code field should do one of the following before upgrading to dotCMS 5.3.6:
- If the Large Message Subaction is available in your current dotCMS version: Move the contents of the Code field to a Large Message Subaction.
- If the Large Message subaction is not available in your version, then:
- Before the upgrade, move anything in the Code field to a .vtl file, and include that file with a #dotParse() directive.
- After the upgrade, create a Large Message Subaction, and use a
#dotParse()
directive in that Subaction to parse the same .vtl file.
Additional Changes and Improvements in dotCMS 5.3.6
- Added the ability to change the location of the dotGenerated folder in the dotCMS installation (#18958)
- Added the ability to use Push Publishing Filters when downloading Bundles (#18293)
- Added a new LoggerResource, which enables logging levels to be changed dynamically (without restarting dotCMS) (#18889)
- Added a new REST API endpoint to upload Bundles (#18563)
- Added support for the hazelcast-kubernetes discovery jar, to support Hazelcast discovery in all Kubernetes distributions (#18904)
- Improved folders to allow inclusion of spaces in folder names (#16216)
- Improved Elasticsearch field mappings to perform custom mappings immediately (when a field is created, instead of just during a reindex) (#18887)
- Improved the Content Type selector drop-down to enable scrolling (#18840)
- Improved the Content Type Tool to allow editing of Content Types even if there is not a valid ES index (#18837)
- Removed an unused and unneeded icu4j library (dot.icu4j-4.0.1_2.jar) from the dotCMS Classpath (#18927)
dotCMS 5.3.5
Available: Jul 28, 2020 Demo starter image: 20200512
dotCMS 5.3.5 is a maintenance release which includes fixes for two security vulnerabilities, and some minor fixes and improvements.
Privacy and Security Updates
The following changes in dotCMS 5.3.5 fix potential security or privacy issues which have been identified by dotCMS. For more details on any of these issues, please contact dotCMS Support.
It's important to understand that some security issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.
- Fixed a potential XSS vulnerability in a specific dotCMS component (#18961)
- Updated the com.fasterxml.jackson.core library to the latest version, to address potential vulnerabilities (#18151)
Fixes
The 5.3.5 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.5, please visit the dotCMS Github Repository.
- Fixed an issue which could prevent creation of a new dotAsset when dragging an image onto the WYSIWYG file browser (#18980)
- Fixed an issue which resulted in a Bad Request response when passing the 'uri' parameter to the sitename endpoint (#18848)
- Fixed an issue which could cause errors and prevent some Workflows from working properly after upgrading a system which uses Oracle as a database (#18782)
- Fixed an issue which caused a dojo/parser error in console when adding more than 2 relationship fields (#18764)
- Fixed an issue preventing the "com.dotcms.hooks" sample plugin from working properly (#18756)
- Fixed an issue which prevented the use of relative URL Map patterns which worked in earlier dotCMS releases (#18744)
- Fixed an issue which could cause Container Ids to be duplicated under certain conditions (#18714)
- Fixed an issue which could cause all Push Publishing Filters to fail when bad data was found in any of the filter files (#18705)
- Fixed an issue which could cause reindexing to fail on some systems upgraded from very old versions of dotCMS (#18673)
- Fixed an issue which could cause errors when attempting to Push Publish files that were uploaded via WebDAV (#18626)
- Fixed an issue which could cause errors on some systems when upgrading from earlier dotCMS versions (#18524)
To view more information on these and other issues, please visit the dotCMS Github repository.
Deprecated Features
The following features have been officially deprecated in dotCMS 5.3.5. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.
- The Code field in Workflow Actions is deprecated, and will be removed in dotCMS 5.3.6.
- Anything which is displayed in a Code field should be moved into a Large Message Subaction instead.
- The Large Message subaction provides the same functionality as the Code field, but enables you greater control over the size of the popup message, and when the popup appears (relative to the other Subactions).
Additional Changes and Improvements in dotCMS 5.3.5
- Removed unnecessary messages written to the log file when using MySQL as database (#18947)
- Improved the error message displayed when a Push Publish fails due to Push Publish Filter excluding dependencies (#18792)
- Improved Elasticsearch connection in a cluster, to utilize ES load balancing features without using an external load balancer (#18870)
- Improved content export to allow export of unlimited number of content items (#18641)
- Added a
Page
field to GraphQL which contains properties of the Page (#18599) - Improved the Log File pop-up window to expand the messsage display portion of the window when the window is resized (#18556)
- Unrepackaged the com.fasterxml.jackson.core library (#18151)
- Any customers which reference the repackaged libraries in their code will need to modify the code to refer to the unrepackaged libraries instead. For example,
import com.dotcms.repackage.com.fasterxml.jackson.annotation.JsonProperty;
should be changed toimport com.fasterxml.jackson.annotation.JsonProperty;
. - Upgraded GraphQL from v11.0 to v13.0
- Upgraded the kickstart library from v7 to v9.
dotCMS 5.3.4.1
Available: Jul 21, 2020 Demo starter image: 20200512
dotCMS 5.3.4.1 is a maintenance release which includes a fix for one significant issue which may affect all sites, and fixes for several issues which may affect sites which use MSSQL or Oracle databases.
Fixes
The 5.3.4.1 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.4.1, please visit the dotCMS Github Repository.
- Fixed an issue preventing dotCMS startup on sites using MSSQL (#18940)
- Fixed an issue causing an error when a cluster was initialized on sites using Oracle (#18918)
- Fixed an issue prevented reindexing on sites using MSSQL (#18912)
- Fixed an issue which could cause the Site Browser to fail to display some folders (#18901)
- Fixed an issue causing startup and reindexing failures on sites using Oracle (#18878)
To view more information on these and other issues, please visit the dotCMS Github repository.
dotCMS 5.3.4
Available: Jul 14, 2020 Demo starter image: 20200512
dotCMS 5.3.4 is a maintenance release which includes some minor fixes, and improvements.
Fixes
The 5.3.4 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.4, please visit the dotCMS Github Repository.
- Fixed an issue which prevented users from being able to change which Site Search index was the default (#18872)
- Fixed an issue preventing site search indexing jobs from completing and being assigned as the new default Site Search index (#18869)
- Fixed an issue which could prevent a Container from displaying any content in some circumstances (#18855)
- Fixed an issue preventing the Page layout editor from working properly for some Pages (#18830)
- Fixed an issue which could cause incorrect results to be returned when searching for Site Aliases with Elasticsearch (#18805)
- Fixed an issue which could prevent the parent content in a self-joined relationship from being pushed by dependency (#18804)
- Fixed an issue preventing proper operation of Workflows in Oracle (#18782)
- Fixed an issue causing only partial display of very long file names in the Asset information window (#18691)
- Fixed an issue which could cause Push Publishing to fail in specific circumstances (#18621)
- Fixed an issue which prevented some Site Aliases from working correctly (#18187)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.3.4
- Added display of a notification when Elasticsearch is in read-only mode (#17842)
- When content is saved, if the Elasticsearch server is unavailable (due to a network error, for example), a notification will be displayed in the back-end UI.
- Availability of the Elasticsearch server will be automatically re-checked until the server is once again available - when a new notification will be displayed in the back-end UI.
- Added display of the instance Secret Key (SHA-3 Key Digest) and Cluster Id to the System -> Configuration -> Basic Info screen (#17938)
- Added the ability to update or regenerate the instance Secret Key from the System -> Configuration -> Basic Config screen (#18381)
dotCMS 5.3.3
Available: Jun 28, 2020 Demo starter image: 20200512
dotCMS 5.3.3 is a maintenance release which includes some minor upgrades, fixes, and improvements.
This release includes a number of changes which may affect existing installations. We recommend that you read through this changelog in full before upgrading any existing installations.
Important Changes
A number of important changes in dotCMS 5.3.3 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.
Configuration Changes
The following important changes have been made to configuration in dotCMS 5.3.3:
- The "Push Now" Workflow Sub-Action now allows you to specify a Push Publishing Filter (see below)
- Existing "Push Now" Sub-Actions will use whichever filter is defined as the default filter.
- By default, this will preserve the Push Publishing behavior of previous versions
- However, if you modify your Push Publishing Filters to change which filter is used as the default filter, the "Push Now" Sub-Actions will change to use the new default filter.
- You may change each "Push Now" Sub-Action to specify a filter by name, instead of using the default filter.
- The Vanity URL cache regions have changed
- Vanity URLs continue to work the same as they have in previous versions, but the underlying code has been significantly updated to improve performance and reliability.
- As part of this change, there are now two different cache regions for Vanity URLs:
vanityurlsitecache
andvanityurldirectcache
. - The
vanityurlsitecache
region stores a separate list of Vanity URLs for each host on your system - The default size of 5000 should work for almost all dotCMS instances, but if you have thousands of sites on the same dotCMS instance, you should set this region to a size that's larger than the number of hosts you expect to have on your system.
- The
vanityurldirectcache
region stores the most recently matched Vanity URLs. - The default size of 25000 will work for the majority of sites, but if your sites use Vanity URLs heavily, you may wish to monitor the cache statistics, and increase the size of this region appropriately if necessary.
New Features
The following new features have been added in dotCMS 5.3.3:
- New Push Publishing Filters enable you to selectively limit which types of content and dependencies are pushed to a receiving environment
- You may create different filters, to give your users a choice of how to push content.
- You may give different permissions to each filter, to limit the use of some filters by Role.
- You may specify a default filter, which will be automatically selected, and which will be used by default in all existing Workflow Actions.
- When upgrading your site, the default filter will be set to the "Everything and Dependencies" filter, which pushes content with all dependencies, matching the behavior of pushes in earlier dotCMS versions.
- The dotCMS starter site includes a set of standard filters.
- When upgrading your site, these filters will be installed automatically.
- For more information, please see the Push Publishing Filters documentation.
Fixes
The 5.3.3 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.3, please visit the dotCMS Github Repository.
- Removed unnecessary file metadata log messages during reindexing (#18752)
- Fixed an issue preventing the main navigation in the back-end from scrolling (#18716)
- Fixed an issue causing an error when renaming a file while creating new content (#18685)
- Fixed an issue which could cause an error when a Page without a valid template was bundled (#18598)
- Fixed an issue which could prevent import of a starter site with XML 1.1 characters in it (#18576)
- Fixed an problem with the download link on File Assets (#18561)
- Fixed an issue which could cause the Drop Old Assets Versions tool to fail when deleting a large number of records (#18494)
- Fixed an issue which could cause Elasticsearch indexing issues with heavy use of Key/Value fields (#18446)
- Fixed an issue which could cause an error when an empty VTL file was push published (#18051)
- Fixed performance and consistency issues when Vanity URLs were used in a cluster (#17278)
- Fixed an issue which could cause the buttons in the Content Type properties window to stop working under certain conditions (#18595)
- Fixed an issue which could sometimes cause GraphQL to return an incomplete URL (without the full path) #18286)
- Fixed an issue which could cause a UI (Javascript) error when a content type had two relationship fields to the same parent content type (#18152)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.3.3
- Created a new REST endpoint to load all message keys (#18530)
- Upgraded the
#dotParse()
directive to accept dotAssets (#18402) - Added the ability to open the File Browser with one click from the WYSIWYG field (#18498)
- Upgraded the Workflow Scheduled Action to support multi-lingual content (#18591)
- Implemented some internal performance improvements (#18682)
- Improved error logging in several areas (#18645)
- Improved resource handling in the Temp file API (#18676)
dotCMS 5.3.2
Available: Jun 14, 2020
dotCMS 5.3.2 is a maintenance release which includes some minor upgrades, fixes, and improvements.
New Features
The following new features have been added in dotCMS 5.3.2:
- Improved file handling in the WYSIWYG field
- Added the ability to drag and drop images into the WYSIWYG field.
- Dropped images will be saved as dotAssets, and automatically assigned to a dotAsset Content Type based on the file type, in the way as files dropped into the Content Search screen.
- Added the ability to open the File browser with one click.
- Added a button to edit image properties.
Privacy and Security Updates
The following changes in dotCMS 5.3.2 fix potential security or privacy issues which have been identified by dotCMS.
It's important to understand that both security and privacy issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.
- Fixed an issue causing some screens in the back-end UI to display improperly when the
X-Content-Type-Options
header was specified (#16955) - This issue did not cause any security issues, but prevented the use of the
X-Content-Type-Options
header, which can be used to improve security. - The
X-Content-Type-Options
header may now be used to improve browser security while accessing the dotCMS back-end UI.
Fixes
The 5.3.2 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.2, please visit the dotCMS Github Repository.
- Fixed an issue preventing upgrade from earlier release when using older versions of Postgres (#18640)
- Fixed an issue which sometimes caused conflicts when pushing legacy relationships upgraded to new relationship fields (#18616)
- Fixed an issue preventing scrolling in the Content Types Tool (#18588)
- Fixed an issue which could sometimes cause Content Type fields to be reordered unpredictably (#18542)
- Fixed an issue which could cause errors in the Content editor when a content item had related Parents that were archived (#18525)
- Fixed an issue which could sometimes prevent OSGI plugins from initializing properly, and cause noisy logging (#18501)
- Fixed an issue which caused Key Value field data to be returned in the wrong order (#18479)
- Fixed an issue which prevented GraphQL from returning related content in any Language other than the default Language (#18444)
- Fixed an issue which prevented GraphQL from returning any content in specific circumstances (#18443)
- Fixed an issue which prevented a reindex from finishing under specific conditions (#18424)
- Fixed an issue which could prevent the "What's Changed" feature from detecting content changes on the page (#18356)
- Fixed an issue which sometimes prevented access to an asset using the ID Path URL, even for admin users (#18345)
- Fixed an issue preventing multiple Tools from updating properly when the Site was changed in the back-end UI (#18148)
- Fixed an issue causing errors in the content editing screen when the Tab divider and other fields shared the same name (#18102)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.3.2
- Added a CORS filter to the GraphQL interface (#18567)
- Added a new REST API endpoint to retrieve the image URL from a dotAsset (#18427)
- Improved the query strings displayed in the Show Query popup to better match the content displayed in the Content Search screen (#18316)
dotCMS 5.3.1
Available: May 31, 2020
dotCMS 5.3.1 is a maintenance release which includes a single important fix for the 5.3.0 release.
Fixes
The 5.3.1 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.1, please visit the dotCMS Github Repository.
- Fixed an issue preventing the same File-based Container from being added to a Page more than once (#18558)
To view more information on these and other issues, please visit the dotCMS Github repository.
dotCMS 5.3.0
Available: May 20, 2020
dotCMS 5.3.0 is a major release which includes some significant upgrades and new features, performance and stability improvements, upgrades to a number of key components, and some significant changes to existing functionality.
This release includes a number of changes which may affect existing installations. We recommend that you read through this changelog in full before upgrading any existing installations.
Important Changes
A number of important changes in dotCMS 5.3.0 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.
Configuration Changes
The following important changes have been made to configuration in dotCMS 5.3.0:
- The dotCMS distribution files are now delivered as Docker images and Amazon AWS Images (AMIs), in addition to binary files.
- For the most seamless demonstration experience, dotCMS recommends Docker images for most new dotCMS users.
- However experienced dotCMS users may still download the dotCMS binary distribution for installation and upgrades.
- The internal Elasticsearch server has been removed
- All dotCMS installations must now use an external Elasticsearch server.
- All dotCMS Docker images include an external Elasticsearch server which is started and managed transparently by the Docker image.
- The main database configuration for dotCMS installations has been changed from the
context.xml
file to thedb.properties
file. - The dotCMS distribution no longer ships with a
context.xml
file. - The
context.xml
file will still be used if nodb.properties
file exists, so thecontext.xml
files of customers upgrading from earlier releases will continue to work without changes. - For more information on the new
db.properties
file, please see the Database Configuration documentation. - Elasticsearch SSL/cert verification has disabled by default.
- This change was made to improve Elasticsearch security, by allowing Elasticsearch to use HTTPS protocol even when connecting to hosts which may not have a valid cert.
- You may re-enable SSL/cert verification by setting the property
ES_TLS_ENABLED=true
in thedotcms-config-cluster.properties
file.
Changes to Default Behavior
The following differences in default behavior in dotCMS 5.3.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.
- The default database configuration file has been changed from context.xml to db.properties.
- The context.xml file is still supported, but has been deprecated, and will stop being supported in a future release.
- For more information on using the new db.properties file, or configuring your database using system variables or Docker secrets, please see the Database Configuration documentation.
- A number of potential Content Type variable names have now been designated as reserved.
- If you create a new Content Type and the variable name resolves to one of these reserved names, the variable name will automatically be modified to prevent an exact match with the reserved name.
- Existing Content Types which match these new reserved names will not be changed, but it is recommended that you consider changing Content Types with variables matching a reserved name, as the Content Type variable name may cause conflicts in some cases.
- For more information on the list of reserved names for Content Types, please see the Content Types documentation.
- Changed the default value of the H22 Cache Provider recovery threshold.
- The default value of the
cache.h22.recover.if.restarted.in.milliseconds
has been changed to0
, to prevent a restarted server from attempting to recover a bad cache.
New Features
In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 5.3.0:
- New dotAsset Base Content Type
- New Tile View of the Content Search screen
- Users may now choose to view the Content Search scren in either List view (the traditional view) or Tile view.
- New File Drag-and-Drop capability in the Content Search screen
- Users may now upload files via drag-and-drop into the Content Search screen.
- System administrators may configure dotAsset Content Types so uploaded files are automatically assigned to appropriate Content Types, based on the MIME type of the uploaded file.
- For more information, please see the File Assets and dotAssets documentation.
- New Database Configuration capabilities.
- Database configuration can now be performed via a configuration file, via system variables, or via Docker Secrets.
- For more information, please see the Database Configuration documentation.
- Vanity URLs can now be created to pass parameters to the target URI.
- The distribution now ships with an empty starter site, to enable quick development of sites from scratch.
- An External Elasticsearch server is now supported by default.
- Added new
RestClientProvider
andDotRestClientProvider
interfaces to enable custom Elasticsearch behavior - For more information, please see the Custom Elasticsearch REST Client documentation.
Fixes
The 5.3.0 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.3.0, please visit the dotCMS Github Repository.
- Fixed an issue which caused an error when the Set Value Workflow Sub-Action was executed (#18468)
- Fixed an issue preventing the ESQueryCache from initializing properly when used in a cluster (#18458)
- Fixed an issue which left the old key in use after importing a new starter (#18394)
- Fixed an issue which could sometimes cause multiple Vanity URLs to stop working, requiring a cache flush (#18364)
- Fixed an issue which could prevent the use of Time Machine future snapshots (#18355)
- Improved URL normalization to prevent the use of site specification characters (//) (#18354)
- Fixed an issue which could prevent users from added content to pages when using MySQL (#18341)
- Fixed an issue which could cause OSGI initialization errors in a clustered environment (#18319)
- Fixed an issue which could cause form submission to fail due to a permission error (#18292)
- Fixed an issue which could prevent the Site Variables window from appearing after deleting a user (#18256)
- Fixed could cause Push Publish of a new site to fail in some circumstances (#18210)
- Improved real-time validation checks in the content editing window (#18192)
- Fixed an issue which could cause the admin user menu to display incorrectly after a Login As operation (#18182)
- Fixed an issue which could cause an empty or incorrect content title to be returned in some circumstances (#18177)
- Fixed an issue which could cause Site Search indexing to fail when a Content Type detail page was not found (#18164)
- Fixed an issue which could prevent Site Search from indexing some multi-lingual versions of URL Mapped content (#18132)
- Fixed an issue preventing widget Pre-execute code from running in Page Edit mode (#18086)
- Fixed problems with the Language drop down in Page Edit mode (#18084)
- Fixed error messages in the log files when running the "Download Data/Assets" maintenance tool (#18080)
- Fixed an issue causing an incorrect error message when using Login As to a user with limited permissions (#18069)
- Fixed an issue preventing the Page Editor from correctly limiting the number of contents added to a Container (#18021)
- Fixed an issue causing incorrect $navtool operation when
ENABLE_NAV_PERMISSION_CHECK
was set totrue
(#18016) - Fixed an issue causing URL Maps to fail when the content in a URL mapped field contained a forward slash (/) (#18015)
- Fixed a spurious log error message after the completion of a reindex of a large site (#17918)
- Added configuration options to allow Elasticsearch to be run without SSL for testing purposes (#17879)
- Fixed an issue preventing automatic redirection to the login page when an unauthenticated user attempts to access a resource requiring authentication (#17858)
- Fixed an issue preventing indexing of content if the Content Type was assigned a variable name of
title
(#17850) - Fixed an issue preventing File-based Containers from working properly when the files were not on the Default Site (#17749)
- Fixed an issue preventing Site Search from respecting default language fallback for Velocity files included with dotParse (#17672)
- Fixed an issue which could cause legacy relationships to be cleared if an attempt was made to save content while the Elasticsearch index was not writable (#17601)
- Fixed an issue which could cause errors in URL Maps after an upgrade when using a root-based URL Map pattern (#17514)
To view more information on these issues, please visit the dotCMS Github repository.
Privacy and Security Updates
The following changes in dotCMS 5.3.0 fix potential security or privacy issues which have been identified by dotCMS.
It's important to understand that both security and privacy issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.
- Fixed an issue which could causing some file contents to be interpreted by the user's browser when editing the file (#18369)
- Added additional restrictions to limit access to context from scripting (#18318)
Deprecated Features
The following features have been officially deprecated in dotCMS 5.3.0. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.
- Snapshot functionality in the Elasticsearch Indexing REST API is deprecated (#16876)
- You may use the Elasticsearch native REST API snapshot functionality instead.
- Certain Content Type variable names are no longer allowed
- Certain variable names are now treated as reserved words for Content Type variable names.
- For more information, please see the Content Types documentation.
Additional Changes and Improvements in dotCMS 5.3.0
- Added a unique key to the Workflow Tasks table, to prevent the possibility that multiple Workflow tasks could end up with the same Identifier and Language Id (#17088).
- Content Type variable names are now required to be case-insensitively unique, to prevent potential conflicts (#18382).
- Added support for the INDEX_POLICY on the query string in the Workflow REST API (#18357)
- The ResourceLink feature has been updated to support all Binary fields in all Content Types (#18310)
- Several improvements were made to logging, to both reduce noise and improve messaging in some situations (#18183, #18072)
- The Temporary file endpoint has been updated to auto-assign the Content Type for dotAssets (#18064)
- The Elasticsearch
String.intern
property has been disabled to reduce CPU usage (#17899) - Elasticsearch has been upgraded from OpenDistro version 1.2.0 to OpenDistro version 1.3.0 (#17885)
- On startup, dotCMS now automatically waits until an Elasticsearch server is available (#17883)
- The ESIndexResource class has been updated to call dotCMS API methods instead of calling Elasticsearch directly (#17848)
- Automaticaly generated Site Search index Aliases are now automatically prefixed with the Cluster Id to ensure uniqueness (#17747)
- A new custom Docker image has been made available for running Open Distro Elasticsearch with dotCMS (#16806)
- Significantly improved the performance of the
/api/v1/page/render
endpoint (#18397) - Synchronized the "Download Data/Assets" and "Backup Data/Assets" maintenance tools to produce compatible ZIP files (#18388)
- Significantly reduced the CPU utilization of the MonitorResource (#18245)
- Improved the status endpoint to allow access from locations other than localhost (for use with Docker and other applications) (#18215)
- Added "title" to the list of file metadata fields indexed by default (#18172)
- Options to download index snapshots were removed from both the Index tab of the Maintenance Tool and the Site Search Tool (#18059)
dotCMS 5.2.8
Available: Apr 5, 2020
dotCMS 5.2.8 is a maintenance release which includes some minor upgrades, fixes, and improvements.
Changes to Default Behavior
The following differences in default behavior in dotCMS 5.2.8 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.
- Front-end Users may no longer preview unpublished (working) content in any location
- In previous versions of dotCMS, Front-end users could in some circumstances preview unpublished content, if they were assigned appropriate permissions to the unpublished content.
- dotCMS 5.2.8 standardizes access permissions of Front-end users across all APIs and access methods, preventing Front-end users from previewing unpublished content in any way.
- If you have existing Front-end users that need to be able to preview unpublished content, you will need to:
- Change the users from Front-end users to Back-end users (via the Users screen),
- Limit their access to the dotCMS back-end (via the Roles and Tools screen), and
- Limit their access to appropriate content (through regular Permissions).
- For more information, please see the Preview vs. Live documentation.
New Features
The following new features have been added in dotCMS 5.2.8:
- New REST API Front-end User Authentication capability
- Users can now be authenticated as either front-end or beck-end users using the REST API.
- For more information, please see the Preview vs. Live documentation.
Fixes
The 5.2.8 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.8, please visit the dotCMS Github Repository.
- Fixed an issue which caused columns in the Content Search screen to be displayed in the wrong order (#18159)
- Fixed an issue preventing the Page API from returning content items placed in Advanced Templates (#18158)
- Fixed an issue which caused Content Type Text fields configured for Numeric data to be saved as Text data (#18147)
- Fixed an issue which caused error messages in the My Account popup to be displayed incorrectly (#18143)
- Fixed an issue preventing new pages from being Push Published under certain conditions (#18126)
- Fixed issues preventing the Site name from refreshing when the a new Site was selected (#17937, #18125)
- Fixed an issue preventing a user from being remembered with the Remember Me feature after another login of the same user from a differen location (#18101)
- Fixed an issue which could cause Front-End users to get a 403 (access denied) error when accessing a front-end form requiring authentication (#18076)
- Fixed an issue which caused already-pushed content to be re-pushed after a bundle was deleted on the sender (#18025)
- Fixed an issue which caused content which was archived on the sender to be deleted from the receiver when Push Published (#17994)
- Fixed an issue which caused items to continue to appear in Site Search after being unpublished or archived (#17976)
- Fixed an issue which could prevent a limited user from being able to create rules, even when granted appropriate permissions (#17901)
- Fixed an issue preventing Vanity URLs from working if there was a trailing slash in Uri field (#16433)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.2.8
- Improved the user interface of the Relate Content popup:
- Added the ability to search by hitting the Enter key in the Relate Content popup (#18038)
- Updated the Relate Content popup to allow a click anywhere on the line to select content (#16936, #17981)
- Improved the management and performance of clusters when using Docker containers and Kubernetes (#18050, #18190)
Upcoming Changes in dotCMS 5.3.0
The dotCMS 5.3.0 release, currently planned for release in April 2020, will contain some important changes that may impact your system configuration and processes. Please review the changes listed below to be aware of these changes, and if necessary, begin preparing for them.
- Removal of embedded Elasticsearch server
- dotCMS 5.3.0 will no longer include an embedded Elasticsearch server.
- This means that all customers upgrading to dotCMS 5.3.0 will need to use an external Elasticsearch server.
- The dotCMS Docker reference containers are all designed to use a containerized Elasticsearch server out-of-the-box, so switching to a Docker deployment is a very good option for customers that want to upgrade to 5.3.0 with the minimum effort.