dotCMS 5.2.7
Available: Mar 8, 2020
dotCMS 5.2.7 is a maintenance release which includes some minor upgrades, fixes, and improvements.
New Features
The following new features have been added in dotCMS 5.2.7:
- New Asset Base Content Type enables creation of files and images in a repository without an explicit URL path
- You can now create Content Types which contain files and images, but which are not located in a specific location within the site.
- For more information, please see the Base Content Types documentation.
Fixes
The 5.2.7 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.7, please visit the dotCMS Github Repository.
- Fixed an issue preventing some Image and File field types from being displayed by GraphQL API (#18005)
- Fixed an issue which could prevent Push Publishing of a Rule actively running on the receiver (#17930)
- Fixed an issue which could prevent Worklow execution by a user without permissions to the Default site (#17876)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.2.7
- Added support for Image Focal Points when using the
/da
image URL format with "shorty" Ids (#17965) - For more information, please see the Image Resizing and Processing documentation.
- Added the ability to make Binary fields indexable and displayable using the Show in List field property (#17944, #18022)
- Note: Only the first Binary field on a Content Type can be indexed and set to Show in List.
dotCMS 5.2.6
Available: Feb 20, 2020
dotCMS 5.2.6 is a maintenance release which includes some minor upgrades, fixes, and improvements.
New Features
The following new features have been added in dotCMS 5.2.6:
- New Reset Approvers Workflow Sub-Action allows Workflows relying on multiple approval to reset the list of approvers if the content is re-edited after previously being approved.
- For more information, please see the Multiple Approval Sub-Actions documentation.
- New Default Workflow Action settings are available in the Workflow Scheme properties screen.
- You can now set Default Workflow Actions so that if standard operations on content (e.g. New, Save, Publish, Unpublish, etc.) are performed using a method that does not execute a Workflow Action, the operation will be automatically performed using a Workflow Action you specify.
- For more information on the types of Default Workflow Actions that can be assigned, please see the documentation on Default Workflow Actions.
Fixes
The 5.2.6 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.6, please visit the dotCMS Github Repository.
- Fixed an issue preventing users from switching a WYSIWYG field to Text and back to WYSIWYG (#18018)
- Fixed an issue which prevented URL map field values containing forward slashes from working properly (#18015)
- Fixed an issue preventing unauthorized attempts to access pages from properly redirecting to the login page (#18010)
- Fixed an issue preventing relationships on the Host Content Type from displaying in the Back-end (#17928)
- Fixed an issue causing some types of navigation menus from displaying properly in the Page Editor in Edit mode (#17896)
- Fixed an issue preventing selection of some filter combinations in the User Tool (#17895)
- Fixed an issue which could cause some browsers to auto-fill new passwords on the change password screen (#17889)
- Fixed an issue preventing Categories from being sorted properly via the Sort Order field (#17798)
- Fixed an issue preventing file-based Containers from working properly when not located on the default Site (#17749)
- Fixed an issue which could prevent relationships from being saved correctly in some cases when using "Relate New Content" (#17743)
- Fixed an issue causing an incorrect URL to be displayed in the Task Detail screen (#17532)
- Fixed an issue causing errors in the GraphQL API when Content Types have fields with specific variable names (#17515)
- Fixed an issue which caused the Event popup to display incorrectly if the End Date field in the Event Content Type was moved before the Start date field (#17497)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.2.6
- Upgraded the starter site included with the release distribution to a brand new, completely rebuilt site which demonstrates many of the newer and more sophisticated features of dotCMS.
- Please perform a fresh installation of dotCMS 5.2.6 to a new location to have the new starter site installed for you.
- Once the new starter site is installed, you can use Bundles to copy features from the new starter site to your existing site.
- Improved the "Add to Bundle" functionality to remember the last Bundle name selected (#14066)
- Added a new parameter to the Content REST API to return full Category information in results (#12739)
- The
includeCategoriesExtraInfo
URL parameter can now be supplied (e.g./includeCategoriesExtraInfo/true
) to reutrn full Category information in the results. - Added the ability to create "pluggable" content field validations using OSGI plugins (#17773)
- This allows you to add your own custom code to perform sophisticated and proprietary validations on the data users enter into your content fields.
- Improved the Binary field to allow limiting of both file length and file type in all uploaded files (#17772)
- You may use the
allowedFileTypes
Field Variable to specify which mime types may be uploaded, and themaxFileLength
Field Variable to limit the size of all uploads. - Since these limitations are implemented as Field Variables, you may set different limits for different Binary fields, even within the same content type (to ensure, for example, that one Binary field is used to upload only videos, while another is used to upload only photos).
dotCMS 5.2.5
Available: Feb 6, 2020
dotCMS 5.2.5 is a maintenance release which includes some minor upgrades, fixes, and improvements.
New Features
The following new features have been added in dotCMS 5.2.5:
- New Image Focal Point feature
- You can now add a focal point to images to enable more intelligent cropping.
- For more information, please see the Crop functionality in the Image Resizing and Processing documentation.
Fixes
The 5.2.5 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.5, please visit the dotCMS Github Repository.
- Fixed an issue which could cause the Navtool Viewtool to return incorrect items in some circumstances (#16589)
- Fixed an issue preventing Vanity URLs from properly redirecting to URL-mapped content (#16684)
- Fixed an issue which could prevent the Time Machine from displaying individual future content in some circumstances (#17594)
- Fixed an issue causing some valid folder names from being rejected (#17751)
- Fixed an issue causing Archived content to be copied to a new Site as Unpublished (#17763)
- Fixed an issue which could improperly prevent use of the Workflow API in some circumstances (#17794)
- Fixed an issue with the Content Search tool when the Back-end UI language was set to Spanish (#17797)
- Fixed an issue which could prevent pages on a non-default host from being found in the Page editor (#17803)
- Fixed an issue causing duplicate Containers to appear when paging through Containers (#xxxxx)
- Fixed an issue preventing the Site selector from refreshing properly in Chrome in some circumstances (#17828)
- Fixed an issue preventing the "Send for Review" feature from working when viewing Workflow Task details (#17829)
- Fixed an issue adding files with long names in the WYSIWYG field (#17833)
- Fixed an issue preventing the user menu selections from displaying under certain conditions (#17855)
- Fixed an issue preventing constant fields from being included in JSON responses (#17864)
- Fixed an issue which could prevent the Image Editor from scrolling down on large images (#17940)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.2.5
- Improved the REST API to allow Binary fields to be uploaded by specifying a remote URL (#16852)
- Previously, files needed to be uploaded to dotCMS prior to adding them to Binary fields.
- Simplified the Image Processing REST API to eliminate the need to explicitly specify which filters are used and in what order.
- You may now simply supply the appropriate filter parameters, and the filter operations will be performed in the order the parameters appear.
- You may also continue to explicitly specify the filters and the filter order (as in older versions), so older image URLs do not need to be modified in any way.
- For more information, please sse the Image Resizing & Processing documentation.
dotCMS 5.2.4
Available: Jan 23, 2020
dotCMS 5.2.4 is a maintenance release which includes some minor upgrades, fixes, and improvements, and an important security update.
Important:
dotCMS 5.2.4 includes an important fix for a critical security vulnerability. This vulnerability has already been mitigated for existing dotCMS Enterprise and dotCMS Cloud customers. However, if you are a Community Edition customer, it is strongly recommended that you upgrade to dotCMS 5.2.4 as soon as possible.
Privacy and Security Updates
The following changes in dotCMS 5.2.4 fix potential security or privacy issues which have been identified by dotCMS.
- Fixed a critical security vulnerability reported in CVE-2020-6754
- Fixes for this vulnerability have been generated for all affected dotCMS versions.
- Fore more information, including mitigation measures and the link to the CVE alert, please see security issue SI-54.
Fixes
The 5.2.4 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.4, please visit the dotCMS Github Repository.
- Fixed an issue preventing the Redirect URL property from working with custom Page Content Types (#15427)
- Fixed an issue causing CMSFilter to return a 404 for URLs containing a plus sign (#17261)
- Fixed an issue preventing the Copy Site operation from properly copying Page contents to a new Site (#17541)
- Fixed an issue which could sometimes cause Push Publishing conflicts when pushing Language Variables (#17596)
- Fixed an issue which could prevent users from being able to edit Sites without View permission on the Default Site (#17612)
- Fixed an issue preventing the Asset Backup tool from using the ASSET_REAL_PATH configuration (#17620)
- Removed an old/invalid foreign key from some database upgrade scripts (#17647)
- Fixed an issue causing WebDAV to force folder and file names to lowercase (#17698)
- Fixed an issue causing GraphQL to return a null when no Content Types of a queried Base Type existed (#17717)
- Fixed an issue which could prevent browsing beyond five sub-folder levels when adding a file to a WYSIWYG field (#17792)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.2.4
- The Back-end Menu Navigation has been improved to allow the menu to remain collapsed continually.
- Added the ability to set a security constraint on the assets folder in the web.xml file (#17835)
- The REST Content Type API has been enhanced to allow specification of additional default Workflow Actions
- Default Workflow Actions may now be specified for UNPUBLISH, ARCHIVE, UNARCHIVE, DELETE, and DESTROY, in addition to existing NEW, EDIT, and PUBLISH default actions.
- Improved the content import and REST API save functions to accept remote URLs for the content of Binary Fields (#16852)
- Prevented the copy of Workflow history when making a copy of a content item (#17550)
dotCMS 5.2.3
Available: Jan 2, 2020
dotCMS 5.2.3 is a maintenance release which includes some minor upgrades, fixes, and improvements.
New Features
The following new features have been added in dotCMS 5.2.3:
- New Elasticsearch Custom Field Mappings
- Custom Elasticsearch mappings may now be created for individual Content Type fields.
- For more information, please see the How Content is Mapped to Elasticsearch documentation.
- New Language REST API Operations
- Methods to allow Save, Update, and Delete of languages have been added to the Language REST API.
- For more information, please see the REST API Endpoints documentation.
Fixes
The 5.2.3 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.3, please visit the dotCMS Github Repository.
- Fixed an issue which could cause incorrect bundle audit information to generate noisy log messages (#17626)
- Fixed an issue preventing the Bundles screen from refreshing after a Bundle was deleted (#17676)
- Fixed an issue preventing Language Variables containing spaces from resolving correctly (#17679)
- Fixed an issue which could prevent past Time Machine snapshots from being displayed (#17684)
- Fixed an issue preventing images in WYSIWYG fields from being selected (#17731)
To view more information on these and other issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.2.3
- The Page REST API (
/api/v1/page
) includes several new enhancements to support Single Page Applications (SPAs): - Information for all content contained in a Page is now rendered in results (#17665)
- Content of URL Mapped pages is now rendered in results (#17666)
- Languages passed via URL parameters can now be specified by language code (e.g. "en-US") as an alternative to language ID (e.g. "1") (#17700)
- TinyMCE (used in the WYSIWYG field) has been upgraded from version 4.1.6 to version 4.9.6.
dotCMS 5.2.2
Available: Dec 12, 2019
dotCMS 5.2.2 is a maintenance release which includes some minor upgrades, fixes, and improvements.
New Features
The following new features have been added in dotCMS 5.2.2:
- New Delete All Versions Workflow Sub-Action
- A new Workflow Sub-action has been added to delete all Language versions of a content item.
- For more information, please see the Workflow Sub-actions documentation.
- New Delete Push Publishing Bundles REST Endpoint
- A new REST API endpoint has been added to enable deleting old Push Publishing bundles.
- For more information, please see the REST API Endpoints documentation.
Fixes
The 5.2.2 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.2, please visit the dotCMS Github Repository.
- Fixed an issue preventing the Push Publish popup from displaying from the Tasks Tool (#17026)
- Fixed an issue which could prevent proper batching of transaction when calling Quartz from code (#17591)
- Fixed an issue preventing GraphQL from returning IDs for new languages (added after upgrade to dotCMS 5.1.0+) (#17615)
- Fixed incorrect key when serializing the Visitor object (#17616)
- Fixed an issue preventing Lucene date range queries from working (#17621)
- Fixed an issue causing upgrades to dotCMS 5.2.1 to fail for systems with no URL Maps (#17642)
- Fixed a javascript error when selecting a relationship from the relationship select popup (#17663)
To view more information on these issues, please visit the dotCMS Github repository.
Additional Changes and Improvements in dotCMS 5.2.2
- Folder name restrictions have been implemented at the API level, to ensure bad folder names can not be created through WebDAV and other means (#16715)
- Changed deletion of Content Type fields to perform the deletion in the background (#16939)
- To improve compatibility, the GraphQL implementation has been modified to remove Base Types as Interfaces, and no longer allow specification of individual fields for Base Type collections (#17560)
- REST API calls which return related content were improved to respect supplied language parameters for both parent and related content (#16917)
dotCMS 5.2.1
Available: Nov 6, 2019
dotCMS 5.2.1 is a major release which includes some significant upgrades and new features, performance and stability improvements, upgrades to a number of key components, and some significant changes to existing functionality.
Fixes
The 5.2.1 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.1, please visit the dotCMS Github Repository.
- Fixed an issue with the Forms preventing binary submits from working properly (#17468)
- Fixed an incorrect default sort order on Custom Content Portlets (#17455)
- Fixed an issue causing redirection to a blank page after adding a Menu Link (#17347)
- Fixed an issue causing display of a blank page (instead of a license required message) when viewing Rules in Community Edition (#17512)
- Fixed an issue preventing Forms from being added properly to personalized Pages (#17554)
- Fixed an issue causing error messages in REST API calls to be incorrectly included in the response header (#16383)
- Fixed an issue preventing the navigation cache from updating properly when a Page was copied (#17353)
- Fixed an issue preventing proper display of some Container fields when changing the Max Contents field value (#16782)
- Fixed an issue where the removed
REST_API_CONTENT_ALLOW_FRONT_END_SAVING
configuration property was still required in some circumstances (#17510) - Fixed an issue which could give anonymous users access to content when the Front-End User Role was explicitly given permissions to that content
- Fixed issues preventing self-joined Relationship fields from working correctly in some REST API calls (#17477, #17492, #17529)
- Fixed an issue preventing related content from displaying properly after a bundle containing related content is uploaded (#17528)
- Fixed an issue preventing display of content with different live and working versions (#17451)
- Fixed an issue allowing more than one content to be related on a Relationship field with One-to-One cardinality (#17524)
- Fixed an issue which could cause content in a Container to be removed from the Page when the layout is changed under specific circumstances (#17435)
- Fixed an issue which could cause a log exception and incorrect content display with an empty duplicate Container in a Page (#17553)
- Fixed an issue which could cause the selected Site to change when copying and pasting a folder (#17113)
- Fixed an issue which could allow content to be related to itself in certain circumstances (#17543)
- Fixed an issue which could cause upload of new files via WebDAV to fail (#17506)
- Fixed an issue which allowed only one user to see a Workflow Task with "Four Eyes Approval" in progress (#17250)
To view more information on these issues, please visit the dotCMS Github repository.
Known Issues in dotCMS 5.2.1
The following known issues in dotCMS 5.2.1 will be addressed in future dotCMS releases:
- Translations for 2 newly added strings were not included in the release.
- If you wish to include these translations in your 5.2.1 distribution, you can find the translations (with key names
dot.common.press
anddot.common.message.no.workflow.schemes
) in the dotCMS Github repository, and manually add them to the language strings files in your distribution.
Privacy and Security Updates
The following changes in dotCMS 5.2.1 fix potential security or privacy issues which have been identified by dotCMS.
It's important to understand that both security and privacy issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.
- Fixed an issue which could allow anonymous users access to working versions of content when the Front-End User Role was explicitly given View permissions to that content (#17526)
Additional Changes and Improvements in dotCMS 5.2.1
- Added caching to 404 error results pages (#17377)
- Improved performance by removing redundant Hibernate code (#17428)
- Added language flags to relatable content on new Relationship fields (#16129)
- Improved logging when content validation fails (#16165)
- Added a message to indicate when there are no available Workflow Actions for content (#17533)
- Improved responsiveness of Content Type field deletion (#16939)
- Improved file access performance by caching file system metadata (#17269)
- Improved File Container caching and performance (#16597)
- Reduced unnecessary logging when a live version of content can not be found (#17551)
- Geolocation information has been added to the Visitor object (#17495).
dotCMS 5.1.6
Available: Jun 5, 2019
dotCMS 5.1.6 is a maintenance release which includes fixes for several issues which affected some customers running the 5.1.0 and 5.1.5 releases.
Important Changes
Important changes in dotCMS 5.1.6 configuration may impact your configuration and system behavior when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.
Changes to Default Behavior
The following differences in default behavior in dotCMS 5.1.6 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.
- XSS Prevention Filter
- In order to minimize XSS and CSRF vunerabilities, dotCMS now will block direct access to all files under the /html and /dotAdmin directories unless dotCMS is sent a valid
referer
orOrigin
header. - This new behavior is enabled by default, but can be turned off (allowing requests without a valid referrer or Origin to access these folders) by adding the following property to the dotmarketing-config.properties file:
XSS_PROTECTION_ENABLED=false
- For more information, please see the Security Best Practices documentation.
Improvements
The following improvements have been added in dotCMS 5.1.6:
- Added a new XSS Prevention Filter to proactively help prevent XSS and CSRF attacks (#16605)
- Changed UI behavior to prevent dialogs from closing when you click outside of them (#16638, #16639)
Fixes
The 5.1.6 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.1.6, please visit the dotCMS Github Repository.
- Fixed an issue preventing Key/Value fields from being added to the index (#16313)
- Fixed an issue which could cause a push of an entire site to fail (#16481, #16623)
- Fixed an issue which could cause pagination in the back-end to fail when running under HTTPS (#16502)
- Fixed an issue which caused a reindex of the File Asset Content Type to cause a full reindex (#16545)
- Translated some back-end strings which were not translated in all supported languages (#16584, #16660)
- Fixed an issue preventing the "All" Content Type selection from working with Custom Content Tools (#16587)
- Fixed an issue which prevented limited users without access to the Content Tool from viewing Workflow Tasks (#16590)
- Fixed an issue which prevented limited users from being able to logout properly (#16591)
- Fixed an issue which prevented content from being removed from the index performing "Delete then Reindex" (#16592)
- Fixed an issue preventing the /api/content/publish endpoint from working with multipart form data (FileAssets) (#16600)
- Fixed an issue which caused static publishing to AWS S3 to fail when dotCMS was used in a Docker environment (#16612)
- Fixed an issue preventing cache flush of individual Content Types from working (#16626)
- Fixed an issue which could prevent deleted content from being cleared during a full reindex (#16664)
- Fixed an issue preventing display of a front-end URL mapped page when logged into the back end (#16671)
To view more information on these issues, please visit the dotCMS Github repository.
dotCMS 5.1.5
Available: May 8, 2019
dotCMS 5.1.5 is an intermediate release which includes some minor improvements and features, and some significant performance improvements, specifically for customers with large content repositories.
Important Changes
A number of important changes in dotCMS 5.1.5 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.
Important: The Minimum Java Version Has Changed
dotCMS 5.1.5 will only work with version 1.8.0_162 or later of Java.
- Earlier versions of Java will not work, even for systems which were upgraded from earlier dotCMS releases.
- If the java version cannot be updated, you must install the Unlimited Strength Jurisdiction Policy Files (available at here).
-
- Not having this support will result in an "InvalidKeyException" when attempting to use 192 or 256 bit keys.
New Features
In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 5.1.5:
- Reindex performance has been greatly improved, especially for large content stores.
- For more information, please see the dotCMS Github Repository.
- Added the ability to generate stateless API Access Tokens using JWT, which can be used for authentication by applications, and which can be issued and revoked from the back-end UI.
- For more information, please see the Authentication Using JWT documentation.
- Page Layouts can now include custom CSS classes for specific Rows and Containers in the Layout.
- For more information, please see the Page Layouts documentation.
- You can now create Custom Content Tools which display only the Content Types you wish.
- These behave the same as the existing Content Search screen, but display only a limited set of Content Types you define. For example, you can create a Tool which displays only Blog content, only News content, or a combination of Blogs and News.
- For more information, please see the Custom Tool Groups documentation.
- The DotAjaxDirector API now take both JSON and API tokens.
- This allows you, for example, to add and push Bundles using an API method.
- For more information, please see the DotAjaxDirector API documentation.
- The Workflow "fire" REST API endpoint has been improved.
- The fire endpoint now accepts binary (multipart) content and new Relationships fields.
- The fire endpoint now provides full equivalence with the legacy /api/content endpoint.
- It is recommended that all new development use the Workflow fire endpoint instead of the legacy /api/content endpoint.
- The fire endpoint now accepts specification of Workflow Actions by the Action Name or ID.
- Added additional logging to the Push Publishing feature (#16197)
- The back-end login screen has been redesigned for simplicity and greater ease-of-use.
- A new "post" method was added to the JSONTool which allows you to send a request to the remote server using an HTTP POST.
- For more information, please see the JSONTool documentation.
Fixes
The 5.1.5 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.1.5, please visit the dotCMS Github Repository.
- Fixed an issue which could cause a compliation error when importing some OSGI packages (#16377)
- Enabled the use of "text/*" types with the content REST API (#15934)
- Removed a limitation of REST API calls that prevented them from respecting LoggedInUser permissions (#16135)
- Fixed an issue that caused file-based Containers to render incorrectly in Page edit mode (#16263)
- Fixed an issue where an incorrect error code was returned when using an invalid identifier with the /vtl REST API (#15799)
- Removed an inactive button from the Community Edition Content Search screen (#16270)
- Fixed an issue which could prevent content from being published when the Tag field was Required (#16026)
- Fixed problems that resulted when using the word "content" as a key in a Key/Value field (#16046)
- Fixed an issue causing a Javascript error when a zero content Container was displayed in the Page editor (#16329)
- Fixed an issue which could cause incorrect content to be displayed from the cache when pushing content using a shorty ID (#16310)
- Fixed an issue which could display an empty popup when displaying health for a single index (#16331)
- Fixed an issue which could prevent content saves during switch-over to a new index (#15421)
- Fixed an issue which could prevent saving of existing content after changing a field to Required (#16376)
- Fixed an issue that could data corruption with self-reltaed content if the order of Relationships fields was changed (#16420)
- Made several improvements to Vanity URL caching (#16333, #16337, #16413)
- Fixed an issue which could cause display artifacts when an invalid icon was set for a Tool Group (#16246)
To view more information on these issues, please visit the dotCMS Github repository.
Deprecated Features
The following features have been officially deprecated in dotCMS 5.1.5. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.
- Version 2 of the FieldResource REST API has been replaced with a new version (version 3), and version 2 is now deprecated.
dotCMS 5.1.1
Available: Mar 25, 2019
dotCMS 5.1.1 is a maintenance release to fix one specific issue which affected some customers with the dotCMS 5.1.0 release.
It is recommended that all customers running the 5.1.0 release upgrade to dotCMS 5.1.1 as soon as possible.
Fixes
- Navigation problems could be encountered in the Page editor under some circumstances (#16221)
To view more information on this issue, please visit the dotCMS Github repository.
dotCMS 5.1.0
Available: Mar 13, 2019
dotCMS 5.1.0 is a major release which includes some major upgrades and new features, performance and stability improvements, upgrades to a number of key components, and some significant changes to existing functionality.
This release includes a number of changes which may affect existing installations. We recommend that you read through this changelog in full before upgrading any existing installations.
Important Changes
A number of important changes in dotCMS 5.1.0 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.
Changes to Default Behavior
The following differences in default behavior in dotCMS 5.1.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.
- Permissions required to create new Content Types has increased.
- The authority level required to create new Content Types has been increased from EDIT to PUBLISH (#15285)
- This change will not have any effect on any existing Content Types.
- However if you have users who need to be able to create new Content Types, you will need to ensure that these users have PUBLISH permissions for Content Types in all locations where they will be creating new Content Types.
- Users with EDIT authority will still be able to modify Content Types, but will not be able to create new ones.
New Features
In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 5.1.0:
- New Relationships Fields
- A new type of Relationship field has been added, offering significant improvements over the legacy Relationships from older versions.
- You may now create Relationships by adding Relationships to Content Types as fields which are created and displayed separately for each side of the Relationship.
- This change provides more flexibility in the types of Relationships you can create, allowing you to now create both One-to-One Relationships and Relationships which are visible from only one side of the Relationship.
- These new Relationships also allow you to access related content directly via Lucene and Elasticsearch queries, treating related content as a field of the content, rather than requiring dedicated methods (such as
$dotcontent.PullRelated()
) to retrieve related content. - Using the new Relationship fields, you may also now search for related content from the Content Search screen.
- Legacy Relationships and Legacy Relationships fields are both still supported for backward compatibility.
- You may mix new Relationships fields and Legacy Relationships fields in the same Content Type.
- You can choose to convert Legacy Relationships to new Relationships fields, but to ensure backward compatibility, conversion will not be done automatically.
- A "Relationships" tab in Content Types will still be displayed if you have Legacy Relationships on a Content Type and have not added a Legacy Relationship field to the Content Type.
- However the "Relationships" tab is now built as a regular Tab-Divider field followed by a Legacy Relationships field in the Content Type, and any new Relationship fields will not display in the Legacy Relationships field.
- For information on how to upgrade your existing Relationships to the new Relationships fields, please see the Migrating Legacy Relationships documentation.
- For more information, please see the Relationships documentation.
- Containers as Files
- You may now create and manage Containers completely via files.
- These files may be managed via WebDAV and other file management operations, easing integration of dotCMS with your CI/CD operations.
- As part of this change, some Containers in the dotCMS Starter site were converted to File Containers.
- For more information, please see the File Based Containers documentation.
- Custom REST Endpoints
- You may now easily create custom REST endpoints using Velocity files.
- All HTTP Methods for RESTful services are supported, including GET, POST, PUT, PATCH, and DELETE.
- Velocity methods have been added which simplify the generation of output in JSON and XML formats for your custom endpoints.
- A /vtl/dynamic REST endpoint has been added which allows you to render output from HTML and Velocity code dynamically.
- For more information, please see the Scripted Custom Endpoints documentation.
- GraphQL REST API
- A REST API has been added that supports the GraphQL dynamic query language for retrieving content.
- GraphQL allows you to selectively retrieve and arrange the content and fields you retrieve, enabling you to reduce the size of responses and insulate your applications from future changes to your dotCMS content and Content Types.
- For more information, please see the GraphQL documentation.
- Field Variables for Content Type Fields
- You may now add "Field Variables" to fields in your Content Types.
- These Field Variables can be used to distinguish and handle fields of the same field type differently, either within the same Content Type or among different Content Types.
- The Field Variables for a Content Type field may be accessed from both Velocity code and Plugins.
- These field variables are now used to allow customization of the WYSIWYG field, and are intended to be expanded to allow customization of other Content Type fields in the future.
- WYSIWYG Field Customization on a per-Content Type and per-Field Basis
- You may use the new Field Variables feature to specify tinyMCE customizations for each WYSIWYG field individually by specifyin a Field Variable named
tinyMCEProps
, which will be used to initialize the WYSIWYG field editor. - For more information, please see the WYSIWYG Field documentation.
- CORS Header Configuration
- You can now configure headers to send with CORS requests.
- Headers can be configured as global defaults, and can be overridden for specific endpoints.
- For more information, please see the CORS Header Configuration documentation.
Fixes
The 5.1.0 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.1.0, please visit the dotCMS Github Repository.
- Fixed an issue that could cause a Null Pointer Exception during Push Publishing under some conditions (#9110)
- Fixed an incorrect message when incorrect values were entered while adding a new Language (#13168)
- Fixed an issue which prevented the site selector list from being updated when using Login As (#14116)
- Fixed an issue preventing the site selector from updating when using the Login As feature (#14116)
- Fixed an issue which could cause different language versions of the same content to be saved separately (#14966)
- Fixed an issue preventing a limited user from creating a new Content Type under certain conditions (#15285,#15308)
- Fixed an issue which could cause an error on a Page if a Container on the Page was archived (#15331)
- Fixed an issue causing Push Publish to fail in specific circumstances after adding a new Language (#15359)
- Fixed an issue preventing the History and Permissions tabs on Events from being refreshed on save (#15439)
- Fixed an issue preventing limited users from using the Device Preview feature (#15474)
- Fixed an issue which could cause a new Site Search to fail (#15475)
- Fixed an issue preventing Pages at the root of the site from being selectable as URL Map Detail pages (#15482)
- Corrected some widget sorting issues in the Page Editor (#15486)
- Fixed an issue which could cause an error when trying to rearrange or un-check the Required property on a Category field (#15504)
- Fixed an issue which could prevent a limited user from navigating public pages in the back-end (#15506)
- Fixed some issues which could cause Elasticsearch indexing to fail to complete (#15512)
- Fixed an issue which could cause content save to freeze with a custom list of Languages (#15624)
- Fixed an issue which could cause the Page Editor to render incorrectly when Velocity errors exist on the Page (#15640)
- Fixed an issue which caused Push Publishing errors when Tags contained single quotes (#15792)
- Removed the server name and port from generated URLs, to support containerization and applications behind proxies (#15833)
- Synchronized the properties returned by the Page API /json and /render methods (#15928)
To view more information on these issues, please visit the dotCMS Github repository.
Deprecated Features
The following features have been officially deprecated in dotCMS 5.1.0. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.
- Legacy Relationships and Legacy Relationship fields
- Legacy Relationships and Legacy Relationship fields on Content Types are both officially deprecated.
- You may migrate all Legacy Relationships to the new Relationship Fields at any time.
- Legacy Relationships, Legacy Relationship fields, and Velocity methods referencing Relationship name rather than Content Type field name will all continue to supported for a period of time.
- However Legacy Relationships and code should be converted to new Relationship fields as soon as possible, to ensure forward compatibility with future releases.
- CommentActions class
- The CommentActions class has been deprecated and is no longer shipped with the dotCMS distribution. Customers with legacy code that relies on this class should add the class using a plugin.
Additional Changes and Improvements in dotCMS 5.1.0
- Updated the Push Publish Workflow sub-Action dialog to allow Push Delete with Workflows.
- Added navigation crumbtrails to the back-end user interface.
- Made several improvements to the content search listing in the Page Editor.
- Improved indexing performance when saving and publishing content.
- Added "/servlet/" to the list of paths for the DefaultBackEndLoginRequiredWebInterceptor (#15548)
- Added the hostName to the results in the /es/search REST endpoint (#15574)
- Added a titleImage property to all content, allowing easy access to images on different Content Types (#15575)
- Added additional logging for Push Publishing (#15595)
- Improved error handling when a new Page is created with a URL that is already in use (#15951)
- Added the ability for the /es/search REST API to return working as well as live content (#15982)
- Upgraded the contentlet API to return related content for retrieved content items (#9411)
- For source code distributions, the default path for functional tests was changed from
/servlet/test
to/dotTest
(#15548) - Angular has been upgraded from version 4.4.6 to version 7.2.0.
- PrimeNG has been upgraded from version 4.3.0 to version 7.0.3.
- There were no UI changes in relation to this upgrade; the upgrade was made to maintain currency and compatibility only.
dotCMS 5.0.3
Available: Nov 14, 2018
dotCMS 5.0.3 is a maintenance release to fix several issues which affected some customers with the dotCMS 5.0.2 release.
It is recommended that all customers running the 5.0.0, 5.0.1, or 5.0.2 releases upgrade to dotCMS 5.0.3 as soon as possible.
Fixes
- Site selector did not update to show appropriate sites when using the Login As feature (#14116)
- Push publishing a file or page could fail after push removing the parent folder (#15022)
- In some circumstances, Categories referenced by a content type were not pushed by dependency with the content (#15172)
- The Elasticsearch transport port and http port configuration settings were not honored when using auto-wire clusters (#15277)
- The list of Widget Types was not sorted when adding a Widget to a Page (#15290)
- In the Content Type editor, Category fields could not be renamed without also changing other field parameters (#15309)
- Static publish to an Amazon S3 bucket of pages using Sass could fail to render correctly (#15310)
- Archiving a container which was used on a Page could cause an error when the Page was accessed on the front-end (#15331)
- Image, Textarea and WYSIWYG fields on existing content could not be completely cleared in the content editing screen (#15340, #15353)
- Some OSGi plugins placed in the felix/load directory were not loaded properly when dotCMS was started (#15358)
- The Base Types list in the Content Types tool was not ordered correctly (#15382)
- In some cases, not all appropriate Bulk Workflow Actions were displayed for a limited user (#15385)
- Applying "Cascade Permissions" to a Site from the Roles & Tools screen did not update child permissions (#15389)
- The NavResource REST API did not return a nested JSON object (#15390)
- In the Page ditor, when any Container included Velocity code with errors, an error was displayed for the whole Page instead of for just the problem Container (#15395)
- If the Template set for a Page did not exist, the template for the Page could not be changed (#15401)
- The Host Content Type was incorrectly allowed to be moved from the SYSTEM HOST (#15410)
- If a Content Type had a detail page that did not exist, the content would fail to index properly (#15423)
- When a user session expired, the automatic redirect to the Login page did not work correctly (#15437)
- Limited user was unable to reorder menus in the Page editor when any Page was locked by another user (#15450)
- Device preview could fail for some users in some browsers (#15474)
- Running a new Site Search job could fail in some circumstances (#15475)
- When setting the Detail Page for a Content Type, pages on the root of the site could not be selected (#15482)
- The PersonaTool.getPersonas() method did not work for unauthenticated (front-end) users (#15484)
- Reorder of fields in a Content Type could fail in some circumstances (#15504)
- Within the Page editor, Navigation on the Page sometimes did not work properly for limited users (#15506)
- In some conditions, an Elasticsearch reindex could get stuck (#15512)
- In some cases limited users could not view content which was permissioned to be viewable by unauthenticated users (CMS Anonymous) (#15523)
To view more information on these issues, please visit the dotCMS Github repository.
Deprecated Features
The following features have been officially deprecated in dotCMS 5.0.3. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.
- H2 database is deprecated.
- The H2 database was previously fully supported for development only.
- With the release of dotCMS 5.0.3, the H2 database is now officially deprecated, even for development.
- The H2 database will be replaced in a future version with a dotCMS Docker image which uses a Postgres database.
dotCMS 5.0.2
Available: Sep 19, 2018
dotCMS 5.0.2 is a maintenance release to fix several issues which affected some customers with the dotCMS 5.0.1 release, and to address two newly identified security issues.
It is recommended that all customers running the 5.0.0 and dotCMS 5.0.1 releases upgrade to dotCMS ${version} as soon as possible.
Fixes
- Added a check to the startup process to ensure that existing assets are not deleted if the configuration of the existing site is not correct (#14819).
- Fixed an issue preventing sorting of content by Workflow Step if any content item was set as [Not Assigned] (#14897).
- Fixed an issue which caused an error when attempting to push remove a Site (#15013).
- Added the ability to specify a Default Template which is used by default when creating a new Page (#15031).
- Fixed an issue could cause content to be saved twice when the content API was used to trigger a Workflow Action (#15053).
- Fixed an issue which prevented the options from updating after folder permissions were changed (#15055).
- Fixed an issue which could prevent relative paths in stylesheet links from working properly (#15141).
- Fixed an issue which could cause loss of a binary field value in certain circumstances on a content with a required relationship (#15157).
- Fixed an issue which could prevent proper import or export of Categories containing non-Latin characters (#15174).
- Fixed an issue which could prevent push publishing of copied sites (#15175).
- Fixed an issue which could cause zero length files when doing a static push without a language variable in the bucket name (#15176).
- Fixed an issue which could cause an unnecessary close confirmation prompt when content was not edited (#15177).
- Fixed an issue which could cause a Workflow Action popup to display incorrectly in some circumstances (#15184).
- Fixed an issue which could sometimes prevent Workflow Tasks from displaying in the task portlet (#15186).
- Fixed an issue which could prevent a content from being updated properly via the Workflow REST API in some circumstances (#15192).
- Fixed an issue causing the wrong Content Type to initially display when editing a content item (#15198).
- Fixed an issue causing incorrect display of content changes when a value for a Required field was not supplied (#15199).
- Fixed an issue which could prevent widget pre-execute code from displaying in some circumstances #15202).
- Fixed an issue preventing the Detail Page of a Content Type from displaying properly when using a Community license (#15217, #15195).
- Fixed an issue which could cause display errors when certain pre-defined names were used for Velocity variables (#15219).
- Improved Sass performance when using the LibSass compiler by using fully minified (compressed) CSS (#15222).
- Changed the priority in which Vanity URLs resolve paths, to prevent potential issues in some circumstances (#15223).
- Fixed an issue which could prevent the NavTool from working properly when a Page was viewed in edit mode (#15229, #15162).
- Fixed an issue which could cause Elasticsearch operations to become stuck (#15230).
- Fixed an issue preventing the LoginAs feature from working properly with some Role configurations (#15237).
- Fixed an issue preventing viewing of content in a custom workflow if the dotCMS instance did not have a valid license (#15238).
- Removed an unnecessary message regarding Workflow Actions when viewing a Site (#15272).
- Fixed an issue which could make a widget incorrectly appear to have not been updated after an edit (#15283).
- Fixed an issue which could cause an error when a specific method is called under certain circumstances within a plugin (#15297).
To view more information on these issues, please visit the dotCMS Github repository.
Security and Privacy Updates
For more information on security issues resolved in this release, please see the Known Security Issues documentation.
Details of the two security issues fixed in this release are currently being withheld, but will be added to the Known Security Issues documentation as soon as affected customers have been notified and have had an opportunity to upgrade or mitigate the issues.
dotCMS 5.0.1
Available: Aug 20, 2018
dotCMS 5.0.1 is a maintenance release to fix several issues which affected some customers with the dotCMS 5.0.0 release.
Fixes
- Improved messages when an attempt is made to create a new Language with the wrong values (#13168).
- Restored previous behavior auto-selecting a recently edited Content Type in the Content Search window (#13719).
- Fixed incorrectly displayed actions when using the Workflow "Who can use" filter (#14534).
- Improved feedback to the user when the user does have permissions to edit a Content Type (#14999).
- Fixed an issue which could cause the Default Host to be lost after a push under certain conditions (#15020).
- Fixed an issue preventing futre Time Machine snapshots from showing the correct content in some circumstances (#15014).
- Fixed a minor issue with the Content Search listing after editing content (#15064).
- Fixed an issue preventing the deletion of Content Types in dotCMS Community Edition (#15090).
- Fixed an issue with the XMLTool Viewtool (#15091).
- Fixed an issue with the Page edit screen when running dotCMS on Windows Server (#15097).
- Fixed an issue preventing the addition of files to some custom File Content Types (#15105).
- Fixed an error which could prevent the creation of new tags when adding tags using double-byte languages (#15107).
- Fixed an issue which caused errors in the Containers screen under certain conditions (#15114).
- Fixed an issue which could cause errors in the Content Types Tool after a push (#15124).
- Fixed an issue preventing the Save Draft Workflow sub-action from working properly with some Content Types (#15129).
- Fixed an issue preventing servlet OSGI plugins from being added properly (#15145).
- Fixed an issue which could prevent the creation of subcategories under multilingual Category names (#15148).
To view more information on these issues, please visit the dotCMS Github repository.
dotCMS 4.3.2
Available: Feb 28, 2018
dotCMS 4.3.2 is a maintenance release to fix a specific issue which affected a new feature in the 4.3.0 release.
Fixes
The 4.3.2 release includes a fix for a new reported issue in dotCMS 4.3:
- Resolved an issue preventing the new libsass compiler support from working properly (#13449).
- It is recommended that all customers upgrading to dotCMS 4.3 from an earlier version upgrade directly to 4.3.2
- However only customers who wish to use features in the new Sass compiler will be affected by this issue if an earlier release of 4.3 is used.
To view more information on this issue, please visit the dotCMS Github repository.
dotCMS 4.3.1
Available: Feb 22, 2018
dotCMS 4.3.1 is a maintenance release to fix a specific issue which affected some customers with the 4.2.2 and 4.3.0 releases using the dotCMS back-end with a specific version of the Chrome browser.
Fixes
The 4.3.1 release includes a fix for the following reported issue introduced in dotCMS 4.2.0:
- Resolved an issue which caused an error when trying to view the Template Builder when using a specific version of the Chrome browser (#13571).
To view more information on this issue, please visit the dotCMS Github repository.
dotCMS 4.3.0
Available: Feb 21, 2018
dotCMS 4.3.0 is a significant release which includes a number of notable changes including two new features, performance and security improvements, and fixes for a number of issues which affected some previous releases.
Important Changes
Changes to Default Behavior
The following differences in default behavior in dotCMS 4.3.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.
- Default SASS Compiler Changed
- The jruby-based SASS compiler has been replaced with the newer and more full-featured libsass.
- For more information, including how to re-enable the legacy jruby-based SASS compiler, please see below.
Fixes
The 4.3.0 release includes fixes for a number of reported issues, including but not limited to the following:
- Fixed an issue causing an error in specific conditions after a Push Publishing bundle has been manually deleted 13502).
- Fixed an issue preventing LDAP validation with a Platform license (#13478).
- Fixed an issue preventing TikaUtils from respecting Categories and Tags 13429).
- Fixed an issue which could prevent the push of an entire site from succeeding (#13419).
- Updated the content REST API to return Category information for unauthenticated users if the CMS Anonymous user has permission to view the Category (#13418).
- Fixed an issue which could cause a push publish to fail if content contained special characters in a Unique field (#13392).
- Fixed an issue which could cause push publish triggered via a Workflow to fail (#13373).
- Fixed an issue which caused an error if the Integrity Checker was run twice in a row when using the SQL Server database (#13249).
- Fixed an issue preventing the Content Type Permissions tab from showing inherited permissions properly under specific conditions (#13180).
- Fixed an issue with the password reset function (#13117).
- Fixed a potential push publishing error due to a caching error (#13115).
- Fixed an error preventing the "/edit" URL parameter from working correctly (#13026).
- Fixed an issue causing Categories to be removed from a Page when certain custom workflow actions were taken on the Page (#12333).
- Fixed an issue preventing push history from being created for bundles which were force pushed (#9309).
To view more information on these issues, please visit the dotCMS Github repository.
New Features
In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 4.3.0:
- New Static Publishing Endpoints (#12669, 12521, 11892).
- dotCMS now supports creation of Custom Static Endpoints which save static versions of your site to a local folder (on the server), or any external location accessible via SCP or sFTP.
- For more information, please see the Connecting Remote Servers documentation.
- "Four Eyes" Principle Workflow Sub-Action
- The new "Four Eyes" Workflow Sub-Action enables you to require approval by any two (or more) users from among a group of users.
- This Sub-Action is an enhancement of the existing "Require Multiple Approvers" Sub-Action (which required approval from all specified users), to allow specification of a group of users and just require approval from a set number of those users, without requiring approval from all of them.
- For more information, please see the Multiple Approval Sub-Actions documentation.
Additional Changes and Improvements in dotCMS 4.3.0
- The jruby-based SASS compiler has been replaced with the newer and more full-featured libsass (#13449).
- Legacy (jruby-based) SASS compiler support has been deprecated.
- The old jruby-based SASS compiler still ships with dotCMS, but is disabled by default.
- You may re-enable the legacy jruby-based SASS compiler by changing the new
USE_LIBSASS_FOR_SASS_COMPILATION
property fromtrue
(the default) tofalse
. - The LESS compiler has been deprecated (#13449).
- No additional upgrades are planned for the LESS compiler included in the dotCMS distribution.
- All support for LESS compilation may be completely removed in a future version of dotCMS.
dotCMS 4.2.2
Available: Nov 14, 2017
dotCMS 4.2.2 is a maintenance release to fix an important issue which affected some customers with the dotCMS 4.2.0 and 4.2.1 releases. It is recommended that all customers running the 4.x series upgrade to 4.2.2 as there are important fixes in this release.
Important Notes
- It is recommended that customers upgrading to release 4.2.2 from a release prior to dotCMS 4.1.0 upgrade directly to release 4.2.2 rather than upgrading incrementally.
- Customers who upgrade incrementally should make sure to read and follow instructions in the 4.1.0 Change Logs.
Fixes
The 4.2.2 release includes fixes for the following reported issues introduced in dotCMS 4.2.0:
- Resolved an issue causing the sort order of fields within Content Types to be reordered incorrectly (#13052).
To view more information on these issues, please visit the dotCMS Github repository.
dotCMS 4.2.1
Available: Nov 12, 2017
dotCMS 4.2.1 is a maintenance release to fix several issues which affected some customers with the dotCMS 4.2.0 release. It is recommended that all customers running the 4.x series upgrade to 4.2.1 as there are important fixes in this release and the 4.2.0 release in general.
Important Notes
- It is recommended that customers upgrading to release 4.2.1 from a release prior to dotCMS 4.1.0 upgrade directly to release 4.2.1 rather than upgrading incrementally.
- Customers who upgrade incrementally should make sure to read and follow instructions in the 4.1.0 Change Logs.
Fixes
The 4.2.1 release includes fixes for the following reported issues introduced in dotCMS 4.1.0:
- Resolved an issue when upgrading from dotCMS v2.5.7 or earlier to dotCMS 3.x and higher (#12862).
- Fixed an issue preventing the operation of some Vanity URLs which begin with "/c" (#12918).
- Fixed an issue which could cause an exception from the Query Tool when searching in a Category field (#12959).
- Fixed an issue which could prevent the creation of a Push Publishing endpoint (#12977).
- Fixed an issue which could prevent Pages from displaying for customers using Oracle with a Prime level Enterprise license (#13007).
- Fixed an issue which could prevent Vanity URLs converted from earlier versions of dotCMS from displaying (#13017).
- Corrected an incorrect default property setting which could prevent the login page from appearing when a non-validated user attempts to access a resource with restricted Permissions (#13025).
To view more information on these issues, please visit the dotCMS Github repository.
dotCMS 3.7.2
Available: Oct 17, 2017
dotCMS 3.7.2 is a maintenance release to fix several issues which affected some customers with the dotCMS 3.7.1 release.
Fixes
The 3.7.2 release includes fixes for the following reported issues introduced in dotCMS 4.1.0:
- Fixed an issue which could cause site search jobs run at the same time to overwrite files (#8552).
- Fixed a case where FileTool does not respect the DEFAULT_FILE_TO_DEFAULT_LANGUAGE property (#10515).
- Fixed an issue preventing configuration of a "receive from" endpoint when using the Oracle database (#10825).
- Fixed an issue preventing the push of an empty template when using the Oracle database (#10828).
- Fixed an issue preventing proper display of Boolean field values within Containers (#10869).
- Fixed an issue which sometimes prevented trial license requests from working (#10967).
- Changed Rules caching method to prevent potential "ping-pong" in a clustered environment (#11315).
- Changed Elasticsearch configuration to reduce memory usage (#11330).
- Updated the default H22 cache configuration to prevent potential deadlocks (#11592).
- Fixed an issue preventing compilation of static plugins on Windows environments (#11622).
- Fixed a potential out of memory issue when push publishing large bundles (#11835).
- Fixed an issue with REST API calls accessing legacy files using ShortyIds (#12627).
To view more information on these issues, please visit the dotCMS Github repository.
Security Improvements
The 3.7.2 release includes solutions for the following potential security issues in the 3.7.1 release:
- Prevented a potential file upload vulnerability by an authenticated user (#10974).
- Prevented a potential SQL injection vulnerability by an authenticated user when using a specific database with dotCMS (#11811).
- Prevented a potential information retrieval vulnerability by an unauthenticated user (#11813).
To view more information on these issues, please visit the dotCMS Github repository.