Magnolia 4.5 reached end of life on June 30, 2016. This branch is no longer supported, see End-of-life policy.

Page tree
Skip to end of metadata
Go to start of metadata

What has changed since Magnolia 4.3.1

Magnolia 4.3.2 is a bug fix release which fixes important security and multi-site related issues, and some other minor issues. It is a recommended update for all users of Magnolia 4.3.x. For details about each security fix please see the related issues:

  • MAGNOLIA-3191
  • MGNLSTK-617

It also bundles a new release of the Standard Templating Kit (1.3.1), which fixes minor templates issues and adds some clarity to the configuration, as well as a couple of other modules (see below).

Detailed change logs can be found in our Jira:

Also note that we updated Log4J to 1.2.16. See MAGNOLIA-3146.

The Magnolia team would also like to thank everyone who reported issues, contributed patches, or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to: Benoît Segaert, Christian Reithmaier, Diana Racho, Ernst Bunders, Fabrizio Giustina, Joshua Portway, Manuel Molaschi, Matt Dertinger, Nickolaus Wing, Nils Breunese, Rainer Blumenthal, Ralf Hirning and Valery Visich.

How to update from Magnolia 4.3.1

Please refer to the general update procedure page.

If you want to hide content from editors, based on site configuration, we now recommend you use ACLs, instead of relying on info.magnolia.module.extendedtemplatingkit.ExtendedWorkspaceAccessUtil . This was used and enabled by default in Magnolia 4.3 and 4.3.1, but is considered obsolete since 4.3.2.

How to update from an earlier version of Magnolia

Please refer to the release notes for Magnolia 4.3. The procedure is identical.

Please see the release notes pages for update instructions specific to each version following the version you are updating from; if you're updating from a fictional 1.2.3 to 1.2.6, for example, please read all release notes concerning the versions you are skipping (1.2.4 and 1.2.5 in this example).

Known issues

Jackrabbit data issues when upgraded from a Magnolia version prior to 4.2.

There is a bug in the version of Jackrabbit currently shipped with Magnolia which produces log warnings such as /my/node/jcr:isCheckedOut has invalid definitionId. This bug prevents versioning to function properly and affects users who have been upgrading their Magnolia instances created with Jackrabbit versions prior to 1.6. Jackrabbit 1.6.2 fixes this issue but was unfortunately not available at the time of the Magnolia 4.3.2 release. To fix this, download Jackrabbit 1.6.2 and simply replace the appropriate jar files in your WEB-INF/lib folder(s), or update your Maven dependencies. The next release of Magnolia will include Jackrabbit 1.6.2 or later.

For more details, see MAGNOLIA-3188 and JCR-2433.

JBoss 5

There is an unfortunate issue, specifically when deploying under JBoss *5*: you will need to remove the Xerces jar from the Magnolia webapps: if deploying using WAR files, you can remove it from the archive, or with the following Unix command zip -d path-to-magnolia.war WEB-INF/lib/xercesImpl-2.8.1.jar. If deploying using an exploded directory, simply remove the WEB-INF/lib/xercesImpl-2.8.1.jar file. See MAGNOLIA-2577 for technical details.
If you get exception messages such as org.jboss.xb.binding.JBossXBException: Failed to create a new SAX parser and/or java.lang.ClassCastException: org.apache.xerces.parsers.XIncludeAwareParserConfiguration, this is the issue you're hitting.

Weblogic 10

When deploying on Weblogic 10, there is a version conflict while using commons-lang. While Weblogic-10 is distributed with commons-lang-2.3.jar, JackRabbit and Magnolia need at least commons-lang-2.4.jar. To resolve this issue, modify of Weblogic and add commons-lang-2.4.jar to the PRE_CLASSPATH. Since version 2.4 of commons-lang doesn't remove any methods, but only adds new API and fixes known bugs, there is no adverse effect from this change to the Weblogic installation.

Weblogic 9

The imaging module doesn't function properly due to conflict with a javax.imageio plugin bundled with this version of Weblogic. There is currently no known workaround for the issue.

Please see the list of known issues in the administration section for more details.