What has changed since Magnolia 4.5.5
Magnolia 4.5.6 delivers the following fixes and enhancements:
- Fixes a bug where activation workflow activated the current state of areas instead of the versioned state.
- Improves security by eliminating a cross-site scripting (XSS) vulnerability.
- Extends URISecurityFilter to respect site security and prevent cross-site access. See Site security handling.
- Migrates the to be compatible with Magnolia 4.5.
- Creates a magnolia-module-standard-templating-kit-compatibility which contains all deprecated code from the standard-templating-kit.
- Makes security improvements to the LDAP module.
- Changes the demo-project-base role bootstrap file to respect URL ACL changes.
This release is a recommended update for all users of Magnolia 4.5.x.
This release includes the following new module versions:
- Magnolia Blossom Module 2.0.1 (CE)
- Magnolia Categorization Module 1.2.3 (CE)
- Magnolia DMS Module 1.6.4 (CE)
- Magnolia Migration 1.1.3 (CE)
- Magnolia Observation Module 1.3 (CE)
- Magnolia Resources Module 1.5.4 (CE)
- Magnolia Scheduler Module 1.5.3 (CE)
- Magnolia Standard Templating Kit 2.0.6 (CE)
- Magnolia CAS 1.1 (EE)
- Magnolia Content Translation Support 1.1.1 (EE)
- Magnolia Extended Templating Kit 2.0.5 (EE)
- Magnolia LDAP support 1.5.5 (EE)
- Magnolia License 1.3 (EE)
- Magnolia Synchronization Module 1.1.2 (EE)
- Magnolia XA Activation (exchange-transactional) 1.3.4 (EE)
- Magnolia/Jackrabbit Backup 1.2.1 (EE)
The Magnolia team would also like to thank everyone who reported issues, contributed patches, or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to: Angel Gerdzhikov, Dominik Berger, Frank Bosma, Frank Sommer, Lars G., ?ukasz Krawczyk, Marvin Kerkhoff, Richard Unger, and Tomas Brimor.
How to update from Magnolia 4.5.x
Please refer to the general update procedure page.
How to migrate from Magnolia 4.4.6
How to migrate from versions prior to 4.4.6
Updating from a version prior to 4.4.6 directly to 4.5.x does not work. You need to first update to 4.4.6, then follow the . Finally, update to 4.5.2 following the general update procedure.
There is an unfortunate issue, specifically when deploying under JBoss *5*: you will need to remove the Xerces jar from the Magnolia webapps: if deploying using WAR files, you can remove it from the archive, or with the following Unix command
zip -d path-to-magnolia.war WEB-INF/lib/xercesImpl-2.8.1.jar. If deploying using an exploded directory, simply remove the
WEB-INF/lib/xercesImpl-2.8.1.jar file. See MAGNOLIA-2577 for technical details.
If you get exception messages such as
org.jboss.xb.binding.JBossXBException: Failed to create a new SAX parser and/or
java.lang.ClassCastException: org.apache.xerces.parsers.XIncludeAwareParserConfiguration, this is the issue you're hitting.
When deploying on Weblogic 10, there is a version conflict while using
commons-lang. While Weblogic-10 is distributed with
commons-lang-2.3.jar, JackRabbit and Magnolia need at least
commons-lang-2.4.jar. To resolve this issue, modify
setDomainEnv.sh of Weblogic and add
commons-lang-2.4.jar to the
PRE_CLASSPATH. Since version 2.4 of
commons-lang doesn't remove any methods, but only adds new API and fixes known bugs, there is no adverse effect from this change to the Weblogic installation.
A library conflict has been discovered between BeanUtils and Glassfish. When conflict arises, delete BeanUtils in the