Magnolia 4.5 reached end of life on June 30, 2016. This branch is no longer supported, see End-of-life policy.

Page tree
Skip to end of metadata
Go to start of metadata

What has changed since Magnolia 4.5.5

Magnolia 4.5.6 delivers the following fixes and enhancements:

  • Fixes a bug where activation workflow activated the current state of areas instead of the versioned state.
  • Improves security by eliminating a cross-site scripting (XSS) vulnerability.
  • Extends URISecurityFilter to respect site security and prevent cross-site access. See Site security handling.
  • Migrates the CAS module to be compatible with Magnolia 4.5.
  • Creates a magnolia-module-standard-templating-kit-compatibility which contains all deprecated code from the standard-templating-kit.
  • Makes security improvements to the LDAP module.
  • Changes the demo-project-base role bootstrap file to respect URL ACL changes.

Aggregated change logs for 4.5.5 and 4.5.6 contain all the changes.

This release is a recommended update for all users of Magnolia 4.5.x.

This release includes the following new module versions:

  • Magnolia Blossom Module 2.0.1 (CE)
  • Magnolia Categorization Module 1.2.3 (CE)
  • Magnolia DMS Module 1.6.4 (CE)
  • Magnolia Migration 1.1.3 (CE)
  • Magnolia Observation Module 1.3 (CE)
  • Magnolia Resources Module 1.5.4 (CE)
  • Magnolia Scheduler Module 1.5.3 (CE)
  • Magnolia Standard Templating Kit 2.0.6 (CE)
  • Magnolia CAS 1.1 (EE)
  • Magnolia Content Translation Support 1.1.1 (EE)
  • Magnolia Extended Templating Kit 2.0.5 (EE)
  • Magnolia LDAP support 1.5.5 (EE)
  • Magnolia License 1.3 (EE)
  • Magnolia Synchronization Module 1.1.2 (EE)
  • Magnolia XA Activation (exchange-transactional) 1.3.4 (EE)
  • Magnolia/Jackrabbit Backup 1.2.1 (EE)

The Magnolia team would also like to thank everyone who reported issues, contributed patches, or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to: Angel Gerdzhikov, Dominik Berger, Frank Bosma, Frank Sommer, Lars G., ?ukasz Krawczyk, Marvin Kerkhoff, Richard Unger, and Tomas Brimor.

How to update from Magnolia 4.5.x

Please refer to the general update procedure page.

How to migrate from Magnolia 4.4.6

Please refer to the  update procedure described for the 4.5.1 release.

How to migrate from versions prior to 4.4.6

Updating from a version prior to 4.4.6 directly to 4.5.x does not work. You need to first update to 4.4.6, then follow the update procedure described for the 4.5.1 release. Finally, update to 4.5.2 following the general update procedure.

Known issues

JBoss 5

There is an unfortunate issue, specifically when deploying under JBoss *5*: you will need to remove the Xerces jar from the Magnolia webapps: if deploying using WAR files, you can remove it from the archive, or with the following Unix command zip -d path-to-magnolia.war WEB-INF/lib/xercesImpl-2.8.1.jar. If deploying using an exploded directory, simply remove the WEB-INF/lib/xercesImpl-2.8.1.jar file. See MAGNOLIA-2577 for technical details.
If you get exception messages such as org.jboss.xb.binding.JBossXBException: Failed to create a new SAX parser and/or java.lang.ClassCastException: org.apache.xerces.parsers.XIncludeAwareParserConfiguration, this is the issue you're hitting.

Weblogic 10

When deploying on Weblogic 10, there is a version conflict while using commons-lang. While Weblogic-10 is distributed with commons-lang-2.3.jar, JackRabbit and Magnolia need at least commons-lang-2.4.jar. To resolve this issue, modify of Weblogic and add commons-lang-2.4.jar to the PRE_CLASSPATH. Since version 2.4 of commons-lang doesn't remove any methods, but only adds new API and fixes known bugs, there is no adverse effect from this change to the Weblogic installation.


A library conflict has been discovered between BeanUtils and Glassfish. When conflict arises, delete BeanUtils in the Glassfish/domain/domain1/lib folder.

Please see also the list of known issues .