Magnolia 5.3 reached end of life on June 30, 2017. This branch is no longer supported, see End-of-life policy.

Page tree
Skip to end of metadata
Go to start of metadata

Magnolia 5.3.14 fixes a cross-site scripting (XSS) vulnerability. This is a recommended update for all Magnolia 5.3.x users.

 

What's new?

  • In the CAS Connector module the casServiceURL property can now be used in the casLougoutUR property and it will be resolved correctly. For example, when setting casServiceURL=http://localhost:8080/magnoliaAuthor and casLogoutURL=https://localhost:8443/cas/logout?url=${casServiceURL}, the resolved logout URL will be https://localhost:8443/cas/logout?url=http://localhost:8080/magnoliaAuthor. [MGNLCAS-16]  

An aggregated change log for 5.3.14 contains all the changes.

Updated modules

This release includes the following new module versions: 

  • AdminInterface (Legacy) 5.2.5
  • CAS 1.3
  • Community Edition 5.3.14
  • DAM 2.0.13
  • Enterprise 5.3.14
  • Magnolia 5.3.14
  • UI 5.3.14

Updated libraries

  • openutils-log4j 2.0.5-MAGNOLIA-6546-patched

 

The Magnolia team would also like to thank everyone who reported issues, contributed patches, or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Michel Chamberland, Robert Foggia, Charles Jones, and Nickolaus Wing.

How to update from Magnolia 5.3.13 and earlier

Follow the standard update procedure.

How to update from Magnolia 5.2 and earlier

To update your project, follow the standard update procedure, then make the following changes:

  1. Update your content apps with the content app upgrade task. It automatically takes care of the following:
    • Using the content connector.

    • Updating configuration of availability rules and default rule classes

    • Updating selected action definitions with node-type based availability

  2. If you used the DAM: 
    • Replace DamManager with AssetProviderRegistry.
    • See DAM and the STK and DAM templating on how to use assets in your templates.
    • The DAM changes have no impact on the STK. There is no need to modify Freemarker scripts because the new DAM API is abstracted from STK.
  3. If you have a custom jBPM workflow:
    • In the info.magnolia.module.workflow.jbpm.JbpmWorkflowManager#completeWorkItem method, checking for present parameters is obsolete and refers to publication related workitems. The method is no longer used for completing a workitem in the new human task context. It is still valid in the context of completing service tasks, however.
    • Stop using the info.magnolia.module.workflow.jbpm.JbpmWorkflowManager#getWorkItem method. It was used to complete a work item for human tasks. Furthermore, the wrapper we initialize only holds the mgnlData map.

    • The previously hardcoded mgnlData parameter is now configurable in /modules/workflow/commands/workflow/activate/activate/parameterMapName.

  4. If you have custom widgets or Vaadin add-ons:
    • Magnolia's default widgetset was relocated to info.magnolia.widgetset.MagnoliaWidgetSet.
    • Update your webapps's magnolia.properties file.
    • Otherwise Magnolia will automatically fall back to the new widgetset but will issue warnings during upgrade, and whenever a user logs in to Magnolia.

How to update from Magnolia 4.5 and earlier

Are you running on Magnolia 4.5 or earlier? It’s time to move to version 5. Contact us for migration support and look at the migration process.

Known issues

Memory consumption

Magnolia 5.3.14 ee-bundle may require you to allocate more memory the Java Virtual Machine (JVM). If you see a java.lang.OutOfMemoryError in the startup log or the system stops responding during installation, increase the Java heap size. The default maximum heap size is 512M. Try a higher amount such as 1024M. We are working on uncovering the root cause for the increased memory need; see Java out of memory.

This release – and the imaging module in particular – is know to have some issues with image generation depending on the java version used (e.g. Mac OS X and Java 8 or Linux and OpenJDK 1.7). We therefore provide version 3.1.5-java7 of the imaging module with this release. As it is not binary compatible to previous versions it is not bundled by default. 

Imaging module version incompatibilities with some OS / Java version combinations

Magnolia 5.3.14 contains Imaging module version 3.1.5. This module version has known issues in certain OS and Java environments. For example, if you use it on OSX with Java 8 the module creates images with wrong colors.

Use a special version of the Imaging module: 3.1.5-java7 if you are on:

  • Java 8 on OS X
  • Java 7 OpenJDK on Linux. (Java 7 from Oracle on Linux can use the regular imaging-module)

For further information please see:

Installing magnolia-module-imaging 3.1.5-java7

magnolia-module-imaging 3.1.5-java7 is not bundled by default. You have to install it manually.

Option 1: Maven

Maven is the easiest way to install the module. Add the following dependency to your bundle:

<dependency>
  <groupId>info.magnolia</groupId>
  <artifactId>magnolia-module-imaging</artifactId>
  <version>3.1.5-java7</version>
</dependency>

Option 2: Download and install the files

Pre-built jars are also available for download. 

For further information please see installing a module.