The release of 5.3.19 fixes a few functionality and security issues.


What has changed?

  • Restored page editing capabilities and elements of the UI on hybrid devices running Firefox 52/Chrome 57. MGNLUI-4177
  • The MVCServlet and related classes were moved to a separate module and unusable legacy apps removed from the App launcher. You can re-enable legacy apps in secure environments by:
    1. Installing info.magnolia:magnolia-core-compatibility:5.5.4 .
    2. Setting the given servlet's enabled property to true , e.g. /server/filters/servlets/PageServlet .
    3. Adding them back to the App launcher.
  • Fixed a cross-site scripting (XSS) vulnerability.

For more details please see the aggregated changelog for 5.3.19.

Updated modules

This release includes the following new module versions:

  • Admininterface Legacy 5.2.7
  • Cache 5.3.4
  • Community Edition 5.3.19
  • Enterprise Edition 5.3.19
  • Magnolia 5.3.19
  • UI 5.3.19

How to update from earlier versions 

Important changes for Magnolia 5.2 and 5.3 users

If you had STK installed

If you continue to work with STK, use the new magnolia-enterprise-pro-stk-bundle as a basis for your project. It includes Enterprise Pro, STK and the old demo project. You get all STK functionality out of the box. Exclude the demo-project if it's in your way.

Jackrabbit configuration

In order to enable getting an HTML excerpt in a query result, you should update the configuration files of your Jackrabbit instances. Add the two <param/> directives within your <SearchIndex> block.

  <!-- more params here -->

  <!-- needed to highlight the searched term -->
  <param name="supportHighlighting" value="true"/>
  <!-- custom provider for getting an HTML excerpt in a query result with rep:excerpt() -->
  <param name="excerptProviderClass" value="info.magnolia.jackrabbit.lucene.SearchHTMLExcerpt"/>

log4j.xml addition

Add the log configuration for org.reflections

 <category name="org.apache.jackrabbit">
    <priority value="WARN" />
 <!-- Reflections library spoils logs with hundreds of harmless warnings; tries to look into native libs but none of its DefaultUrlTypes can handle them. -->
  <category name="org.reflections">
    <priority value="ERROR" />
  <category name="com">
    <priority value="WARN" />

How to update from Magnolia 5.2 and earlier

Unable to render {include} The included page could not be found.

How to update from Magnolia 4.5 and earlier

Unable to render {include} The included page could not be found.

Known issues

Memory consumption

Magnolia 5.3.19 ee-bundle may require you to allocate more memory the Java Virtual Machine (JVM). If you see a java.lang.OutOfMemoryError in the startup log or the system stops responding during installation, increase the Java heap size. The default maximum heap size is 512M. Try a higher amount such as 1024M. We are working on uncovering the root cause for the increased memory need; see Java out of memory.

This release – and the imaging module in particular – is know to have some issues with image generation depending on the java version used (e.g. Mac OS X and Java 8 or Linux and OpenJDK 1.7). We therefore provide version 3.1.5-java7 of the imaging module with this release. As it is not binary compatible to previous versions it is not bundled by default.  

Imaging module version incompatibilities with some OS / Java version combinations

Magnolia 5.3.19 contains Imaging module version 3.1.5. This module version has known issues in certain OS and Java environments. For example, if you use it on OSX with Java 8 the module creates images with wrong colors.

Use a special version of the Imaging module: 3.1.5-java7 if you are on:

  • Java 8 on OS X
  • Java 7 OpenJDK on Linux. (Java 7 from Oracle on Linux can use the regular imaging-module)

For further information please see:

Installing magnolia-module-imaging 3.1.5-java7

magnolia-module-imaging 3.1.5-java7 is not bundled by default. You have to install it manually.

Option 1: Maven

Maven is the easiest way to install the module. Add the following dependency to your bundle:


Option 2: Download and install the files

Pre-built jars are also available for download. 

For further information please see installing a module.


The Magnolia team would also like to thank everyone who reported issues, contributed patches, or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Fadi Wissa.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels