Magnolia 5.4.5 delivers a number of key fixes and enhancements. It is an important and recommended update for all Magnolia 5.4.x users as it fixes a cross-site scripting (XSS) vulnerability.
What has changed?
Content-Typeheader is no longer set by
ContentTypeFilter. The MIME type was previously incorrectly set according to the request extension. It is now the responsibility of renderers/servlets, for example FreemarkerRenderer and JspRenderer , to set the correct content type. [MAGNOLIA-6478]
ResponseContentTypeVoter is deprecated and replaced by RequestExtensionVoter to better reflect its function. The content type is still resolved only from the extension of the request. [MAGNOLIA-6480]
- The optional
dam-previewmodule now uses Apache PDFBox instead of Pdf-renderer to render PDFpreviews. [MGNLDAM-559]
- The option group field
now supports a
layoutproperty for radio buttons. Layout can be horizontal or vertical. Default is vertical. [MGNLUI-3770]
- Changes to Groovy model classes defined on the JCR are now picked up properly. [MGNLGROOVY-68]
- The Content translation support module now automatically detects the correct file format while importing. The XLIFF importer implementation was changed to
UnzippedXliffTranslationBundleUpdateReaderwhich only parses
XliffTranslationBundleUpdateReaderclass is deprecated. The importer for a file is chosen automatically by comparing the extension property set for importer with the file extension. [MGNLCTS-77]
In the CAS Connector module the
casServiceURLproperty can now be used in the
casLougoutURproperty and it will be resolved correctly. For example, when setting
casLogoutURL=, the resolved logout URL will be } [MGNLCAS-16]
Implementing a site aware renderer for custom renderers is no longer necessary. You can now use
info.magnolia.module.site.renderer.SiteAwareRendererWrapperwith the name of the custom renderer set in the
wrappedRendererTypeproperty. Site aware renderers for FreeMarker (
site) and JSP (
site-jsp) are included in the Site module. See Making your renderer site aware.
i18n key generating for template definitions has been improved. There is no longer a need to use
descriptionproperties in template definitions. Keys for title and description are auto generated. For example, for a template with ID:
moduleName:templates/pages/pageName, keys with the
templates.pages.pageName, moduleName.templates.pages.pageNamepattern are generated: . [MAGNOLIA-6488]
The list of excluded resource directories set in
FileSystemResourceOrigincan now be configured with the magnolia property:
By default, the magnolia property is not set and the following folders are excluded:
- New template scripts added to the classpath are now recognized and loaded properly. (This requires development mode to be set in Magnolia properties). [MAGNOLIA-6338]
New Virtual URI mapping folders are now loaded without system restart. You can create the folders by hand or import them with JCR XML. Virtual URI mappings inside in the folder are available immediately. [MAGNOLIA-4090]
- Improvement on content app views: When adding a new item within a view (list, tree or thumbnail) the new added item remains selected and visible. [MGNLUI-2919]
- Page editor now provides the ability to duplicate an existing component within the same area. When selecting an existing component, a new action "Duplicate component" appears. [PAGES-49]
In page editor, when adding a component to an area with only one available, you do not have to choose anymore, instead you get to the dialog of the component directly. [PAGES-58]
An aggregated change log for 5.4.5 contains all the changes.
This release is a recommended update for all users of Magnolia 5.
This release includes the following new module versions:
- Activation 5.4.3
- Admininterface Legacy 5.3.1
- CAS 1.3
- Categorization 2.4.2
- Community Edition 5.4.5
- Content Translation Support 2.1.3
- DAM 2.1.4
- Demo 0.10
- Form 2.3.4
- Google Sitemap Module 2.3.3
- Groovy 2.4.3
- Imaging 3.2.5
- Magnolia 5.4.5
- Magnolia Templating Essentials 0.9
- Multisite 1.2.3
- Pages 5.4.4
- Personalization 1.2.4
- Public User Registration 2.5.2
- Resources 2.4.4
- Site 1.0.5
- SiteMesh 1.0.2
- Task Management 1.1.1
- UI 5.4.5
The Magnolia team would also like to thank everyone who reported issues, contributed patches, or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to: Michel Chamberland, Hans Ardon, Nils Breunese, Jordie Diepeveen, Robert Foggia, Soisik Froger, Fabrizio Giustina, Vincent Gombert, Charles Jones, Grégory Joseph, Marvin Kerkhoff, Haaris Mohammed, Luis Moreno, Radu Toader, Richard Unger, Bence Vass, Edgar Vonk, Tom Wespi and Nickolaus Wing.
How to update from earlier versions
- Generally: Follow the standard update procedure.
- Please check Important changes for Magnolia 5.2 and 5.3 users
- Please check how to update from Magnolia 5.2 and earlier if required
- Please check how to update from Magnolia 4.5 and earlier if required
Changes from 5.4.x
Add the following lines:
Important changes for Magnolia 5.2 and 5.3 users
If you had STK installed
If you continue to work with STK, use the new
magnolia-enterprise-pro-stk-bundle as a basis for your project. It includes Enterprise Pro, STK and the old demo project. You get all STK functionality out of the box. Exclude the demo-project if it's in your way.
In order to enable getting an HTML excerpt in a query result, you should update the configuration files of your Jackrabbit instances. Add the two
<param/> directives within your
Add the log configuration for org.reflections
How to update from Magnolia 5.2 and earlier
To update your project, follow the standard update procedure, then make the following changes:
- Update your content apps with the content app upgrade task. It automatically takes care of the following:
Using the content connector.
Updating configuration of availability rules and default rule classes
Updating selected action definitions with node-type based availability
- If you used the DAM:
- If you have a custom jBPM workflow:
- In the
info.magnolia.module.workflow.jbpm.JbpmWorkflowManager#completeWorkItemmethod, checking for present parameters is obsolete and refers to publication related workitems. The method is no longer used for completing a workitem in the new human task context. It is still valid in the context of completing service tasks, however.
Stop using the
info.magnolia.module.workflow.jbpm.JbpmWorkflowManager#getWorkItemmethod. It was used to complete a work item for human tasks. Furthermore, the wrapper we initialize only holds the
The previously hardcoded
mgnlDataparameter is now configurable in
- In the
- If you have custom widgets or Vaadin add-ons:
- Magnolia's default widgetset was relocated to
- Update your webapps's
- Otherwise Magnolia will automatically fall back to the new widgetset but will issue warnings during upgrade, and whenever a user logs in to Magnolia.
- Magnolia's default widgetset was relocated to
How to update from Magnolia 4.5 and earlier
Allocate more JVM memory
Magnolia 5.4.2 ee-bundle may require you to allocate more memory the Java Virtual Machine (JVM). If you see a
java.lang.OutOfMemoryError in the startup log or the system stops responding during installation, increase the Java heap size. The default maximum heap size is 512M. Try a higher amount such as 1024M. We are working on uncovering the root cause for the increased memory need.
See: Java out of memory
Processed Resources app conflict
If you upgrade to Magnolia 5.4.5 from 5.4.2 or earlier then you will experience UUID conflict if you try to also install the new Processed Resources app during the upgrade.
To workaround this issue complete the upgrade before installing the Processed Resources app.