Magnolia 5.4 reached end of life on November 15, 2018. This branch is no longer supported, see End-of-life policy.

Page tree
Skip to end of metadata
Go to start of metadata

Magnolia CORE 5.4.18 corrects a security vulnerability and delivers a bugfix.

Multiple jQuery files loaded

Groovy module's Terminal component caused jQuery to be loaded twice. To prevent this from happening again, only jQuery provided by Magnolia is now loaded for use in the Magnolia Groovy Rescue app.

MGNLGROOVY-177

Security vulnerability

We have fixed a security issue with this release. We keep details of this kind of fix private in line with our Security Policy. Contact our Support Team if you need more information.

MGNLUI-4472 ((warning) restricted access)

Others

Tomcat 5.8.31/32

While releasing Magnolia 5.4.18, we've found out that the Apache Tomcat 8.5.31 we provide in the bundles has a few security vulnerabilities, which are fixed in Tomcat 5.8.32. Before using our Tomcat bundles, please update Apache Tomcat at least to version 5.8.32 or to any latest Tomcat version.

 How to update from earlier versions.

How to update to 5.4.18 from earlier versions

Change for 5.4.x

The following change only applies to users running Magnolia 5.4 (major release) and maintenance releases 5.4.1 to 5.4.3.

magnolia.properties file

Add the following lines:

magnolia.resources.dir = ${magnolia.home}
magnolia.resources.classpath.observation.pattern=.*\\.(ftl|yaml)$

Important changes for Magnolia 5.2 and 5.3 users

If you had STK installed

If you continue to work with STK, use the new magnolia-enterprise-pro-stk-bundle as a basis for your project. It includes Enterprise Pro, STK and the old demo project. You get all STK functionality out of the box. Exclude the demo-project if it's in your way.

Jackrabbit configuration

In order to enable getting an HTML excerpt in a query result, you should update the configuration files of your Jackrabbit instances. Add the two <param/> directives within your <SearchIndex> block.

<SearchIndex>
  <!-- more params here -->

  <!-- needed to highlight the searched term -->
  <param name="supportHighlighting" value="true"/>
  <!-- custom provider for getting an HTML excerpt in a query result with rep:excerpt() -->
  <param name="excerptProviderClass" value="info.magnolia.jackrabbit.lucene.SearchHTMLExcerpt"/>
</SearchIndex>
log4j.xml addition

Add the log configuration for org.reflections

...
 <category name="org.apache.jackrabbit">
    <priority value="WARN" />
  </category>
 <!-- Reflections library spoils logs with hundreds of harmless warnings; tries to look into native libs but none of its DefaultUrlTypes can handle them. -->
  <category name="org.reflections">
    <priority value="ERROR" />
  </category>
  <category name="com">
    <priority value="WARN" />
  </category>
...

How to update from Magnolia 5.2 and earlier

To update your project, follow the standard update procedure, then make the following changes:

  1. Update your content apps with the content app upgrade task. It automatically takes care of the following:
    • Using the content connector.

    • Updating configuration of availability rules and default rule classes

    • Updating selected action definitions with node-type based availability

  2. If you used the DAM: 
    • Replace DamManager with AssetProviderRegistry.
    • See DAM and the STK and DAM templating on how to use assets in your templates.
    • The DAM changes have no impact on the STK. There is no need to modify Freemarker scripts because the new DAM API is abstracted from STK.
  3. If you have a custom jBPM workflow:
    • In the info.magnolia.module.workflow.jbpm.JbpmWorkflowManager#completeWorkItem method, checking for present parameters is obsolete and refers to publication related workitems. The method is no longer used for completing a workitem in the new human task context. It is still valid in the context of completing service tasks, however.
    • Stop using the info.magnolia.module.workflow.jbpm.JbpmWorkflowManager#getWorkItem method. It was used to complete a work item for human tasks. Furthermore, the wrapper we initialize only holds the mgnlData map.

    • The previously hardcoded mgnlData parameter is now configurable in /modules/workflow/commands/workflow/activate/activate/parameterMapName.

  4. If you have custom widgets or Vaadin add-ons:
    • Magnolia's default widgetset was relocated to info.magnolia.widgetset.MagnoliaWidgetSet.
    • Update your webapps's magnolia.properties file.
    • Otherwise Magnolia will automatically fall back to the new widgetset but will issue warnings during upgrade, and whenever a user logs in to Magnolia.

How to update from Magnolia 4.5 and earlier

Are you running on Magnolia 4.5 or earlier? It’s time to move to 5. Contact us for migration support and look at the migration process.

 Known issues.

Allocate more JVM memory

Magnolia 5.4.18 ee-bundle may require you to allocate more memory to the Java Virtual Machine (JVM). If you see a java.lang.OutOfMemoryError in the startup log or the system stops responding during installation, increase the Java heap size. The default maximum heap size is 512M. Try a higher value such as 1024M. We are working on uncovering the root cause for the increased memory need.

See: Java out of memory

Processed Resources app conflict

If you upgrade to Magnolia 5.4.18 from 5.4.2 or earlier then you will experience UUID conflict if you try to also install the new Processed Resources app during the upgrade.

java.lang.RuntimeException: Error importing config.modules.processed-resources-app.dialogs: a node with uuid a53f308a-0d6a-4bb9-a5f8-6f11ff68504d already exists!

To work around this issue complete the upgrade before installing the Processed Resources app.

Changelog

Please see the 5.4.18 changelog for all the changes.

Updated modules

 Click to see updated modules
  • Community Edition 5.4.18
  • Enterprise Edition 5.4.18
  • UI 5.4.17

Acknowledgments

The Magnolia team would also like to thank everyone who reported issues, contributed patches, or simply commented on issues for this release. Your continued interest helps us make Magnolia better.

  • No labels