Magnolia CORE 5.6.12 is a bug-fixing and security release that delivers the following:
Anonymous usage metrics
We collect anonymous non-personal usage data when you use Magnolia CORE 5.6.12. We do so using analytics techniques that exclude any information that might identify you or your organization.
Examples of information we collect and store include:
- Magnolia version
- Magnolia edition
- Instance type (author, public)
- Module names and versions
No personal user or customer information is collected.
Our aim is to improve Magnolia based on real usage data. The feature is enabled by default when you install Magnolia, but your administrator can opt out at any time using the checkbox in the About Magnolia app.
Multiple link conversion in one image tag
When parsing an
<img> tag, the
LinkUtil class now replaces all image links in UUID format with fingerprinted links if the tag contains more than one link.
Bug fixes in Publishing module
The following issues have been fixed in the Publishing module where:
- The order of nodes was not respected after publishing (PUBLISHING-62).
- The order of nodes was not preserved after recursively publishing nodes with different child node types (PUBLISHING-52).
- Publishing with subnodes failed when one of the subnodes was marked for deletion (PUBLISHING-57).
DOM-based XSS vulnerability fix
To avoid a DOM-based XSS vulnerability in the Magnolia login form, make sure you do not bypass AdminCentral in the CSRF security filter.
MAGNOLIA-7568 (restricted access)
Third-party library updates
This release comes with the following third-party library updates to fix some security and incompatibility issues:
- ivy-2.1.0 removed from the Magnolia bundle and Groovy module (BUILD-341 & MGNLGROOVY-180, restricted access)
- zt-zip updated to 1.13 (MGNLBACKUP-130, restricted access)
- XStream updated to 188.8.131.52 (BUILD-343, restricted access)
- jackson-databind updated to 184.108.40.206 (BUILD-346, restricted access)
- RESTEasy updated to 3.8.0.Final in sync with an earlier jackson-databind update (BUILD-342, restricted access)
- commons-beanutils updated to 1.9.4 (BUILD-348, restricted access)
- Tika updated to 1.22 (BUILD-349, restricted access)
See the 5.6.12 changelog for all the changes.
- Blossom 3.2.2
- Community Edition 5.6.12
- Enterprise Edition 5.6.12
- Groovy 2.6.5
- Jackrabbit Backup 2.2.4
- Magnolia 5.6.11
- Publishing 1.0.8
- Third-party library BOM 5.6.7
- UI 5.6.11
- Usage Metrics 1.0.2
The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Thomas Duffey.