Page tree
Skip to end of metadata
Go to start of metadata

Magnolia CORE 5.6.12 is a bug-fixing and security release that delivers the following:

Anonymous usage metrics

We collect anonymous non-personal usage data when you use Magnolia CORE 5.6.12. We do so using analytics techniques that exclude any information that might identify you or your organization.

Examples of information we collect and store include:

  • Magnolia version
  • Magnolia edition
  • Instance type (author, public)
  • Module names and versions

(info) No personal user or customer information is collected.

Our aim is to improve Magnolia based on real usage data. The feature is enabled by default when you install Magnolia, but your administrator can opt out at any time using the checkbox in the About Magnolia app.

See our privacy policy for more information.

Multiple link conversion in one image tag

When parsing an <img> tag, the LinkUtil class now replaces all image links in UUID format with fingerprinted links if the tag contains more than one link.


Bug fixes in Publishing module

The following issues have been fixed in the Publishing module where:

  • The order of nodes was not respected after publishing (PUBLISHING-62).
  • The order of nodes was not preserved after recursively publishing nodes with different child node types (PUBLISHING-52).
  • Publishing with subnodes failed when one of the subnodes was marked for deletion (PUBLISHING-57).

DOM-based XSS vulnerability fix

A DOM-based XSS vulnerability issue has been fixed in the Magnolia login form.

MAGNOLIA-7568 (restricted access)

Third-party library updates

This release comes with the following third-party library updates to fix some security and incompatibility issues:

  • ivy-2.1.0 removed from the Magnolia bundle and Groovy module (BUILD-341 & MGNLGROOVY-180, restricted access)
  • zt-zip updated to 1.13 (MGNLBACKUP-130, restricted access)
  • XStream updated to (BUILD-343, restricted access)
  • jackson-databind updated to (BUILD-346, restricted access)
  • RESTEasy updated to 3.8.0.Final in sync with an earlier jackson-databind update (BUILD-342, restricted access)
  • commons-beanutils updated to 1.9.4 (BUILD-348, restricted access)
  • Tika updated to 1.22 (BUILD-349, restricted access)


If you are upgrading from an earlier version, read Upgrading to Magnolia 5.6.x first and check the Known issues section on the page.


See the 5.6.12 changelog for all the changes.

Updated modules

  • Blossom 3.2.2
  • Community Edition 5.6.12
  • Enterprise Edition 5.6.12
  • Groovy 2.6.5
  • Jackrabbit Backup 2.2.4
  • Magnolia 5.6.11
  • Publishing 1.0.8
  • Third-party library BOM 5.6.7
  • UI 5.6.11
  • Usage Metrics 1.0.2


The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Thomas Duffey.

  • No labels