Release notes for Magnolia CORE 5.7.12

Magnolia CORE 5.7.12 is a bug-fixing and security release that delivers the following:

Third-party library updates

This release comes with the following third-party library updates to fix some security and compatibility issues:

Bouncy Castle updated to 1.68 (BUILD-519).
Commons Compress updated to 1.21 (BUILD-486).
FreeMarker updated to 2.3.31 (BUILD-541).
RESTEasy and Jackson updated to 3.15.2.Final and 2.11.3 respectively (BUILD-490).
XStream updated to 1.4.18 (BUILD-512).

We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.

Notable bug fixes

Path-based locking no longer adds a leading slash. Previously, this would cause publication to fail on Windows where JDK would interpret the path as a server host and throw an error about a missing sharename.

EEPUBLISH-37, PUBLISHING-122

Security advisory

We have fixed a security vulnerability in JDOM to prevent potential XXE attacks. As a result, the Publishing module now contains some API-breaking changes.

We keep the details of that fix private in line with our security policy. Contact our Support team if you need more information.

MAGNOLIA-8134 (restricted access)

Others

If you are upgrading from an earlier version, read Upgrading to Magnolia 5.7.x first and check the Known issues section on the page.

Changelog

See the 5.7.12 changelog for all the changes.

Updated modules

Community Edition 5.7.12
Enterprise Edition 5.7.12
Magnolia 5.7.12
Mail 5.5.8
Publishing 1.1.12
Publishing Transactional 1.1.1
Repository Tools 1.9.2
Third-party library BOM 5.7.12
UI 5.7.12

Acknowledgements

The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Matei "Mal" Badanoiu and Marian-Razvan Ilisanu.

Page tree