Release notes for Magnolia CORE 5.7.13

Magnolia CORE 5.7.13 is a bug-fixing and security release that delivers the following:

Third-party library updates

This release comes with the following third-party library updates to fix some security and compatibility issues:

Gson updated to 2.8.9 (BUILD-585).
Tomcat updated to 9.0.54 (MGNLTOMCAT-20).
Vaadin updated to 8.14.1 (BUILD-567).

We keep the details of security fixes private in line with our security policy. Contact our Support team if you need more information.

Security advisory

We now validate login CSRF tokens with HMAC. The new HmacCsrfToken strategy generates an HMAC CSRF token that expires after a configurable interval. The previous RandomCsrfToken strategy is now deprecated.

Logging into Magnolia after leaving the login page idle for 10-20 minutes returns a 403 Forbidden error due to an expired CSRF token. To resolve this issue, reload the login page.

MAGNOLIA-8239 (restricted access)

Others

If you are upgrading from an earlier version, read Upgrading to Magnolia 5.7.x first and check the Known issues section on the page.

Changelog

See the 5.7.13 changelog for all the changes.

Updated modules

Barebones Tomcat Bundle 1.1.7
Community Edition 5.7.13
Content Editor 1.2.1
Enterprise Edition 5.7.13
Magnolia 5.7.13
Pages 5.7.2
Personalization 1.6.4
Publishing 1.1.13
Third-party library BOM 5.7.13
UI 5.7.13

Acknowledgements

The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Alberto Ramirez and Ioannis Spyronis.

Page tree