Magnolia 5.7 reached extended end of life on May 31, 2022. Support for this branch is limited, see End-of-life policy. Please note that to cover the extra maintenance effort, this EEoL period is a paid extension in the life of the branch. Customers who opt for the extended maintenance will need a new license key to run future versions of Magnolia 5.7. If you have any questions or to subscribe to the extended maintenance, please get in touch with your local contact at Magnolia.
Magnolia CORE 5.7.8 is a bug-fixing and security release that delivers the following:
Asynchronous synchronization over a dedicated REST API
Previously, when invoking a synchronization process from a headless environment via the REST Command API, you had to keep a request open for the process to run. If the process took longer, the REST call would time out and the process would be interrupted.
With version 1.9 of the Synchronization module, a dedicated REST API for synchronization is now available. The API provides support for asynchronous synchronization and allows you to send the following request types:
- POST
.rest/synchronization/v1/trigger
: starts synchronization of content on a Magnolia public instance (the module's beta versions use/.rest/synchronization/v1/synchronize
). - GET
.rest/synchronization/v1/reset
: resets and flushes all synchronizations. - GET
.rest/synchronization/v1/status/{syncId}
: returns the status of a synchronization request.
Example synchronization request sent using the curl
command:
curl -u superuser:superuser http://localhost:8080/magnoliaAuthor/.rest/synchronization/v1/trigger --data ' {"url" : "http://localhost:8080/magnoliaPublic", "workspace": "website", "fromPath" : "/", "fromDate" : "2012-03-29T10:05:45-06:00"} ' --header "Content-Type: application/json"
Notes:
- Version 1.9 of the Synchronization module depends on version 1.0.6+ of the Publishing Transactional module.
If a beta version is installed and then updated to version 1.9, you will encounter the following:
2020-06-25 15:10:19,851 WARN magnolia.transformer.ClassPropertyBasedTypeResolver: Encountered the 'class' property but failed to resolved the type from its value: [info.magnolia.synchronization.commands.RestSynchronizationCommand]
The warning is harmless. You only need to remove the following node manually from the JCR configuration:
/modules/synchronization-rest/commands
If version 1.9-beta3 is installed and then updated to version 1.9, you will need to remove the following node manually from the JCR configuration:
/modules/synchronization-core/commands/synchronization/synchronize/synchronizationSenderClass
Configurable sameSite
attribute for JSESSIONID
cookie
For added security, the sameSite
attribute can be configured for the JSESSIONID
cookie. In Tomcat 8.5.42+, add the following to the conf/context.xml
file:
<CookieProcessor sameSiteCookies="strict"/>
A strict
value for sameSiteCookies
is now the default in all Tomcat bundles. See Cookie Processor Component for more information.
MGNLTOMCAT-15 (restricted access)
Debug mode for SMTP Session
In the Mail module, a debug
property has been added to info.magnolia.module.mail.smtp.SmtpConfiguration
. To debug javax.mail.Session
, set the property to true
. See SMTP Session debugging for more information.
Third-party library updates
This release comes with the following third-party library updates to fix some security and compatibility issues:
- Bouncy Castle Provider updated to 1.64 (MAGNOLIA-7827)
- Google API Client, HTTP Client and OAuth Client updated to 1.30.10, 1.36.0 and 1.31.0 respectively (BUILD-399, MGNLMAIL-108)
- Tomcat updated to 9.0.37 (MGNLTOMCAT-16)
We keep the details of the security-related fixes private in line with our security policy. Contact our Support team if you need more information.
Notable bug fixes
The following issues have been resolved where:
- In the Backup module, Magnolia failed to start upon restore due to incompatibility with H2 1.4.200 (MGNLBACKUP-136).
- In the Publishing Transactional module, the
executeOperation
method caused a synchronization issue because it did not use thegetReceivers
method (EEPUBLISH-27). - In the REST Content Delivery module, invalid JSON was produced whenever a reference resolver that was applied to a list returned
Optional.Empty()
(MGNLREST-227). - In the Synchronization module, synchronizing the same node more than once failed because the target node was locked on the public instance (MGNLSYNC-42).
- In the Task Management module, performance slowed down as more tasks were added. To improve performance, you need to reindex the
tasks
workspace using the new task-specific indexing configuration (TASKMGMT-41).
Others
Upgrading to 5.7.8
If you are upgrading from an earlier version, read Upgrading to Magnolia 5.7.x first and check the Known issues section on the page.
Changelog
See the 5.7.8 changelog for all the changes.
Updated modules
- Backup 2.3.2
- Barebones Tomcat Bundle 1.1.4
- Community Edition 5.7.8
- Content Dependencies 1.9.3
- Enterprise Edition 5.7.8
- Form 2.5.3
- Magnolia 5.7.8
- Mail 5.5.6
- Public User Registration 2.7.4
- Publishing 1.1.6
- Publishing Transactional 1.0.7
- REST Framework 2.1.6
- Synchronization 1.9
- Task Management 1.2.8
- Third-party library BOM 5.7.7
- UI 5.7.8
Acknowledgments
The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Sven Bach, Stefan Baur, Marc Johnen, Philip Mundt and Richard Unger.