Magnolia 5.7 reached extended end of life on May 31, 2022. Support for this branch is limited, see End-of-life policy. Please note that to cover the extra maintenance effort, this EEoL period is a paid extension in the life of the branch. Customers who opt for the extended maintenance will need a new license key to run future versions of Magnolia 5.7. If you have any questions or to subscribe to the extended maintenance, please get in touch with your local contact at Magnolia.

Magnolia CORE 5.7.8 is a bug-fixing and security release that delivers the following:

Asynchronous synchronization over a dedicated REST API

Previously, when invoking a synchronization process from a headless environment via the REST Command API, you had to keep a request open for the process to run. If the process took longer, the REST call would time out and the process would be interrupted.

With version 1.9 of the Synchronization module, a dedicated REST API for synchronization is now available. The API provides support for asynchronous synchronization and allows you to send the following request types:

  • POST .rest/synchronization/v1/trigger: starts synchronization of content on a Magnolia public instance (the module's beta versions use /.rest/synchronization/v1/synchronize).
  • GET .rest/synchronization/v1/reset: resets and flushes all synchronizations.
  • GET .rest/synchronization/v1/status/{syncId}: returns the status of a synchronization request.

Example synchronization request sent using the curl command:

curl -u superuser:superuser http://localhost:8080/magnoliaAuthor/.rest/synchronization/v1/trigger --data '
{"url" : "http://localhost:8080/magnoliaPublic", "workspace": "website", "fromPath" : "/", "fromDate" : "2012-03-29T10:05:45-06:00"}
' --header "Content-Type: application/json"

(info) Notes:

  • Version 1.9 of the Synchronization module depends on version 1.0.6+ of the Publishing Transactional module.
  • If a beta version is installed and then updated to version 1.9, you will encounter the following:

    2020-06-25 15:10:19,851 WARN magnolia.transformer.ClassPropertyBasedTypeResolver:
    Encountered the 'class' property but failed to resolved the type from its value: 
    [info.magnolia.synchronization.commands.RestSynchronizationCommand]

    The warning is harmless. You only need to remove the following node manually from the JCR configuration:

    /modules/synchronization-rest/commands
  • If version 1.9-beta3 is installed and then updated to version 1.9, you will need to remove the following node manually from the JCR configuration:

    /modules/synchronization-core/commands/synchronization/synchronize/synchronizationSenderClass

MGNLSYNC-40MGNLSYNC-43

Configurable sameSite attribute for JSESSIONID cookie

For added security, the sameSite attribute can be configured for the JSESSIONID cookie. In Tomcat 8.5.42+, add the following to the conf/context.xml file:

<CookieProcessor sameSiteCookies="strict"/>

A strict value for sameSiteCookies is now the default in all Tomcat bundles. See Cookie Processor Component for more information.

MGNLTOMCAT-15 (restricted access)

Debug mode for SMTP Session

In the Mail module, a debug property has been added to info.magnolia.module.mail.smtp.SmtpConfiguration. To debug javax.mail.Session, set the property to true. See SMTP Session debugging for more information.

MGNLMAIL-77

Third-party library updates

This release comes with the following third-party library updates to fix some security and compatibility issues:

We keep the details of the security-related fixes private in line with our security policyContact our Support team if you need more information.

Notable bug fixes

The following issues have been resolved where:

Others

Upgrading to 5.7.8

If you are upgrading from an earlier version, read Upgrading to Magnolia 5.7.x first and check the Known issues section on the page.

Changelog

See the 5.7.8 changelog for all the changes.

Updated modules

  • Backup 2.3.2
  • Barebones Tomcat Bundle 1.1.4
  • Community Edition 5.7.8
  • Content Dependencies 1.9.3
  • Enterprise Edition 5.7.8
  • Form 2.5.3
  • Magnolia 5.7.8
  • Mail 5.5.6
  • Public User Registration 2.7.4
  • Publishing 1.1.6
  • Publishing Transactional 1.0.7
  • REST Framework 2.1.6
  • Synchronization 1.9
  • Task Management 1.2.8
  • Third-party library BOM 5.7.7
  • UI 5.7.8

Acknowledgments

The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Sven Bach, Stefan Baur, Marc Johnen, Philip Mundt and Richard Unger.

  • No labels