Magnolia 5.7 reached extended end of life on May 31, 2022. Support for this branch is limited, see End-of-life policy. Please note that to cover the extra maintenance effort, this EEoL period is a paid extension in the life of the branch. Customers who opt for the extended maintenance will need a new license key to run future versions of Magnolia 5.7. If you have any questions or to subscribe to the extended maintenance, please get in touch with your local contact at Magnolia.
Magnolia CORE 5.7.9 is a bug-fixing and security release that also delivers a few improvements.
Timeout for locking mechanism
There is now a five-minute timeout for the locking mechanism to mitigate an issue where nodes remain locked after publishing. For more details about this issue, see EEPUBLISH-28.
In addition, the logging of publishing operations on the receiver has been moved from the TRACE level to the DEBUG level.
Improved observation mechanism
When a new version of a content node is created in one workspace, the improved Magnolia observation mechanism (info.magnolia.observation.*
) makes sure that Magnolia does not react unnecessarily to any event that creates a node in /jcr:system
.
Targeted notification on synchronization failure
With version 1.9.1 of the Synchronization module, a notification is now sent to configured users whenever synchronization fails. To allow notifications for certain users, in the modules/synchronization-app/config
folder, create a user group called notificationGroups
and add a list of string properties to it. Each property represents the user name you wish to notify.
Synchronization fails when you move a node between subtrees. A workaround is to publish any problematic node manually and sync again.
Third-party library updates
This release comes with the following third-party library updates to fix some security and compatibility issues:
- HttpClient updated to 4.5.13 (BUILD-411).
- SnakeYAML updated to 1.26 (BUILD-401).
- Tomcat updated to 9.0.39 (MGNLTOMCAT-17).
- XStream updated to 1.4.14 (BUILD-422).
We keep the details of security-related fixes private in line with our security policy. Contact our Support team if you need more information.
Security advisory
We have fixed several security issues (including vulnerabilities to deserialization, SSRF and XSS attacks) with this release. We keep the details of those fixes private in line with our security policy. Contact our Support team if you need more information.
MAGNOLIA-7915, MAGNOLIA-7933, MAGNOLIA-7938, MGNLCTS-120, MGNLCTS-121, MGNLFORM-338, MGNLPUR-197 (restricted access)
Others
If you are upgrading from an earlier version, read Upgrading to Magnolia 5.7.x first and check the Known issues section on the page.
Changelog
See the 5.7.9 changelog for all the changes.
Updated modules
- Barebones Tomcat Bundle 1.1.5
- Blossom 3.2.4
- Cache 5.6.5
- Community Edition 5.7.9
- Content Translation Support 2.3.2
- Enterprise Edition 5.7.9
- Form 2.5.5
- Magnolia 5.7.9
- Public User Registration 2.7.5
- Publishing 1.1.8
- Publishing Transactional 1.0.8
- Soft Locking 2.7.3
- Solr Search Provider 5.2.4
- Synchronization 1.9.1
- Third-party library BOM 5.7.8
- UI 5.7.9
Acknowledgements
The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Matei "Mal" Badanoiu, Marian-Razvan Ilisanu, Julius Rabe, Richard Unger and Siegfried Zach.