Magnolia 6.1 reached extended end of life on June 2, 2020. Support for this branch is limited, see End-of-life policy.

Page tree
Skip to end of metadata
Go to start of metadata

Magnolia CMS 6.1.7 brings a number of bug fixes and security updates as well as an improvement to the Mail module. With this release, the extended end-of-life period for the 6.1 branch will now run until March 31, 2021. This period is intended to give you more flexibility when planning migration to a fully supported release.

Debug mode for SMTP Session

In the Mail module, a debug property has been added to info.magnolia.module.mail.smtp.SmtpConfiguration. To debug javax.mail.Session, set the property to true. See SMTP Session debugging for more information.


Third-party library updates

This release comes with the following third-party library updates to fix some security and compatibility issues:

  • Bouncy Castle Provider updated to 1.64 (BUILD-400).
  • Google API Client, HTTP Client and OAuth Client updated to 1.30.10, 1.36.0 and 1.31.0 respectively (MGNLMAIL-108).
  • HttpClient updated to 4.5.13 (BUILD-411).
  • SnakeYAML updated to 1.2.6 (BUILD-401).
  • Tomcat updated to 9.0.39 (MGNLTOMCAT-17).
  • XStream updated to 1.4.14 (BUILD-422).

We keep the details of security-related fixes private in line with our security policyContact our Support team if you need more information.

Notable bug fixes

The following issues have been resolved where:

  • In the REST Content Delivery module, invalid JSON was produced whenever a reference resolver that was applied to a list returned Optional.Empty() (MGNLREST-227).
  • In the Task Management module, performance slowed down as more tasks were added. To improve performance, you need to reindex the tasks workspace using the new task-specific indexing configuration (TASKMGMT-41).

As part of a security fix, HtmlColumnRenderer now supports only the class, title, style and target attributes (MGNLUI-6405, restricted access).

Security advisory

We have fixed several security issues (including vulnerabilities to deserialization, SSRF and XSS attacks) with this release. We keep the details of those fixes private in line with our security policyContact our Support team if you need more information.

MAGNOLIA-7915MAGNOLIA-7933, MAGNOLIA-7938MGNLCTS-120, MGNLCTS-121, MGNLPUR-197, MGNLUI-6405 (restricted access)


If you are upgrading from an earlier version, read the Upgrading to Magnolia 6.1.x page first and check the Known issues page.


See the 6.1.7 changelog for all the changes.

Updated modules

  • Barebones Tomcat Bundle 1.1.5
  • Community Edition 6.1.7
  • Content Dependencies 1.9.3
  • Content Translation Support 2.4.3
  • DX Core 6.1.7
  • Form 2.5.4
  • Magnolia 6.1.7
  • Mail 5.5.6
  • Public User Registration 2.7.5
  • REST Framework 2.1.6
  • Task Management 1.2.8
  • Third-party library BOM 6.1.7
  • UI 6.1.7


The Magnolia team would also like to thank everyone who reported issues, contributed patches or simply commented on issues for this release. Your continued interest helps us make Magnolia better. Special thanks go to Sven Bach, Matei "Mal" Badanoiu, Stefan Baur, Marian-Razvan Ilisanu, Philip Mundt, Julius Rabe and Richard Unger.

  • No labels