10.1.2 release notes - Enterprise Java Content management system - Hippo CMS

10.1.2 release notes

January 29, 2016

The new maintenance release 10.1.2 is available for general use. This release includes bug fixes and improvements in core, enterprise and plugins. This release also includes security fixes related to XXE and XSS vulnerabilities. For Hippo Enterprise Customers and Partners new Upgrade Verifier from CMS 7.9.11 to 10.1.2 is available.
Please upgrade your project to this latest maintenance release, see the minor upgrade instructions for more information.

New projects can be bootstrapped using new essentials version, to start follow trails page.

The new versions of these module artifacts have been made available earlier and are now bundled up in this maintenance release. If the project already has been using these newer artifact versions via a project pom file override, then remove these artifact version overrides when upgrading to a newer maintenance release.

We encourage all projects to remain on the regular maintenance release. Using a tagged artifact that is not yet part of a maintenance release should only be done if there is a specific reason and only after testing in your specific project setup.

ARTIFACTS & VERSIONS in 10.1.2

CORE

Addon HST Config Editor 2.1.0
Addon Channel Manager 3.1.2*
Addon Search Service 2.1.1
Commons 2.1.0
CMS 3.1.4*
Hippo theme 2.1.0
HST 3.1.1
Packages 2.1.0
Repository 3.1.2*
Services 2.1.0
Services Auto Reload 2.1.0
Services Content Type 2.1.0
Services Event Bus 2.1.0
Services Web Files 2.1.0
Utilities

2.1.0

Project 27.4

PLUGINS

Content Blocks 2.1.2*
Content Tagging 5.1.1
Dashboard Document Wizard 2.1.0
Gallerypicker 2.1.0
Poll 2.1.0
Relateddocs 3.1.0
Resource bundle 2.1.0
Robotstxt 2.1.0
Selection 3.1.0
SEO Support 2.1.0
Sitemap 2.1.0
Taxonomy 2.1.2*

Enterprise

Addon Advanced Search 2.1.1*
Addon Edition Indicator 2.1.0
Addon Eforms 2.1.2*
Addon Replication 3.1.0
Addon Synchronization 3.1.0
Addon Reporting 2.1.0
Addon Targeting 3.1.4*
Addon Two Face Authentication 2.1.0
Addon LDAP 2.1.0

Dependencies

Jackrabbit 2.10.1

(*) - New artifact versions

Improvement

CMS

  • [CMS-9736] - Backport of: Use new node icons in the console dialogs that show a jcr tree
  • [CMS-9748] - [Backport to 10.1] Improve rendering of dialog title
  • [CMS-9756] - [Backport 10.1] More lenient processing of svg image upload
  • [CMS-9767] - [Backport to 10.1] Use WicketExtJs 0.25.1

REPOSITORY

  • [REPO-1403] - [Backport 10.1] No need to support DTD or XML validating in SystemViewXML

ENTERPRISE FORMS

  • [EFORMS-305] - French and German translations for "form.counter.limit.error"

Bugs

CMS

  • [CMS-9729] - Backport of: Add node icons for targeting
  • [CMS-9752] - Build broken after Node upgrade
  • [CMS-9496] - Not enough whitespace in text editor (with patch)
  • [CMS-9721] - Content blocks: Change not visible in the CMS before publishing (with patch)
  • [CMS-9788] - Hippo tries to resolve "https://" in hint fields.
  • [CMS-9800] - [Backport to 10.1] Regression - Content blocks: validation invalidates all fields, instead of only the invalid fields
  • [CMS-9854] - Upgraded HtmlCleaner seems to incorrectly html encode text

CHANNEL MANAGER

  • [CHANNELMGR-366] - [Backport to 10.1]Improve rendering of variant names in component properties window

REPOSITORY

  • [REPO-1394] - scheduled task doesn't log the stacktrace when an error occurs in publish/unpublish workflow calls
  • [REPO-1401] - RepositoryTestCase hangs on shutdown
  • [REPO-1409] - [10.1] Code to prevent multiple same-state variants from being created can cause database inconsistencies

CONTENT BLOCKS

  • [HIPPLUG-1239] - ContentBlock should use new NodeComparer for better support nesting block fields inside compound fields
  • [HIPPLUG-1245] - [Backport to 10.1] Regression - Content blocks: validation invalidates all fields, instead of only the invalid fields

TAXONOMY

  • [HIPPLUG-1229] - Make it more clear that taxonomy name is a required field

ADVANCED SEARCH

  • [ENT-875] - [backport 10.1] Inconsistent results between Search and Advanced Search

ENTERPRISE FORMS

  • [EFORMS-353] - Forward port to 10.1 of: Counter node in FormCounterExtension not found
  • [EFORMS-356] - Backport 331 to 10.1: XSS vulnerability in Eforms radiogroup/checkbox field
  • [EFORMS-359] - Backport 347 to 10.1: Eforms has several XPath queries that does not escape path and query value properly

TARGETING

  • [BT-1380] - [Backport to 10.1]Improve rendering of persona and target group names
  • [BT-1395] - Targeting DataFlowService locking stolen issue in multi-site war scenarios
  • [BT-1403] - Backport [3.1.4] targeting.xml in hippo-addon-targeting-engine uses wrong namespace
  • [BT-1408] - Backport [3.1.x] AbstractDataFlowService should not unlock other instance

Task

  • [CMS-9796] - Update copyright year on login screen to 2016
  • [CMS-9863] - CLONE - Update year to 2016 in NOTICE file copyright statements [10.1]

10.1.2 release notes

January 29, 2016

The new maintenance release 10.1.2 is available for general use. This release includes bug fixes and improvements in core, enterprise and plugins. This release also includes security fixes related to XXE and XSS vulnerabilities. For Hippo Enterprise Customers and Partners new Upgrade Verifier from CMS 7.9.11 to 10.1.2 is available.
Please upgrade your project to this latest maintenance release, see the minor upgrade instructions for more information.

New projects can be bootstrapped using new essentials version, to start follow trails page.

The new versions of these module artifacts have been made available earlier and are now bundled up in this maintenance release. If the project already has been using these newer artifact versions via a project pom file override, then remove these artifact version overrides when upgrading to a newer maintenance release.

We encourage all projects to remain on the regular maintenance release. Using a tagged artifact that is not yet part of a maintenance release should only be done if there is a specific reason and only after testing in your specific project setup.

ARTIFACTS & VERSIONS in 10.1.2

CORE

Addon HST Config Editor 2.1.0
Addon Channel Manager 3.1.2*
Addon Search Service 2.1.1
Commons 2.1.0
CMS 3.1.4*
Hippo theme 2.1.0
HST 3.1.1
Packages 2.1.0
Repository 3.1.2*
Services 2.1.0
Services Auto Reload 2.1.0
Services Content Type 2.1.0
Services Event Bus 2.1.0
Services Web Files 2.1.0
Utilities

2.1.0

Project 27.4

PLUGINS

Content Blocks 2.1.2*
Content Tagging 5.1.1
Dashboard Document Wizard 2.1.0
Gallerypicker 2.1.0
Poll 2.1.0
Relateddocs 3.1.0
Resource bundle 2.1.0
Robotstxt 2.1.0
Selection 3.1.0
SEO Support 2.1.0
Sitemap 2.1.0
Taxonomy 2.1.2*

Enterprise

Addon Advanced Search 2.1.1*
Addon Edition Indicator 2.1.0
Addon Eforms 2.1.2*
Addon Replication 3.1.0
Addon Synchronization 3.1.0
Addon Reporting 2.1.0
Addon Targeting 3.1.4*
Addon Two Face Authentication 2.1.0
Addon LDAP 2.1.0

Dependencies

Jackrabbit 2.10.1

(*) - New artifact versions

Improvement

CMS

  • [CMS-9736] - Backport of: Use new node icons in the console dialogs that show a jcr tree
  • [CMS-9748] - [Backport to 10.1] Improve rendering of dialog title
  • [CMS-9756] - [Backport 10.1] More lenient processing of svg image upload
  • [CMS-9767] - [Backport to 10.1] Use WicketExtJs 0.25.1

REPOSITORY

  • [REPO-1403] - [Backport 10.1] No need to support DTD or XML validating in SystemViewXML

ENTERPRISE FORMS

  • [EFORMS-305] - French and German translations for "form.counter.limit.error"

Bugs

CMS

  • [CMS-9729] - Backport of: Add node icons for targeting
  • [CMS-9752] - Build broken after Node upgrade
  • [CMS-9496] - Not enough whitespace in text editor (with patch)
  • [CMS-9721] - Content blocks: Change not visible in the CMS before publishing (with patch)
  • [CMS-9788] - Hippo tries to resolve "https://" in hint fields.
  • [CMS-9800] - [Backport to 10.1] Regression - Content blocks: validation invalidates all fields, instead of only the invalid fields
  • [CMS-9854] - Upgraded HtmlCleaner seems to incorrectly html encode text

CHANNEL MANAGER

  • [CHANNELMGR-366] - [Backport to 10.1]Improve rendering of variant names in component properties window

REPOSITORY

  • [REPO-1394] - scheduled task doesn't log the stacktrace when an error occurs in publish/unpublish workflow calls
  • [REPO-1401] - RepositoryTestCase hangs on shutdown
  • [REPO-1409] - [10.1] Code to prevent multiple same-state variants from being created can cause database inconsistencies

CONTENT BLOCKS

  • [HIPPLUG-1239] - ContentBlock should use new NodeComparer for better support nesting block fields inside compound fields
  • [HIPPLUG-1245] - [Backport to 10.1] Regression - Content blocks: validation invalidates all fields, instead of only the invalid fields

TAXONOMY

  • [HIPPLUG-1229] - Make it more clear that taxonomy name is a required field

ADVANCED SEARCH

  • [ENT-875] - [backport 10.1] Inconsistent results between Search and Advanced Search

ENTERPRISE FORMS

  • [EFORMS-353] - Forward port to 10.1 of: Counter node in FormCounterExtension not found
  • [EFORMS-356] - Backport 331 to 10.1: XSS vulnerability in Eforms radiogroup/checkbox field
  • [EFORMS-359] - Backport 347 to 10.1: Eforms has several XPath queries that does not escape path and query value properly

TARGETING

  • [BT-1380] - [Backport to 10.1]Improve rendering of persona and target group names
  • [BT-1395] - Targeting DataFlowService locking stolen issue in multi-site war scenarios
  • [BT-1403] - Backport [3.1.4] targeting.xml in hippo-addon-targeting-engine uses wrong namespace
  • [BT-1408] - Backport [3.1.x] AbstractDataFlowService should not unlock other instance

Task

  • [CMS-9796] - Update copyright year on login screen to 2016
  • [CMS-9863] - CLONE - Update year to 2016 in NOTICE file copyright statements [10.1]