Changelogs

dotCMS 20.10.1 is a minor release which includes several minor improvements, and fixes for several issues in previous releases.

Changes to Default Behavior

The following differences in default behavior in dotCMS 20.10.1 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

• The cancel option has been removed for the push publishing integrity check.
• In previous versions, a user could cancel an integrity check while it was in progress.
• With dotCMS 20.10.1, a user can not longer cancel an integrity check once it is in progress.
• The Receive-From section has been removed from the publishing enviroments section of the control panel.
• Jsontool.generate now returns velocity by default instead of JSON.
• In previous versions, the publishing environments section of the control panel would state what enviroment would be the reciever of the push publishing data.
• With dotCMS 20.10.1, a user can now use JWT in the authentication process for publishing eviroments instead
• For more information, please see Additional Changes.
• Users with SAML configured will now see a logout screen user.
• If a user with SAML configured logs out they will be sent to a logout page.
• When a browser timeouts for user with SAML configured,the user will see no change until they refresh, then they will see a logout page.
• For more information, please see Additional Changes.

Privacy and Security Updates

The following changes in dotCMS 20.10.1 fix potential security or privacy issues which have been identified by dotCMS. For more details on any of these issues, please contact dotCMS Support.

• Fixed a security vulnerability which could allow an authenticated user to exploit a weakness in certain API calls.
• In addition to the fix in dotCMS 20.10.1, a plugin which mitigates the vulnerability has been created for all affected dotCMS versions (all release from 5.0.3 to 5.3.9), which can be applied without a server restart.
• Mitigation has already been performed for all dotCMS Cloud customers.
• Detailed information on this vulnerability, including a link to the patch plugin, will be provided in a Security Issue notice on the Known Security Issues page once all on-premesis customers have had an opportunity to apply the patch.

It's important to understand that some security issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.

Fixes

The 20.10.1 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 20.10.1, please visit the dotCMS Github Repository.

• Fixed an issue which could prevent push publishing when attempting to fix a folder conflict. (#19471)
• Fixed an issue which could prevent the permissions tab from displaying for a limited user. (#19364)
• Fixed an issue which could temporarily prevent the file list from refreshing after an image is added. (#19335)
• Fixed an issue which could prevent display of an appropriate error to appear when adding a file to a folder with filters. (#19182)
• Fixed an issue causing the wrong filter name to appear in bundle details. (#19075)
• Fixed an issue causing the Integrity Checker to fail when JWT was used for Push Publishing authentication. (#18690)
• Fixed an issue preventing SVG images from displaying correctly in the UI. (#18656)
• Fixed an issue that sometimes cause errors when integity checker was run on dotCMS clusters. (#18554)
• Fixed an issue causing the JSONTool to return a single content item instead of a list. (#18505)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 20.10.1

• Added endpoints to the Page API to support operations on the Query Tool. (#18314)
• Added endpoints to the Bundle API to support operations on Creating a Bundle. (#19321)
• Added fireRules parameter at page level of the GraphQL API.(#19219)
• Updated the logout for SAML users to return users to a new logout page.(#19098)
• Added JWT support to push publishing authentication. (#16796)
• Updated HTTP Client to Angular 10.(#19073)
• dotCMS is now fully ARM supported. (#19192)
• The cache is now flushed when the push publishing filter files are changed. (#19152)

dotCMS 5.3.9 is a minor release which includes several minor improvements, and fixes for several issues in previous releases.

Changes to Default Behavior

The following differences in default behavior in dotCMS 5.3.9 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

• The Permissions required to edit Categories have been changed.
• In pervious versions, a user could not create top-level Categories without Edit Permissions rights for Categories on the System Host (All Hosts).
• With dotCMS 5.3.9, permissions have been changed to allow you to give non-administrative users the ability to create and edit top-level Categories. The permissions required to edit Categories are now the following:
• Create Top-Level Category: Publish rights for Categories on the System Host (All Hosts).
• Create Subcategory: Publish rights for Categories on the parent Category.
• Edit Any Category: Edit rights for the Category to be edited.
• Unused Elasticsearch _text fields have been removed.
• _text fields in the index, which were created by default in previous versions but not used by dotCMS, are no longer created by default.
• Creation of these fields can be re-enabled by setting the CREATE_TEXT_INDEX_FIELD_FOR_NON_TEXT_FIELDS configuration property to true.
• For more information, please see the Github issue.

Fixes

The 5.3.9 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.9, please visit the dotCMS Github Repository.

• Fixed an issue preventing pagination of content displayed in the add content popup in the Page Editor (#19304)
• Fixed an issue which could cause extra content to be exported in some circumstances when creating a new starter.zip (#19300)
• Fixed an issue preventing the use of the "UPLOAD NEW FILE" button when setting the value for Image and File fields (#19181)
• Fixed an issue which could temporarily prevent a changed layout from displaying properly when changing the view in the Page Editor (#19165)
• Fixed an issue which could cause errors when using a File-based Container on a Site other than the Default Host (#18780)
• Fixed an issue which prevented display of content added to a Container when the Template was changed to one that used the same Container (#18607)
• Fixed an issue preventing the use of the #dotParse() directive in Custom Fields when the included file was on a different Site (#18573)
• Fixed an issue causing improper display of the Page Editor toolbar in Edit mode on some screen sizes (#18203)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.3.9

• Improved Permissions used to control access to Top-level Categories (#8538)
• For more information, please see Default Behavior Changes, above.
• Improved the display of error messages when some types of runtime exceptions are encountered (#19310)
• Updated the release Docker images to enable execution on ARM architecture (#19334)
• Improved error handling when the Apps Secret Store file became corrupted (#19302)
• Added several minor improvements to the dotCMS starter site that ships with the release (#19289)
• Made some minor improvements to the GraphQL Page API (#18990, #19190)
• Improved GraphQL cache handling to improve performance in a cluster (#19255)
• Restricted access to SAML App metadata (#19157)
• Although exposing the SAML metadata poses no known security risks, access to this data was restricted to support a security posture of restricted data access by default.
• Added endpoints to the Page API to support operations on Templates (#19096)
• These endpoints are currently intended for internal use only; official support for customer use may be provided in later versions.
• Reduced the default size of Elasticsearch indexes by removing unused fields (#18988)
• For more information, please see Default Behavior Changes, above.
• Added a REST endpoint enabling App configuration to be imported from and exported to external files, for backup and portability (#18237).

dotCMS 5.3.8 is a minor release which includes several minor improvements, and fixes for several issues in previous releases.

Important: With the release of dotCMS 5.3.8, support for using dotCMS with MySQL is officially deprecated. Please see below for more information.

Fixes

The 5.3.8 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.8, please visit the dotCMS Github Repository.

• Fixed an issue which could cause performance issues, and in some cases application hangs, due to Apps configuration (#19282)
• Fixed an issue which could sometimes prevent the content list from being shown in the content selection modal (#19263)
• Fixed an issue preventing display of available actions in the batch action modal after executing a Workflow Action directly in Content Search (#19257)
• Fixed an issue which could cause content to be removed from a Page when the same content was edited within another Page (#19245, #19212, #19213)
• Fixed an issue which could cause errors to be generated when using GraphQL to pull content containing Binary fields (#19240)
• Fixed an issue which could prevent Push Publishing from working properly when the content being pushed already existed in an archived state on the receiver (#18920, #19221)
• Fixed an issue which could cause editing of a VTL file in Page edit mode under specific circumstances (#19220)
• Fixed an issue which caused errors editing content on a Page if the Content Type used a #}dotParse directive in the tinymceprops field variable (#19214)
• Fixed an issue which could cause results to stop displaying in Content Search after sorting on a field for which no content contains a value (#19210, #19169)
• Fixed an issue preventing the use of GraphQL in Community Edition (#19206)
• Fixed an issue preventing display of "Language" and "Host" Search fields when relating content on Content Types with multiple relationship fields (#19204)
• Fixed an incorrect Site name in the starter site (#19203)
• Fixed an issue preventing display of Binary images on the front-end of the site if the working version of the content is not the same as the live version (#19201)
• Fixed an issue which could cause some Categories to be lost when exporting and then importing content (#19195)
• Fixed an issue which could prevent content from saving if no value existed in a non-required Tag field (#19189)
• Fixed an issue prevented the changing of Loggers with the LoggerResource if the classes were not in the classpath (#19183)
• Fixed an issue preventing limited users from creating content in languages other than the default language (#19155)
• Fixed an issue preventing Vanity URLs from being evaluated in the proper order (#19147)
• Fixed an issue preventing the Push Publish modal from working from some screens (#19133)
• Fixed an issue prevented second-level (grandchild) category values from being returned with content in multiple REST API calls (#19121)
• Fixed an issue which could cause elevated server load if multiple background operations were executed in a short period of time (#19006)
• Fixed an issue which could sometimes prevent some content items from being added to the Elasticsearch index (#18951)

To view more information on these and other issues, please visit the dotCMS Github repository.

Deprecated Features

The following features have been officially deprecated in dotCMS 5.3.8. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.

• Support for MySQL has been deprecated.
• Future features may not be supported in MySQL, and fixes for issues which are not security- or privacy-related may not be fixed for systems running on MySQL.
• Support for MySQL may be fully removed in a future release.
• This tool can simplify the migration from MySQL to PostgreSQL. It is believed to work in most cases, though it has not been tested with significantly old versions of the software. It is still recommended, as it is generally, that you make backups before performing any major operation on a database.

Additional Changes and Improvements in dotCMS 5.3.8

• Added several new fields to the GraphQL Page API (#19159, #19143, #19136, #19108)
• The following new properties were added:
• layout
• render
• urlContentMap
• ViewAs
• Improved Apps to allow the storage of multi-line secrets (hidden fields) (#19074)
• Reordered the tabs in the Publishing Queue to show the most-commonly used tab (Status/History) first (#19071)
• Moved configuration for Google Translate (and the Translate Workflow Sub-Action) to the Apps feature (#19061)
• Added a new REST endpoint to retrieve an entire folder tree (#18964)

dotCMS 5.3.7 is a minor update which includes several improvements and minor fixes for several issues in previous releases.

New Features

The following new features have been added in dotCMS 5.3.7:

• New Apps Integrations feature
• The new Apps Tool allows developers to create and manage information used to integrate with third-party applications and external servers.
• Apps supports custom configurations which can be managed through the back-end UI, a secure Secrets repository, and a REST API to integrate those configurations with your own plugins.
• The dotCMS 5.3.7 starter site ships with several built-in Apps as examples; for more information on these, please see the Apps Tool in the dotCMS starter or demo site.
• When you upgrade to dotCMS 5.3.7, all administrative users with access to the Maintenance Tool (Control Panel -> Maintenance) will automatically be given access to the Apps tool.
• If you wish to change which users have access to the Apps Tool, or if you wish to hide it from existing users, you can modify which Roles have access to it through the Roles & Tools screen (Control Panel -> Roles & Tools) just like any other Tool.
• For more information, please see the Roles and Tools documentation.
• For more information on Apps, please see the Apps Integrations documentation.
• New Environment Variable Configuration capability
• You can now set or override dotCMS configuration with environment variables, allowing easy changing of dotCMS properties in standard Docker images
• For more information, please see the Changing Configuration Properties documentation.
• New GraphQL Additions and Improvements
• The GraphQL interface has been enhanced with several new features and improvements, including:
• New BaseType Interfaces allow return of dotCMS Base Types.
• Added a total results count to all GraphQL results, to aid in handling pagination.
• Improved the Site field in the GraphQL response to include all content fields added to the Host Content Type.
• For more information on all of these additions, please see the GraphQL documentation.

Fixes

The 5.3.7 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.7, please visit the dotCMS Github Repository.

• Fixed an issue preventing proper use of cluster Autowire when Hazelcast discovery was enabled (#19163)
• Fixed an issue which could prevent display of the Template Designer for Sites with certain characters in the Aliases field (#19123)
• Fixed an issue preventing use of the Cancel button when editing existing Content Type fields (#19120)
• Fixed an issue preventing display of some Content Types in the Content Search Tool under certain conditions (#19118)
• Fixed an issue preventing display and editing of Task details in the Tasks Tool (#19117)
• Fixed an issue preventing the insertion of links in the WYSIWYG Field when using Community Edition (#19102)
• Fixed an issue preventing scrolling of the Tools menu when the back-end UI navigation was collapsed (#19030)
• Fixed an issue preventing the Push Publish popup from displaying in the Page editor (#18678)
• Fixed an issue causing the Permission tab to incorrectly display (but not allow editing) for users without "Edit Permissions" rights to the content (#18583)
• Fixed an issue some UI problems when adding Content Types with reserved names (#18474)
• Fixed an issue preventing the use of "force unlock" by administrators in the Page editor (#18204)
• Fixed an issue causing incorrect display of some portions of the Page editor on smaller screens (#18203)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.3.7

• Improved validation of YAML formatting on Push Publish Filter configuration files (#18986)
• Added a REST API endpont that returns a list of users based on selected Roles (#18979)
• For more information, please see the REST API Endpoints documentation.
• Added information about the default language to the response from the /api/v2/languages endpoint (#18969)

dotCMS 5.3.6.1 is a maintenance release which includes a fix for one minor issue with the 5.3.6 release which may affect some larger sites.

Fixes

The 5.3.6.1 release includes fixes for the following reported issues. For a list of issues addressed in dotCMS 5.3.6.1, please visit the dotCMS Github Repository.

• Fixed an issue which could sometimes cause reindexing to fail on sites with many content type fields (#19092)

To view more information on these and other issues, please visit the dotCMS Github repository.

dotCMS 5.3.6 is a maintenance release which adds one new feature, removes one deprecated feature, and includes several minor fixes and improvements.

New Features

The following features have been added in dotCMS 5.3.6:

• New Push Publishing Notifications
• dotCMS will now automatically notify a user when a Push Publishing operation they initiated either succeeds or fails.
• Notifications will be displayed automatically in a popup, and can be viewed in the notification history window (accessible via the "bell" icon in the top-right corner of the back-end UI).

Fixes

The 5.3.6 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.6, please visit the dotCMS Github Repository.

• Fixed an issue preventing the creation of links in the WYSIWYG field editor (#19041)
• Fixed an issue which caused the Push Publishing Filters to be removed when the deploy-plugins.sh script was run (#19037)
• Fixed an issue which could cause a reindex to time out on sites with very large numbers of Content Type fields (#19033)
• Fixed an issue preventing drag-and-drop of images into WYSIWYG fields (#19018)
• Fixed an issue allowing users to delete a just-archived Page, even if no Workflow Action existed to perform a delete (#19015)
• Fixed an issue which could cause an error when fetching a contentType collection with no content via GraphQL (#18977)
• Fixed an issue which could prevent selection of a file-based-Container when the title did not match the file name (#18921)
• Fixed an issue which prevented proper front-end operation when running AdoptOpenJDK v8u262b10 (#18917)
• Fixed an issue which incorrectly allowed creation of Content Type fields with variable named "host" (#18882)
• Fixed an issue which could sometimes cause some Containers to not display any content (#18855)
• Fixed an issue preventing the Time Machine from respecting Publish and Expire dates in content displayed by Widgets (#18795)
• Fixed an issue which could prevent the Available Workflow Actions button from working in specific circumstances (#18697)
• Fixed an issue which could cause relationships on a receiver to get temporarily out-of-sync with the sender in specific circumstances (#18571)

To view more information on these and other issues, please visit the dotCMS Github repository.

Features and Dependencies Removed from dotCMS 5.3.6

A number of previously-deprecated features and dependencies have been removed from dotCMS 5.3.6.

For customers which only use the standard dotCMS distribution, these changes will likely have no impact. However for customers which build dotCMS from source or who use custom plugins, these changes may impact your build process. If you do build dotCMS or custom plugins, please review the below list to identify any dependencies which may affect your build process.

Removed Features

• The Workflow Actions Code field has been removed.
• Customers who have existing Workflow Actions that use the Code field should do one of the following before upgrading to dotCMS 5.3.6:
• If the Large Message Subaction is available in your current dotCMS version: Move the contents of the Code field to a Large Message Subaction.
• If the Large Message subaction is not available in your version, then:
  • Before the upgrade, move anything in the Code field to a .vtl file, and include that file with a #dotParse() directive.
  • After the upgrade, create a Large Message Subaction, and use a #dotParse() directive in that Subaction to parse the same .vtl file.

Additional Changes and Improvements in dotCMS 5.3.6

• Added the ability to change the location of the dotGenerated folder in the dotCMS installation (#18958)
• Added the ability to use Push Publishing Filters when downloading Bundles (#18293)
• Added a new LoggerResource, which enables logging levels to be changed dynamically (without restarting dotCMS) (#18889)
• Added a new REST API endpoint to upload Bundles (#18563)
• Added support for the hazelcast-kubernetes discovery jar, to support Hazelcast discovery in all Kubernetes distributions (#18904)
• Improved folders to allow inclusion of spaces in folder names (#16216)
• Improved Elasticsearch field mappings to perform custom mappings immediately (when a field is created, instead of just during a reindex) (#18887)
• Improved the Content Type selector drop-down to enable scrolling (#18840)
• Improved the Content Type Tool to allow editing of Content Types even if there is not a valid ES index (#18837)
• Removed an unused and unneeded icu4j library (dot.icu4j-4.0.1_2.jar) from the dotCMS Classpath (#18927)

dotCMS 5.3.5 is a maintenance release which includes fixes for two security vulnerabilities, and some minor fixes and improvements.

Privacy and Security Updates

The following changes in dotCMS 5.3.5 fix potential security or privacy issues which have been identified by dotCMS. For more details on any of these issues, please contact dotCMS Support.

It's important to understand that some security issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.

• Fixed a potential XSS vulnerability in a specific dotCMS component (#18961)
• Updated the com.fasterxml.jackson.core library to the latest version, to address potential vulnerabilities (#18151)

Fixes

The 5.3.5 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.5, please visit the dotCMS Github Repository.

• Fixed an issue which could prevent creation of a new dotAsset when dragging an image onto the WYSIWYG file browser (#18980)
• Fixed an issue which resulted in a Bad Request response when passing the 'uri' parameter to the sitename endpoint (#18848)
• Fixed an issue which could cause errors and prevent some Workflows from working properly after upgrading a system which uses Oracle as a database (#18782)
• Fixed an issue which caused a dojo/parser error in console when adding more than 2 relationship fields (#18764)
• Fixed an issue preventing the "com.dotcms.hooks" sample plugin from working properly (#18756)
• Fixed an issue which prevented the use of relative URL Map patterns which worked in earlier dotCMS releases (#18744)
• Fixed an issue which could cause Container Ids to be duplicated under certain conditions (#18714)
• Fixed an issue which could cause all Push Publishing Filters to fail when bad data was found in any of the filter files (#18705)
• Fixed an issue which could cause reindexing to fail on some systems upgraded from very old versions of dotCMS (#18673)
• Fixed an issue which could cause errors when attempting to Push Publish files that were uploaded via WebDAV (#18626)
• Fixed an issue which could cause errors on some systems when upgrading from earlier dotCMS versions (#18524)

To view more information on these and other issues, please visit the dotCMS Github repository.

Deprecated Features

The following features have been officially deprecated in dotCMS 5.3.5. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.

• The Code field in Workflow Actions is deprecated, and will be removed in dotCMS 5.3.6.
• Anything which is displayed in a Code field should be moved into a Large Message Subaction instead.
• The Large Message subaction provides the same functionality as the Code field, but enables you greater control over the size of the popup message, and when the popup appears (relative to the other Subactions).

Additional Changes and Improvements in dotCMS 5.3.5

• Removed unnecessary messages written to the log file when using MySQL as database (#18947)
• Improved the error message displayed when a Push Publish fails due to Push Publish Filter excluding dependencies (#18792)
• Improved Elasticsearch connection in a cluster, to utilize ES load balancing features without using an external load balancer (#18870)
• Improved content export to allow export of unlimited number of content items (#18641)
• Added a Page field to GraphQL which contains properties of the Page (#18599)
• Improved the Log File pop-up window to expand the messsage display portion of the window when the window is resized (#18556)
• Unrepackaged the com.fasterxml.jackson.core library (#18151)
• Any customers which reference the repackaged libraries in their code will need to modify the code to refer to the unrepackaged libraries instead. For example, import com.dotcms.repackage.com.fasterxml.jackson.annotation.JsonProperty; should be changed to import com.fasterxml.jackson.annotation.JsonProperty;.
• Upgraded GraphQL from v11.0 to v13.0
• Upgraded the kickstart library from v7 to v9.

dotCMS 5.3.4.1 is a maintenance release which includes a fix for one significant issue which may affect all sites, and fixes for several issues which may affect sites which use MSSQL or Oracle databases.

Fixes

The 5.3.4.1 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.4.1, please visit the dotCMS Github Repository.

• Fixed an issue preventing dotCMS startup on sites using MSSQL (#18940)
• Fixed an issue causing an error when a cluster was initialized on sites using Oracle (#18918)
• Fixed an issue prevented reindexing on sites using MSSQL (#18912)
• Fixed an issue which could cause the Site Browser to fail to display some folders (#18901)
• Fixed an issue causing startup and reindexing failures on sites using Oracle (#18878)

To view more information on these and other issues, please visit the dotCMS Github repository.

dotCMS 5.3.4 is a maintenance release which includes some minor fixes, and improvements.

Fixes

The 5.3.4 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.4, please visit the dotCMS Github Repository.

• Fixed an issue which prevented users from being able to change which Site Search index was the default (#18872)
• Fixed an issue preventing site search indexing jobs from completing and being assigned as the new default Site Search index (#18869)
• Fixed an issue which could prevent a Container from displaying any content in some circumstances (#18855)
• Fixed an issue preventing the Page layout editor from working properly for some Pages (#18830)
• Fixed an issue which could cause incorrect results to be returned when searching for Site Aliases with Elasticsearch (#18805)
• Fixed an issue which could prevent the parent content in a self-joined relationship from being pushed by dependency (#18804)
• Fixed an issue preventing proper operation of Workflows in Oracle (#18782)
• Fixed an issue causing only partial display of very long file names in the Asset information window (#18691)
• Fixed an issue which could cause Push Publishing to fail in specific circumstances (#18621)
• Fixed an issue which prevented some Site Aliases from working correctly (#18187)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.3.4

• Added display of a notification when Elasticsearch is in read-only mode (#17842)
• When content is saved, if the Elasticsearch server is unavailable (due to a network error, for example), a notification will be displayed in the back-end UI.
• Availability of the Elasticsearch server will be automatically re-checked until the server is once again available - when a new notification will be displayed in the back-end UI.
• Added display of the instance Secret Key (SHA-3 Key Digest) and Cluster Id to the System -> Configuration -> Basic Info screen (#17938)
• Added the ability to update or regenerate the instance Secret Key from the System -> Configuration -> Basic Config screen (#18381)

dotCMS 5.3.3 is a maintenance release which includes some minor upgrades, fixes, and improvements.

This release includes a number of changes which may affect existing installations. We recommend that you read through this changelog in full before upgrading any existing installations.

Important Changes

A number of important changes in dotCMS 5.3.3 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

Configuration Changes

The following important changes have been made to configuration in dotCMS 5.3.3:

• The "Push Now" Workflow Sub-Action now allows you to specify a Push Publishing Filter (see below)
• Existing "Push Now" Sub-Actions will use whichever filter is defined as the default filter.
• By default, this will preserve the Push Publishing behavior of previous versions
• However, if you modify your Push Publishing Filters to change which filter is used as the default filter, the "Push Now" Sub-Actions will change to use the new default filter.
• You may change each "Push Now" Sub-Action to specify a filter by name, instead of using the default filter.
• The Vanity URL cache regions have changed
• Vanity URLs continue to work the same as they have in previous versions, but the underlying code has been significantly updated to improve performance and reliability.
• As part of this change, there are now two different cache regions for Vanity URLs: vanityurlsitecache and vanityurldirectcache.
• The vanityurlsitecache region stores a separate list of Vanity URLs for each host on your system
• The default size of 5000 should work for almost all dotCMS instances, but if you have thousands of sites on the same dotCMS instance, you should set this region to a size that's larger than the number of hosts you expect to have on your system.
• The vanityurldirectcache region stores the most recently matched Vanity URLs.
• The default size of 25000 will work for the majority of sites, but if your sites use Vanity URLs heavily, you may wish to monitor the cache statistics, and increase the size of this region appropriately if necessary.

New Features

The following new features have been added in dotCMS 5.3.3:

• New Push Publishing Filters enable you to selectively limit which types of content and dependencies are pushed to a receiving environment
• You may create different filters, to give your users a choice of how to push content.
• You may give different permissions to each filter, to limit the use of some filters by Role.
• You may specify a default filter, which will be automatically selected, and which will be used by default in all existing Workflow Actions.
• When upgrading your site, the default filter will be set to the "Everything and Dependencies" filter, which pushes content with all dependencies, matching the behavior of pushes in earlier dotCMS versions.
• The dotCMS starter site includes a set of standard filters.
• When upgrading your site, these filters will be installed automatically.
• For more information, please see the Push Publishing Filters documentation.

Fixes

The 5.3.3 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.3, please visit the dotCMS Github Repository.

• Removed unnecessary file metadata log messages during reindexing (#18752)
• Fixed an issue preventing the main navigation in the back-end from scrolling (#18716)
• Fixed an issue causing an error when renaming a file while creating new content (#18685)
• Fixed an issue which could cause an error when a Page without a valid template was bundled (#18598)
• Fixed an issue which could prevent import of a starter site with XML 1.1 characters in it (#18576)
• Fixed an problem with the download link on File Assets (#18561)
• Fixed an issue which could cause the Drop Old Assets Versions tool to fail when deleting a large number of records (#18494)
• Fixed an issue which could cause Elasticsearch indexing issues with heavy use of Key/Value fields (#18446)
• Fixed an issue which could cause an error when an empty VTL file was push published (#18051)
• Fixed performance and consistency issues when Vanity URLs were used in a cluster (#17278)
• Fixed an issue which could cause the buttons in the Content Type properties window to stop working under certain conditions (#18595)
• Fixed an issue which could sometimes cause GraphQL to return an incomplete URL (without the full path) #18286)
• Fixed an issue which could cause a UI (Javascript) error when a content type had two relationship fields to the same parent content type (#18152)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.3.3

• Created a new REST endpoint to load all message keys (#18530)
• Upgraded the #dotParse() directive to accept dotAssets (#18402)
• Added the ability to open the File Browser with one click from the WYSIWYG field (#18498)
• Upgraded the Workflow Scheduled Action to support multi-lingual content (#18591)
• Implemented some internal performance improvements (#18682)
• Improved error logging in several areas (#18645)
• Improved resource handling in the Temp file API (#18676)

dotCMS 5.3.2 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.3.2:

• Improved file handling in the WYSIWYG field
• Added the ability to drag and drop images into the WYSIWYG field.
• Dropped images will be saved as dotAssets, and automatically assigned to a dotAsset Content Type based on the file type, in the way as files dropped into the Content Search screen.
• Added the ability to open the File browser with one click.
• Added a button to edit image properties.

Privacy and Security Updates

The following changes in dotCMS 5.3.2 fix potential security or privacy issues which have been identified by dotCMS.

It's important to understand that both security and privacy issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.

• Fixed an issue causing some screens in the back-end UI to display improperly when the X-Content-Type-Options header was specified (#16955)
• This issue did not cause any security issues, but prevented the use of the X-Content-Type-Options header, which can be used to improve security.
• The X-Content-Type-Options header may now be used to improve browser security while accessing the dotCMS back-end UI.

Fixes

The 5.3.2 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.2, please visit the dotCMS Github Repository.

• Fixed an issue preventing upgrade from earlier release when using older versions of Postgres (#18640)
• Fixed an issue which sometimes caused conflicts when pushing legacy relationships upgraded to new relationship fields (#18616)
• Fixed an issue preventing scrolling in the Content Types Tool (#18588)
• Fixed an issue which could sometimes cause Content Type fields to be reordered unpredictably (#18542)
• Fixed an issue which could cause errors in the Content editor when a content item had related Parents that were archived (#18525)
• Fixed an issue which could sometimes prevent OSGI plugins from initializing properly, and cause noisy logging (#18501)
• Fixed an issue which caused Key Value field data to be returned in the wrong order (#18479)
• Fixed an issue which prevented GraphQL from returning related content in any Language other than the default Language (#18444)
• Fixed an issue which prevented GraphQL from returning any content in specific circumstances (#18443)
• Fixed an issue which prevented a reindex from finishing under specific conditions (#18424)
• Fixed an issue which could prevent the "What's Changed" feature from detecting content changes on the page (#18356)
• Fixed an issue which sometimes prevented access to an asset using the ID Path URL, even for admin users (#18345)
• Fixed an issue preventing multiple Tools from updating properly when the Site was changed in the back-end UI (#18148)
• Fixed an issue causing errors in the content editing screen when the Tab divider and other fields shared the same name (#18102)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.3.2

• Added a CORS filter to the GraphQL interface (#18567)
• Added a new REST API endpoint to retrieve the image URL from a dotAsset (#18427)
• Improved the query strings displayed in the Show Query popup to better match the content displayed in the Content Search screen (#18316)

dotCMS 5.3.1 is a maintenance release which includes a single important fix for the 5.3.0 release.

Fixes

The 5.3.1 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.1, please visit the dotCMS Github Repository.

• Fixed an issue preventing the same File-based Container from being added to a Page more than once (#18558)

To view more information on these and other issues, please visit the dotCMS Github repository.

dotCMS 5.3.0 is a major release which includes some significant upgrades and new features, performance and stability improvements, upgrades to a number of key components, and some significant changes to existing functionality.

This release includes a number of changes which may affect existing installations. We recommend that you read through this changelog in full before upgrading any existing installations.

Important Changes

A number of important changes in dotCMS 5.3.0 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

Configuration Changes

The following important changes have been made to configuration in dotCMS 5.3.0:

• The dotCMS distribution files are now delivered as Docker images and Amazon AWS Images (AMIs), in addition to binary files.
• For the most seamless demonstration experience, dotCMS recommends Docker images for most new dotCMS users.
• However experienced dotCMS users may still download the dotCMS binary distribution for installation and upgrades.
• The internal Elasticsearch server has been removed
• All dotCMS installations must now use an external Elasticsearch server.
• All dotCMS Docker images include an external Elasticsearch server which is started and managed transparently by the Docker image.
• The main database configuration for dotCMS installations has been changed from the context.xml file to the db.properties file.
• The dotCMS distribution no longer ships with a context.xml file.
• The context.xml file will still be used if no db.properties file exists, so the context.xml files of customers upgrading from earlier releases will continue to work without changes.
• For more information on the new db.properties file, please see the Database Configuration documentation.
• Elasticsearch SSL/cert verification has disabled by default.
• This change was made to improve Elasticsearch security, by allowing Elasticsearch to use HTTPS protocol even when connecting to hosts which may not have a valid cert.
• You may re-enable SSL/cert verification by setting the property ES_TLS_ENABLED=true in the dotcms-config-cluster.properties file.

Changes to Default Behavior

The following differences in default behavior in dotCMS 5.3.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

• The default database configuration file has been changed from context.xml to db.properties.
• The context.xml file is still supported, but has been deprecated, and will stop being supported in a future release.
• For more information on using the new db.properties file, or configuring your database using system variables or Docker secrets, please see the Database Configuration documentation.
• A number of potential Content Type variable names have now been designated as reserved.
• If you create a new Content Type and the variable name resolves to one of these reserved names, the variable name will automatically be modified to prevent an exact match with the reserved name.
• Existing Content Types which match these new reserved names will not be changed, but it is recommended that you consider changing Content Types with variables matching a reserved name, as the Content Type variable name may cause conflicts in some cases.
• For more information on the list of reserved names for Content Types, please see the Content Types documentation.
• Changed the default value of the H22 Cache Provider recovery threshold.
• The default value of the cache.h22.recover.if.restarted.in.milliseconds has been changed to 0, to prevent a restarted server from attempting to recover a bad cache.

New Features

In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 5.3.0:

• New dotAsset Base Content Type
• New Tile View of the Content Search screen
• Users may now choose to view the Content Search scren in either List view (the traditional view) or Tile view.
• New File Drag-and-Drop capability in the Content Search screen
• Users may now upload files via drag-and-drop into the Content Search screen.
• System administrators may configure dotAsset Content Types so uploaded files are automatically assigned to appropriate Content Types, based on the MIME type of the uploaded file.
• For more information, please see the File Assets and dotAssets documentation.
• New Database Configuration capabilities.
• Database configuration can now be performed via a configuration file, via system variables, or via Docker Secrets.
• For more information, please see the Database Configuration documentation.
• Vanity URLs can now be created to pass parameters to the target URI.
• The distribution now ships with an empty starter site, to enable quick development of sites from scratch.
• An External Elasticsearch server is now supported by default.
• Added new RestClientProvider and DotRestClientProvider interfaces to enable custom Elasticsearch behavior
• For more information, please see the Custom Elasticsearch REST Client documentation.

Fixes

The 5.3.0 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.3.0, please visit the dotCMS Github Repository.

• Fixed an issue which caused an error when the Set Value Workflow Sub-Action was executed (#18468)
• Fixed an issue preventing the ESQueryCache from initializing properly when used in a cluster (#18458)
• Fixed an issue which left the old key in use after importing a new starter (#18394)
• Fixed an issue which could sometimes cause multiple Vanity URLs to stop working, requiring a cache flush (#18364)
• Fixed an issue which could prevent the use of Time Machine future snapshots (#18355)
• Improved URL normalization to prevent the use of site specification characters (//) (#18354)
• Fixed an issue which could prevent users from added content to pages when using MySQL (#18341)
• Fixed an issue which could cause OSGI initialization errors in a clustered environment (#18319)
• Fixed an issue which could cause form submission to fail due to a permission error (#18292)
• Fixed an issue which could prevent the Site Variables window from appearing after deleting a user (#18256)
• Fixed could cause Push Publish of a new site to fail in some circumstances (#18210)
• Improved real-time validation checks in the content editing window (#18192)
• Fixed an issue which could cause the admin user menu to display incorrectly after a Login As operation (#18182)
• Fixed an issue which could cause an empty or incorrect content title to be returned in some circumstances (#18177)
• Fixed an issue which could cause Site Search indexing to fail when a Content Type detail page was not found (#18164)
• Fixed an issue which could prevent Site Search from indexing some multi-lingual versions of URL Mapped content (#18132)
• Fixed an issue preventing widget Pre-execute code from running in Page Edit mode (#18086)
• Fixed problems with the Language drop down in Page Edit mode (#18084)
• Fixed error messages in the log files when running the "Download Data/Assets" maintenance tool (#18080)
• Fixed an issue causing an incorrect error message when using Login As to a user with limited permissions (#18069)
• Fixed an issue preventing the Page Editor from correctly limiting the number of contents added to a Container (#18021)
• Fixed an issue causing incorrect $navtool operation when ENABLE_NAV_PERMISSION_CHECK was set to true (#18016)
• Fixed an issue causing URL Maps to fail when the content in a URL mapped field contained a forward slash (/) (#18015)
• Fixed a spurious log error message after the completion of a reindex of a large site (#17918)
• Added configuration options to allow Elasticsearch to be run without SSL for testing purposes (#17879)
• Fixed an issue preventing automatic redirection to the login page when an unauthenticated user attempts to access a resource requiring authentication (#17858)
• Fixed an issue preventing indexing of content if the Content Type was assigned a variable name of title (#17850)
• Fixed an issue preventing File-based Containers from working properly when the files were not on the Default Site (#17749)
• Fixed an issue preventing Site Search from respecting default language fallback for Velocity files included with dotParse (#17672)
• Fixed an issue which could cause legacy relationships to be cleared if an attempt was made to save content while the Elasticsearch index was not writable (#17601)
• Fixed an issue which could cause errors in URL Maps after an upgrade when using a root-based URL Map pattern (#17514)

To view more information on these issues, please visit the dotCMS Github repository.

Privacy and Security Updates

The following changes in dotCMS 5.3.0 fix potential security or privacy issues which have been identified by dotCMS.

It's important to understand that both security and privacy issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.

• Fixed an issue which could causing some file contents to be interpreted by the user's browser when editing the file (#18369)
• Added additional restrictions to limit access to context from scripting (#18318)

Deprecated Features

The following features have been officially deprecated in dotCMS 5.3.0. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.

• Snapshot functionality in the Elasticsearch Indexing REST API is deprecated (#16876)
• You may use the Elasticsearch native REST API snapshot functionality instead.
• Certain Content Type variable names are no longer allowed
• Certain variable names are now treated as reserved words for Content Type variable names.
• For more information, please see the Content Types documentation.

Additional Changes and Improvements in dotCMS 5.3.0

• Added a unique key to the Workflow Tasks table, to prevent the possibility that multiple Workflow tasks could end up with the same Identifier and Language Id (#17088).
• Content Type variable names are now required to be case-insensitively unique, to prevent potential conflicts (#18382).
• Added support for the INDEX_POLICY on the query string in the Workflow REST API (#18357)
• The ResourceLink feature has been updated to support all Binary fields in all Content Types (#18310)
• Several improvements were made to logging, to both reduce noise and improve messaging in some situations (#18183, #18072)
• The Temporary file endpoint has been updated to auto-assign the Content Type for dotAssets (#18064)
• The Elasticsearch String.intern property has been disabled to reduce CPU usage (#17899)
• Elasticsearch has been upgraded from OpenDistro version 1.2.0 to OpenDistro version 1.3.0 (#17885)
• On startup, dotCMS now automatically waits until an Elasticsearch server is available (#17883)
• The ESIndexResource class has been updated to call dotCMS API methods instead of calling Elasticsearch directly (#17848)
• Automaticaly generated Site Search index Aliases are now automatically prefixed with the Cluster Id to ensure uniqueness (#17747)
• A new custom Docker image has been made available for running Open Distro Elasticsearch with dotCMS (#16806)
• Significantly improved the performance of the /api/v1/page/render endpoint (#18397)
• Synchronized the "Download Data/Assets" and "Backup Data/Assets" maintenance tools to produce compatible ZIP files (#18388)
• Significantly reduced the CPU utilization of the MonitorResource (#18245)
• Improved the status endpoint to allow access from locations other than localhost (for use with Docker and other applications) (#18215)
• Added "title" to the list of file metadata fields indexed by default (#18172)
• Options to download index snapshots were removed from both the Index tab of the Maintenance Tool and the Site Search Tool (#18059)

dotCMS 5.2.8 is a maintenance release which includes some minor upgrades, fixes, and improvements.

Changes to Default Behavior

The following differences in default behavior in dotCMS 5.2.8 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

• Front-end Users may no longer preview unpublished (working) content in any location
• In previous versions of dotCMS, Front-end users could in some circumstances preview unpublished content, if they were assigned appropriate permissions to the unpublished content.
• dotCMS 5.2.8 standardizes access permissions of Front-end users across all APIs and access methods, preventing Front-end users from previewing unpublished content in any way.
• If you have existing Front-end users that need to be able to preview unpublished content, you will need to:
1. Change the users from Front-end users to Back-end users (via the Users screen),
2. Limit their access to the dotCMS back-end (via the Roles and Tools screen), and
3. Limit their access to appropriate content (through regular Permissions).
• For more information, please see the Preview vs. Live documentation.

New Features

The following new features have been added in dotCMS 5.2.8:

• New REST API Front-end User Authentication capability
• Users can now be authenticated as either front-end or beck-end users using the REST API.
• For more information, please see the Preview vs. Live documentation.

Fixes

The 5.2.8 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.8, please visit the dotCMS Github Repository.

• Fixed an issue which caused columns in the Content Search screen to be displayed in the wrong order (#18159)
• Fixed an issue preventing the Page API from returning content items placed in Advanced Templates (#18158)
• Fixed an issue which caused Content Type Text fields configured for Numeric data to be saved as Text data (#18147)
• Fixed an issue which caused error messages in the My Account popup to be displayed incorrectly (#18143)
• Fixed an issue preventing new pages from being Push Published under certain conditions (#18126)
• Fixed issues preventing the Site name from refreshing when the a new Site was selected (#17937, #18125)
• Fixed an issue preventing a user from being remembered with the Remember Me feature after another login of the same user from a differen location (#18101)
• Fixed an issue which could cause Front-End users to get a 403 (access denied) error when accessing a front-end form requiring authentication (#18076)
• Fixed an issue which caused already-pushed content to be re-pushed after a bundle was deleted on the sender (#18025)
• Fixed an issue which caused content which was archived on the sender to be deleted from the receiver when Push Published (#17994)
• Fixed an issue which caused items to continue to appear in Site Search after being unpublished or archived (#17976)
• Fixed an issue which could prevent a limited user from being able to create rules, even when granted appropriate permissions (#17901)
• Fixed an issue preventing Vanity URLs from working if there was a trailing slash in Uri field (#16433)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.8

• Improved the user interface of the Relate Content popup:
• Added the ability to search by hitting the Enter key in the Relate Content popup (#18038)
• Updated the Relate Content popup to allow a click anywhere on the line to select content (#16936, #17981)
• Improved the management and performance of clusters when using Docker containers and Kubernetes (#18050, #18190)

Upcoming Changes in dotCMS 5.3.0

The dotCMS 5.3.0 release, currently planned for release in April 2020, will contain some important changes that may impact your system configuration and processes. Please review the changes listed below to be aware of these changes, and if necessary, begin preparing for them.

• Removal of embedded Elasticsearch server
• dotCMS 5.3.0 will no longer include an embedded Elasticsearch server.
• This means that all customers upgrading to dotCMS 5.3.0 will need to use an external Elasticsearch server.
• The dotCMS Docker reference containers are all designed to use a containerized Elasticsearch server out-of-the-box, so switching to a Docker deployment is a very good option for customers that want to upgrade to 5.3.0 with the minimum effort.

dotCMS 5.2.7 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.2.7:

• New Asset Base Content Type enables creation of files and images in a repository without an explicit URL path
• You can now create Content Types which contain files and images, but which are not located in a specific location within the site.
• For more information, please see the Base Content Types documentation.

Fixes

The 5.2.7 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.7, please visit the dotCMS Github Repository.

• Fixed an issue preventing some Image and File field types from being displayed by GraphQL API (#18005)
• Fixed an issue which could prevent Push Publishing of a Rule actively running on the receiver (#17930)
• Fixed an issue which could prevent Worklow execution by a user without permissions to the Default site (#17876)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.7

• Added support for Image Focal Points when using the /da image URL format with "shorty" Ids (#17965)
• For more information, please see the Image Resizing and Processing documentation.
• Added the ability to make Binary fields indexable and displayable using the Show in List field property (#17944, #18022)
• Note: Only the first Binary field on a Content Type can be indexed and set to Show in List.

dotCMS 5.2.6 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.2.6:

• New Reset Approvers Workflow Sub-Action allows Workflows relying on multiple approval to reset the list of approvers if the content is re-edited after previously being approved.
• For more information, please see the Multiple Approval Sub-Actions documentation.
• New Default Workflow Action settings are available in the Workflow Scheme properties screen.
• You can now set Default Workflow Actions so that if standard operations on content (e.g. New, Save, Publish, Unpublish, etc.) are performed using a method that does not execute a Workflow Action, the operation will be automatically performed using a Workflow Action you specify.
• For more information on the types of Default Workflow Actions that can be assigned, please see the documentation on Default Workflow Actions.

Fixes

The 5.2.6 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.6, please visit the dotCMS Github Repository.

• Fixed an issue preventing users from switching a WYSIWYG field to Text and back to WYSIWYG (#18018)
• Fixed an issue which prevented URL map field values containing forward slashes from working properly (#18015)
• Fixed an issue preventing unauthorized attempts to access pages from properly redirecting to the login page (#18010)
• Fixed an issue preventing relationships on the Host Content Type from displaying in the Back-end (#17928)
• Fixed an issue causing some types of navigation menus from displaying properly in the Page Editor in Edit mode (#17896)
• Fixed an issue preventing selection of some filter combinations in the User Tool (#17895)
• Fixed an issue which could cause some browsers to auto-fill new passwords on the change password screen (#17889)
• Fixed an issue preventing Categories from being sorted properly via the Sort Order field (#17798)
• Fixed an issue preventing file-based Containers from working properly when not located on the default Site (#17749)
• Fixed an issue which could prevent relationships from being saved correctly in some cases when using "Relate New Content" (#17743)
• Fixed an issue causing an incorrect URL to be displayed in the Task Detail screen (#17532)
• Fixed an issue causing errors in the GraphQL API when Content Types have fields with specific variable names (#17515)
• Fixed an issue which caused the Event popup to display incorrectly if the End Date field in the Event Content Type was moved before the Start date field (#17497)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.6

• Upgraded the starter site included with the release distribution to a brand new, completely rebuilt site which demonstrates many of the newer and more sophisticated features of dotCMS.
• Please perform a fresh installation of dotCMS 5.2.6 to a new location to have the new starter site installed for you.
• Once the new starter site is installed, you can use Bundles to copy features from the new starter site to your existing site.
• Improved the "Add to Bundle" functionality to remember the last Bundle name selected (#14066)
• Added a new parameter to the Content REST API to return full Category information in results (#12739)
• The includeCategoriesExtraInfo URL parameter can now be supplied (e.g. /includeCategoriesExtraInfo/true) to reutrn full Category information in the results.
• Added the ability to create "pluggable" content field validations using OSGI plugins (#17773)
• This allows you to add your own custom code to perform sophisticated and proprietary validations on the data users enter into your content fields.
• Improved the Binary field to allow limiting of both file length and file type in all uploaded files (#17772)
• You may use the allowedFileTypes Field Variable to specify which mime types may be uploaded, and the maxFileLength Field Variable to limit the size of all uploads.
• Since these limitations are implemented as Field Variables, you may set different limits for different Binary fields, even within the same content type (to ensure, for example, that one Binary field is used to upload only videos, while another is used to upload only photos).

dotCMS 5.2.5 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.2.5:

• New Image Focal Point feature
• You can now add a focal point to images to enable more intelligent cropping.
• For more information, please see the Crop functionality in the Image Resizing and Processing documentation.

Fixes

The 5.2.5 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.5, please visit the dotCMS Github Repository.

• Fixed an issue which could cause the Navtool Viewtool to return incorrect items in some circumstances (#16589)
• Fixed an issue preventing Vanity URLs from properly redirecting to URL-mapped content (#16684)
• Fixed an issue which could prevent the Time Machine from displaying individual future content in some circumstances (#17594)
• Fixed an issue causing some valid folder names from being rejected (#17751)
• Fixed an issue causing Archived content to be copied to a new Site as Unpublished (#17763)
• Fixed an issue which could improperly prevent use of the Workflow API in some circumstances (#17794)
• Fixed an issue with the Content Search tool when the Back-end UI language was set to Spanish (#17797)
• Fixed an issue which could prevent pages on a non-default host from being found in the Page editor (#17803)
• Fixed an issue causing duplicate Containers to appear when paging through Containers (#xxxxx)
• Fixed an issue preventing the Site selector from refreshing properly in Chrome in some circumstances (#17828)
• Fixed an issue preventing the "Send for Review" feature from working when viewing Workflow Task details (#17829)
• Fixed an issue adding files with long names in the WYSIWYG field (#17833)
• Fixed an issue preventing the user menu selections from displaying under certain conditions (#17855)
• Fixed an issue preventing constant fields from being included in JSON responses (#17864)
• Fixed an issue which could prevent the Image Editor from scrolling down on large images (#17940)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.5

• Improved the REST API to allow Binary fields to be uploaded by specifying a remote URL (#16852)
• Previously, files needed to be uploaded to dotCMS prior to adding them to Binary fields.
• Simplified the Image Processing REST API to eliminate the need to explicitly specify which filters are used and in what order.
• You may now simply supply the appropriate filter parameters, and the filter operations will be performed in the order the parameters appear.
• You may also continue to explicitly specify the filters and the filter order (as in older versions), so older image URLs do not need to be modified in any way.
• For more information, please sse the Image Resizing & Processing documentation.

dotCMS 5.2.4 is a maintenance release which includes some minor upgrades, fixes, and improvements, and an important security update.

Important:

dotCMS 5.2.4 includes an important fix for a critical security vulnerability. This vulnerability has already been mitigated for existing dotCMS Enterprise and dotCMS Cloud customers. However, if you are a Community Edition customer, it is strongly recommended that you upgrade to dotCMS 5.2.4 as soon as possible.

Privacy and Security Updates

The following changes in dotCMS 5.2.4 fix potential security or privacy issues which have been identified by dotCMS.

• Fixed a critical security vulnerability reported in CVE-2020-6754
• Fixes for this vulnerability have been generated for all affected dotCMS versions.
• Fore more information, including mitigation measures and the link to the CVE alert, please see security issue SI-54.

Fixes

The 5.2.4 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.4, please visit the dotCMS Github Repository.

• Fixed an issue preventing the Redirect URL property from working with custom Page Content Types (#15427)
• Fixed an issue causing CMSFilter to return a 404 for URLs containing a plus sign (#17261)
• Fixed an issue preventing the Copy Site operation from properly copying Page contents to a new Site (#17541)
• Fixed an issue which could sometimes cause Push Publishing conflicts when pushing Language Variables (#17596)
• Fixed an issue which could prevent users from being able to edit Sites without View permission on the Default Site (#17612)
• Fixed an issue preventing the Asset Backup tool from using the ASSET_REAL_PATH configuration (#17620)
• Removed an old/invalid foreign key from some database upgrade scripts (#17647)
• Fixed an issue causing WebDAV to force folder and file names to lowercase (#17698)
• Fixed an issue causing GraphQL to return a null when no Content Types of a queried Base Type existed (#17717)
• Fixed an issue which could prevent browsing beyond five sub-folder levels when adding a file to a WYSIWYG field (#17792)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.4

• The Back-end Menu Navigation has been improved to allow the menu to remain collapsed continually.
• Added the ability to set a security constraint on the assets folder in the web.xml file (#17835)
• The REST Content Type API has been enhanced to allow specification of additional default Workflow Actions
• Default Workflow Actions may now be specified for UNPUBLISH, ARCHIVE, UNARCHIVE, DELETE, and DESTROY, in addition to existing NEW, EDIT, and PUBLISH default actions.
• Improved the content import and REST API save functions to accept remote URLs for the content of Binary Fields (#16852)
• Prevented the copy of Workflow history when making a copy of a content item (#17550)

dotCMS 5.2.3 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.2.3:

• New Elasticsearch Custom Field Mappings
• Custom Elasticsearch mappings may now be created for individual Content Type fields.
• For more information, please see the How Content is Mapped to Elasticsearch documentation.
• New Language REST API Operations
• Methods to allow Save, Update, and Delete of languages have been added to the Language REST API.
• For more information, please see the REST API Endpoints documentation.

Fixes

The 5.2.3 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.3, please visit the dotCMS Github Repository.

• Fixed an issue which could cause incorrect bundle audit information to generate noisy log messages (#17626)
• Fixed an issue preventing the Bundles screen from refreshing after a Bundle was deleted (#17676)
• Fixed an issue preventing Language Variables containing spaces from resolving correctly (#17679)
• Fixed an issue which could prevent past Time Machine snapshots from being displayed (#17684)
• Fixed an issue preventing images in WYSIWYG fields from being selected (#17731)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.3

• The Page REST API (/api/v1/page) includes several new enhancements to support Single Page Applications (SPAs):
• Information for all content contained in a Page is now rendered in results (#17665)
• Content of URL Mapped pages is now rendered in results (#17666)
• Languages passed via URL parameters can now be specified by language code (e.g. "en-US") as an alternative to language ID (e.g. "1") (#17700)
• TinyMCE (used in the WYSIWYG field) has been upgraded from version 4.1.6 to version 4.9.6.

dotCMS 5.2.2 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.2.2:

• New Delete All Versions Workflow Sub-Action
• A new Workflow Sub-action has been added to delete all Language versions of a content item.
• For more information, please see the Workflow Sub-actions documentation.
• New Delete Push Publishing Bundles REST Endpoint
• A new REST API endpoint has been added to enable deleting old Push Publishing bundles.
• For more information, please see the REST API Endpoints documentation.

Fixes

The 5.2.2 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.2, please visit the dotCMS Github Repository.

• Fixed an issue preventing the Push Publish popup from displaying from the Tasks Tool (#17026)
• Fixed an issue which could prevent proper batching of transaction when calling Quartz from code (#17591)
• Fixed an issue preventing GraphQL from returning IDs for new languages (added after upgrade to dotCMS 5.1.0+) (#17615)
• Fixed incorrect key when serializing the Visitor object (#17616)
• Fixed an issue preventing Lucene date range queries from working (#17621)
• Fixed an issue causing upgrades to dotCMS 5.2.1 to fail for systems with no URL Maps (#17642)
• Fixed a javascript error when selecting a relationship from the relationship select popup (#17663)

To view more information on these issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.2

• Folder name restrictions have been implemented at the API level, to ensure bad folder names can not be created through WebDAV and other means (#16715)
• Changed deletion of Content Type fields to perform the deletion in the background (#16939)
• To improve compatibility, the GraphQL implementation has been modified to remove Base Types as Interfaces, and no longer allow specification of individual fields for Base Type collections (#17560)
• REST API calls which return related content were improved to respect supplied language parameters for both parent and related content (#16917)