v4.5.15.20 release

v4.5.15.20 had two improvements and 14 bug fixes.

Significant improvement

• Editors with access to the Publish Override transition, but with no access to any other transition, now see those transitions as read-only buttons in the Workflow widget. For example, a workflow has the transitions Send To Review, Send to Proofread, Publish, and Publish Override, and an editor has access to Publish Override. When opening the Workflow widget, the editor sees the next transition in the workflow as read-only. This improvement informs the editor that there may be other workflow steps necessary prior to publishing the asset.
• Added the query parameter _callers to URLs to display levels in a stack trace. For example, with _callers=10, the profiler provides 10 levels of stack trace.

Significant defects addressed

• Corrected an issue causing a phrase in the search field that was surrounded in quotation marks to ignore all filters and return all assets. For example, searching for "cms workflow" returned all assets, not just those identifiable by the phrase cms workflow.
• Corrected an issue preventing expected operation of the annotation @Ignored(false).
• Corrected an issue causing incorrect layout of the preview pane.
• Corrected an issue causing incorrect layout of the warning messages appearing under search fields in the left rail. For example, when selecting menu > Content Templates, if there are no content templates, the warning message No matching items was not laid out correctly.
• Corrected an issue throwing an error in The Shelf. Specifically, after saving a search for an external type (such as YouTube Video), opening The Shelf and selecting Recent Activity > Saved searches threw a NullPointerException.
• Corrected an issue disabling the Format menu when an X (formerly Twitter) post is embedded in the rich-text editor.
• Corrected an issue preventing updates to scheduled revisions from being saved. For example, an editor created a new revision of a homepage, and added a module to the contents. The editor then scheduled this revision. Subsequently, the editor removed a module from the scheduled homepage's contents, and scheduled this new revision. The removed module still appeared. Correcting this issue introduced a breaking change described below.
• Corrected an issue causing the preview pane's width to equal the content edit form's width on initial load.
• Corrected an issue that caused the method SegmentationDatabase#personalize to trigger a large number of extraneous reference resolves.
• Corrected an issue that did not account for the Zip Slip vulnerability. A security check now exists to detect and avoid this vulnerability.
• Corrected an issue preventing rCDA schema generation when a field's internal name has a prefix containing a dash. For example, a prefix declared as String PREFIX = "brightspot.custom-components." prevented schema generation.
• Corrected an issue causing user sessions to unexpectedly end.
• Corrected an issue preventing an asset's state to update if a Set field has dynamic placeholder text.
• Corrected an issue preventing preview-to-edit containers from rendering fields correctly when those fields do not have a valid preview.

Breaking changes

• In the class com.psddev.cms.db.Draft:
  
  • The method void update(Map, Object, Map, boolean) has been removed.
  • The method void update(Map, Object) is still available.