v4.5.26 release
Release date: September 12, 2024
v4.5.26 had 10 improvements and 25 bug fixes.
Significant improvements
- Ping methods have been updated to reduce associated system loads. See "Breaking changes," below.
- URLs used for applying watermarks now use the AES/GCM/NoPadding mode of operation instead of the less secure AES/ECB.
- Improved view model and other front-end processing to enable developers to build custom modules using editorial content types.
- Upgraded Github runner for Antithesis, addressing the run-time error
System.IO.IOException: No space left on device
. - Disabled external entity resolution in the SAML XML parser, thereby helping to prevent XML eXternal Entity (XXE) attacks.
- Replaced the class
org.apache.commons.lang3.RandomStringUtils
withorg.apache.commons.text.RandomStringGenerator
to more securely generate API keys. - Replaced the class
org.apache.commons.lang3.RandomStringUtils
withorg.apache.commons.text.RandomStringGenerator
in the GraphQL explorer to more securely generate nonces. - Replaced the function HMAC SHA-1 with HMAC SHA-256 to more securely generate a Tool User Time Based One Time Password.
- Improved performance of database initialization when instances of legacy types contain references to other objects.
- The HTTP response status code is now 500 for GraphQL schema load failures.
Significant defects addressed
- Corrected an issue that prevented publishing an asset's variation created using the Overlay All Fields option.
- Corrected an issue throwing a
NullPointerException
when attempting to delete an asset whose content type no longer exists. - Corrected an issue preventing appearance of the focus indicator on images for sites configured without a theme.
- Corrected an issue allowing editors to move deleted elements within a list. For example, an article had a list of two authors. The editor deleted one of those authors by clicking . The editor was able to drag the deleted author to a different position in the list.
- Corrected an issue preventing proper rendering of the remove icon .
- Corrected an issue causing incorrect rendering of an asset in the preview pane, but correct rendering on the live front end.
- Corrected an issue causing the method
JspUtils#getAbsoluteUrl
to return anhttp
URL when anhttps
URL is available. - Corrected an issue preventing proper rendering of an RSS feed when the corresponding section has a URL ending with a forward slash (such as
/firstsection/
). - Corrected an issue preventing proper population of lists of objects. For example, when creating a role, the list of content types included entries other than content types.
- Corrected an issue preventing proper rendering of a post's history in an asset's Conversation widget.
- Corrected an issue preventing persistent disabling of the Crosslinker.
- Corrected an issue causing the content edit form to scroll to the bottom when creating a subsidiary asset, such as creating an assignment from a pitch.
- Corrected an issue preventing correct operation of the spell checker when track changes is toggled on.
- Corrected an issue preventing proper listing of assets in The Shelf when filtering by a role.
- Corrected an issue preventing proper interaction with the New Workstream widget. Specifically, if an editor opened New Workstream and clicked Save, the widget became blank instead of displaying a message to enter a required name.
- Corrected an issue preventing Brightspot from populating all
<iframe>
elements in the preview pane. - Corrected an issue preventing population of The Shelf's source list when the asset in the content edit form did not include a
typeId
in its URL. - Corrected an issue preventing synchronous updates of dynamic placeholder text on integer fields.
- Corrected an issue causing a parent asset's preview control to disappear and a
NullPointerException
message to be thrown when a child asset's content type is not available. - Corrected an issue causing a certain combination of workflow and permissions to incorrectly give a user the publish permission.
- Corrected an issue throwing a
NullPointerException
when attempting to drag an asset from The Shelf onto the content edit form. - Accessibility—
- Added announcement for the name of date fields, such as Embargo Date.
- Added announcements for the Expand All control as well as for successfully removing an item from a list.
- Improved announcement of the more menu in the editorial toolbar.
- Improved announcement of the word and character count in the rich-text editor.
Breaking changes
- The ping methods in
dari.db.Database
have changed to throwException
instead ofThrowable
. Implementations should be updated to reflect this change.
Previous Topic
v4.5.27 release
Next Topic
v4.5.25 release