v4.5.15.23 release

Release date: October 17, 2024


v4.5.15.23 had nine improvements and 16 bug fixes.

Significant improvements

  • Improved the security of image watermarking URL.
  • Replaced *:* queries with ping&df=data. As a result, this change updates the query in dari/db/DefaultDatabasePing to a ping&df=data query. This correction introduced a breaking change described below.
  • Made an adjustment to the SAML XML parser to prevent XML eXternal Entity (XXE) attacks.
  • Made an improvement to increase security around generating API keys.
  • Made an improvement to increase security around API requests.
  • Made an improvement to increase security around creating new tool users and their passwords.
  • Made an improvement to increase security around generating cookie signatures.
  • Improved the speed of the database environment initialization process when stored legacy types contain references.
  • Ensured that responses for GraphQL endpoints with a failed schema return the proper 500 error code.

Significant defects addressed

  • Corrected an issue preventing UrlBuilder from failing to decode a valid query parameter.
  • Corrected an issue preventing the use of a header that returned an http site URL instead of a https site URL.
  • Changed two usages of JspUtils#getAbsoluteUrl so that they use UrlBuilder.
  • Corrected an issue causing an NPE in Board View when the user attempted to view abstract types in a Draft state.
  • Improved security related to a Java library.
  • Corrected an issue causing an RSS feed filter to not resolve feed sources if ending in a trailing slash.
  • Corrected an issue preventing UrlBuilder from properly handling URL fragments.
  • Corrected an issue causing some Spanish translations to be garbled.
  • Updated Facebook oEmbed API to latest version.
  • Corrected an issue enabling a user without permissions to Publish or Publish Override to be able to do so.
  • Corrected an issue causing the Publish Override option to be available instead of the Publish option.
  • Fixed a regression issue preventing some users from accessing Sites & Settings.
  • Corrected an issue causing dynamic notes to replace existing notes if the content was the same.
  • Corrected an issue preventing the proper display of images when querying and trying to import from external AP Images libraries.
  • Fixed a regression issue causing Editorial Content Type fields named id to throw an error.

Breaking changes

  • ping APIs have changed to throw Exception instead of Throwable. Implementations should be changed to reflect this.
Our robust, flexible Design System provides hundreds of pre-built components you can use to build the presentation layer of your dreams.

Asset types
Module types
Page types
Brightspot is packaged with content types that get you up and running in a matter of days, including assets, modules and landing pages.

Content types
Modules
Landing pages
Everything you need to know when creating, managing, and administering content within Brightspot CMS.

Dashboards
Publishing
Workflows
Admin configurations
A guide for installing, supporting, extending, modifying and administering code on the Brightspot platform.

Field types
Content modeling
Rich-text elements
Images
A guide to configuring Brightspot's library of integrations, including pre-built options and developer-configured extensions.

Google Analytics
Shopify
Apple News