v4.5.26 release

Release date: September 12, 2024


v4.5.26 had 10 improvements and 25 bug fixes.

Significant improvements

  • Ping methods have been updated to reduce associated system loads. See "Breaking changes," below.
  • URLs used for applying watermarks now use the AES/GCM/NoPadding mode of operation instead of the less secure AES/ECB.
  • Improved view model and other front-end processing to enable developers to build custom modules using editorial content types.
  • Upgraded Github runner for Antithesis, addressing the run-time error System.IO.IOException: No space left on device.
  • Disabled external entity resolution in the SAML XML parser, thereby helping to prevent XML eXternal Entity (XXE) attacks.
  • Replaced the class org.apache.commons.lang3.RandomStringUtils with org.apache.commons.text.RandomStringGenerator to more securely generate API keys.
  • Replaced the class org.apache.commons.lang3.RandomStringUtils with org.apache.commons.text.RandomStringGenerator in the GraphQL explorer to more securely generate nonces.
  • Replaced the function HMAC SHA-1 with HMAC SHA-256 to more securely generate a Tool User Time Based One Time Password.
  • Improved performance of database initialization when instances of legacy types contain references to other objects.
  • The HTTP response status code is now 500 for GraphQL schema load failures.

Significant defects addressed

  • Corrected an issue that prevented publishing an asset's variation created using the Overlay All Fields option.
  • Corrected an issue throwing a NullPointerException when attempting to delete an asset whose content type no longer exists.
  • Corrected an issue preventing appearance of the focus indicator on images for sites configured without a theme.
  • Corrected an issue allowing editors to move deleted elements within a list. For example, an article had a list of two authors. The editor deleted one of those authors by clicking remove. The editor was able to drag the deleted author to a different position in the list.
  • Corrected an issue preventing proper rendering of the remove icon remove.
  • Corrected an issue causing incorrect rendering of an asset in the preview pane, but correct rendering on the live front end.
  • Corrected an issue causing the method JspUtils#getAbsoluteUrl to return an http URL when an https URL is available.
  • Corrected an issue preventing proper rendering of an RSS feed when the corresponding section has a URL ending with a forward slash (such as /firstsection/).
  • Corrected an issue preventing proper population of lists of objects. For example, when creating a role, the list of content types included entries other than content types.
  • Corrected an issue preventing proper rendering of a post's history in an asset's Conversation widget.
  • Corrected an issue preventing persistent disabling of the Crosslinker.
  • Corrected an issue causing the content edit form to scroll to the bottom when creating a subsidiary asset, such as creating an assignment from a pitch.
  • Corrected an issue preventing correct operation of the spell checker when track changes is toggled on.
  • Corrected an issue preventing proper listing of assets in The Shelf when filtering by a role.
  • Corrected an issue preventing proper interaction with the New Workstream widget. Specifically, if an editor opened New Workstream and clicked Save, the widget became blank instead of displaying a message to enter a required name.
  • Corrected an issue preventing Brightspot from populating all <iframe> elements in the preview pane.
  • Corrected an issue preventing population of The Shelf's source list when the asset in the content edit form did not include a typeId in its URL.
  • Corrected an issue preventing synchronous updates of dynamic placeholder text on integer fields.
  • Corrected an issue causing a parent asset's preview control remove_red_eye to disappear and a NullPointerException message to be thrown when a child asset's content type is not available.
  • Corrected an issue causing a certain combination of workflow and permissions to incorrectly give a user the publish permission.
  • Corrected an issue throwing a NullPointerException when attempting to drag an asset from The Shelf onto the content edit form.
  • Accessibility—
    • Added announcement for the name of date fields, such as Embargo Date.
    • Added announcements for the Expand All unfold_more control as well as for successfully removing an item from a list.
    • Improved announcement of the more menu more_horiz in the editorial toolbar.
    • Improved announcement of the word and character count in the rich-text editor.

Breaking changes

  • The ping methods in dari.db.Database have changed to throw Exception instead of Throwable. Implementations should be updated to reflect this change.
Our robust, flexible Design System provides hundreds of pre-built components you can use to build the presentation layer of your dreams.

Asset types
Module types
Page types
Brightspot is packaged with content types that get you up and running in a matter of days, including assets, modules and landing pages.

Content types
Modules
Landing pages
Everything you need to know when creating, managing, and administering content within Brightspot CMS.

Dashboards
Publishing
Workflows
Admin configurations
A guide for installing, supporting, extending, modifying and administering code on the Brightspot platform.

Field types
Content modeling
Rich-text elements
Images
A guide to configuring Brightspot's library of integrations, including pre-built options and developer-configured extensions.

Google Analytics
Shopify
Apple News