v4.7.18 release

v4.7.18 had seven improvements and five bug fixes.

Significant improvements

• Restored access for non-developer roles to production guides through the help control help, and improved usability of the production guide widget.
• URLs used for applying watermarks now use the AES/GCM/NoPadding mode of operation instead of the less secure AES/ECB.
• Disabled external entity resolution in the SAML XML parser, thereby helping to prevent XML eXternal Entity (XXE) attacks.
• Replaced the class org.apache.commons.lang3.RandomStringUtils with org.apache.commons.text.RandomStringGenerator to more securely generate API keys.
• Replaced the class org.apache.commons.lang3.RandomStringUtils with org.apache.commons.text.RandomStringGenerator in the GraphQL explorer to more securely generate nonces.
• Replaced the function HMAC SHA-1 with HMAC SHA-256 to more securely generate a Tool User Time Based One Time Password.
• Improved performance of database initialization when instances of legacy types contain references to other objects.

Significant defects addressed

• Corrected an issue preventing proper layout of the search field when a site has a banner. Specifically, when a site has a banner, and an editor opened menu > Content Templates, the search field below the banner was not laid out correctly.
• Corrected an issue throwing an error Invalid advanced query when searching for a keyword with the search panel in board view.
• Corrected an issue in which upgrading to version 4.7.16 invalidated existing SAML credentials. Release 4.7.18 includes a patch for restoring the validity of those credentials.
• Corrected an issue preventing screen readers from properly announcing word and character counts.
• Corrected an issue causing the method JspUtils#getAbsoluteUrl to return an http URL when an https URL is available.