v4.8.0-rc.2024.9.11 beta release
Release date: September 12, 2024
v4.8.0-rc.2024.9.11 beta release has 12 bug fixes and 10 improvements.
Significant improvements
- URLs used for applying watermarks now use the AES/GCM/NoPadding mode of operation instead of the less secure AES/ECB.
- Added a GraphQL Explorer action to automate creation of static persisted queries.
- Disabled external entity resolution in the SAML XML parser, thereby helping to prevent XML eXternal Entity (XXE) attacks.
- Replaced the class
org.apache.commons.lang3.RandomStringUtils
withorg.apache.commons.text.RandomStringGenerator
to more securely generate API keys. - Replaced the class
org.apache.commons.lang3.RandomStringUtils
withorg.apache.commons.text.RandomStringGenerator
in the GraphQL explorer to more securely generate nonces. - Replaced the function HMAC SHA-1 with HMAC SHA-256 to more securely generate a Tool User Time Based One Time Password.
- Improved performance of database initialization when instances of legacy types contain references to other objects.
- In GCA, different view types can now be fetched via variables instead of being intrinsic to a query.
- Added integration tests for previewing an asset from the right rail.
- Added a GraphQL Explorer action to take the user back to the endpoint's configuration.
Significant defects addressed
-
Corrected an issue causing the method
JspUtils#getAbsoluteUrl
to return anhttp
URL when anhttps
URL is available. -
Corrected an issue causing a GCA schema load to fail when a record uses an unbounded generic type mapped to a field. Specifically, a data model uses a generic type parameter a) mapped to a field (or non-ignored method) and b) is unbounded (e.g.,
T extends Object
). In addition, at least one sub-class exists that maps the generic to a type more specific thanObject
. In this scenario, the GCA schema failed to load. - Corrected an issue causing a post or a reply to an asset's conversation to a) make duplicate API calls and b) change in the content edit page's DOM structure.
- Corrected an issue causing a secret field's value in an editorial content type to appear as cleartext.
- Corrected an issue preventing proper layout of The Shelf when a) an asset in The Shelf has a content type label that wraps or b) when the Watching field is truncated.
- Corrected an issue causing text to wrap mid-word in the rich-text editor for an asset's conversation posts.
- Corrected an issue preventing editors from opening an asset from the Editorial Calendar widget. For example, an article scheduled for tomorrow appears in the Editorial Calendar widget. Clicking on the article displayed the article's preview, but there was no active link to open the article in the content edit form.
- Corrected an issue causing the rich-text editor to duplicate enhancements instead of updating them. For example, opening an embedded image, modifying it, and then saving it caused the rich-text editor to retain the original image and add the modified image.
-
Corrected an issue throwing a
io.grpc.StatusRuntimeException
when attempting to use Pinecode with Azure Blob storage. -
Corrected an issue throwing a
NullPointerException
when attempting to update a database vector cache for Ask AI. -
Corrected an issue causing the task
./gradlew japicmp:japicmp
to fail due to missing page object models. - DO NOT REVIEW BELOW THIS LINE
- Corrected an issue preventing publication of assets when Pinecone was configured as the vector database provider for Ask AI.