v4.2.3 release

Significant new features

• A new API allows projects to add custom authenticators, including Google. To use a custom authenticator, implement ToolAuthenticator then configure the authentication settings. Filed under: API, authentication
• Two revisions selected from the Revisions widget can now be displayed side-by-side on the page. The list in the Revisions widget also now has the option to display only named revisions (i.e., revisions that were intentionally saved and not just saved as work in progress). When a user’s account is archived, that user’s name will still appear in the Revisions widget. Filed under: revisions

Significant improvements

• To simplify cropping images and adding a focal point, the Focus tab on the image editor has been renamed Sizes and three default crop sizes (portrait, landscape, and square) have been added. Click the new Set Focus Point button to set the focus point. When the option to freeform crop an image is selected, the Set Focus Point button is disabled. Filed under: image, focus point
• On the Assignment Desk dashboard, urgent and past due items are now flagged and elevated to the top of the list in list view and the top of the column in board view. Filed under: Assignment Desk
• Similar to content locking, a collaborative editing lock has been added to the enhancements in the rich-text editor (RTE). If one user is editing an enhancement, such as an image, in the RTE, other users will see a message that there is a pending edit when viewing the RTE. Filed under: locking, rich-text editor

• The following improvements have been added to content locking:

  • Inactivity timeout. If a user navigates to another tab or minimizes the browser, after a configured amount of time other users viewing the content will be notified and can take over the lock. This setting can be disabled.
  • Hard lock timeout. If a user holds a lock for longer than the configured number of hours, that user is kicked off the page.
  • Disable unlocking. A new setting and permission allows privileged users to disable unlocking which prevents any other user from taking the lock. Filed under: locking
• When you drag and drop a single image into the rich-text editor, the default for transformer will now be Image Enhancement instead of Gallery Enhancement. If you drag and drop multiple images, the default will be Gallery Enhancement. Filed under: rich-text editor, drag-and-drop
• Administrators are now able to reset two-factor authentication for a user by selecting the Reset Two-Factor Authentication for This Tool User option under the Tools Menu in the Edit Tool User widget under Admin > Users & Roles. Filed under: authentication
• The rich-text editor now uses ProseMirror by default. You can switch back to CodeMirror by enabling it on the Advanced tab of your user profile, which is accessed under your username on the dashboard. Filed under: rich-text editor
• The Express Vanity URL Redirect feature has been replaced with an improved version. Filed under: redirect
• Administrators and developers can now add custom link elements in a <head>. Select Link Element after clicking Add under Admin > Sites & Settings > Global (or specific site) > Front-End > Advanced > Add Custom Head Elements. Filed under: header
• GraphQL was updated so that view interface fields in the query type now support arguments from implementing view models. Filed under: GraphQL

Significant defects addressed

• Changes were made to Dari ScriptElement children. They are now treated as raw so that HTML escaping does not apply. This change addresses invalid script body content errors. Filed under: Dari
• The AWS Transcribe plugin was displaying an IndexOutOfBoundsException error message; the defect causing the message has been resolved. Filed under: Amazon Transcribe
• In some instances after making changes to your source code, the Dari Reloader was returning an error message stating that the webapp was not reloaded because background tasks were running even if there were no such tasks. The Dari Reloader now works as expected. Filed under: Dari
• Some icons on the toolbar in the rich-text editor overlapped and were inaccessible; the icons now appear as expected. Filed under: rich-text editor
• In GraphQL, search filters failed in the delivery API; they now work as expected. Filed under: GraphQL, API
• The logic in WildcardRedirect to address transfer matched path segments failed when the redirect was on a site with a path in its URL; it now redirects as expected. Filed under: redirect
• A status utility called Search#updateUsingParameters for AbstractSearchPageServlet was created to ensure that search parameters are being recognized as expected. Filed under: search

Breaking changes

• The name for the GraphQL query parameter API key was changed from api_key to apiKey.
• The value for GraphQL site parameter in the content management API is now the site URL instead of the site ID.
• The Express Vanity URL Redirect feature has been replaced with an improved version in Brightspot, and a programmatic relocate or migration script is not available. Projects that still have legacy instances published will need to manually republish their redirects after upgrading.

• Security updates:

  • The xmpcore dependency vulnerability was addressed by updating the drewnoakes metadata-extractor to the latest version. A side effect of this is that the Xmp Subject field is no longer being extracted and populated on the ImageMetadataMap.
  • The Apache JSTL taglibs standard dependency vulnerability was addressed by removing the dependency; Brightspot no longer includes or supports the legacy custom tag library.
  • The upgrade to the latest mysql-connector-java dependency could cause issues for projects making direct JDBC connections to the databases (legacy migration data ingestion, etc.).
• The AWS SDK version was updated to 1.11.623 from 1.11.381.
• This release moves and renames the Express/Autotag plugin to a Brightspot plugin titled Suggestions. As such, any implementations of AutoTaggable should be renamed to Suggestable.