v4.7.18 release
Release date: September 16, 2024
v4.7.18 had seven improvements and five bug fixes.
Significant improvements
- Restored access for non-developer roles to production guides through the help control , and improved usability of the production guide widget.
- URLs used for applying watermarks now use the AES/GCM/NoPadding mode of operation instead of the less secure AES/ECB.
- Disabled external entity resolution in the SAML XML parser, thereby helping to prevent XML eXternal Entity (XXE) attacks.
- Replaced the class
org.apache.commons.lang3.RandomStringUtils
withorg.apache.commons.text.RandomStringGenerator
to more securely generate API keys. - Replaced the class
org.apache.commons.lang3.RandomStringUtils
withorg.apache.commons.text.RandomStringGenerator
in the GraphQL explorer to more securely generate nonces. - Replaced the function HMAC SHA-1 with HMAC SHA-256 to more securely generate a Tool User Time Based One Time Password.
- Improved performance of database initialization when instances of legacy types contain references to other objects.
Significant defects addressed
- Corrected an issue preventing proper layout of the search field when a site has a banner. Specifically, when a site has a banner, and an editor opened > Content Templates, the search field below the banner was not laid out correctly.
- Corrected an issue throwing an error
Invalid advanced query
when searching for a keyword with the search panel in board view. - Corrected an issue in which upgrading to version 4.7.16 invalidated existing SAML credentials. Release 4.7.18 includes a patch for restoring the validity of those credentials.
- Corrected an issue preventing screen readers from properly announcing word and character counts.
- Corrected an issue causing the method
JspUtils#getAbsoluteUrl
to return anhttp
URL when anhttps
URL is available.
Previous Topic
v4.7.19 release
Next Topic
v4.7.17 release