LTS dotCMS releases
dotCMS will periodically specify specific product releases as Long-Term Supported (LTS) releases, which will be maintained for a longer period than other dotCMS releases, and which will provide a number of advantages for customers that choose to install them.
dotCMS is committed to the security and stability of our latest LTS versions. In our ongoing efforts to protect users, we have established specific timelines for resolving detected vulnerabilities. Note that the responsibility outlined here concerns vulnerabilities that are relevant to live, supported versions. Users on current LTS versions will benefit from security updates in accordance with our established schedules.
Please see the Long Term Supported Releases page for more information and Current Releases for downloads.
Major Version | Current Patch | Last Updated | End of Life Date |
---|---|---|---|
23.10.24 LTS | 23.10.24v8 | Apr 15, 2024 | May 19, 2025 |
23.01 LTS | 23.01.15 | Apr 15, 2024 | Sep 22, 2024 |
22.03 LTS | 22.03.15 | Apr 15, 2024 | Feb 11, 2024 |
21.06 LTS ← | 21.06.14 | Feb 23, 2023 | ⚠️ Apr 30, 2023 |
5.3.8 LTS | 5.3.8.14 | Sep 30, 2022 | Sep 30, 2022 |
5.2.8 LTS | 5.2.8.4 | Feb 16, 2021 | Jun 2, 2022 |
dotCMS 21.06.14 LTS
Available: Feb 23, 2023 Demo starter image: 20210615
Fixes
- Corrected an issue that prevented relating content in a Relationship field with Many-to-One cardinality. [#22840]
dotCMS 21.06.13 LTS
Available: Feb 22, 2023 Demo starter image: 20210615
Enhancements & Adjustments
- Added
DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS
environment variable to limit the maximum number of threads image processing can consume. [#23384] - Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]
- Related content spanning multiple locales has been made more performant, shortening load times. [#22910]
Visual Fixes
- Fixed cases of back-end menu tools' text not displaying. [#23341]
- Displayed date updates correctly on menu after changing time zone. [#23128]
- Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]
- Fixed bug that inverted the display of parent and child in many-to-one Relationship fields.[#22549]
- Pagination now displays properly when querying related content by REST API. [#22236]
- Content Types with two Relationship fields of the same type no longer display list of crossed-out unavailable languages. #21735
Dependencies, Components, Etc.
- PDFBox library updated to 2.0.27. [#23384-comment]
Fixes
- Categories are no longer removed from content mass-imported via CSV file. [#23440]
- Resource consumption has been restricted on PDF thumbnail generation, decreasing system footprint and preventing out-of-memory exceptions. [#23384]
- Additional error handling has been added to the
PublisherJobQueue
to improve logging and resilience. [#22850] - Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]
- Fixed the removal of categories through API calls, which no longer throws an error. [#22756]
- Image selector displays correct totals and respects language selection. [#22729]
- Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]
- Saving a contentlet before its related content loads will no longer result in a clearing of the Relationships field. [#22323]
- Pulling related content with no sorting parameter set now returns related content in the order it was added. #21929)
- Push Removal of a Static Pushed page no longer removes any other files required for that page to render. #21832
- Assign function under the Tasks tool no longer throws an error when attempting to change content not in the default language while a working version exists in the default language. [#23280]
Security
- XMLTool has been restricted from fetching remote entities. [#21415]
dotCMS 21.06.12 LTS
Available: Jan 4, 2023 Demo starter image: 20210615
Bugfixes
- TempFileAPI will now only import by URL if the user is an admin, to reduce exposure to server-side request forgeries. Per OWASP best practices, requests to non-pubic hosts are disallowed. For improved transparency, the source IP has been added to the request as a URL parameter. [#21400]
- dotCMS now scans zip files to ensure integrity, preventing errors resulting from working with an invalid archive. [#23401]
- Remote-URL access tools like
$json
or$import
now run in a thread pool to avoid blocking, backups and crashes in the event of high traffic to a non-responsive external API. [#22522] - Fixed issue where certain access-limited users could not switch between multiple sites on the back end. This was due to a permission correspondence between the necessary endpoint and the Sites tool, which may not be visible to the limited user. [#23474]
- Large bulk updates via import are now faster, via adjustments to relationship-field validation operations. Timeout troubles, begone! [#23015]
- Resolved erroneous difference between the Key/Value field's import and export formatting. [#22582]
Breaking Changes
- By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the
REMOTE_CALL_ALLOW_REDIRECTS
property totrue
. [#22512]
dotCMS 21.06.11 LTS
Available: Sep 8, 2022 Demo starter image: 20210615
Enhancements
- Minor version update to Java on Docker image. [#22852]
- Updating permissions is now faster, and no longer deadlocks the database when repermissioning structures containing large quantities of content. [#19358]
Bugfixes
- When upgrading from version 5.1.6 (or older), database migration tasks now run smoothly, without errors due to differences in DB column counts. [#22349]
- Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
- Restored missing locales for Velocity localization operations. [#22603]
- Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set. [#22266]
- Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role. [#22237]
- Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
- Users with Front-End and Back-End permissions logged in to the front end are no longer redirected automatically to the same page in (Back-End) Edit Mode after manual URL entry. [#22124]
- Pushing a single piece of archived content no longer directly affects — i.e., unpublishes — other versions of the same content. [#21624]
- Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. [#21619]
- Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. [#21482]
- Switched to using Tomcat's
RemoteIpValve
for DNS resolution. [#19569] - A Content Type having a many-to-many relationship to itself will no longer cause contentlets to lose their many-to-many relationships under certain conditions. [#20491]
Visual Fixes
- When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]
dotCMS 21.06.10 LTS
Available: Jul 5, 2022 Demo starter image: 20210615
Bugfixes
- Dispatcher now correctly sets servlet URI request parameter, preventing errors in certain Velocity calls.
- New URI normalization filter has been made less aggressive, and now plays nicely with slashes and equals signs.
dotCMS 21.06.9 LTS
Available: Jun 29, 2022 Demo starter image: 20210615
Bugfixes
- Bad results on ShortyIdentifier database calls are no longer cached. This prevents a condition in which a database error could result in persistent 404 status for ShortyIDs until their region is flushed.
dotCMS 21.06.8 LTS
Available: Jun 10, 2022 Demo starter image: 20210615
Bugfixes:
- Pages built with URL Mapped content are now correctly created on a full-site Static Push.
- URL Mapped content likewise shows up properly in site search indices when including folders.
- Fixed a case where specific conditions could cause drafted content to fail to Push Publish.
- Changes to SCSS files are now recognized and processed immediately, without any delays from caching behavior.
- Fixed navigation error affecting users with both
Back-End User
andFront-End User
roles; URLs now update correctly when editing multiple page assets sequentially. - When a Site/Folder field is removed from a Content Type, content of that type will continue to live where it was originally placed, rather than move to
SYSTEM_HOST
. - Fixed issue in which dotAsset titles would display as their identifiers on certain admin panel searches.
- Can now load extremely large images — whether vast in dimensions or file size — without issue.
Content:
- Removed limit on number of widgets or forms displayed in Content Selector popup.
Enhancements:
- Default metadata storage has been moved from the database to the
FILE_SYSTEM
, stored asmetadata.json
. The previous default of storing the metadata in the database could lead to resource issues on startup.
dotCMS 21.06.7 LTS
Available: Mar 9, 2022 Demo starter image: 20210615
dotCMS 21.06.7 is a LTS release which includes several improvements, and fixes for several issues in previous releases.
Fixes
The 21.06.7 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.06.7, please visit the dotCMS Github Repository.
Issue | Github Link |
---|---|
[Site Copy] : Copying a Site randomly fails | #21204 |
db passwords with characters (specifically @ and possibly others) will break pub/sub due to the connection string | #21363 |
Add the ability to stop/abort a workflow on velocity script actionlet | #21252 |
Past Time Machine not working | #21097 |
SAML - Allow expression substitution from SAML roles mapped to dotCMS roles by role key | #20773 |
Unable to push publish user | #20805 |
We need to obfuscate some environmental variables | #20757 |
Sanitizing file name | #21791 |
Large Bundles make the viewing publishing queue slow | #20971 |
[Push Publishing] : Single quote in content's title breaks JavaScript code in the portlet | #21699 |
dotCMS 21.06.4 LTS
Available: Dec 13, 2021 Demo starter image: 20210615
dotCMS 21.06.4 is a LTS release which includes several improvements, and fixes for several issues in previous releases.
Announcements, Deprecations and Breaking Changes
- Breaking Change: The rest call /api/v2/users no longer exists please use /api/v1/users instead. Any use of /api/v2/users needs to be replaced.
Improvements in dotCMS 21.06.4
- Improved error messages for WorkflowAPIImpl. (#20636)
- Added the option to choose what fields are shown in a relationship field's overview. (#19215)
- Added automatic deletion of old inactive Elastic Search indices to prevent performance slowdowns. (#19931)
- Made multiple improvements to Site Resource. (#20557)
- A bulk move action is now available on the content search screen. (#20504)
- License.zip files will not be moved, rewritten or duplicated on startup.(#20591)
- Moved to glibc based Docker image from a musl based Docker image. (#20666)
- Edit Mode Anywhere now always expects UTF8. (#20629)
- Additional GraphQL logging was added. (#20764)
Fixes
The 21.06.4 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.06.4, please visit the dotCMS Github Repository.
Issue | Conditions | Github Link |
---|---|---|
Duplicates of the same language were allowed to be created. | A language should not be able to be created if a language with the exact same values already exist. | #7342 |
In specific situations the network information did not show on the network tab and an error was produced. | Only occurred when a license was applied for the first time and the network tab was navigated to right after. | #20647 |
IPUtils was sometimes returning false incorrectly. | Only occurred when a specific IP utilizing a \ was passed in. | #20578 |
Users sometimes were unable to create a multilingual blog. | Only occurred on the populate content for language page where the default content is shown. | #20505 |
Workflow could not be copied in certain circumstances. | Only occurred when the Notify Assigned action was included in the workflow. | #20501 |
URL field values were not included in pages in certain situations. | The URL field values were not included when the page was exported from Content->Search. | #20405 |
User couldn't view or edit a piece of content when it has certain multilingual properties. | Only occurred when that content referenced a non-default language on a page that didn't exist in the default language. | #20494 |
Copy workflow button sometimes resulted in incorrect next steps. | Only occurred sporadically. | #18111 |
Generating a resource link for file assets in certain circumstances failed. | Only occurred when the file asset had a legacy identifier. | #20597 |
Contentlet sometimes failed to render and threw an error in certain cases. | Only occurred for content that had a file or image in its Content Type and the file/image was not published when the user was viewing the page. | #18014 |
The add content button was sometimes showing up twice when adding or moving content in a specific container. | Only occurred the dotCMS instance had legacy data. | #20623 |
Update site was not correctly updating the aliases. | This occurred when you Updated the site via the REST call. | #20638 |
In certain situations when running containerized dotCMS initialization was getting stuck. | Only occurred when new nodes were coming up and Tika was trying to initialize. | #20640 |
Settings were sometimes not respected when an image was inserted into the WYSIWYG. | Only occurred when WYSIWYG_IMAGE_URL_PATTERN was set on the image. | #20642 |
Widgets index policy on a page was sometimes overridden by the default. | Only occurred when an index policy was set in a code snippet widget on the page. | #20649 |
Error was created when certain response header rules were set. | Only occurred when the header required single quotes. | #20659 |
Users were not allowed to push publish in another time zone in certain situations. | Occurred when the user was trying to push publish in another timezone at a time that has already past in there current timezone. | #20674 |
Users were able to login as all users in certain situations. | Occurred when a user did not have login as permissions but were still able to use it. | #20677 |
Vanity URLs could be created without required data. | The vanity URL could be created without the title and the forward to field filled in. | #20685 |
Site name was not able to updated a specific way. | Issue occurred when trying to update a site name via the Update Site REST call. | #20688 |
dotCDN was not invalidating the correct information on prod ion certain situations. | Issue occurred when push publishing data that had been invalidated on auth. | #20690 |
Error occurred when upgrading to 21.06 with a specific dotCMS setup. | Issue occurred when a managed database was being used. | #20725 |
OutOfMemoryError occurred when the user tried to import a Bundle | Occurred when many events were triggered at the same time. | #20799 |
Users would sometimes see a multilingual site in the wrong language. | Occurred when the site was static and the default language was selected. | #20469 |
Pulling tags with GraphQL returned an error in logs in specific circumstances. | The error only occurred there were no tags existing. | #20719 |
Classes assigned to rows in layout designer were removed in certain situations. | Only occurred when one row in the layout designer was deleted all the rows below it would be effected. | #20519 |
An exception was thrown on a fresh installation of the full starter depending on the database used. | The exception was only thrown if MSSQL was used as the database. | #20669 |
Image paths and CSS file paths were sometimes incorrect after a Static Publish or Time Machine run. | Only occurred when the image path and dimensions were passed in a code snippet widget. | #20707 |
Running fix conflicts after running an integrity check caused errors in specific situations. | The error only occurred when trying to fix folder conflicts. | #20714 |
dotCMS 21.06.3 LTS
Available: Sep 12, 2021 Demo starter image: 20210615
dotCMS 21.06.3 is a LTS release which includes several improvements, and fixes for several issues in previous releases.
Announcements, Deprecations and Breaking Changes
- Breaking Change: The rest call /api/v2/users no longer exists please use /api/v1/users instead. Any use of /api/v2/users needs to be replaced.
Improvements in dotCMS 21.06.3
- Improved error messages for WorkflowAPIImpl. (#20636)
- Added the option to choose what fields are shown in a relationship field's overview. (#19215)
- Added automatic deletion of old inactive Elastic Search indices to prevent performance slowdowns. (#19931)
- Made multiple improvements to Site Resource. (#20557)
- A bulk move action is now available on the content search screen. (#20504)
- License.zip files will not be moved, rewritten or duplicated on startup.(#20591)
- Moved to glibc based Docker image from a musl based Docker image. (#20666)
- Edit Mode Anywhere now always expects UTF8. (#20629)
- Additional GraphQL logging was added. (#20764)
Fixes
The 21.06.3 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.06.3, please visit the dotCMS Github Repository.
Issue | Conditions | Github Link |
---|---|---|
Duplicates of the same language were allowed to be created. | A language should not be able to be created if a language with the exact same values already exist. | #7342 |
In specific situations the network information did not show on the network tab and an error was produced. | Only occurred when a license was applied for the first time and the network tab was navigated to right after. | #20647 |
IPUtils was sometimes returning false incorrectly. | Only occurred when a specific IP utilizing a \ was passed in. | #20578 |
Users sometimes were unable to create a multilingual blog. | Only occurred on the populate content for language page where the default content is shown. | #20505 |
Workflow could not be copied in certain circumstances. | Only occurred when the Notify Assigned action was included in the workflow. | #20501 |
URL field values were not included in pages in certain situations. | The URL field values were not included when the page was exported from Content->Search. | #20405 |
User couldn't view or edit a piece of content when it has certain multilingual properties. | Only occurred when that content referenced a non-default language on a page that didn't exist in the default language. | #20494 |
Copy workflow button sometimes resulted in incorrect next steps. | Only occurred sporadically. | #18111 |
Generating a resource link for file assets in certain circumstances failed. | Only occurred when the file asset had a legacy identifier. | #20597 |
Contentlet sometimes failed to render and threw an error in certain cases. | Only occurred for content that had a file or image in its Content Type and the file/image was not published when the user was viewing the page. | #18014 |
The add content button was sometimes showing up twice when adding or moving content in a specific container. | Only occurred the dotCMS instance had legacy data. | #20623 |
Update site was not correctly updating the aliases. | This occurred when you Updated the site via the REST call. | #20638 |
In certain situations when running containerized dotCMS initialization was getting stuck. | Only occurred when new nodes were coming up and Tika was trying to initialize. | #20640 |
Settings were sometimes not respected when an image was inserted into the WYSIWYG. | Only occurred when WYSIWYG_IMAGE_URL_PATTERN was set on the image. | #20642 |
Widgets index policy on a page was sometimes overridden by the default. | Only occurred when an index policy was set in a code snippet widget on the page. | #20649 |
Error was created when certain response header rules were set. | Only occurred when the header required single quotes. | #20659 |
Users were not allowed to push publish in another time zone in certain situations. | Occurred when the user was trying to push publish in another timezone at a time that has already past in there current timezone. | #20674 |
Users were able to login as all users in certain situations. | Occurred when a user did not have login as permissions but were still able to use it. | #20677 |
Vanity URLs could be created without required data. | The vanity URL could be created without the title and the forward to field filled in. | #20685 |
Site name was not able to updated a specific way. | Issue occurred when trying to update a site name via the Update Site REST call. | #20688 |
dotCDN was not invalidating the correct information on prod ion certain situations. | Issue occurred when push publishing data that had been invalidated on auth. | #20690 |
Error occurred when upgrading to 21.06 with a specific dotCMS setup. | Issue occurred when a managed database was being used. | #20725 |
OutOfMemoryError occurred when the user tried to import a Bundle | Occurred when many events were triggered at the same time. | #20799 |
Users would sometimes see a multilingual site in the wrong language. | Occurred when the site was static and the default language was selected. | #20469 |
Pulling tags with GraphQL returned an error in logs in specific circumstances. | The error only occurred there were no tags existing. | #20719 |
Classes assigned to rows in layout designer were removed in certain situations. | Only occurred when one row in the layout designer was deleted all the rows below it would be effected. | #20519 |
An exception was thrown on a fresh installation of the full starter depending on the database used. | The exception was only thrown if MSSQL was used as the database. | #20669 |
Image paths and CSS file paths were sometimes incorrect after a Static Publish or Time Machine run. | Only occurred when the image path and dimensions were passed in a code snippet widget. | #20707 |
Running fix conflicts after running an integrity check caused errors in specific situations. | The error only occurred when trying to fix folder conflicts. | #20714 |