ChangeLogs documentation for the dotCMS Content Management System

This page displays information about the changes in each of the following recent dotCMS releases:

VersionRelease Date
dotCMS 5.3.5 Jul 29, 2020
dotCMS 5.3.4.1 Jul 22, 2020
dotCMS 5.3.4 Jul 15, 2020
dotCMS 5.3.3 Jul 13, 2020
dotCMS 5.3.2 Jun 15, 2020
dotCMS 5.3.1 Jun 1, 2020
dotCMS 5.3.0 May 21, 2020
dotCMS 5.2.8 Apr 6, 2020
dotCMS 5.2.7 Mar 9, 2020
dotCMS 5.2.6 Feb 21, 2020
dotCMS 5.2.5 Feb 7, 2020
dotCMS 5.2.4 Jan 24, 2020
dotCMS 5.2.3 Jan 3, 2020
dotCMS 5.2.2 Dec 13, 2019
dotCMS 5.2.1 Nov 7, 2019
dotCMS 5.2.0 Oct 7, 2019
dotCMS 5.1.6 Jun 6, 2019
dotCMS 5.1.5 May 9, 2019
dotCMS 5.1.1 Mar 26, 2019
dotCMS 5.1.0 Mar 14, 2019
dotCMS 5.0.3 Nov 15, 2018
dotCMS 5.0.2 Sep 20, 2018
dotCMS 5.0.1 Aug 21, 2018
dotCMS 5.0.0 Aug 8, 2018
dotCMS 4.3.3 Apr 20, 2018
dotCMS 4.3.2 Mar 1, 2018
dotCMS 4.3.1 Feb 23, 2018
dotCMS 4.3.0 Feb 22, 2018
dotCMS 4.2.2 Nov 15, 2017
dotCMS 4.2.1 Nov 13, 2017
dotCMS 3.7.2 Oct 18, 2017
dotCMS 4.2.0 Oct 17, 2017
dotCMS 4.1.1 Jun 16, 2017
dotCMS 4.1.0 Jun 2, 2017
dotCMS 4.0.1 Mar 24, 2017
dotCMS 4.0.0 Mar 20, 2017

For information on earlier releases, please see the Previous ChangeLogs documentation.


dotCMS 5.3.5

Available: Jul 29, 2020

dotCMS 5.3.5 is a maintenance release which includes fixes for two security vulnerabilities, and some minor fixes and improvements.

Privacy and Security Updates

The following changes in dotCMS 5.3.5 fix potential security or privacy issues which have been identified by dotCMS. For more details on any of these issues, please contact dotCMS Support.

It's important to understand that some security issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.

  • Fixed a potential XSS vulnerability in a specific dotCMS component (#18961)
  • Updated the com.fasterxml.jackson.core library to the latest version, to address potential vulnerabilities (#18151)

Fixes

The 5.3.5 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.5, please visit the dotCMS Github Repository.

  • Fixed an issue which could prevent creation of a new dotAsset when dragging an image onto the WYSIWYG file browser (#18980)
  • Fixed an issue which resulted in a Bad Request response when passing the 'uri' parameter to the sitename endpoint (#18848)
  • Fixed an issue which could cause errors and prevent some Workflows from working properly after upgrading a system which uses Oracle as a database (#18782)
  • Fixed an issue which caused a dojo/parser error in console when adding more than 2 relationship fields (#18764)
  • Fixed an issue preventing the "com.dotcms.hooks" sample plugin from working properly (#18756)
  • Fixed an issue which prevented the use of relative URL Map patterns which worked in earlier dotCMS releases (#18744)
  • Fixed an issue which could cause Container Ids to be duplicated under certain conditions (#18714)
  • Fixed an issue which could cause all Push Publishing Filters to fail when bad data was found in any of the filter files (#18705)
  • Fixed an issue which could cause reindexing to fail on some systems upgraded from very old versions of dotCMS (#18673)
  • Fixed an issue which could cause errors when attempting to Push Publish files that were uploaded via WebDAV (#18626)
  • Fixed an issue which could cause errors on some systems when upgrading from earlier dotCMS versions (#18524)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.3.5

  • Removed unnecessary messages written to the log file when using MySQL as database (#18947)
  • Improved the error message displayed when a Push Publish fails due to Push Publish Filter excluding dependencies (#18792)
  • Improved Elasticsearch connection in a cluster, to utilize ES load balancing features without using an external load balancer (#18870)
  • Improved content export to allow export of unlimited number of content items (#18641)
  • Added a Page field to GraphQL which contains properties of the Page (#18599)
  • Improved the Log File pop-up window to expand the messsage display portion of the window when the window is resized (#18556)
  • Unrepackaged the com.fasterxml.jackson.core library (#18151)
    • Any customers which reference the repackaged libraries in their code will need to modify the code to refer to the unrepackaged libraries instead. For example, import com.dotcms.repackage.com.fasterxml.jackson.annotation.JsonProperty; should be changed to import com.fasterxml.jackson.annotation.JsonProperty;.
  • Upgraded GraphQL from v11.0 to v13.0
  • Upgraded the kickstart library from v7 to v9.


dotCMS 5.3.4.1

Available: Jul 22, 2020

dotCMS 5.3.4.1 is a maintenance release which includes a fix for one significant issue which may affect all sites, and fixes for several issues which may affect sites which use MSSQL or Oracle databases.

Fixes

The 5.3.4.1 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.4.1, please visit the dotCMS Github Repository.

  • Fixed an issue preventing dotCMS startup on sites using MSSQL (#18940)
  • Fixed an issue causing an error when a cluster was initialized on sites using Oracle (#18918)
  • Fixed an issue prevented reindexing on sites using MSSQL (#18912)
  • Fixed an issue which could cause the Site Browser to fail to display some folders (#18901)
  • Fixed an issue causing startup and reindexing failures on sites using Oracle (#18878)

To view more information on these and other issues, please visit the dotCMS Github repository.


dotCMS 5.3.4

Available: Jul 15, 2020

dotCMS 5.3.4 is a maintenance release which includes some minor fixes, and improvements.

Fixes

The 5.3.4 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.4, please visit the dotCMS Github Repository.

  • Fixed an issue which prevented users from being able to change which Site Search index was the default (#18872)
  • Fixed an issue preventing site search indexing jobs from completing and being assigned as the new default Site Search index (#18869)
  • Fixed an issue which could prevent a Container from displaying any content in some circumstances (#18855)
  • Fixed an issue preventing the Page layout editor from working properly for some Pages (#18830)
  • Fixed an issue which could cause incorrect results to be returned when searching for Site Aliases with Elasticsearch (#18805)
  • Fixed an issue which could prevent the parent content in a self-joined relationship from being pushed by dependency (#18804)
  • Fixed an issue preventing proper operation of Workflows in Oracle (#18782)
  • Fixed an issue causing only partial display of very long file names in the Asset information window (#18691)
  • Fixed an issue which could cause Push Publishing to fail in specific circumstances (#18621)
  • Fixed an issue which prevented some Site Aliases from working correctly (#18187)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.3.4

  • Added display of a notification when Elasticsearch is in read-only mode (#17842)
    • When content is saved, if the Elasticsearch server is unavailable (due to a network error, for example), a notification will be displayed in the back-end UI.
    • Availability of the Elasticsearch server will be automatically re-checked until the server is once again available - when a new notification will be displayed in the back-end UI.
  • Added display of the instance Secret Key (SHA-3 Key Digest) and Cluster Id to the System -> Configuration -> Basic Info screen (#17938)
  • Added the ability to update or regenerate the instance Secret Key from the System -> Configuration -> Basic Config screen (#18381)


dotCMS 5.3.3

Available: Jul 13, 2020

dotCMS 5.3.3 is a maintenance release which includes some minor upgrades, fixes, and improvements.

This release includes a number of changes which may affect existing installations. We recommend that you read through this changelog in full before upgrading any existing installations.

Important Changes

A number of important changes in dotCMS 5.3.3 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

Configuration Changes

The following important changes have been made to configuration in dotCMS 5.3.3:

  • The "Push Now" Workflow Sub-Action now allows you to specify a Push Publishing Filter (see below)
    • Existing "Push Now" Sub-Actions will use whichever filter is defined as the default filter.
    • By default, this will preserve the Push Publishing behavior of previous versions
      • However, if you modify your Push Publishing Filters to change which filter is used as the default filter, the "Push Now" Sub-Actions will change to use the new default filter.
    • You may change each "Push Now" Sub-Action to specify a filter by name, instead of using the default filter.
  • The Vanity URL cache regions have changed
    • Vanity URLs continue to work the same as they have in previous versions, but the underlying code has been significantly updated to improve performance and reliability.
    • As part of this change, there are now two different cache regions for Vanity URLs: vanityurlsitecache and vanityurldirectcache.
      • The vanityurlsitecache region stores a separate list of Vanity URLs for each host on your system
        • The default size of 5000 should work for almost all dotCMS instances, but if you have thousands of sites on the same dotCMS instance, you should set this region to a size that's larger than the number of hosts you expect to have on your system.
      • The vanityurldirectcache region stores the most recently matched Vanity URLs.
        • The default size of 25000 will work for the majority of sites, but if your sites use Vanity URLs heavily, you may wish to monitor the cache statistics, and increase the size of this region appropriately if necessary.

New Features

The following new features have been added in dotCMS 5.3.3:

  • New Push Publishing Filters enable you to selectively limit which types of content and dependencies are pushed to a receiving environment
    • You may create different filters, to give your users a choice of how to push content.
    • You may give different permissions to each filter, to limit the use of some filters by Role.
    • You may specify a default filter, which will be automatically selected, and which will be used by default in all existing Workflow Actions.
      • When upgrading your site, the default filter will be set to the "Everything and Dependencies" filter, which pushes content with all dependencies, matching the behavior of pushes in earlier dotCMS versions.
    • The dotCMS starter site includes a set of standard filters.
      • When upgrading your site, these filters will be installed automatically.
    • For more information, please see the Push Publishing Filters documentation.

Fixes

The 5.3.3 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.3, please visit the dotCMS Github Repository.

  • Removed unnecessary file metadata log messages during reindexing (#18752)
  • Fixed an issue preventing the main navigation in the back-end from scrolling (#18716)
  • Fixed an issue causing an error when renaming a file while creating new content (#18685)
  • Fixed an issue which could cause an error when a Page without a valid template was bundled (#18598)
  • Fixed an issue which could prevent import of a starter site with XML 1.1 characters in it (#18576)
  • Fixed an problem with the download link on File Assets (#18561)
  • Fixed an issue which could cause the Drop Old Assets Versions tool to fail when deleting a large number of records (#18494)
  • Fixed an issue which could cause Elasticsearch indexing issues with heavy use of Key/Value fields (#18446)
  • Fixed an issue which could cause an error when an empty VTL file was push published (#18051)
  • Fixed performance and consistency issues when Vanity URLs were used in a cluster (#17278)
  • Fixed an issue which could cause the buttons in the Content Type properties window to stop working under certain conditions (#18595)
  • Fixed an issue which could sometimes cause GraphQL to return an incomplete URL (without the full path) #18286)
  • Fixed an issue which could cause a UI (Javascript) error when a content type had two relationship fields to the same parent content type (#18152)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.3.3

  • Created a new REST endpoint to load all message keys (#18530)
  • Upgraded the #dotParse() directive to accept dotAssets (#18402)
  • Added the ability to open the File Browser with one click from the WYSIWYG field (#18498)
  • Upgraded the Workflow Scheduled Action to support multi-lingual content (#18591)
  • Implemented some internal performance improvements (#18682)
  • Improved error logging in several areas (#18645)
  • Improved resource handling in the Temp file API (#18676)


dotCMS 5.3.2

Available: Jun 15, 2020

dotCMS 5.3.2 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.3.2:

  • Improved file handling in the WYSIWYG field
    • Added the ability to drag and drop images into the WYSIWYG field.
      • Dropped images will be saved as dotAssets, and automatically assigned to a dotAsset Content Type based on the file type, in the way as files dropped into the Content Search screen.
    • Added the ability to open the File browser with one click.
    • Added a button to edit image properties.

Privacy and Security Updates

The following changes in dotCMS 5.3.2 fix potential security or privacy issues which have been identified by dotCMS.

It's important to understand that both security and privacy issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.

  • Fixed an issue causing some screens in the back-end UI to display improperly when the X-Content-Type-Options header was specified (#16955)
    • This issue did not cause any security issues, but prevented the use of the X-Content-Type-Options header, which can be used to improve security.
    • The X-Content-Type-Options header may now be used to improve browser security while accessing the dotCMS back-end UI.

Fixes

The 5.3.2 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.2, please visit the dotCMS Github Repository.

  • Fixed an issue preventing upgrade from earlier release when using older versions of Postgres (#18640)
  • Fixed an issue which sometimes caused conflicts when pushing legacy relationships upgraded to new relationship fields (#18616)
  • Fixed an issue preventing scrolling in the Content Types Tool (#18588)
  • Fixed an issue which could sometimes cause Content Type fields to be reordered unpredictably (#18542)
  • Fixed an issue which could cause errors in the Content editor when a content item had related Parents that were archived (#18525)
  • Fixed an issue which could sometimes prevent OSGI plugins from initializing properly, and cause noisy logging (#18501)
  • Fixed an issue which caused Key Value field data to be returned in the wrong order (#18479)
  • Fixed an issue which prevented GraphQL from returning related content in any Language other than the default Language (#18444)
  • Fixed an issue which prevented GraphQL from returning any content in specific circumstances (#18443)
  • Fixed an issue which prevented a reindex from finishing under specific conditions (#18424)
  • Fixed an issue which could prevent the "What's Changed" feature from detecting content changes on the page (#18356)
  • Fixed an issue which sometimes prevented access to an asset using the ID Path URL, even for admin users (#18345)
  • Fixed an issue preventing multiple Tools from updating properly when the Site was changed in the back-end UI (#18148)
  • Fixed an issue causing errors in the content editing screen when the Tab divider and other fields shared the same name (#18102)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.3.2

  • Added a CORS filter to the GraphQL interface (#18567)
  • Added a new REST API endpoint to retrieve the image URL from a dotAsset (#18427)
  • Improved the query strings displayed in the Show Query popup to better match the content displayed in the Content Search screen (#18316)


dotCMS 5.3.1

Available: Jun 1, 2020

dotCMS 5.3.1 is a maintenance release which includes a single important fix for the 5.3.0 release.

Fixes

The 5.3.1 release includes fixes for the following reported issue. For a list of issues addressed in dotCMS 5.3.1, please visit the dotCMS Github Repository.

  • Fixed an issue preventing the same File-based Container from being added to a Page more than once (#18558)

To view more information on these and other issues, please visit the dotCMS Github repository.


dotCMS 5.3.0

Available: May 21, 2020

dotCMS 5.3.0 is a major release which includes some significant upgrades and new features, performance and stability improvements, upgrades to a number of key components, and some significant changes to existing functionality.

This release includes a number of changes which may affect existing installations. We recommend that you read through this changelog in full before upgrading any existing installations.

Important Changes

A number of important changes in dotCMS 5.3.0 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

Configuration Changes

The following important changes have been made to configuration in dotCMS 5.3.0:

  • The dotCMS distribution files are now delivered as Docker images and Amazon AWS Images (AMIs), in addition to binary files.
    • For the most seamless demonstration experience, dotCMS recommends Docker images for most new dotCMS users.
    • However experienced dotCMS users may still download the dotCMS binary distribution for installation and upgrades.
  • The internal Elasticsearch server has been removed
    • All dotCMS installations must now use an external Elasticsearch server.
    • All dotCMS Docker images include an external Elasticsearch server which is started and managed transparently by the Docker image.
  • The main database configuration for dotCMS installations has been changed from the context.xml file to the db.properties file.
    • The dotCMS distribution no longer ships with a context.xml file.
    • The context.xml file will still be used if no db.properties file exists, so the context.xml files of customers upgrading from earlier releases will continue to work without changes.
    • For more information on the new db.properties file, please see the Database Configuration documentation.
  • Elasticsearch SSL/cert verification has disabled by default.
    • This change was made to improve Elasticsearch security, by allowing Elasticsearch to use HTTPS protocol even when connecting to hosts which may not have a valid cert.
    • You may re-enable SSL/cert verification by setting the property ES_TLS_ENABLED=true in the dotcms-config-cluster.properties file.

Changes to Default Behavior

The following differences in default behavior in dotCMS 5.3.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

  • The default database configuration file has been changed from context.xml to db.properties.
    • The context.xml file is still supported, but has been deprecated, and will stop being supported in a future release.
    • For more information on using the new db.properties file, or configuring your database using system variables or Docker secrets, please see the Database Configuration documentation.
  • A number of potential Content Type variable names have now been designated as reserved.
    • If you create a new Content Type and the variable name resolves to one of these reserved names, the variable name will automatically be modified to prevent an exact match with the reserved name.
    • Existing Content Types which match these new reserved names will not be changed, but it is recommended that you consider changing Content Types with variables matching a reserved name, as the Content Type variable name may cause conflicts in some cases.
    • For more information on the list of reserved names for Content Types, please see the Content Types documentation.
  • Changed the default value of the H22 Cache Provider recovery threshold.
    • The default value of the cache.h22.recover.if.restarted.in.milliseconds has been changed to 0, to prevent a restarted server from attempting to recover a bad cache.

New Features

In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 5.3.0:

  • New dotAsset Base Content Type
  • New Tile View of the Content Search screen
    • Users may now choose to view the Content Search scren in either List view (the traditional view) or Tile view.
  • New File Drag-and-Drop capability in the Content Search screen
    • Users may now upload files via drag-and-drop into the Content Search screen.
    • System administrators may configure dotAsset Content Types so uploaded files are automatically assigned to appropriate Content Types, based on the MIME type of the uploaded file.
    • For more information, please see the File Assets and dotAssets documentation.
  • New Database Configuration capabilities.
    • Database configuration can now be performed via a configuration file, via system variables, or via Docker Secrets.
    • For more information, please see the Database Configuration documentation.
  • Vanity URLs can now be created to pass parameters to the target URI.
  • The distribution now ships with an empty starter site, to enable quick development of sites from scratch.
  • An External Elasticsearch server is now supported by default.
  • Added new RestClientProvider and DotRestClientProvider interfaces to enable custom Elasticsearch behavior

Fixes

The 5.3.0 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.3.0, please visit the dotCMS Github Repository.

  • Fixed an issue which caused an error when the Set Value Workflow Sub-Action was executed (#18468)
  • Fixed an issue preventing the ESQueryCache from initializing properly when used in a cluster (#18458)
  • Fixed an issue which left the old key in use after importing a new starter (#18394)
  • Fixed an issue which could sometimes cause multiple Vanity URLs to stop working, requiring a cache flush (#18364)
  • Fixed an issue which could prevent the use of Time Machine future snapshots (#18355)
  • Improved URL normalization to prevent the use of site specification characters (//) (#18354)
  • Fixed an issue which could prevent users from added content to pages when using MySQL (#18341)
  • Fixed an issue which could cause OSGI initialization errors in a clustered environment (#18319)
  • Fixed an issue which could cause form submission to fail due to a permission error (#18292)
  • Fixed an issue which could prevent the Site Variables window from appearing after deleting a user (#18256)
  • Fixed could cause Push Publish of a new site to fail in some circumstances (#18210)
  • Improved real-time validation checks in the content editing window (#18192)
  • Fixed an issue which could cause the admin user menu to display incorrectly after a Login As operation (#18182)
  • Fixed an issue which could cause an empty or incorrect content title to be returned in some circumstances (#18177)
  • Fixed an issue which could cause Site Search indexing to fail when a Content Type detail page was not found (#18164)
  • Fixed an issue which could prevent Site Search from indexing some multi-lingual versions of URL Mapped content (#18132)
  • Fixed an issue preventing widget Pre-execute code from running in Page Edit mode (#18086)
  • Fixed problems with the Language drop down in Page Edit mode (#18084)
  • Fixed error messages in the log files when running the "Download Data/Assets" maintenance tool (#18080)
  • Fixed an issue causing an incorrect error message when using Login As to a user with limited permissions (#18069)
  • Fixed an issue preventing the Page Editor from correctly limiting the number of contents added to a Container (#18021)
  • Fixed an issue causing incorrect $navtool operation when ENABLE_NAV_PERMISSION_CHECK was set to true (#18016)
  • Fixed an issue causing URL Maps to fail when the content in a URL mapped field contained a forward slash (/) (#18015)
  • Fixed a spurious log error message after the completion of a reindex of a large site (#17918)
  • Added configuration options to allow Elasticsearch to be run without SSL for testing purposes (#17879)
  • Fixed an issue preventing automatic redirection to the login page when an unauthenticated user attempts to access a resource requiring authentication (#17858)
  • Fixed an issue preventing indexing of content if the Content Type was assigned a variable name of title (#17850)
  • Fixed an issue preventing File-based Containers from working properly when the files were not on the Default Site (#17749)
  • Fixed an issue preventing Site Search from respecting default language fallback for Velocity files included with dotParse (#17672)
  • Fixed an issue which could cause legacy relationships to be cleared if an attempt was made to save content while the Elasticsearch index was not writable (#17601)
  • Fixed an issue which could cause errors in URL Maps after an upgrade when using a root-based URL Map pattern (#17514)

To view more information on these issues, please visit the dotCMS Github repository.

Privacy and Security Updates

The following changes in dotCMS 5.3.0 fix potential security or privacy issues which have been identified by dotCMS.

It's important to understand that both security and privacy issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.

  • Fixed an issue which could causing some file contents to be interpreted by the user's browser when editing the file (#18369)
  • Added additional restrictions to limit access to context from scripting (#18318)

Deprecated Features

The following features have been officially deprecated in dotCMS 5.3.0. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.

Additional Changes and Improvements in dotCMS 5.3.0

  • Added a unique key to the Workflow Tasks table, to prevent the possibility that multiple Workflow tasks could end up with the same Identifier and Language Id (#17088).
  • Content Type variable names are now required to be case-insensitively unique, to prevent potential conflicts (#18382).
  • Added support for the INDEX_POLICY on the query string in the Workflow REST API (#18357)
  • The ResourceLink feature has been updated to support all Binary fields in all Content Types (#18310)
  • Several improvements were made to logging, to both reduce noise and improve messaging in some situations (#18183, #18072)
  • The Temporary file endpoint has been updated to auto-assign the Content Type for dotAssets (#18064)
  • The Elasticsearch String.intern property has been disabled to reduce CPU usage (#17899)
  • Elasticsearch has been upgraded from OpenDistro version 1.2.0 to OpenDistro version 1.3.0 (#17885)
  • On startup, dotCMS now automatically waits until an Elasticsearch server is available (#17883)
  • The ESIndexResource class has been updated to call dotCMS API methods instead of calling Elasticsearch directly (#17848)
  • Automaticaly generated Site Search index Aliases are now automatically prefixed with the Cluster Id to ensure uniqueness (#17747)
  • A new custom Docker image has been made available for running Open Distro Elasticsearch with dotCMS (#16806)
  • Significantly improved the performance of the /api/v1/page/render endpoint (#18397)
  • Synchronized the "Download Data/Assets" and "Backup Data/Assets" maintenance tools to produce compatible ZIP files (#18388)
  • Significantly reduced the CPU utilization of the MonitorResource (#18245)
  • Improved the status endpoint to allow access from locations other than localhost (for use with Docker and other applications) (#18215)
  • Added "title" to the list of file metadata fields indexed by default (#18172)
  • Options to download index snapshots were removed from both the Index tab of the Maintenance Tool and the Site Search Tool (#18059)


dotCMS 5.2.8

Available: Apr 6, 2020

dotCMS 5.2.8 is a maintenance release which includes some minor upgrades, fixes, and improvements.

Changes to Default Behavior

The following differences in default behavior in dotCMS 5.2.8 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

  • Front-end Users may no longer preview unpublished (working) content in any location
    • In previous versions of dotCMS, Front-end users could in some circumstances preview unpublished content, if they were assigned appropriate permissions to the unpublished content.
    • dotCMS 5.2.8 standardizes access permissions of Front-end users across all APIs and access methods, preventing Front-end users from previewing unpublished content in any way.
    • If you have existing Front-end users that need to be able to preview unpublished content, you will need to:
      1. Change the users from Front-end users to Back-end users (via the Users screen),
      2. Limit their access to the dotCMS back-end (via the Roles and Tools screen), and
      3. Limit their access to appropriate content (through regular Permissions).
    • For more information, please see the Preview vs. Live documentation.

New Features

The following new features have been added in dotCMS 5.2.8:

  • New REST API Front-end User Authentication capability
    • Users can now be authenticated as either front-end or beck-end users using the REST API.
    • For more information, please see the Preview vs. Live documentation.

Fixes

The 5.2.8 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.8, please visit the dotCMS Github Repository.

  • Fixed an issue which caused columns in the Content Search screen to be displayed in the wrong order (#18159)
  • Fixed an issue preventing the Page API from returning content items placed in Advanced Templates (#18158)
  • Fixed an issue which caused Content Type Text fields configured for Numeric data to be saved as Text data (#18147)
  • Fixed an issue which caused error messages in the My Account popup to be displayed incorrectly (#18143)
  • Fixed an issue preventing new pages from being Push Published under certain conditions (#18126)
  • Fixed issues preventing the Site name from refreshing when the a new Site was selected (#17937, #18125)
  • Fixed an issue preventing a user from being remembered with the Remember Me feature after another login of the same user from a differen location (#18101)
  • Fixed an issue which could cause Front-End users to get a 403 (access denied) error when accessing a front-end form requiring authentication (#18076)
  • Fixed an issue which caused already-pushed content to be re-pushed after a bundle was deleted on the sender (#18025)
  • Fixed an issue which caused content which was archived on the sender to be deleted from the receiver when Push Published (#17994)
  • Fixed an issue which caused items to continue to appear in Site Search after being unpublished or archived (#17976)
  • Fixed an issue which could prevent a limited user from being able to create rules, even when granted appropriate permissions (#17901)
  • Fixed an issue preventing Vanity URLs from working if there was a trailing slash in Uri field (#16433)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.8

  • Improved the user interface of the Relate Content popup:
    • Added the ability to search by hitting the Enter key in the Relate Content popup (#18038)
    • Updated the Relate Content popup to allow a click anywhere on the line to select content (#16936, #17981)
  • Improved the management and performance of clusters when using Docker containers and Kubernetes (#18050, #18190)

Upcoming Changes in dotCMS 5.3.0

The dotCMS 5.3.0 release, currently planned for release in April 2020, will contain some important changes that may impact your system configuration and processes. Please review the changes listed below to be aware of these changes, and if necessary, begin preparing for them.
  • Removal of embedded Elasticsearch server
    • dotCMS 5.3.0 will no longer include an embedded Elasticsearch server.
    • This means that all customers upgrading to dotCMS 5.3.0 will need to use an external Elasticsearch server.
    • The dotCMS Docker reference containers are all designed to use a containerized Elasticsearch server out-of-the-box, so switching to a Docker deployment is a very good option for customers that want to upgrade to 5.3.0 with the minimum effort.


dotCMS 5.2.7

Available: Mar 9, 2020

dotCMS 5.2.7 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.2.7:

  • New Asset Base Content Type enables creation of files and images in a repository without an explicit URL path
    • You can now create Content Types which contain files and images, but which are not located in a specific location within the site.
    • For more information, please see the Base Content Types documentation.

Fixes

The 5.2.7 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.7, please visit the dotCMS Github Repository.

  • Fixed an issue preventing some Image and File field types from being displayed by GraphQL API (#18005)
  • Fixed an issue which could prevent Push Publishing of a Rule actively running on the receiver (#17930)
  • Fixed an issue which could prevent Worklow execution by a user without permissions to the Default site (#17876)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.7

  • Added support for Image Focal Points when using the /da image URL format with "shorty" Ids (#17965)
  • Added the ability to make Binary fields indexable and displayable using the Show in List field property (#17944, #18022)
    • Note: Only the first Binary field on a Content Type can be indexed and set to Show in List.


dotCMS 5.2.6

Available: Feb 21, 2020

dotCMS 5.2.6 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.2.6:

  • New Reset Approvers Workflow Sub-Action allows Workflows relying on multiple approval to reset the list of approvers if the content is re-edited after previously being approved.
  • New Default Workflow Action settings are available in the Workflow Scheme properties screen.
    • You can now set Default Workflow Actions so that if standard operations on content (e.g. New, Save, Publish, Unpublish, etc.) are performed using a method that does not execute a Workflow Action, the operation will be automatically performed using a Workflow Action you specify.
    • For more information on the types of Default Workflow Actions that can be assigned, please see the documentation on Default Workflow Actions.

Fixes

The 5.2.6 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.6, please visit the dotCMS Github Repository.

  • Fixed an issue preventing users from switching a WYSIWYG field to Text and back to WYSIWYG (#18018)
  • Fixed an issue which prevented URL map field values containing forward slashes from working properly (#18015)
  • Fixed an issue preventing unauthorized attempts to access pages from properly redirecting to the login page (#18010)
  • Fixed an issue preventing relationships on the Host Content Type from displaying in the Back-end (#17928)
  • Fixed an issue causing some types of navigation menus from displaying properly in the Page Editor in Edit mode (#17896)
  • Fixed an issue preventing selection of some filter combinations in the User Tool (#17895)
  • Fixed an issue which could cause some browsers to auto-fill new passwords on the change password screen (#17889)
  • Fixed an issue preventing Categories from being sorted properly via the Sort Order field (#17798)
  • Fixed an issue preventing file-based Containers from working properly when not located on the default Site (#17749)
  • Fixed an issue which could prevent relationships from being saved correctly in some cases when using "Relate New Content" (#17743)
  • Fixed an issue causing an incorrect URL to be displayed in the Task Detail screen (#17532)
  • Fixed an issue causing errors in the GraphQL API when Content Types have fields with specific variable names (#17515)
  • Fixed an issue which caused the Event popup to display incorrectly if the End Date field in the Event Content Type was moved before the Start date field (#17497)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.6

  • Upgraded the starter site included with the release distribution to a brand new, completely rebuilt site which demonstrates many of the newer and more sophisticated features of dotCMS.
    • Please perform a fresh installation of dotCMS 5.2.6 to a new location to have the new starter site installed for you.
    • Once the new starter site is installed, you can use Bundles to copy features from the new starter site to your existing site.
  • Improved the "Add to Bundle" functionality to remember the last Bundle name selected (#14066)
  • Added a new parameter to the Content REST API to return full Category information in results (#12739)
    • The includeCategoriesExtraInfo URL parameter can now be supplied (e.g. /includeCategoriesExtraInfo/true) to reutrn full Category information in the results.
  • Added the ability to create "pluggable" content field validations using OSGI plugins (#17773)
    • This allows you to add your own custom code to perform sophisticated and proprietary validations on the data users enter into your content fields.
  • Improved the Binary field to allow limiting of both file length and file type in all uploaded files (#17772)
    • You may use the allowedFileTypes Field Variable to specify which mime types may be uploaded, and the maxFileLength Field Variable to limit the size of all uploads.
    • Since these limitations are implemented as Field Variables, you may set different limits for different Binary fields, even within the same content type (to ensure, for example, that one Binary field is used to upload only videos, while another is used to upload only photos).


dotCMS 5.2.5

Available: Feb 7, 2020

dotCMS 5.2.5 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.2.5:

Fixes

The 5.2.5 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.5, please visit the dotCMS Github Repository.

  • Fixed an issue which could cause the Navtool Viewtool to return incorrect items in some circumstances (#16589)
  • Fixed an issue preventing Vanity URLs from properly redirecting to URL-mapped content (#16684)
  • Fixed an issue which could prevent the Time Machine from displaying individual future content in some circumstances (#17594)
  • Fixed an issue causing some valid folder names from being rejected (#17751)
  • Fixed an issue causing Archived content to be copied to a new Site as Unpublished (#17763)
  • Fixed an issue which could improperly prevent use of the Workflow API in some circumstances (#17794)
  • Fixed an issue with the Content Search tool when the Back-end UI language was set to Spanish (#17797)
  • Fixed an issue which could prevent pages on a non-default host from being found in the Page editor (#17803)
  • Fixed an issue causing duplicate Containers to appear when paging through Containers (#xxxxx)
  • Fixed an issue preventing the Site selector from refreshing properly in Chrome in some circumstances (#17828)
  • Fixed an issue preventing the "Send for Review" feature from working when viewing Workflow Task details (#17829)
  • Fixed an issue adding files with long names in the WYSIWYG field (#17833)
  • Fixed an issue preventing the user menu selections from displaying under certain conditions (#17855)
  • Fixed an issue preventing constant fields from being included in JSON responses (#17864)
  • Fixed an issue which could prevent the Image Editor from scrolling down on large images (#17940)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.5

  • Improved the REST API to allow Binary fields to be uploaded by specifying a remote URL (#16852)
    • Previously, files needed to be uploaded to dotCMS prior to adding them to Binary fields.
  • Simplified the Image Processing REST API to eliminate the need to explicitly specify which filters are used and in what order.
    • You may now simply supply the appropriate filter parameters, and the filter operations will be performed in the order the parameters appear.
    • You may also continue to explicitly specify the filters and the filter order (as in older versions), so older image URLs do not need to be modified in any way.
    • For more information, please sse the Image Resizing & Processing documentation.


dotCMS 5.2.4

Available: Jan 24, 2020

dotCMS 5.2.4 is a maintenance release which includes some minor upgrades, fixes, and improvements, and an important security update.

Important:

dotCMS 5.2.4 includes an important fix for a critical security vulnerability. This vulnerability has already been mitigated for existing dotCMS Enterprise and dotCMS Cloud customers. However, if you are a Community Edition customer, it is strongly recommended that you upgrade to dotCMS 5.2.4 as soon as possible.

Privacy and Security Updates

The following changes in dotCMS 5.2.4 fix potential security or privacy issues which have been identified by dotCMS.

  • Fixed a critical security vulnerability reported in CVE-2020-6754
    • Fixes for this vulnerability have been generated for all affected dotCMS versions.
    • Fore more information, including mitigation measures and the link to the CVE alert, please see security issue SI-54.

Fixes

The 5.2.4 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.4, please visit the dotCMS Github Repository.

  • Fixed an issue preventing the Redirect URL property from working with custom Page Content Types (#15427)
  • Fixed an issue causing CMSFilter to return a 404 for URLs containing a plus sign (#17261)
  • Fixed an issue preventing the Copy Site operation from properly copying Page contents to a new Site (#17541)
  • Fixed an issue which could sometimes cause Push Publishing conflicts when pushing Language Variables (#17596)
  • Fixed an issue which could prevent users from being able to edit Sites without View permission on the Default Site (#17612)
  • Fixed an issue preventing the Asset Backup tool from using the ASSET_REAL_PATH configuration (#17620)
  • Removed an old/invalid foreign key from some database upgrade scripts (#17647)
  • Fixed an issue causing WebDAV to force folder and file names to lowercase (#17698)
  • Fixed an issue causing GraphQL to return a null when no Content Types of a queried Base Type existed (#17717)
  • Fixed an issue which could prevent browsing beyond five sub-folder levels when adding a file to a WYSIWYG field (#17792)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.4

  • The Back-end Menu Navigation has been improved to allow the menu to remain collapsed continually.
  • Added the ability to set a security constraint on the assets folder in the web.xml file (#17835)
  • The REST Content Type API has been enhanced to allow specification of additional default Workflow Actions
    • Default Workflow Actions may now be specified for UNPUBLISH, ARCHIVE, UNARCHIVE, DELETE, and DESTROY, in addition to existing NEW, EDIT, and PUBLISH default actions.
  • Improved the content import and REST API save functions to accept remote URLs for the content of Binary Fields (#16852)
  • Prevented the copy of Workflow history when making a copy of a content item (#17550)


dotCMS 5.2.3

Available: Jan 3, 2020

dotCMS 5.2.3 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.2.3:

Fixes

The 5.2.3 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.3, please visit the dotCMS Github Repository.

  • Fixed an issue which could cause incorrect bundle audit information to generate noisy log messages (#17626)
  • Fixed an issue preventing the Bundles screen from refreshing after a Bundle was deleted (#17676)
  • Fixed an issue preventing Language Variables containing spaces from resolving correctly (#17679)
  • Fixed an issue which could prevent past Time Machine snapshots from being displayed (#17684)
  • Fixed an issue preventing images in WYSIWYG fields from being selected (#17731)

To view more information on these and other issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.3

  • The Page REST API (/api/v1/page) includes several new enhancements to support Single Page Applications (SPAs):
    • Information for all content contained in a Page is now rendered in results (#17665)
    • Content of URL Mapped pages is now rendered in results (#17666)
    • Languages passed via URL parameters can now be specified by language code (e.g. "en-US") as an alternative to language ID (e.g. "1") (#17700)
  • TinyMCE (used in the WYSIWYG field) has been upgraded from version 4.1.6 to version 4.9.6.


dotCMS 5.2.2

Available: Dec 13, 2019

dotCMS 5.2.2 is a maintenance release which includes some minor upgrades, fixes, and improvements.

New Features

The following new features have been added in dotCMS 5.2.2:

  • New Delete All Versions Workflow Sub-Action
  • New Delete Push Publishing Bundles REST Endpoint

Fixes

The 5.2.2 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.2, please visit the dotCMS Github Repository.

  • Fixed an issue preventing the Push Publish popup from displaying from the Tasks Tool (#17026)
  • Fixed an issue which could prevent proper batching of transaction when calling Quartz from code (#17591)
  • Fixed an issue preventing GraphQL from returning IDs for new languages (added after upgrade to dotCMS 5.1.0+) (#17615)
  • Fixed incorrect key when serializing the Visitor object (#17616)
  • Fixed an issue preventing Lucene date range queries from working (#17621)
  • Fixed an issue causing upgrades to dotCMS 5.2.1 to fail for systems with no URL Maps (#17642)
  • Fixed a javascript error when selecting a relationship from the relationship select popup (#17663)

To view more information on these issues, please visit the dotCMS Github repository.

Additional Changes and Improvements in dotCMS 5.2.2

  • Folder name restrictions have been implemented at the API level, to ensure bad folder names can not be created through WebDAV and other means (#16715)
  • Changed deletion of Content Type fields to perform the deletion in the background (#16939)
  • To improve compatibility, the GraphQL implementation has been modified to remove Base Types as Interfaces, and no longer allow specification of individual fields for Base Type collections (#17560)
  • REST API calls which return related content were improved to respect supplied language parameters for both parent and related content (#16917)


dotCMS 5.2.1

Available: Nov 7, 2019

dotCMS 5.2.1 is a major release which includes some significant upgrades and new features, performance and stability improvements, upgrades to a number of key components, and some significant changes to existing functionality.

Fixes

The 5.2.1 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.1, please visit the dotCMS Github Repository.

  • Fixed an issue with the Forms preventing binary submits from working properly (#17468)
  • Fixed an incorrect default sort order on Custom Content Portlets (#17455)
  • Fixed an issue causing redirection to a blank page after adding a Menu Link (#17347)
  • Fixed an issue causing display of a blank page (instead of a license required message) when viewing Rules in Community Edition (#17512)
  • Fixed an issue preventing Forms from being added properly to personalized Pages (#17554)
  • Fixed an issue causing error messages in REST API calls to be incorrectly included in the response header (#16383)
  • Fixed an issue preventing the navigation cache from updating properly when a Page was copied (#17353)
  • Fixed an issue preventing proper display of some Container fields when changing the Max Contents field value (#16782)
  • Fixed an issue where the removed REST_API_CONTENT_ALLOW_FRONT_END_SAVING configuration property was still required in some circumstances (#17510)
  • Fixed an issue which could give anonymous users access to content when the Front-End User Role was explicitly given permissions to that content
  • Fixed issues preventing self-joined Relationship fields from working correctly in some REST API calls (#17477, #17492, #17529)
  • Fixed an issue preventing related content from displaying properly after a bundle containing related content is uploaded (#17528)
  • Fixed an issue preventing display of content with different live and working versions (#17451)
  • Fixed an issue allowing more than one content to be related on a Relationship field with One-to-One cardinality (#17524)
  • Fixed an issue which could cause content in a Container to be removed from the Page when the layout is changed under specific circumstances (#17435)
  • Fixed an issue which could cause a log exception and incorrect content display with an empty duplicate Container in a Page (#17553)
  • Fixed an issue which could cause the selected Site to change when copying and pasting a folder (#17113)
  • Fixed an issue which could allow content to be related to itself in certain circumstances (#17543)
  • Fixed an issue which could cause upload of new files via WebDAV to fail (#17506)
  • Fixed an issue which allowed only one user to see a Workflow Task with "Four Eyes Approval" in progress (#17250)

To view more information on these issues, please visit the dotCMS Github repository.

Known Issues in dotCMS 5.2.1

The following known issues in dotCMS 5.2.1 will be addressed in future dotCMS releases:

  • Translations for 2 newly added strings were not included in the release.
    • If you wish to include these translations in your 5.2.1 distribution, you can find the translations (with key names dot.common.press and dot.common.message.no.workflow.schemes) in the dotCMS Github repository, and manually add them to the language strings files in your distribution.

Privacy and Security Updates

The following changes in dotCMS 5.2.1 fix potential security or privacy issues which have been identified by dotCMS.

It's important to understand that both security and privacy issues may have privacy implications for your existing dotCMS installation. Therefore we recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any security and privacy standards and regulations you adhere to.

  • Fixed an issue which could allow anonymous users access to working versions of content when the Front-End User Role was explicitly given View permissions to that content (#17526)

Additional Changes and Improvements in dotCMS 5.2.1

  • Added caching to 404 error results pages (#17377)
  • Improved performance by removing redundant Hibernate code (#17428)
  • Added language flags to relatable content on new Relationship fields (#16129)
  • Improved logging when content validation fails (#16165)
  • Added a message to indicate when there are no available Workflow Actions for content (#17533)
  • Improved responsiveness of Content Type field deletion (#16939)
  • Improved file access performance by caching file system metadata (#17269)
  • Improved File Container caching and performance (#16597)
  • Reduced unnecessary logging when a live version of content can not be found (#17551)
  • Geolocation information has been added to the Visitor object (#17495).


dotCMS 5.2.0

Available: Oct 7, 2019

dotCMS 5.2.0 is a major release which includes some significant upgrades and new features, performance and stability improvements, upgrades to a number of key components, and some significant changes to existing functionality.

This release includes a number of changes which may affect existing installations. We recommend that you read through this changelog in full before upgrading any existing installations.

Important Changes

A number of important changes in dotCMS 5.2.0 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

Configuration Changes

The following important changes have been made to configuration in dotCMS 5.2.0:

  • Explicit Front-end and Back-end User Configuration Has Been Added
    • To improve security and simplify administration, every User can now be explicitly assigned as a Front-end User, Back-end User, or both, in the Users tool.
    • When upgrading an existing installation, all users will automatically be assigned as Front-end Users.
      • In addition, existing Users will automatically also be assigned as Back-end Users if either of the following are true:
        • The User has any layouts assigned (meaning that the user is assigned at least one Role which has at least one Tool Group and Tool assigned to it), or
        • The User has at least one API Access Key assigned to them.
    • After upgrade, you may manually change the designation of Users as Front-end or Back-end Users via the Users tool.
    • For more information, please see below.
  • Configuration Properties Controlling Access to the REST API Have Beed Simplified
    • A new CONTENT_APIS_ALLOW_ANONYMOUS configuration property has been added which replaces all configuration properties which were previously used to control access to the REST API by non-authenticated and front-end users.
      • Valid values for this property are write, read, or none.
    • The following three configuration properties used in previous versions have been removed and no longer work:
      • REST_API_CONTENT_ALLOW_FRONT_END_SAVING
      • REST_API_FORCE_FRONT_END_SESSION_AUTH
      • REST_API_REJECT_WITH_NO_USER
    • If you have changed the any of these removed properties from their default values, you must add and set the CONTENT_APIS_ALLOW_ANONYMOUS property to an appropriate value to ensure your front-end forms and REST API access behave properly.
    • For more information, please see issue #17034 in the dotCMS Github repository.
  • The WYSIWYG Field configuration has changed.
    • The default TinyMCE configuration has been updated, removing a redundant menu bar and cleaning up some options in the WYSIWYG Field.
    • By default, the WYSIWYG Field will look for a css file named /application/wysiwyg/wysiwyg.css in the current site, and if that file is found, will apply that styling to the content in the WYSIWYG field.
      • The location of this CSS file can be overridden by setting a value for the WYSIWYG_CSS property in the dotmarketing-config.properties file.

Changes to Default Behavior

The following differences in default behavior in dotCMS 5.2.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

  • Important: Due to changes in Elasticsearch (details below), you must perform a full reindex of both the main dotCMS index and any Site Search indexes after upgrading from an earlier version of dotCMS.
  • Elasticsearch Indexing has Been Upgraded
    • The Elasticsearch Text Analyzer Changed
      • In order to improve results and simplify queries, the Elasticsearch text analyzer has been changed from "Whitespace" to "Standard".
      • Although in most cases this will improve search results without the need for wildcards and complex queries, it means that existing queries may return additional results that they did not return in previous versions (especially queries that do not use wildcards).
      • It is recommended that you review all your Lucene and Elasticsearch queries to ensure the behavior has not changed.
    • Elasticsearch Queries Matching Multiple Values for the Same Field May Need to Be Updated.
      • Due to changes in Elasticsearch, queries which use a space as an "OR" between terms matching the same field may fail to match all expected content. To ensure these queries work properly, it is recommended that you review your queries that match multiple values for the same field, and ensure that one of the following is true:
        • The query uses an explicit "OR" operator instead of an implicit OR (via a space). Example: +field:(term1 OR term2)
        • Each term in the query explicitly specifies the field. Example: +(field:term1 field:term2)
        • All search terms are enclosed in quotes. Example: +field:("term1" "term2")
  • Queries of Related Content from Child Side Must Be Performed Using Relationship Methods
    • In order to improve performance and solve problems with certain queries, the way related content is indexed has been changed.
    • Because of this change, querying related parent content using Lucene query terms no longer work (e.g. $dotcontent.pull("+parentContentType.relationshipFieldVar:childId",...)).
    • If you are performing any queries of parent relations using a method other than the $dotcontent.pullRelated() or $dotcontent.pullRelatedField methods, you will need to convert the query to use one of these two methods.
  • "Default" Save and Publish Are Now Performed Using Default Workflow Actions
    • If content is saved or published using a method which does not explicitly call a Workflow (such as when using WebDAV or the Content API), the content will now be saved or published using the new Default Workflow Action specified in the Content Type (rather than the simple default save and publish used in previous versions).
    • For more information on Default Workflow Actions, please see below.
  • The Location of Content Has Changed for Content Types without a Site or Folder Field
    • In order to improve options for content security and management (especially in multi-tenant sites), content without a Site or Folder field is now stored in the same location as the Content Type (instead of on the System Host, as in previous versions).
    • Depending on the location of the Content Type and the specific query terms used, queries and other operations which may previously have included or excluded this content may return different results.
      • If you have any Content Types without a Site or Folder field that are not located on the System Host, you may restore the previous behavior by moving the Content Type to the System Host.
  • The Default Sort Order on the Content Search has Changed
    • By default, results in the Content Search screen are now sorted by relevance instead of by last modification date (e.g. the Elasticsearch score field instead of the modDate field).
    • To sort results by last modification date, you can select the "Last Modification Date" column header in the search results list.
  • Language Variables Added as Content Now Take Precedence
    • Language variables that are added as content in the system and called with $text.get("var") will now take precedence over the language strings in the global properties file.
  • REST API Endpoints Restricted to Back-End Users
    • In conjunction with the explicit designation of Front-end and Back-end Users, a number of REST API endpoints have been restricted to only allow access to Back-end Users (even for read-only access). The following endpoints will now only allow access by Back-end Users and User accounts with API Access Keys defined:
    • /bundle /cluster /config /environment
      /license /osgi /role /ruleengine
      /ws/v1/system /v1/configuration /v1/esindex /v1/notification
      /v1/portlet /v1/roles /v1/sites/{siteId}/ruleengine /v1/system-status
      /v1/users /v2/users
  • Pushed Bundles are Now Automatically Deleted After Two Days
    • A cron job has been added to automatically delete old push publishing bundles, to prevent growth of the bundles folder from taking up too much disk space on the server.
    • You may control how long these bundles are retained on the server by modifying the bundles.delete.older.than.milliseconds property in the dotmarketing-config.properties file. For more information, please see the What to Know Before Push Publishing documentation.

New Features

In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 5.2.0:

  • Content Personalization on Page or via API
    • Content on pages/routes can be personalized by persona and managed and previewed in Edit mode. Page rules have been surfaced, are accessable from edit mode can be combined with personas to deliver personalized experiences to targeted audiences regardless of how they are consuming the content.
  • New Form Builder
    • The Form builder has been replaced with a new Angular Form builder which allows easy creation of Forms and Form Content Types which work natively both the REST API and Workflows.
    • For more information on the new Form builder, please see the Form Builder documentation.
  • New Explicitly-Defined Front-end and Back-end User Roles
    • To improve security and simplify administration, every User can now be explicitly assigned as a Front-end User, Back-end User, or both, in the Users tool.
    • Users that are not assigned as Back-end Users will not be able to log into the dotCMS back-end (even if they are assigned Roles with layouts), and will not be able to access some REST APIs.
    • Users that are not assigned as Front-end Users will not be able to submit content using front-end forms (even if they are able to log into the Back-end).
    • Users which are assigned as neither Front-end Users nor Back-end Users will not be able to log into the dotCMS back-end, and will only be able to access a very limited set of REST APIs.
  • Temporary Resource for Multi-Part Uploads
    • A new REST API has been added allowing you to upload files as temporary resources, which can then be referenced from other REST APIs which add and update content.
  • Default Workflow Actions per Content Type
    • You may now specify default Workflow Actions for each Content Type.
    • The default Workflow Action is executed when content is saved or published using a method which does not explicitly call a Workflow (such as when using WebDAV or the Content API).
    • If content is saved without a Workflow Action, it will automatically be moved to the first Step of the first Workflow for the given Content Type.
  • WebP Image Format Support
  • New Tag Suggestions Endpoint
  • New Index Policy for REST API Endpoints
    • When saving content via the java ContentletAPI or a REST endpoint, you can now specify an indexPolicy of DEFER, WAIT_FOR, or FORCE. For more information, please see the Index Policy documentation.

Fixes

The 5.2.0 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.2.0, please visit the dotCMS Github Repository.

  • Fixed an issue causing the "Default" label on a Site Search index to be removed when the dotCMS cache was flushed (#17046)
  • Fixed an incorrect error message generated when REST API call validation failed (#17164)
  • Fixed performance issue caused by permission API locks with a cold cache (#16963)
  • Fixed issues with Site permissions when more than one version of a Site exists (#16910)
  • Fixed an error when adding a Content Type with a name ending in a semicolon (#15147)
  • Fixed an error in the Page editor when a user did not have edit permissions to the Page being viewed (#16974)
  • Fixed an issue which could prevent some OSGI plugins from deploying automatically when dotCMS restarts (#16877)
  • Fixed an issue preventing the Page render endpoint from filtering content by Persona (#17073)
  • Fixed an issue preventing "Publish All" from working on a folder (#17140)
  • Fixed an issue preventing automatic reindex of an object after its permissions were reset (#16938)
  • Fixed an issue preventing content from rendering after deleting a Category that's being used by Content Types (#16838)
  • Fixed an issue which could cause errors re-importing a Site which had previously been deleted (#16990)
  • Fixed an issue which could cause conflicts between Content Types with names varying only by case (#17051)
  • Fixed an issue causing the "friendlyName" field to be duplicated in REST API results (#17052)
  • Fixed an issue which could prevent non-LDAP users from authenticating correctly on LDAP-enabled systems (#16996)
  • Fixed an issue which could cause incorrect GraphQL results after replacing the value in a Binary field in content (#16993)
  • Fixed an issue preventing the Push Publishing popup from displaying when using the Workflow Tasks tool (#15912)
  • Fixed an issue preventing raw output using the Velocity rendering REST API endpoint (#17022)
  • Fixed an issue preventing the Container toolbar from displaying when using the Blank Template (#13546)
  • Fixed an issue which could prevent newly related content from returning when pulling related content (#16563)
  • Fixed an issue which could cause fields in the Advanced search sidebar to get cut off (#17345)

To view more information on these issues, please visit the dotCMS Github repository.

Deprecated Features

The following features have been officially deprecated in dotCMS 5.2.0. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.

  • WikiTool has been deprecated
  • The legacy Form builder is now fully deprecated.
    • The legacy Form builder has been officially deprecated since dotCMS version 5.0.0.
    • With this release, the legacy Form builder is fully deprecated, and is planned to be removed in a future dotCMS release.
    • It is therefore recommended that any Forms built with the legacy Form builder be migrated to the new Form builder as soon as possible.
  • The Legacy Content Type Tool (labeled "Content Types (Legacy)" in the Roles & Tools screen) has been deprecated.

Additional Changes and Improvements in dotCMS 5.2.0

  • Improved Handling of Language Parameters with Related Content
    • When submitting a REST API call, the language of the results can be limited via a URL parameter (e.g. ?languageId=3) or query term (e.g. +contentType:contentTypeVar +languageId:3).
    • Handling has been made consistent so that when a language parameter is used, the language will be respected for both parent and related content, but when language is supplied as a query term, the language will restrict the parent content but not the children (for example when using the ?depth=2 parameter).
  • Replaced Apache Struts v1.2.4 with the alternative Struts 1 Forever package, which fixes all known security issues and which is continually maintained and patched (#16879).
    Important Note:
    • In earlier dotCMS versions, all struts 1 critical CVEs were patched or mitigated by the use of Beanutils 1.9.3 and the SuppressPropertiesBeanIntrospector.class.
    • The switch to Struts 1 Forever was made not to address security issues (since they had already been addressed), but to simplify vulnerability assessment and mitigation for both customers and our development staff moving forward.
  • Improved performance when moving or updating Content Type fields (#16907)
  • Improved logging and handling of database transactions (#16827)


dotCMS 5.1.6

Available: Jun 6, 2019

dotCMS 5.1.6 is a maintenance release which includes fixes for several issues which affected some customers running the 5.1.0 and 5.1.5 releases.

Important Changes

Important changes in dotCMS 5.1.6 configuration may impact your configuration and system behavior when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

Changes to Default Behavior

The following differences in default behavior in dotCMS 5.1.6 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

  • XSS Prevention Filter
    • In order to minimize XSS and CSRF vunerabilities, dotCMS now will block direct access to all files under the /html and /dotAdmin directories unless dotCMS is sent a valid referer or Origin header.
    • This new behavior is enabled by default, but can be turned off (allowing requests without a valid referrer or Origin to access these folders) by adding the following property to the dotmarketing-config.properties file:
      XSS_PROTECTION_ENABLED=false
    • For more information, please see the Security Best Practices documentation.

Improvements

The following improvements have been added in dotCMS 5.1.6:

Fixes

The 5.1.6 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.1.6, please visit the dotCMS Github Repository.

  • Fixed an issue preventing Key/Value fields from being added to the index (#16313)
  • Fixed an issue which could cause a push of an entire site to fail (#16481, #16623)
  • Fixed an issue which could cause pagination in the back-end to fail when running under HTTPS (#16502)
  • Fixed an issue which caused a reindex of the File Asset Content Type to cause a full reindex (#16545)
  • Translated some back-end strings which were not translated in all supported languages (#16584, #16660)
  • Fixed an issue preventing the "All" Content Type selection from working with Custom Content Tools (#16587)
  • Fixed an issue which prevented limited users without access to the Content Tool from viewing Workflow Tasks (#16590)
  • Fixed an issue which prevented limited users from being able to logout properly (#16591)
  • Fixed an issue which prevented content from being removed from the index performing "Delete then Reindex" (#16592)
  • Fixed an issue preventing the /api/content/publish endpoint from working with multipart form data (FileAssets) (#16600)
  • Fixed an issue which caused static publishing to AWS S3 to fail when dotCMS was used in a Docker environment (#16612)
  • Fixed an issue preventing cache flush of individual Content Types from working (#16626)
  • Fixed an issue which could prevent deleted content from being cleared during a full reindex (#16664)
  • Fixed an issue preventing display of a front-end URL mapped page when logged into the back end (#16671)

To view more information on these issues, please visit the dotCMS Github repository.


dotCMS 5.1.5

Available: May 9, 2019

dotCMS 5.1.5 is an intermediate release which includes some minor improvements and features, and some significant performance improvements, specifically for customers with large content repositories.

Important Changes

A number of important changes in dotCMS 5.1.5 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

Important: The Minimum Java Version Has Changed

dotCMS 5.1.5 will only work with version 1.8.0_162 or later of Java.

  • Earlier versions of Java will not work, even for systems which were upgraded from earlier dotCMS releases.

  • If the java version cannot be updated, you must install the Unlimited Strength Jurisdiction Policy Files (available at here).
    • Not having this support will result in an "InvalidKeyException" when attempting to use 192 or 256 bit keys.

New Features

In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 5.1.5:

  • Reindex performance has been greatly improved, especially for large content stores.
  • Added the ability to generate stateless API Access Tokens using JWT, which can be used for authentication by applications, and which can be issued and revoked from the back-end UI.
  • Page Layouts can now include custom CSS classes for specific Rows and Containers in the Layout.
  • You can now create Custom Content Tools which display only the Content Types you wish.
    • These behave the same as the existing Content Search screen, but display only a limited set of Content Types you define. For example, you can create a Tool which displays only Blog content, only News content, or a combination of Blogs and News.
    • For more information, please see the Custom Tool Groups documentation.
  • The DotAjaxDirector API now take both JSON and API tokens.
    • This allows you, for example, to add and push Bundles using an API method.
    • For more information, please see the DotAjaxDirector API documentation.
  • The Workflow "fire" REST API endpoint has been improved.
    • The fire endpoint now accepts binary (multipart) content and new Relationships fields.
      • The fire endpoint now provides full equivalence with the legacy /api/content endpoint.
      • It is recommended that all new development use the Workflow fire endpoint instead of the legacy /api/content endpoint.
    • The fire endpoint now accepts specification of Workflow Actions by the Action Name or ID.
  • Added additional logging to the Push Publishing feature (#16197)
  • The back-end login screen has been redesigned for simplicity and greater ease-of-use.
  • A new "post" method was added to the JSONTool which allows you to send a request to the remote server using an HTTP POST.
    • For more information, please see the JSONTool documentation.

Fixes

The 5.1.5 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.1.5, please visit the dotCMS Github Repository.

  • Fixed an issue which could cause a compliation error when importing some OSGI packages (#16377)
  • Enabled the use of "text/*" types with the content REST API (#15934)
  • Removed a limitation of REST API calls that prevented them from respecting LoggedInUser permissions (#16135)
  • Fixed an issue that caused file-based Containers to render incorrectly in Page edit mode (#16263)
  • Fixed an issue where an incorrect error code was returned when using an invalid identifier with the /vtl REST API (#15799)
  • Removed an inactive button from the Community Edition Content Search screen (#16270)
  • Fixed an issue which could prevent content from being published when the Tag field was Required (#16026)
  • Fixed problems that resulted when using the word "content" as a key in a Key/Value field (#16046)
  • Fixed an issue causing a Javascript error when a zero content Container was displayed in the Page editor (#16329)
  • Fixed an issue which could cause incorrect content to be displayed from the cache when pushing content using a shorty ID (#16310)
  • Fixed an issue which could display an empty popup when displaying health for a single index (#16331)
  • Fixed an issue which could prevent content saves during switch-over to a new index (#15421)
  • Fixed an issue which could prevent saving of existing content after changing a field to Required (#16376)
  • Fixed an issue that could data corruption with self-reltaed content if the order of Relationships fields was changed (#16420)
  • Made several improvements to Vanity URL caching (#16333, #16337, #16413)
  • Fixed an issue which could cause display artifacts when an invalid icon was set for a Tool Group (#16246)

To view more information on these issues, please visit the dotCMS Github repository.

Deprecated Features

The following features have been officially deprecated in dotCMS 5.1.5. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.

  • Version 2 of the FieldResource REST API has been replaced with a new version (version 3), and version 2 is now deprecated.


dotCMS 5.1.1

Available: Mar 26, 2019

dotCMS 5.1.1 is a maintenance release to fix one specific issue which affected some customers with the dotCMS 5.1.0 release.

It is recommended that all customers running the 5.1.0 release upgrade to dotCMS 5.1.1 as soon as possible.

Fixes

  • Navigation problems could be encountered in the Page editor under some circumstances (#16221)

To view more information on this issue, please visit the dotCMS Github repository.


dotCMS 5.1.0

Available: Mar 14, 2019

dotCMS 5.1.0 is a major release which includes some major upgrades and new features, performance and stability improvements, upgrades to a number of key components, and some significant changes to existing functionality.

This release includes a number of changes which may affect existing installations. We recommend that you read through this changelog in full before upgrading any existing installations.

Important Changes

A number of important changes in dotCMS 5.1.0 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

Changes to Default Behavior

The following differences in default behavior in dotCMS 5.1.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

  • Permissions required to create new Content Types has increased.
    • The authority level required to create new Content Types has been increased from EDIT to PUBLISH (#15285)
    • This change will not have any effect on any existing Content Types.
      • However if you have users who need to be able to create new Content Types, you will need to ensure that these users have PUBLISH permissions for Content Types in all locations where they will be creating new Content Types.
    • Users with EDIT authority will still be able to modify Content Types, but will not be able to create new ones.

New Features

In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 5.1.0:

  • New Relationships Fields
    • A new type of Relationship field has been added, offering significant improvements over the legacy Relationships from older versions.
    • You may now create Relationships by adding Relationships to Content Types as fields which are created and displayed separately for each side of the Relationship.
    • This change provides more flexibility in the types of Relationships you can create, allowing you to now create both One-to-One Relationships and Relationships which are visible from only one side of the Relationship.
    • These new Relationships also allow you to access related content directly via Lucene and Elasticsearch queries, treating related content as a field of the content, rather than requiring dedicated methods (such as $dotcontent.PullRelated()) to retrieve related content.
    • Using the new Relationship fields, you may also now search for related content from the Content Search screen.
    • Legacy Relationships and Legacy Relationships fields are both still supported for backward compatibility.
      • You may mix new Relationships fields and Legacy Relationships fields in the same Content Type.
      • You can choose to convert Legacy Relationships to new Relationships fields, but to ensure backward compatibility, conversion will not be done automatically.
      • A "Relationships" tab in Content Types will still be displayed if you have Legacy Relationships on a Content Type and have not added a Legacy Relationship field to the Content Type.
      • However the "Relationships" tab is now built as a regular Tab-Divider field followed by a Legacy Relationships field in the Content Type, and any new Relationship fields will not display in the Legacy Relationships field.
    • For information on how to upgrade your existing Relationships to the new Relationships fields, please see the Migrating Legacy Relationships documentation.
    • For more information, please see the Relationships documentation.
  • Containers as Files
    • You may now create and manage Containers completely via files.
    • These files may be managed via WebDAV and other file management operations, easing integration of dotCMS with your CI/CD operations.
    • As part of this change, some Containers in the dotCMS Starter site were converted to File Containers.
    • For more information, please see the File Based Containers documentation.
  • Custom REST Endpoints
    • You may now easily create custom REST endpoints using Velocity files.
    • All HTTP Methods for RESTful services are supported, including GET, POST, PUT, PATCH, and DELETE.
    • Velocity methods have been added which simplify the generation of output in JSON and XML formats for your custom endpoints.
    • A /vtl/dynamic REST endpoint has been added which allows you to render output from HTML and Velocity code dynamically.
    • For more information, please see the Scripted Custom Endpoints documentation.
  • GraphQL REST API
    • A REST API has been added that supports the GraphQL dynamic query language for retrieving content.
    • GraphQL allows you to selectively retrieve and arrange the content and fields you retrieve, enabling you to reduce the size of responses and insulate your applications from future changes to your dotCMS content and Content Types.
    • For more information, please see the GraphQL documentation.
  • Field Variables for Content Type Fields
    • You may now add "Field Variables" to fields in your Content Types.
    • These Field Variables can be used to distinguish and handle fields of the same field type differently, either within the same Content Type or among different Content Types.
    • The Field Variables for a Content Type field may be accessed from both Velocity code and Plugins.
    • These field variables are now used to allow customization of the WYSIWYG field, and are intended to be expanded to allow customization of other Content Type fields in the future.
  • WYSIWYG Field Customization on a per-Content Type and per-Field Basis
    • You may use the new Field Variables feature to specify tinyMCE customizations for each WYSIWYG field individually by specifyin a Field Variable named tinyMCEProps, which will be used to initialize the WYSIWYG field editor.
    • For more information, please see the WYSIWYG Field documentation.
  • CORS Header Configuration
    • You can now configure headers to send with CORS requests.
    • Headers can be configured as global defaults, and can be overridden for specific endpoints.
    • For more information, please see the CORS Header Configuration documentation.

Fixes

The 5.1.0 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.1.0, please visit the dotCMS Github Repository.

  • Fixed an issue that could cause a Null Pointer Exception during Push Publishing under some conditions (#9110)
  • Fixed an incorrect message when incorrect values were entered while adding a new Language (#13168)
  • Fixed an issue which prevented the site selector list from being updated when using Login As (#14116)
  • Fixed an issue preventing the site selector from updating when using the Login As feature (#14116)
  • Fixed an issue which could cause different language versions of the same content to be saved separately (#14966)
  • Fixed an issue preventing a limited user from creating a new Content Type under certain conditions (#15285,#15308)
  • Fixed an issue which could cause an error on a Page if a Container on the Page was archived (#15331)
  • Fixed an issue causing Push Publish to fail in specific circumstances after adding a new Language (#15359)
  • Fixed an issue preventing the History and Permissions tabs on Events from being refreshed on save (#15439)
  • Fixed an issue preventing limited users from using the Device Preview feature (#15474)
  • Fixed an issue which could cause a new Site Search to fail (#15475)
  • Fixed an issue preventing Pages at the root of the site from being selectable as URL Map Detail pages (#15482)
  • Corrected some widget sorting issues in the Page Editor (#15486)
  • Fixed an issue which could cause an error when trying to rearrange or un-check the Required property on a Category field (#15504)
  • Fixed an issue which could prevent a limited user from navigating public pages in the back-end (#15506)
  • Fixed some issues which could cause Elasticsearch indexing to fail to complete (#15512)
  • Fixed an issue which could cause content save to freeze with a custom list of Languages (#15624)
  • Fixed an issue which could cause the Page Editor to render incorrectly when Velocity errors exist on the Page (#15640)
  • Fixed an issue which caused Push Publishing errors when Tags contained single quotes (#15792)
  • Removed the server name and port from generated URLs, to support containerization and applications behind proxies (#15833)
  • Synchronized the properties returned by the Page API /json and /render methods (#15928)

To view more information on these issues, please visit the dotCMS Github repository.

Deprecated Features

The following features have been officially deprecated in dotCMS 5.1.0. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.

  • Legacy Relationships and Legacy Relationship fields
    • Legacy Relationships and Legacy Relationship fields on Content Types are both officially deprecated.
    • You may migrate all Legacy Relationships to the new Relationship Fields at any time.
    • Legacy Relationships, Legacy Relationship fields, and Velocity methods referencing Relationship name rather than Content Type field name will all continue to supported for a period of time.
      • However Legacy Relationships and code should be converted to new Relationship fields as soon as possible, to ensure forward compatibility with future releases.
  • CommentActions class
    • The CommentActions class has been deprecated and is no longer shipped with the dotCMS distribution. Customers with legacy code that relies on this class should add the class using a plugin.

Additional Changes and Improvements in dotCMS 5.1.0

  • Updated the Push Publish Workflow sub-Action dialog to allow Push Delete with Workflows.
  • Added navigation crumbtrails to the back-end user interface.
  • Made several improvements to the content search listing in the Page Editor.
  • Improved indexing performance when saving and publishing content.
  • Added "/servlet/" to the list of paths for the DefaultBackEndLoginRequiredWebInterceptor (#15548)
  • Added the hostName to the results in the /es/search REST endpoint (#15574)
  • Added a titleImage property to all content, allowing easy access to images on different Content Types (#15575)
  • Added additional logging for Push Publishing (#15595)
  • Improved error handling when a new Page is created with a URL that is already in use (#15951)
  • Added the ability for the /es/search REST API to return working as well as live content (#15982)
  • Upgraded the contentlet API to return related content for retrieved content items (#9411)
  • For source code distributions, the default path for functional tests was changed from /servlet/test to /dotTest (#15548)
  • Angular has been upgraded from version 4.4.6 to version 7.2.0.
  • PrimeNG has been upgraded from version 4.3.0 to version 7.0.3.
    • There were no UI changes in relation to this upgrade; the upgrade was made to maintain currency and compatibility only.


dotCMS 5.0.3

Available: Nov 15, 2018

dotCMS 5.0.3 is a maintenance release to fix several issues which affected some customers with the dotCMS 5.0.2 release.

It is recommended that all customers running the 5.0.0, 5.0.1, or 5.0.2 releases upgrade to dotCMS 5.0.3 as soon as possible.

Fixes

  • Site selector did not update to show appropriate sites when using the Login As feature (#14116)
  • Under specific conditions, adding content in a new language created a separate content item for the new language version (#14966)
  • Push publishing a file or page could fail after push removing the parent folder (#15022)
  • Content Search screen did not allow filtering for Select fields with multiple word values/keys (#15139)
  • In some circumstances, Categories referenced by a content type were not pushed by dependency with the content (#15172)
  • The Elasticsearch transport port and http port configuration settings were not honored when using auto-wire clusters (#15277)
  • The list of Widget Types was not sorted when adding a Widget to a Page (#15290)
  • In the Content Type editor, Category fields could not be renamed without also changing other field parameters (#15309)
  • Static publish to an Amazon S3 bucket of pages using Sass could fail to render correctly (#15310)
  • Archiving a container which was used on a Page could cause an error when the Page was accessed on the front-end (#15331)
  • Image, Textarea and WYSIWYG fields on existing content could not be completely cleared in the content editing screen (#15340, #15353)
  • Some OSGi plugins placed in the felix/load directory were not loaded properly when dotCMS was started (#15358)
  • The Base Types list in the Content Types tool was not ordered correctly (#15382)
  • In some cases, not all appropriate Bulk Workflow Actions were displayed for a limited user (#15385)
  • Applying "Cascade Permissions" to a Site from the Roles & Tools screen did not update child permissions (#15389)
  • The NavResource REST API did not return a nested JSON object (#15390)
  • In the Page ditor, when any Container included Velocity code with errors, an error was displayed for the whole Page instead of for just the problem Container (#15395)
  • If the Template set for a Page did not exist, the template for the Page could not be changed (#15401)
  • The Host Content Type was incorrectly allowed to be moved from the SYSTEM HOST (#15410)
  • If a Content Type had a detail page that did not exist, the content would fail to index properly (#15423)
  • When a user session expired, the automatic redirect to the Login page did not work correctly (#15437)
  • Limited user was unable to reorder menus in the Page editor when any Page was locked by another user (#15450)
  • Device preview could fail for some users in some browsers (#15474)
  • Running a new Site Search job could fail in some circumstances (#15475)
  • When setting the Detail Page for a Content Type, pages on the root of the site could not be selected (#15482)
  • The PersonaTool.getPersonas() method did not work for unauthenticated (front-end) users (#15484)
  • Reorder of fields in a Content Type could fail in some circumstances (#15504)
  • Within the Page editor, Navigation on the Page sometimes did not work properly for limited users (#15506)
  • In some conditions, an Elasticsearch reindex could get stuck (#15512)
  • In some cases limited users could not view content which was permissioned to be viewable by unauthenticated users (CMS Anonymous) (#15523)

To view more information on these issues, please visit the dotCMS Github repository.

Deprecated Features

The following features have been officially deprecated in dotCMS 5.0.3. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.

  • H2 database is deprecated.
    • The H2 database was previously fully supported for development only.
    • With the release of dotCMS 5.0.3, the H2 database is now officially deprecated, even for development.
    • The H2 database will be replaced in a future version with a dotCMS Docker image which uses a Postgres database.


dotCMS 5.0.2

Available: Sep 20, 2018

dotCMS 5.0.2 is a maintenance release to fix several issues which affected some customers with the dotCMS 5.0.1 release, and to address two newly identified security issues.

It is recommended that all customers running the 5.0.0 and dotCMS 5.0.1 releases upgrade to dotCMS 5.0.2 as soon as possible.

Fixes

  • Added a check to the startup process to ensure that existing assets are not deleted if the configuration of the existing site is not correct (#14819).
  • Fixed an issue preventing sorting of content by Workflow Step if any content item was set as [Not Assigned] (#14897).
  • Fixed an issue which caused an error when attempting to push remove a Site (#15013).
  • Added the ability to specify a Default Template which is used by default when creating a new Page (#15031).
  • Fixed an issue could cause content to be saved twice when the content API was used to trigger a Workflow Action (#15053).
  • Fixed an issue which prevented the options from updating after folder permissions were changed (#15055).
  • Fixed an issue which could prevent relative paths in stylesheet links from working properly (#15141).
  • Fixed an issue which could cause loss of a binary field value in certain circumstances on a content with a required relationship (#15157).
  • Fixed an issue which could prevent proper import or export of Categories containing non-Latin characters (#15174).
  • Fixed an issue which could prevent push publishing of copied sites (#15175).
  • Fixed an issue which could cause zero length files when doing a static push without a language variable in the bucket name (#15176).
  • Fixed an issue which could cause an unnecessary close confirmation prompt when content was not edited (#15177).
  • Fixed an issue which could cause a Workflow Action popup to display incorrectly in some circumstances (#15184).
  • Fixed an issue which could sometimes prevent Workflow Tasks from displaying in the task portlet (#15186).
  • Fixed an issue which could prevent a content from being updated properly via the Workflow REST API in some circumstances (#15192).
  • Fixed an issue causing the wrong Content Type to initially display when editing a content item (#15198).
  • Fixed an issue causing incorrect display of content changes when a value for a Required field was not supplied (#15199).
  • Fixed an issue which could prevent widget pre-execute code from displaying in some circumstances #15202).
  • Fixed an issue preventing the Detail Page of a Content Type from displaying properly when using a Community license (#15217, #15195).
  • Fixed an issue which could cause display errors when certain pre-defined names were used for Velocity variables (#15219).
  • Improved Sass performance when using the LibSass compiler by using fully minified (compressed) CSS (#15222).
  • Changed the priority in which Vanity URLs resolve paths, to prevent potential issues in some circumstances (#15223).
  • Fixed an issue which could prevent the NavTool from working properly when a Page was viewed in edit mode (#15229, #15162).
  • Fixed an issue which could cause Elasticsearch operations to become stuck (#15230).
  • Fixed an issue preventing the LoginAs feature from working properly with some Role configurations (#15237).
  • Fixed an issue preventing viewing of content in a custom workflow if the dotCMS instance did not have a valid license (#15238).
  • Removed an unnecessary message regarding Workflow Actions when viewing a Site (#15272).
  • Fixed an issue which could make a widget incorrectly appear to have not been updated after an edit (#15283).
  • Fixed an issue which could cause an error when a specific method is called under certain circumstances within a plugin (#15297).

To view more information on these issues, please visit the dotCMS Github repository.

Security and Privacy Updates

Details of the two security issues fixed in this release are currently being withheld, but will be added to the Known Security Issues documentation as soon as affected customers have been notified and have had an opportunity to upgrade or mitigate the issues.


dotCMS 5.0.1

Available: Aug 21, 2018

dotCMS 5.0.1 is a maintenance release to fix several issues which affected some customers with the dotCMS 5.0.0 release.

Fixes

  • Improved messages when an attempt is made to create a new Language with the wrong values (#13168).
  • Restored previous behavior auto-selecting a recently edited Content Type in the Content Search window (#13719).
  • Fixed incorrectly displayed actions when using the Workflow "Who can use" filter (#14534).
  • Improved feedback to the user when the user does have permissions to edit a Content Type (#14999).
  • Fixed an issue which could cause the Default Host to be lost after a push under certain conditions (#15020).
  • Fixed an issue preventing futre Time Machine snapshots from showing the correct content in some circumstances (#15014).
  • Fixed a minor issue with the Content Search listing after editing content (#15064).
  • Fixed an issue preventing the deletion of Content Types in dotCMS Community Edition (#15090).
  • Fixed an issue with the XMLTool Viewtool (#15091).
  • Fixed an issue with the Page edit screen when running dotCMS on Windows Server (#15097).
  • Fixed an issue preventing the addition of files to some custom File Content Types (#15105).
  • Fixed an error which could prevent the creation of new tags when adding tags using double-byte languages (#15107).
  • Fixed an issue which caused errors in the Containers screen under certain conditions (#15114).
  • Fixed an issue which could cause errors in the Content Types Tool after a push (#15124).
  • Fixed an issue preventing the Save Draft Workflow sub-action from working properly with some Content Types (#15129).
  • Fixed an issue preventing servlet OSGI plugins from being added properly (#15145).
  • Fixed an issue which could prevent the creation of subcategories under multilingual Category names (#15148).

To view more information on these issues, please visit the dotCMS Github repository.


dotCMS 5.0.0

Available: Aug 8, 2018

dotCMS 5.0.0 is a major release which includes some major upgrades and new features, performance and stability improvements, and upgrades to a number of key components.

Important Changes

A number of important changes in dotCMS 5.0.0 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

Features No Longer Supported

Support for a number of previously deprecated features has been removed in dotCMS 5.0.0. These include, but are not limited to: Internet Explorer 11 access to the dotCMS back-end, and CMIS.

  • These features no longer function, and libraries associated with these features have been removed from the dotCMS distribution.
  • For additional details on libraries which are no longer included with dotCMS, please see the Features and Dependencies Removed from dotCMS 5.0.0 section below.

Configuration Changes

The following important changes have been made to configuration in dotCMS 5.0.0:

  • The default logging configuration has changed to log all messages to the Tomcat catalina.out file, in addition to the dotCMS logs.
    • This logging configuration makes it easier to monitor and debug development and staging environments, but is not recommended in production as the catalina.out file may grow very large.
    • For production, we suggest replacing default log4j.xml with the production example in the dotCMS Github Repository.
  • Elasticsearch configuration has been moved to the standard elasticsearch.yml file, which is located in the "/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/elasticsearch/config" folder within the dotCMS distribution.
    • If you have made changes to your Elasticsearch configuration, including changing the location of the Elasticsearch indexes or creating custom mappings, you must edit the elasticsearch.yml file to reflect these changes.
  • JWT signature keys have changed, and may be updated automatically.
  • The default database configuration now uses DBCP1 (Tomcat connection pooling).
    • It is recommended that you review your database pool configuration to ensure it is correct.
    • If you configure your database by modifying the default context.xml file shipped with dotCMS, please see the Tomcat JDBC Pooling documentation for information on how to configure your database pool.
  • OSGI Default Behaviors have Changed
    • dotCMS no longer attempts to expose/export all internal libraries by default.
      • If you have an OSGI plugin that relies on dotCMS internal libraries, then either you must modify your plugin to provide its own versions of the libraries, or you must expose the internal libraries you need via a fragment or in the osgi-extras.conf file.
    • Tomcat context reloading is now set to false by default.
      • If you wish to add REST endpoints via OSGI, you will need to change this property to true in your context.xml file.

Changes to Default Behavior

In addition, the following differences in default behavior in dotCMS 5.0.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

  • Workflow Changes
    • Workflows have been significantly upgraded, and all existing content types and workflow schemes will be upgraded to use the new Workflow features automatically.
    • As part of this upgrade, the following changes will be made to all existing Content Types:
      • Default content actions have been replaced with a new System Workflow.
        • All Content Types which previously used a non-mandatory Workflow scheme will be assigned to both the existing Workflow scheme and the new System Workflow (which duplicates the previous default content actions).
        • However Workflows now behave differently, so "default actions" which were previously available when using non-Mandatory workflows may not be available in all the Workflow steps they were previously available in, and you may need to modify your custom Workflows to ensure all required actions are still available to the appropriate users.
        • For information on how to modify your Workflows to ensure that all previously available default actions are still available, please see the Upgrading to dotCMS 5.0 documentation.
      • Mandatory workflows have been replaced with new functionality.
        • You may now assign multiple Workflows to the same Content Type. The previous Mandatory Workflow functionality is now provided by simply assigning a single Workflow to a Content Type.
        • Therefore all Content Types which previously used a Mandatory Workflow scheme will remain assigned only to the same Workflow scheme they were previously assigned (the mandatory Workflow), but the Workflow itself will no longer be identified as Mandatory. Content Types previously assigned a Mandatory Workflow scheme will not be assigned to the new System Workflow, and so will mimic the behavior of Mandatory workflows.
    • As part of this upgrade, the following changes will be made to all existing Workflow Schemes:
      • The Mandatory option has been replaced with new functionality. Workflow schemes previously configured as Mandatory Workflows will no longer be explicitly designated as Mandatory. Instead, since each Content Type may be assigned multiple Workflow Schemes, you will provide the same functionality as a Mandatory Workflow by only assigning a single Workflow Scheme to a Content Type.
      • The Requires Lock option has been removed. All existing Workflow actions configured with the Requires Lock option will have a new "Save content" workflow sub-action added to them, which performs the same function as the previous Requires Lock option.
  • Elasticsearch Changes
    • Elasticsearch has been upgraded from version 1.7.3 to version 6.1.3
    • As a result of this change, your existing Lucene and Elasticsearch queries may need to be modified to work properly in dotCMS 5.0.
      • It is strongly recommend that you test all your queries and content pulls after upgrading to dotCMS 5.0.0.
    • For details on required changes, please see the Upgrading to dotCMS 5.0 documentation.
  • REST API Changes
    • Elasticsearch Index API Endpoint Changed
      • The URL to access the esindex endpoint has changed from /api/esindex to /api/v1/esindex.
      • The previous endpoint has been deprecated.
      • For more information, please see the REST API to Manage Indexes documentation.
  • Changes to Relationship Editing
    • Once a relationship has been established between two different Content Types, the relationship between the two content types may no longer be switched (though the Relationship parameters may be changed)
    • For more information, please see Github issue #14296 and the Relationships documentation.

    New Features

    In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 5.0.0:

    • New Edit Mode
      • Customizable Per-page Layouts
      • Drag-and-drop Page Editing
    • New Workflows
      • Drag-and-drop Workflow builder
      • Workflow Action filter to display actions available to specific users and Roles
      • Multiple Workflow Schemes may be assigned to a single Content Type
      • The same Workflow Action can be assigned to multiple Workflow Steps
      • Workflow Actions can be visible based on the state of the content
      • Workflow Action permissions can be assigned based content permissions
        • For example, you can now allow a Workflow Action to be used by all users who have ���Publish�۝ permissions on the content
      • Workflow Schemes can now be copied and deleted
      • Workflow Scheme names are no longer unique, so you may create multiple Workflow Schemes with the same name
      • Workflows Tasks and actions now respect content language
      • New "Save Draft" Workflow sub-action
      • The "System Workflow" (the default Workflow for all content types) is now editable (but always resettable)
      • Workflow Batch Actions enable you to easily perform appropriate bulk actions on any selected group of content, for any Workflow
        • Note that Workflow Batch Actions are only available on dotCMS Enterprise editions
      • New Workflow REST API endpoint
    • New Drag-and-drop Content Type Editor
      • A new Content Type editor allows drag-and-drop creation and management of Content Type fields.
      • The previous Content Type editor is still supported, and customers who upgrade from a previous version of dotCMS will continue to see the old Content Type editor by default.
      • If you would like to access the new Content Type editor, you must add the Tool to the appropriate Roles on your dotCMS instance (via the System -> Roles & Tools screen).
    • New Embedded Google Analytics Reporting

    Fixes

    The 5.0.0 release includes fixes for a number of reported issues. For a list of issues addressed in dotCMS 5.0.0, please visit the dotCMS Github Repository.

    Features and Dependencies Removed from dotCMS 5.0.0

    A number of previously-deprecated features and dependencies have been removed from dotCMS 5.0.0.

    For customers which only use the standard dotCMS distribution, these changes will likely have no impact. However for customers which build dotCMS from source or who use custom plugins, these changes may impact your build process. If you do build dotCMS or custom plugins, please review the below list to identify any dependencies which may affect your build process.

    Removed Libraries

    • Apache Solr
      • Lucene is fully supported by Elasticsearch 6.1, so Solr is no longer required.
    • CMIS support
    • Drools
    • Groovy
    • Hadoop
    • Jasper Reports
    • Jboss Rules / Legacy JBoss Cache
    • Captcha tools
    • Tika (now shipped as an osgi jar)

    Removed Dependencies

    All of the following libraries have been removed from the dependencies.gradle file used to build dotCMS, and these libraries are no longer shipped with the dotCMS distribution:

    • Abdera (dot.abdera-**)
    • mapdb (org.mapdb)
    • Antlr (dot.antlr)
    • Apache Solr (dot.apache-solr-**)
    • OpenCMIS (dot.chemistry-commons and dot.chemistry-opencmis-**)
    • Drools (dot.drools-**)
    • Groovy (dot.groovy-all)
    • Hadoop (dot.hadoop-dev-**)
    • Jasper Reports (dot.jasperreports)
    • Jboss Rules / Legacy JBoss Cache and dependent libraries (dot.jboss-common-core, dot.jbosscache-core, and dot.jboss-logging)
    • Captcha (dot.jcaptcha-mod and dot.simplecaptcha)
    • Internal dotCMS Lucene-related libraries (dot.lucene-**)
    • nekohtml (dot.nekohtml)
    • Verisign (dot.Verisign)
    • xalan (dot.xalan)
    • Tika (dot.tika-app)
    • Batik Animation (batik-anim)
      • Note: Only the batik-anim jar was removed. Other batik jars, including imageio-batik and batik-rasterizer, were not removed.

    Privacy and Security Updates

    The following changes in dotCMS 5.0.0 may have privacy implications for your existing dotCMS installation. We recommend that you review these changes, and if necessary modify any appropriate content, to ensure your site maintains compliance with any privacy standards and regulations you adhere to.

    • JWT signature keys have changed, and may be updated automatically.
      • If you have not explicitly changed your JWT signature key in dotCMS 4.x, your JWT signature key will change when you upgrade to dotCMS 5.0.0.
        • On initial startup, dotCMS will check your JWT signature key, and if has not been changed from the default key, dotCMS will generate a new random secret signing key.
      • Your JWT secret signing key will now be stored in the file "/assets/server/jwt_secret.dat" within the dotCMS distribution.
    • Permissions required to create and edit Content Types have changed.
      • In order to create a new Content Type, a user must now have both ADD CHILDREN rights on the Site and EDIT PERMISSIONS rights on both the Site and the Content Type.
      • In order to edit or delete an existing Content Type, a user must now have EDIT_PERMISSIONS rights on the Content Type.
    • The default expiration time for API Tokens has been increased to ten years.
      • The expiration for these tokens can be changed by setting json.web.token.max.allowed.expiration.days property in the dotmarketing-config.properties file.

    Deprecated Features

    The following features have been officially deprecated in dotCMS 5.0.0. These features have not been removed, and still work normally, but are no longer fully supported, and may be removed in a future dotCMS release.

    • Spring libraries and classes are deprecated for use "out of the box".
      • Spring support in general is NOT deprecated, so use of Spring packages is still supported.
      • However it is now expected that you include any Spring packages/classes you need via any plugin that uses Spring and/or Spring MVC.
    • The current (Page-level) "What's New" feature is officially deprecated.
      • It is planned for this feature to be replaced by an improved What's Changed feature in a future release.

    Additional Changes and Improvements in dotCMS 5.0.0

    • Colors displayed in the back-end UI can now be changed in the System -> Configuration Tool.
    • Postgress 10 is now supported (#14372)
    • Containers may now be included multiple times in the same Template.
    • There is a new Containers REST API.
      • This API provides a number of new endpoints, including an endpoint which allows you to render individual content items via a Container without placing the content inside a Container on a Page.
    • Elasticsearch has been upgraded from version 1.7.3 to version 6.1.3
      • Please note that this was a major upgrade, and some changes may be needed to existing Elasticsearch queries in order to work properly in dotCMS 5.0. Please see the Upgrading to dotCMS 5.0 documentation for more information.
      • The Elasticsearch cache may now be flushed from the System -> Maintenance screen.
    • Tomcat included in the dotCMS distribution has been upgraded to version 8.5.32.
    • Log4j has been upgraded to version 2.8.2.
      • This new version supports low object allocation logging, improving memory use and performance.
    • The OSGI felix library has been upgraded to version 5.6.10.
    • Hazelcast libraries (used with the Hazelcast cache provider) have been upgraded to version 3.9.2.
    • Amazon Web Services libraries (used with Static Publishing) have been upgraded to version 1.11.66.
    • The "Content Types" and "Dashboard" tools have been replaced with new versions.
      • The previous versions of both tools are still included, but have been renamed to include "(Legacy)" to distinguish them from the new versions of the tools.
      • The legacy versions of both these tools are officially deprecated.
    • Sass files no longer require the /DOTASS prefix when references within a theme.
      • Sass files may now alternately be referenced using a .dotsass file extension, which allows them to be referenced using a relative path (e.g. /application/themes/ski-resort/sass/main.dotsass).
    • The LanguageAPI viewtool has been renamed LanguageViewtool.
      • This should not affect users unless they were calling the viewtool in java code
    • Tika has been upgraded to version 1.17 and moved to a built-in OSGI service.
    • Tika (which is used for full text and metadata extraction of pdfs, word docs and other binary file types) is now provided as a built in OSGI service rather than integrated into the dotCMS core product.
      • Making Tika an OSGI service enables encapsulation and segregation of a large number of libraries (which Tika is dependent on) from the dotCMS classpath. This enables future upgrades to Tika and its dependent libraries to be made without impacting other functionality in the system.
    • Velocity Java Code has been Repackaged
      • All dotCMS velocity Java code has been repackaged and is now contained in the com.dotcms.rendering.velocity.* jars.


    dotCMS 4.3.3

    Available: Apr 20, 2018

    dotCMS 4.3.3 is a maintenance release to fix some important issues which affected some customers with the dotCMS 4.3.x releases. It is recommended that all customers running 4.3.x series releases upgrade to release 4.3.3 as there are important fixes in this release.

    Fixes

    The 4.3.3 release includes fixes for the following reported issues introduced in the dotCMS 4.3.x series:

    • Resolved an issue which could prevent images from being retrieved via Velocity code from non-default language versions of content (#12820).
    • Resolved an issue which could cause the Integrity Checker to fail in specific circumstances with mismatching Roles on the sender and receiver (#13067).
    • Resolved an issue which could allow the working version of content to be retrieved incorrectly via the REST API (#13131).
    • Resolved an issue preventing old versions of content from being deleted when a specific language version of the content was deleted (#13682).
    • Resolved an issue which could cause the push of Categories to fail in certain circumstances (#13722).
    • Improved the handling of database connections to prevent the potential premature connection closure (#13792).
    • Increased the space used to display related content in the Relationships tab to enable the full title to be viewed (#14060).
    • Resolved an issue preventing limited users from adding Containers they have permission to when editing a Template (#14134).
    • Resolved an issue which could cause the Fix Assets Inconsistencies tool to fail in some circumstances (#14141).
    • Resolved an issue which could cause the "Four Eyes" Workflow action to move content to the next step prematurely (#14144).

    To view more information on these issues, please visit the dotCMS Github repository.


    dotCMS 4.3.2

    Available: Mar 1, 2018

    dotCMS 4.3.2 is a maintenance release to fix a specific issue which affected a new feature in the 4.3.0 release.

    Fixes

    The 4.3.2 release includes a fix for a new reported issue in dotCMS 4.3:

    • Resolved an issue preventing the new libsass compiler support from working properly (#13449).
      • It is recommended that all customers upgrading to dotCMS 4.3 from an earlier version upgrade directly to 4.3.2
      • However only customers who wish to use features in the new Sass compiler will be affected by this issue if an earlier release of 4.3 is used.

    To view more information on this issue, please visit the dotCMS Github repository.


    dotCMS 4.3.1

    Available: Feb 23, 2018

    dotCMS 4.3.1 is a maintenance release to fix a specific issue which affected some customers with the 4.2.2 and 4.3.0 releases using the dotCMS back-end with a specific version of the Chrome browser.

    Fixes

    The 4.3.1 release includes a fix for the following reported issue introduced in dotCMS 4.2.0:

    • Resolved an issue which caused an error when trying to view the Template Builder when using a specific version of the Chrome browser (#13571).

    To view more information on this issue, please visit the dotCMS Github repository.


    dotCMS 4.3.0

    Available: Feb 22, 2018

    dotCMS 4.3.0 is a significant release which includes a number of notable changes including two new features, performance and security improvements, and fixes for a number of issues which affected some previous releases.

    Important Changes

    Changes to Default Behavior

    The following differences in default behavior in dotCMS 4.3.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

    • Default SASS Compiler Changed
      • The jruby-based SASS compiler has been replaced with the newer and more full-featured libsass.
      • For more information, including how to re-enable the legacy jruby-based SASS compiler, please see below.

    Fixes

    The 4.3.0 release includes fixes for a number of reported issues, including but not limited to the following:

    • Fixed an issue causing an error in specific conditions after a Push Publishing bundle has been manually deleted 13502).
    • Fixed an issue preventing LDAP validation with a Platform license (#13478).
    • Fixed an issue preventing TikaUtils from respecting Categories and Tags 13429).
    • Fixed an issue which could prevent the push of an entire site from succeeding (#13419).
    • Updated the content REST API to return Category information for unauthenticated users if the CMS Anonymous user has permission to view the Category (#13418).
    • Fixed an issue which could cause a push publish to fail if content contained special characters in a Unique field (#13392).
    • Fixed an issue which could cause push publish triggered via a Workflow to fail (#13373).
    • Fixed an issue which caused an error if the Integrity Checker was run twice in a row when using the SQL Server database (#13249).
    • Fixed an issue preventing the Content Type Permissions tab from showing inherited permissions properly under specific conditions (#13180).
    • Fixed an issue with the password reset function (#13117).
    • Fixed a potential push publishing error due to a caching error (#13115).
    • Fixed an error preventing the "/edit" URL parameter from working correctly (#13026).
    • Fixed an issue causing Categories to be removed from a Page when certain custom workflow actions were taken on the Page (#12333).
    • Fixed an issue preventing push history from being created for bundles which were force pushed (#9309).

    To view more information on these issues, please visit the dotCMS Github repository.

    New Features

    In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 4.3.0:

    • New Static Publishing Endpoints (#12669, 12521, 11892).
    • "Four Eyes" Principle Workflow Sub-Action
      • The new "Four Eyes" Workflow Sub-Action enables you to require approval by any two (or more) users from among a group of users.
      • This Sub-Action is an enhancement of the existing "Require Multiple Approvers" Sub-Action (which required approval from all specified users), to allow specification of a group of users and just require approval from a set number of those users, without requiring approval from all of them.
      • For more information, please see the Multiple Approval Sub-Actions documentation.

    Additional Changes and Improvements in dotCMS 4.3.0

    • The jruby-based SASS compiler has been replaced with the newer and more full-featured libsass (#13449).
      • Legacy (jruby-based) SASS compiler support has been deprecated.
        • The old jruby-based SASS compiler still ships with dotCMS, but is disabled by default.
        • You may re-enable the legacy jruby-based SASS compiler by changing the new USE_LIBSASS_FOR_SASS_COMPILATION property from true (the default) to false.
    • The LESS compiler has been deprecated (#13449).
      • No additional upgrades are planned for the LESS compiler included in the dotCMS distribution.
      • All support for LESS compilation may be completely removed in a future version of dotCMS.


    dotCMS 4.2.2

    Available: Nov 15, 2017

    dotCMS 4.2.2 is a maintenance release to fix an important issue which affected some customers with the dotCMS 4.2.0 and 4.2.1 releases. It is recommended that all customers running the 4.x series upgrade to 4.2.2 as there are important fixes in this release.

    Important Notes

    • It is recommended that customers upgrading to release 4.2.2 from a release prior to dotCMS 4.1.0 upgrade directly to release 4.2.2 rather than upgrading incrementally.
      • Customers who upgrade incrementally should make sure to read and follow instructions in the 4.1.0 Change Logs.

    Fixes

    The 4.2.2 release includes fixes for the following reported issues introduced in dotCMS 4.2.0:

    • Resolved an issue causing the sort order of fields within Content Types to be reordered incorrectly (#13052).

    To view more information on these issues, please visit the dotCMS Github repository.


    dotCMS 4.2.1

    Available: Nov 13, 2017

    dotCMS 4.2.1 is a maintenance release to fix several issues which affected some customers with the dotCMS 4.2.0 release. It is recommended that all customers running the 4.x series upgrade to 4.2.1 as there are important fixes in this release and the 4.2.0 release in general.

    Important Notes

    • It is recommended that customers upgrading to release 4.2.1 from a release prior to dotCMS 4.1.0 upgrade directly to release 4.2.1 rather than upgrading incrementally.
      • Customers who upgrade incrementally should make sure to read and follow instructions in the 4.1.0 Change Logs.

    Fixes

    The 4.2.1 release includes fixes for the following reported issues introduced in dotCMS 4.1.0:

    • Resolved an issue when upgrading from dotCMS v2.5.7 or earlier to dotCMS 3.x and higher (#12862).
    • Fixed an issue preventing the operation of some Vanity URLs which begin with "/c" (#12918).
    • Fixed an issue which could cause an exception from the Query Tool when searching in a Category field (#12959).
    • Fixed an issue which could prevent the creation of a Push Publishing endpoint (#12977).
    • Fixed an issue which could prevent Pages from displaying for customers using Oracle with a Prime level Enterprise license (#13007).
    • Fixed an issue which could prevent Vanity URLs converted from earlier versions of dotCMS from displaying (#13017).
    • Corrected an incorrect default property setting which could prevent the login page from appearing when a non-validated user attempts to access a resource with restricted Permissions (#13025).

    To view more information on these issues, please visit the dotCMS Github repository.


    dotCMS 3.7.2

    Available: Oct 18, 2017

    dotCMS 3.7.2 is a maintenance release to fix several issues which affected some customers with the dotCMS 3.7.1 release.

    Fixes

    The 3.7.2 release includes fixes for the following reported issues introduced in dotCMS 4.1.0:

    • Fixed an issue which could cause site search jobs run at the same time to overwrite files (#8552).
    • Fixed a case where FileTool does not respect the DEFAULT_FILE_TO_DEFAULT_LANGUAGE property (#10515).
    • Fixed an issue preventing configuration of a "receive from" endpoint when using the Oracle database (#10825).
    • Fixed an issue preventing the push of an empty template when using the Oracle database (#10828).
    • Fixed an issue preventing proper display of Boolean field values within Containers (#10869).
    • Fixed an issue which sometimes prevented trial license requests from working (#10967).
    • Changed Rules caching method to prevent potential "ping-pong" in a clustered environment (#11315).
    • Changed Elasticsearch configuration to reduce memory usage (#11330).
    • Updated the default H22 cache configuration to prevent potential deadlocks (#11592).
    • Fixed an issue preventing compilation of static plugins on Windows environments (#11622).
    • Fixed a potential out of memory issue when push publishing large bundles (#11835).
    • Fixed an issue with REST API calls accessing legacy files using ShortyIds (#12627).

    To view more information on these issues, please visit the dotCMS Github repository.

    Security Improvements

    The 3.7.2 release includes solutions for the following potential security issues in the 3.7.1 release:

    • Prevented a potential file upload vulnerability by an authenticated user (#10974).
    • Prevented a potential SQL injection vulnerability by an authenticated user when using a specific database with dotCMS (#11811).
    • Prevented a potential information retrieval vulnerability by an unauthenticated user (#11813).

    To view more information on these issues, please visit the dotCMS Github repository.


    dotCMS 4.2.0

    Available: Oct 17, 2017

    dotCMS 4.2.0 is a minor release which includes a number of significant changes including several new features, considerable performance improvements, and fixes for a number of issues which affected previous releases.

    Important Changes

    A number of important changes in dotCMS 4.2.0 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

    Required Post-Upgrade Actions

    Important: Due to changes in the database in dotCMS 4.2.0, it is necessary to manually re-index your site after the upgrade is complete.

    Configuration Changes

    The following important changes have been made to configuration in dotCMS 4.2.0:

    • Velocity Cache Region Changes.
      • All Velocity cache regions may now be stored to persistent cache (e.g. disk cache, Hazelcast, Redis, etc.).
      • However it is important that if the velocitycache region is set to use any persistent cache, the velocitymacrocache region must also be configured to use the same persistent cache.
      • For more information, please see the Cache Chaining documentation.
    • Inactive Cluster Server Period Removed: The REMOVE_INACTIVE_CLUSTER_SERVER_PERIOD property has been removed (#12573).
      • Licenses previously utilized by an inactive clustered node are now immediately freed once the heartbeat time-out on that node has been reached.
    • HTTP Only Session Cookie Property Default: The useHttpOnly property is set to false by default.
      • This property must be set to true to set all dotCMS cookies to HTTP only, and helps to mitigate the risk of client side scripting when accessing a protected cookie.
    • Cluster Configuration Property Changes: The DIST_INDEXATION_ENABLED property has been removed from the portal.properties file.

    Changes to Default Behavior

    The following differences in default behavior in dotCMS 4.2.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release.

    • WAR File Deployment. When generating a WAR file, the generated file name has been changed from dotcms.war to ROOT.war, to conform better with application server standards and expectations (#11961).
    • Struts Actions. For security reasons, ALL front end Struts actions are now disabled by default (#11784).
      • This includes all paths found under /dotCMS/*.
      • Any Struts actions required for your site operation must be explicitly enabled in the dotmarketing-config.properties file via the properties extension file.
    • Vanity URL Conversion. When upgrading an earlier version of dotCMS to release 4.2.0, any existing Vanity URLs (created in an earlier version of dotCMS) will be automatically converted to the new Vanity URL Content Type, and configured as either a 200 forward or a 301 redirect, depending on the URL of the "Enter URL to Redirect To" field in the original Vanity URL:
      • URLs beginning with a "/" will be converted to 200/forward.
      • URLs containing "//" will be converted to 301/redirect.
      • The new Vanity URL Content Type contains additional redirect and forward options and after any upgrade, you should review all your Vanity URLs to ensure they redirect or forward in the way you intend.
    • #dotParse Directive Paths. In order to prevent URL errors, the #dotParse directive is less forgiving and no longer supports paths containing invalid slashes ("/"), such as paths with extra slashes (e.g. "/application/vtl///test.vtl") and pages or files with a trailing slash (e.g. "/company/about-us/index/").
      • If you have existing Velocity code which contains or generates directives using such invalid paths, it will not longer work after the upgrade, and the code will need to be modified to ensure correct paths are used.

    New Features

    The following new features have been added in dotCMS 4.2.0:

    • Layout as a Service: Page and Content Relationships REST API.
      • The new Page REST API enables you to pull all the elements of any page, each encapsulated into a separate JSON obect, either in JSON format or as rendered HTML. This allows single page apps (SPAs) and other iOT applications to retrieve not just raw content, but also fully rendered layouts and modules, which include server side personalization and other context driven information.
      • The new Content Relationships REST API enables you to perform a content pull that automatically includes all related items for each item returned in the content pull. This greatly simplifies the retrieval and management of related content without the need for additional content pulls for related content.
    • Vanity URLs as Content. Vanity URLs have been converted to a standard content type, and are now accessible as content by all existing dotCMS features and tools, including Push Publishing, importing, exporting, permissions, and REST API management.
      • Vanity URLs may now be viewed from both the Vanity URLs tool (Marketing → Vanity URLs) and the standard Content Search tool (Content → Search).
      • Existing Vanity URLs will be automatically converted to content when upgrading to release 4.2.0 from an earlier release.
    • Language Variables as Content. Language Variables have been converted to a standard content type, and are now accessible as content by all existing dotCMS features and tools, including Push Publishing, importing, exporting, permissions, and REST API management.
      • Existing Language Variables will not be converted to content when upgrading to release 4.2.0 from an earlier release. Instead:
        • Language Variables created in earlier releases will still show under the Languages tool, while Language Variables created as content will show under the Content Search screen./li>
        • Language Variables in both the Languages and Content Search screens (both old and new) will be respected; if the same Language Variable exists in both places, the value from the Languages screen will be used.
        • You may convert old Language Variables to content by importing them into the Content Search screen.
    • WYSIWYG Field URL Format. You may now specify the URL format that will be used when links are inserted into WYSIWYG fields. For more information, please see the WYSIWYG Field documentation.

    Fixes

    The 4.2.0 release includes fixes for a number of reported issues, including but not limited to the following:

    • Fixed an issue which could cause some assets to lose their contents if multiple site search index jobs were scheduled at the same time (#8552).
    • Fixed an issue causing Network status to display as red (error) when more than one server was configured (#11933).
    • Fixed a problem pushing content when there is no live version of the Site (#11977).
    • Fixed an issue in the dojo library configuration preventing dropdowns and filtering select fields from working properly on Windows 10 (#12007).
    • JBoss fix for Boolean Casting error in 4.1.1 - (#12086).
    • Fixed an issue which sometimes caused an exception message in the log files when the /edit URL was used to access a page (#12170).
    • Timestamp inconsistency fixed for clustered nodes - (#12276).
    • Improved push publishing bundle upload to allow upload of a bundle from the same server it was generated on (#12465).
    • Fixed an issue preventing the thumbnail from being displayed when a new image is uploaded to a binary field (#12490).
    • Fixed an issue preventing the Velocity macro cache from being populated properly (#12523).
    • Fixed an issue when saving a Form system field (#12684).
    • Fixed an issue which could cause duplicate content on a receiving server if the content type has more than one unique field (#12686).
    • Fixed an issue where an extra comma was appended at the end of the options saved to a multi-select field #12715).
    • Fixed slow performance issues when push publishing content with many relationships (#12840).
    • Fixed an issue preventing a tool from being added to a new Tool Group after it was added to a different Tool Group (#12635).
    • Prevented the potential to display the contents of VTL files from the front-end (#12855).
    • Fixed incorrect return values and status codes from the content API (#11878)

    To view more information on these issues, please visit the dotCMS Github repository.

    Additional Changes and Improvements

    The following additional changes have been made in dotCMS 4.2.0:

    • The generated WAR file name has been changed from dotcms.war to ROOT.war (#11961).
    • Push Publishing: A number of significant performance improvements have been made to Push Publishing:
      • Categories can now be pushed as a dependency of content (#12125).
      • Push Publishing now only retries failed pushes to the specific endpoints which failed (#11500).
      • When a push fails, the pushed bundle is no longer regenerated in order to retry the push (#12038).
    • Performance Improvements: Significant performance improvements have been made in a number of areas:
      • Saving Content: The performance of the contentlet getInode method has been improved (#12488).
      • Accessing Content: A number of performance improvements were made when searching, indexing, editing, and saving content from the dotCMS back-end (#12497).
      • User Interface: All Angular routes are now loaded lazily, improving performance when loading the application (#12378).
    • Library and Tool Upgrades: The following development tools and included libraries have been upgraded or changed:
      • The NG user interface library has been upgraded to version 4.2.4.
      • The Hazelcast library has been upgraded to version 3.8.4.
      • The com.moowork.node library has been upgraded to version 1.2.0.
      • Replaced the legacy edu.emory.mathcs.backport.java.util.concurrent library with the java.util.concurrent library to improve portability and maintainability.
      • UI build tools have been migrated from webpack to ng-cli.
    • Property Changes: The following properties have been changed:
      • Removed the DIST_INDEXATION_ENABLED property from the portal.properties file (#12453).
        • In most cases, only the following three properties are now required to configure clustering: AUTOWIRE_CLUSTER_TRANSPORT, AUTOWIRE_CLUSTER_ES, and AUTOWIRE_MANAGE_ES_REPLICAS.
    • Manually specifying the IP Address and port for cache and Elasticsearch has been deprecated.
      • Manual cluster configuration is still supported, but clients using manual cluster configuration should begin planning to change to use cluster auto-wiring or to externalize resources instead, as support for manual cluster configuration may be removed in a future release.
    • Added support for running the dotCMS back-end in Internet Explorer 11 (in addition to MS Edge).

    Known Issues

    • Error Messages Logged when Performing a Static Push (#12187).
      • Amazon AWS has a known issue (https://github.com/aws/aws-sdk-java/issues/567), which will generate some noise in the dotcms logs when performing a static push to Amazon AWS.
      • Amazon is working to address the issue, but in the meantime, the stack traces returned from AWS in the dotcms.log file can be ignored.


    dotCMS 4.1.1

    Available: Jun 16, 2017

    dotCMS 4.1.1 is a maintenance release to fix several issues which affected some customers with the dotCMS 4.1.0 release.

    Important Notes

    • When deploying dotCMS 4.1.1 on JBoss you must update the JSP files to change "boolean" casting to "Boolean".

    Fixes

    The 4.1.1 release includes fixes for the following reported issues introduced in dotCMS 4.1.0:

    • Fixed a potential issue when pushing relationships (#11842).
    • Fixed an issue preventing inherited permissions from being displayed in Content Types (#11850).
    • Fixed a problem where the Unique property was not respected on a Text field set to display Whole Numbers (#11857)
    • Re-introduced the ability to set publish and expire dates on all types of content, including simple content, Widgets, Files, and Pages (#11861).

    In addition, the 4.1.1 release includes fixes for the following additional issues which existed in earlier versions of dotCMS:

    • Fixed a potential out of memory error when push publishing very large bundles (#11835).
      • This potential issue has existed since dotCMS release 2.x, so customers who have experienced issues pushing very large bundles on older releases may notice imrpoved performance and reliability with the 4.1.1 release.
    • Fixed a reported potential security vulnerability in the administrative panel.
    • Added the visitor content tab back to the starter site.
      • This tab has been not been included in the starter site since release 4.0.0.

    To view more information on these issues, please visit the dotCMS Github repository.

    Known Issues

    The following known issues exist in dotCMS 4.1.1. If you experience any of these issues, please contact dotCMS Support.

    • When a widget sent from an upgraded 4.1.1 instance to a newly installed (non-upgraded) 4.1.1 instance, the widget may not display properly on the receiving instance (#12242).


    dotCMS 4.1.0

    Available: Jun 2, 2017

    dotCMS 4.1.0 is a considered a minor release but still introduces several new features, enhances a few existing features, introduces performance enhancements, and provides fixes some issues with the 4.0.1 release.

    New Features

    In addition to the Important Changes listed above, the following additional new features have been added in dotCMS 4.1.0:

    REST API Content Type Management

    • New JSON based Content Types
    • New REST Endpoints for defining and managing Content Types, Fields and Field Variables
    • New API and builders to programmatically create content types.
    • Backwards compatible
    • Old structure code, factories and caches are all deprecated.

    Hazelcast integration

    • dotCMS 4.1.0 integrates Hazelcast both as a new cache provider and at the Cluster Transport layer.
    • Hazelcast Embedded and Client Cache Implementations
    • Hazelcast replaces JGroups for network discovery and topology
    • Performance optimizations on distributed caches invalidations (for Hazelcast and Redis) so cache-messages and invalidation-operations are not unnecessarily spread over cluster members

    Progressive JPEG Support

    • dotCMS now supports progressive JPEG images, both for regular display and as a conversion filter. For more information, please see the Image Resizing and Processing documentation.

    Use of Environment Variables in Properties Files

    • You may now reference environment and system variables within your properties files, enabling you to maintain common properties files across multiple dotCMS instances, while making changes to to each local server through environment and system variables. For more information, please see the Changing dotCMS Configuration Properties documentation

    New Default Cache Provider/Improvements

    • caffeineCache has been made the default provider shipping with dotCMS. The caffeineCache provides a more efficient LFU algorithm, vs. Guava�۪s LRU. It will reuse the region settings made for the Guava cache.
    • H2CacheProvider has been removed. If you have any regions using the H2CacheProvider, they will need to be updated to use the H22Provider.
    • Live and Working caches have been removed and their regions are no longer needed.
    • FieldCache has been removed. Calls to it are now made to the ContentType cache
    • Velocity only requires 2 cache regions, VelocityCache and VelocityMacroCache. Currently, both of these regions can be serialized and or written to disk or clustered.

    Important Changes

    A number of important changes in dotCMS 4.1.0 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

    Configuration Changes

    The following important changes have been made to configuration in dotCMS 4.1.0:

    • Vanity URLs Upgraded from earlier versions must be manually edited to restore the correct case in the URLs.
      • When upgrading to release 4.1.0 from an earlier release of dotCMS, all Vanity URLs will have their case changed to lower case.
        • However certain Vanity URLs (such as 404 redirects) require a specific case to work properly.
        • Therefore it is recommended that, after upgrading to release 4.1.0, you manually review all upgraded Vanity URLs, and if necessary restore the case.
      • If you wish to avoid this issue when upgrading from an earlier version of dotCMS, you may upgrade directly to release 4.2.1 or higher instead of release 4.1.0.
    • Properties files are automatically reloaded after each change.
      • The dotmarketing-config.properties, dotcms-config-cluster.properties, and portal.properties files are now continually monitored for changes and automatically reloaded as soon as the file timestamp changes.
        • In previous versions of dotCMS, changes could take as long as 5 minutes to be reflected, but changes are now reflected almost immediately (typically within a few seconds).
      • If you wish to restore the previous behavior, you may add the following property to the dotmarketing-config.properties file: dotcms.usewatchermode=false.
      • For more information, please see the Reloading Property Files section of the Changing dotCMS Configuration Properties documentation.
    • CSV import now allows only Velocity field variable names as column headers.
      • You may no longer use field labels as column names.
      • For more information, please see the Importing Content documentation.
    • JGroups has been deprecated in favor of Hazelcast for cluster communication.
      • If you have jgroups cluster specific config, you will need to remove it and place such configuration in the Hazelcast .xml files.

    Changes to Default Behavior

    In addition, the following differences in default behavior in dotCMS 4.1.0 may change your expectations and require a review of your administration practices. Please review all of these changes before upgrading from a previous release:

    • All Vanity URLs, folder, file and page lookups are now case insensitive - they are forced to lower-case (#11264).
      • All new Vanity URLs will be forced to use only lower-case characters when created.
      • All existing Vanity URLs will be converted to lower-case (only) on upgrade to dotCMS 4.1.0 from an earlier version of dotCMS.
    • OSGI plugins that override dotCMS java classes now use ByteBuddy instead of jamm (#11142).This change will fix some issues with OSGI Plugins, however, all upgrading clients with a plugin that overrides the startup.sh/startup.bat files will need to modify their plugin to incorporate the new changes to those files.
      • In addition, a new addClassTodotCMSClassLoader(String className) method was added to the activator, which when called will add your class to the dotCMS Classloader.
    • The live cache and working cache have been removed.
      • If you have any plugins from earlier versions of dotCMS which make use of the live and working cache, you will need to update them for dotCMS 4.1.0 to use the new pattern.
      • For more information on these changes, please see issues #10947 and #11143 in the dotCMS Github repository.
    • Properties files now support the inclusion of environment and system variables.
    • Properties files are now automatically and immediately reloaded any time they are changed.
    • Change in Variable Name used for Binary Uploads in the REST Content API
      • RESTfully POSTed content including Binary fields are now expected to use the variable binary + field order.
        • For example, if the binary field is the 6th field on the content type, the variable name to use is binary6.
      • If you have automated scripts posting binaries using the REST API, please ensure that you are sending the updated variable name in your POST. You can see the proper name on the Content Type definition screen.

    Fixes

    The 4.1.0 release includes fixes for a number of reported issues, including but not limited to the following:

    • Potential read timeout when using JWT authentication behind a proxy (#11348).
    • OAuth plugin did not respect the `json.web.token.allowhttp` property (#11412).
    • A structure reindex could not be run from the Content Search tab (#11347).
    • Hibernate second level cache changed from ehcache to NoCache (#11205).
    • Improved messages displayed when a user doesn't have permissions to edit some types of content (#11366).
    • Images were not always displayed on Events displayed on the front-end (#11388).

    To view more information on these issues, please visit the dotCMS Github repository.

    Upgrading to 4.1.0

    • Database
      • DB User for dotCMS requires Drop/Add Trigger permissions in order for the database to successfully upgrade to 4.1.
      • There are 2 SQL startup tasks that lowercase vanity urls and identifiers in the database. These are to help DB performance when doing url lookups when no cached object is found.
    • -javaagent in startup scripts
      • The jamm.jar is no longer used. Please update any custom bin/startup.sh scripts and remove that as the -javaagent. Instead, set the -javaagent to ByteBuddy as seen here: https://github.com/dotCMS/core/blob/fc239043e782d04ca4a7830cee678f56cc838c92/bin/startup.sh#L60
    • H2CacheProvider is removed
      • If you have any custom configed cache regions, you should change these to the newer H22Cache

    Additional Changes and Improvements in dotCMS 4.1.0

    • Velocity performance improvements: A number of performance and memory usage improvements were made to the Velocity engine. Please click the links below for details on these changes:
      • Internal reliance on Velocity macros has been minimized, and dotCMS now relies on pure java Directives vs Velocity macros. This means more compiled code and less interpreted code, resulting in shorter and faster code execution. The #dotParse and #parseContainer macros have been replaced with Velocity **directives**, significantly improving their performance and memory usage (#11362).
      • Velocity Memory Improvements (#11236).
      • Velocity objects in-memory size reduced 50-75%.
      • All velocity objects are now cacheable and Velocity cache regions are much simplified.
      • Redundant evaluation of toString disabled in Velocity code (#11441).
      • Improved performance of DotTemplateTool and Live mode (#11084).
    • Updated the TestInitialContext.java file to read environmental variables (#11319).

    Known Issues 4.1.0

    • License Notifications for MSSQL and Oracle (#11710)
    • Respect Default Page to Default Language Property (#11654)
    • Navigation Tool and Page Fall Thru Property (#11640)
    • Loading Users Needs Performance Improvement (#11519)

    Deprecated Features Removed 4.1.0

    • Velocity Macros Removed:
      • #pullContent macro code should be replaced with the $dotContent Tool:
        • Change
          
          #pullContent("+structureName:Client +Client.footer:yes*","6","random")
          
          To
          
          #set($list = $dotcontent.pull("+structureName:Client +Client.footer:yes*","6","random"))
          					
      • #pullRelated macro code should be replaced with the $dotContent Tool:
        • Change
          
          #pullRelatedContent("relationshipName" "" 10 "modDate")
          
          To
          
          #set($list = $dotcontent.pullRelated("relationshipName","$!{parent.identifier}",false,10,"modDate")
          
      • The #dotParse and #parseContainer macros have been replaced with Velocity directives but this requires no code changes, they simply work faster/better.
      • The following macros have been removed completely (replace with the $dotContent.find tool):
        • #getContent
        • #getContentDetail
        • #getContentDetailByIdentifier
        • #getContentMapDetail
        • #getContentMapDetailByIdentifier
    • Deprecated API's - see the new Content Type API Documentation
      • com.dotmarketing.portlets.structure.business.StructureAPI
      • com.dotmarketing.portlets.structure.business.FieldAPI
      • com.dotmarketing.portlets.structure.factories.FieldFactory
      • com.dotmarketing.cms.*
        This includes all the legacy front end struts actions, including front end login, account creation and management, SubmitContent Macros, Webforms


    dotCMS 4.0.1

    Available: Mar 24, 2017

    dotCMS 4.0.1 is a maintenance release to fix an important issue which affected some customers with the dotCMS 4.0.0 release.

    Fixes

    • Fixed an issue causing an error on startup if the dotCMS server was not connected to the Internet (#11131).

    To view more information on this issue, please visit the dotCMS Github repository.


    dotCMS 4.0.0

    Available: Mar 20, 2017

    The dotCMS backend UI has moved to an Angular 2 interface!

    For more information about the new user interface, please see UI Changes, below.


    dotCMS 4.0.0 includes a major update to the dotCMS backend user interface, several important new features, and a number of fixes. We encourage you to check out the new features and improvements in this release on the dotCMS Demo Site, and we welcome your feedback.

    Important Changes

    Important changes in dotCMS 4.0.0 configuration may impact your performance when upgrading an existing site. Please read the documentation sections on all of these changes before upgrading from a previous release.

    • Permission Inheritance Changes to default behavior
    • Internet Explorer is not currently supported for access to the back-end UI.
      • Due to Internet Explorer incompatibilities with the Angular 2 implementation, it is not currently supported to use Internet Explorer to access the dotCMS back-end UI.
      • Please see below for more information.
    • URL paths to all back-end screens have changed.
      • As part of this change, the URL to login to the dotCMS back-end has been changed from {yourdomain}/admin to {yourdomain}/dotAdmin.
      • Please see below for more information.
    • A number of legacy deprecated features were removed.
      • Please see below for a list of the features removed.
    • Windows Server is still fully supported, but has been officially deprecated (for termination of support in a future release).
      • If you currently use Windows Server for your production dotCMS environment or have questions about support for Windows, please see below for more information.

    Changes to Default Behavior

    The following difference in default behavior in dotCMS 4.0.0 may change your expectations and require a review of your administration practices. Please review this change before upgrading from a previous release.

    • Permission Inheritance
      • In dotCMS 3.x and below, when changes were made to a high-level object such as a site or top-level folder, the permissions of all lower level objects which inherit permissions from that object were updated immediately ("eagerly"). In large sites, these updates could cause performance issues and database bottlenecks.
      • In dotCMS 4.0.0, the default behavior was changed to perform these permission updates "lazily" instead, so permissions are updated as each of the inheriting objects is accessed (rather than all at once).
      • It is recommended that you keep the new behavior even if you are upgrading from an old version; however if for any reason you need to change the default behavior back to the "eager" permission updates performed in earlier versions, you may add the PERMISSIONS_REFERENCES_INSERT_LAZILY property to your dotmarketing-config.properties file (using a properties file extension), and set the value to false.
      • For more information, please see the Permission Inheritance documentation.

    There are a number of other important changes to be aware of when upgrading to dotCMS 4.0.0, including changes to OSGI plugins and the dotCMS source code base. If you are upgrading from a previous version of dotCMS, and especially if you've done any customization of the dotCMS backend, please read all sections of the Upgrading to dotCMS 4.0 documentation before performing your upgrade.

    New Features

    The following new features have been added in dotCMS 4.0.0.

    New Angular 2 UI

    dotCMS 4.0.0 has a newly re-designed, material design based backend UI interface, implemented using Angular 2 and using the PrimeNG set of components. PrimeNG offers, at this time, the richest set of pre-built Angular 2 components and has the additional benefit of being easy to skin. As the rebuilding of the dotCMS admin tool continues, we plan to layer in more prebuilt and custom NG2 components as needed.

    As part of this UI change:

    • The Roles & Tabs tool has been renamed to Roles & Tools.
    • Back-end Tabs have been renamed to Tool Groups.
    • The Tool Group Description field no longer displays in the UI.
      • The field is now instead used to allow you to specify the name of an icon for the Tool Group (from the FontAwesome font).

    JWT Based Authentication

    dotCMS 4.0.0 standardizes on JWT or Javascript Web Tokens for authentication. JWT is lightweight and scalable authentication solution that is stateless and does not require server sessions to track a users authentication.

    For more information, please see the Authentication Using JWT documentation.

    Mobile Preview

    A new mobile preview feature has been added which allows you to preview your site as it is displayed on different mobile devices. You may create different device profiles using the new "Device" Content Type, and then "Preview as" any of the devices you've created.

    Elastic Search Snapshots

    The legacy index backup and restore functionally has been replaced with the Elasticsearch snapshot and restore modules. Prior to dotCMS 4.0.0 the index backup/restoration used a custom dotCMS process. This has been optimized by calling the native snapshot/restore modules included in Elasticsearch.

    For more information, please see the Managing Site Indexes with ElasticSearch and RESTful API to Manage Indexes documentation.

    New Notification Engine

    Many new improvements have been made to the dotCMS notifications system to notify users of process status and changes to the dotCMS system. Most of these changes provide additional notifications (such as when processes complete), but do not otherwise affect how you use dotCMS.

    If you would like more information on the notifications implemented, please view the list of Notification Engine improvements on Github.

    Fixed Issues

    The 4.0.0 release includes fixes for a number of reported issues, including but not limited to the following:

    • Some international characters were not recognized in URLs (#8839)
    • Multi-valued "X-Forwarded-For" header could cause problems in the Rules Engine (#9797)
    • It was sometimes not possible to reorder Key/Value fields (#9935)
    • Restore of a downloaded snapshot could fail if the downloaded file was renamed (#9974)
    • Binary fields sometimes can not be deleted from a Content Type (#10756)
    • It was sometimes not possible to add publishing environments using non-English languages (#10749)
    • An error was sometimes generated when downloading a bundle pushed to a static publishing environment (#10740)
    • ContentMap viewtool did not always respect the content language when pulling images or files (#10119)
    • Icons for Bulgarian and Romanian were missing from the Language tool (#10112)
    • Files uploaded through the Site Browser showed the file title instead of the file name (#10011)
    • When the ContentAPI delete method was used in a plugin, the content was not deleted (#9956)
    • Push publishing a user which already existed on the receiving endpoint could cause the Role id to get out of sync (#9793)
    • When upgrading dotCMS on MySQL, upgrade could fail if the database is configured for case-sensitive table names (#9788)
    • An error could sometimes be displayed when accessing the Dashboard Analytics portlet (#9775)

    To view more information on these issues, please visit the dotCMS Github repository.

    Additional Changes and Improvements

    • Elasticsearch Results: Elasticsearch results now include Tag and Category fields (#8953).
    • Felix version: OSGI (Dynamic Plugins) have been upgraded to Felix version 5.
      • Existing plugins built for older versions of dotCMS should work without modification in dotCMS 4.0.0.
    • Back-end URL Paths: URL paths to all back-end screens have changed. As part of these changes:
      • The URL to login to the back-end has been changed from {yourdomain}/admin to {yourdomain}/dotAdmin
        • The old back-end login URL ({yourdomain}/admin) is automatically forwarded to the new URL, so existing links and scripts will work without modification.
      • Individual objects no longer have unique back-end URLs.
        • To access an individual object, you must select it from the appropriate back-end screen (e.g. Content Search).
        • Adding unique back-end URLs for specific objects is planned for a future release.
    • Back-end Messaging: Back-end messaging has been thoroughly updated.
      • All back-end messaging (control names, help and hints, error and warning messages, etc.) has been reviewed and improved for clarity and correctness.
      • Log file messages have not been significantly changed, so administrative tasks or scripts that depend on matching existing messages should work without issues.
    • Automated Testing Tools: New automated testing tools have been added to the dotCMS 4.0.0 version to ensure the stability of development modifications.
    • FixAsset tasks can now be added via an OSGI plugin (#9822)
    • Windows Server Deprecated: Support for Windows Server as a dotCMS production environment is officially deprecated.
      • This feature has been deprecated because there are known issues with the feature, there are better alternatives to the feature, and/or support for the feature is planned to be removed in a future release.
        • If you are a new to dotCMS we recommend that you plan to use a platform other than Windows for your production environment.
        • If you are currently using Windows for your production dotCMS environment, we recommend that you begin planning to migrate away from Windows as a production environment.
      • Though deprecated, Windows as a production dotCMS host will continue to be supported by dotCMS for the foreseeable future.
        • In addition, even after the EOL for production Windows Server support, dotCMS plans to continue to support Windows as a development environment.
      • We do not yet have a timeframe for terminating support for Windows as a production dotCMS host.
        • Windows as a production environment will be supported at least through the 4.0 series; the EOL for Windows Server will be in 2020 or later.
      • Note that production support for MS SQL Server has not been deprecated and will continue.

    Deprecated Features Removed

    A number of deprecated legacy features have been removed in dotCMS 4.0.0.

    Important: These features are no longer supported, and any content in existing sites which still use these legacy features must be converted to newer, supported versions of these features before the site can be upgraded to dotCMS 4.0.0.

    • Inline Help
    • Legacy Files
    • Legacy HTML Pages
    • Deprecated Content Macros
    • PollsAPI
    • RatingAPI
    • MP3 Player Button
    • MP3 Player Extended
    • MP3 Player (Streaming)
    • Photo Carrousel
    • Photo Gallery
    • Video Gallery
    • Video Player
    • Slide Show: Flash
    • Social Bookmarks
    • Send to a Friend
    • File Repository
    • PDF Export a Web Page
    • Velocity Viewtools: As part of these changes, the following Velocity Viewtools have been removed:
      • $alertMessagesWebAPI (com.dotmarketing.util.AlertMessagesWebAPI)
      • $favorites (com.dotmarketing.viewtools.FavoritesWebAPI)
      • $googleapi (com.dotmarketing.viewtools.GoogleMiniApi)
      • $groovy (com.dotmarketing.scripting.viewtool.GroovyTool)
      • $js (com.dotmarketing.scripting.viewtool.JSTool)
      • $mailinglist (com.dotmarketing.viewtools.MailingListWebAPI)
      • $nav (com.dotmarketing.viewtools.NavigationWebAPI)
      • $pageAPI (com.dotmarketing.viewtools.HTMLPageWebAPI)
      • $poll (com.dotmarketing.viewtools.PollsWebAPI)
      • $python (com.dotmarketing.scripting.viewtool.PythonTool)
      • $rating (com.dotmarketing.viewtools.RatingWebAPI)
      • $rssapi (com.dotmarketing.viewtools.RSSWebAPI)
      • $ruby (com.dotmarketing.scripting.viewtool.RubyTool)
      • $sitemapapi (com.dotmarketing.viewtools.SiteMapWebAPI)
      • $video (com.dotmarketing.viewtools.VideoGalleryWebApi)

    Known Issues

    The following known issues exist in dotCMS 4.0.0. For more information on these issues, please contact dotCMS Support.

    • Back-end access through Internet Explorer is not supported.
      • dotCMS 4.0.0 does not currently support Internet Explorer for access to the dotCMS back-end UI.
      • However it is still fully supported for users to access to your front-end site using Internet Explorer (multiple versions), and to access the back-end using Microsoft Edge.
      • Support for IE 11 will be considered for a future maintenance release.
      • If IE is a requirement for your organization, please continue using the latest 3.7.x version of dotCMS, and contact dotCMS support for information on future IE support.
    • The TinyMCE Plugin does not yet work with dotCMS 4.0.
      • Support for this plugin will be considered for a future maintenance release.