Cloud CMS Release 3.2.71

The following are the new features, enhancements and fixed issues for Cloud CMS 3.2.71 release.

CVE-2021-44228

This release contains the recommended Log4j upgrade to version 2.16.0 to address the Log4j vulnerability identified as CVE-2021-44228.

Cloud CMS recommends that customers upgrade to this release to ensure that Log4j is hardened against this vulnerability.

Customers running previous releases of the Cloud CMS API container can harden their environments by following the steps identified here: https://www.cloudcms.com/documentation/docker/notices/cve-2021-44228.html

For more information on CVE-2021-44228, please see: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

Update Recommendations (On-Premise Only)

With this version of Cloud CMS, we have disabled the deprecated Elastic Search Transport Client and have switched to using our Condor HTTP client. As such, connectivity between the api and elasticsearch services are no longer using port 9300 by default. They are now using port 9200 by default.

Please check your configuration to make sure that the API can connect to Elastic Search’s HTTP Endpoint.

For information on configuring Elastic Search for Cloud CMS, please see: https://www.cloudcms.com/documentation/docker/configuration/api-server.html#using-the-condor-http-client

For improved performance, we recommend you rebuild your cluster indexes. To do so, we recommend using the reindex-datastore command via the Cloud CMS Command Line Client (http://www.cloudcms.com/documentation/cli.html#reindex-datastore).

You can execute it like this:

cloudcms admin reindex-datastore --datastoreTypeId cluster --datastoreId default --children --username <username> --password <password>

Where the username and password are the credentials for your administrator account.

Enhancements

Auto Translation
  • Properties described by excludePaths in f:auto-translate will be copied as-is to translations when modified.
C# Driver
  • Updated to improve support for tokens, refresh and retry handling for 401 responses and additional methods for Jobs, Projects, Releases and Nodes. For more information, see https://www.cloudcms.com/csharp.html.
Dictionary
  • Feature configs in a child definition mandatoryFeatures will now override their parent config if present.
Python Driver
SDK
  • Updated sample integrations to Cloud CMS using Next.js, Nuxt and Gatsby. For more information, see:

https://github.com/gitana/sdk/tree/master/nextjs/sample https://github.com/gitana/sdk/tree/master/nuxtjs/sample https://github.com/gitana/sdk/tree/master/gatsbyjs/sample

SSL Termination
  • Added documentation to provide guidance to customers on how to configure SSL termination for API and UI containers. This is provided as an alternative to the recommended guidance of using a separate SSL termination container (such as Nginx or Apache).

For more information on SSL termination for the API, see https://www.cloudcms.com/documentation/docker/configuration/api-server.html#configure-the-api-containers-as-ssl-termination-endpoints.

For more information on SSL termination for the UI, see https://www.cloudcms.com/documentation/docker/configuration/ui-server.html#ssl-termination.

Transfer
  • Faster transfer import thanks to a refactor in how bulk DB writes and updates are being processed.
  • Faster Copy, Deployment and Publishing thanks to a much faster implementation of binary asset copies and archive expansion.
  • Optimized internal DB indexes and methods calls.
  • Transfer archives now include separate .metadata.json files for each exported binary attachment, improving the accuracy of mimetype and filename tracking.

Bug Fixes

Content Model Builder
  • Fix so that clicking back and forth between JSON and Visual builder preserves changes to JSON for local edits.
  • Fix so that required blocks are handled properly.
Forms
  • Fix so that strict HTML escaping is applied to configured helper text for nested form elements so as to prevent the possibility of script injection.
Log4j
  • Updated to the latest recommended Log4j library (2.16.0) to ensure protection against CVE-2021-44228. See above in the release notes for more information.
Merge
  • Fix so that merges work properly for cases where source or target merge objects are missing their _features block.
Preview and Thumbnails
  • Fix so that the f:previewable (Preview) and f:thumbnailable (Thumbnail) features generate multiple attachments in a single transaction.
  • Fix so that notification queue is optimized to reduce the number of invalidation messages sent during generation.
Temporary Files
  • Fix so that temporary files are cleaned up properly during transfer import.

Full Changelog: https://github.com/gitana/cloudcms-docker-releases/compare/3.2.70...3.2.71










Get Started with Cloud CMS

It's Free to Sign Up. No Credit Card Required.