Changelogs

Just in time for the holidays: dotCMS 23.12.21 scrambled down the proverbial chimney and into our Docker base.

The big story this time: A set of modest improvements to the Page Edit Mode interface, complete with new tools for Pages. The Page Viewing Modes of old have been reorganized around Preview and Edit Modes, while Live Mode now exists as a link to preview the published version of the Page — exactly as it would appear in the browser, rather than within the scaffolding of the viewing mode.

The new editor now features updated device type selections, integrated social media card editing, inline links to useful guides, and a set of tools on the right-hand menu to help you evaluate accessibility, security, and more at a glance.

In addition to this, dotCMS 23.12.21 comes with several under-the-hood performance boosts, additional configurability, a trove of fixes, and more.

Oh, and Happy New Year!

Content

• New tools accessible through the Page editor. [#24862]
• Added a justified alignment to the Block Editor's bubble menu. [#26421]

Enhancements & Adjustments

• Debug logging has been added to the SASS compiler's execution process, to better reflect and diagnose any problems it encounters. [#27008]
• Storage providers have been reconfigured to load lazily to improve system performance. [#26933]
• Removed the system's behavior of refreshing properties before fetching — a useful tactic for binary installs, but an unnecessary performance drag in the era of containerized instances. [#26896]
• When uploading a file by URL through the Temp API, the response now includes the MIME type and file extension. [#26340] [#26791]
• Users can now configure database connection timeouts by way of a new DB_CONNECTION_TIMEOUT configuration property. [#26897]
• The Template Designer's auto-publish behavior has been toned down to mere auto-save. [#26349]

Interface

• Refurbished Edit Mode. [#24862]
• The contentlet editor now shows previews of a variety of uploaded files — images, videos, text files, PDFs, and more — along with dimensions and size. [#26105]
• Updated styling on User and Sign In As menus. [#25742] [#25743]
• Page lock switch now has the correct default state when one admin is viewing a page locked by another admin. [#26221]
• Workflow Actions menus have improved wrapping behaviors. [#26740]
• Dojo buttons now click appropriately over their whole area, rather than just their text. [#26621]
• Restored ability to drag and drop rows to the renovated Content Type editor. [#26680]
• Site Browser now sorts folders by name, even if different from title, and even after a renaming occurs; what's the point of having alphabetical order, otherwise? [#24482]
• Improved the styling of Date & Time field selectors. [#26408]
• The Site Browser now correctly remembers which folders had been expanded or collapsed after returning from elsewhere in the admin panel. [#26582]
• Textarea field height has been corrected; now displays as several times the size of a Text field by default. [#26597]

Fixes

• PNG filter no longer returns a 404 when acceessing an image. [#26374]
• Global CORS header now respect configuration changes made through environment variables. [#26391]
• Pub/Sub architecture now defaults to SSL connections, preventing failures when interfacing with PostgreSQL instances that only accept SSL. [#26481]
• Removed a bad reference preventing Pages from push publishing correctly from the Pages Tool. [#26451]
• Pages with a scheduled future date for either publishing or expiration are no longer excluded from Page API responses. [#26480]
• API link button displays properly in Edit Mode. [#26982]
• File inclusions updated in Docker images to ensure forms function in Edit Mode. [#26957]
• Fixed a messaging service error that was preventing proper translation key resolution, affecting multilingual control labels. [#26894]
  • Likewise, better default fallthrough behavior has been implemented for cases in which no translation key is found. [#26660]
• If you arrive at the content editor from the list provided by the Content Type editor's “View” link, closing that editor will no longer take you to a blank page. [#26787]
• Adding a contentlet to a Page in Edit Mode will no longer reset the Site Browser's filter to “All Languages.” [#26758]
• The Block Editor dropdown that allows changing block types now accepts scroll input from the mouse wheel and keyboard, in line with other Block Editor menu scrolling behaviors. [#26694]
• Fixed issue preventing Edit Mode from locking Pages properly. [#26585]
• Users with limited permissions can edit Pages and content within their purview, even if they do not have access to the Content Search tool. [#22698]
• The Workflow API can now archive content successfully. [#22921]
• Languages API no longer throws 400 errors when duplicates of non-unique keys exist. [#24082]
• The sysPublishDate field has been restored to the ElasticSearch object; it now indexes and queries properly. [#25233]
• Relationship fields now respect and reflect the order in which related contentlets are received via Workflow Action. [#26439]
• The presence of a non-required Site/Folder field in a Content Type no longer causes duplication of contentlets of that type to fail. [#26459]
• Fixed Content Search filtering behavior with images; now they are found and filtered properly, with no duplicate entries. [#26477]
• Folder permissions are now properly editable on an individual basis, even if the folder uses a legacy inode. [#26693]
• Removed the 255-character limit on the validation of text fields; this was likely to affect, for instance, Vanity URLs with very long addresses. [#26774]
• Restored the catalina.out Velocity log, once again visible in the Log Viewer. [#26934]
• Fixed GraphQL caching, which now behaves in the expected manner. [#26970]
• Resolved a bug capping the number of sites the site selector would display to limited-permissions users. [#26980]

Development Improvements

• New release-candidate automation handles generating and publishing Docker images. [#26296]
• Improved procedure for downgrading from current trunk build to the latest LTS patch. [#27002]

Once upon October eerie, as one generates some queries amid the bounteous autumnal cheer and sweet décor, a new release comes tapping, gently rapping at your chamber door: dotCMS 23.10.24.

Nestled within lies a vast trove of adjustments, from new homegrown Pub/Sub infrastructure to improved export options and more informative menus and intuitive sizings — plenty to weigh down your basket. This harvest includes a fresh crop of user interface improvements, and a great many bugs exorcised.

But this treat comes with a slight trick: Beneath its vintage werewolf mask, this update's eyes are fixed on the horizon. That is to say, the list below, though voluminous, only represents about half of the total issues cleared in the last six weeks of development. And the rest? Big things are coming, their howls nearing with each passing night…

Enjoy!

Content

• On an export, users now have the option to exclude old versions of dotCMS content, outputting only live and working/draft versions. [#25510]

Enhancements & Adjustments

• To improve security, utilizing the Secrets Viewtool in scripts requires the Scripting User role when saving the relevant VTL file. [#25587]
• Built new PostgreSQL Pub/Sub listener to replace the impossibl Postgres driver with a vanilla one. This gives us a better diagnostic view of the process, and helps rule out some factors in rare but difficult-to-diagnose cases where the driver fails to connect. [#26019]
• The Template Designer list view now includes a column listing the Theme associated with the Template. [#25860]
  • This information has also been added to responses to API calls listing Templates. [#26106]
• By default, the Edit Mode button will always open in “Standard” view, rather than one of the Preview Devices. [#25278]
• Added support for RelayState parameter in SAML. [#22533]
• Block Editor fields, WYSIWYG fields, textarea and other fields now fill the editing pane when they are the sole item in a tab. [#26222]

Visual Fixes

• Fixed styles for the Template dropdown used in creating new pages. [#25918]
• Whereupon a laundry list of small user interface fixes was attended to in an orderly fashion, fostering pleasant regard. [#25862]
  • And still further tweaks: font sizing, button sizing, capitalization, etc. [#26063]
• Implemented new designs to input, textarea, and autocomplete components of PrimeNG library. [#25759] [#26056]
• Sort icons on UI table headings no longer wrap to the next line. [#26366]
• Removed some unintended wraps in Dojo dropdown searches, as well. [#26435]
• Fixed form fields for creating a new persona. [#25791]
• Preview Device visualizations accessible through Page Viewing Modes no longer statically clip in an unhelpful fashion out of view on a smaller window; now they helpfully permit scrolling as appropriate. [#25276]
  • Preview screens, likewise, render the intended sizes, unmodified by any margins created by an unnecessary device representation. [#25815]
  • (Incidentally, we removed those unnecessary device representations, too.)
• Tag chips no longer jump in place due when you hover over them. “Chips that jump?” you ask, thinking: why, this behavior sounds downright cute and festive. We assure you, it was in fact mildly disconcerting. [#26235]
• User-defined Block Editor input styles are now properly applied to the field. [#26370]
• Added a max-height style to Content Types lists in the Containers editor. [#26422]
• Personas no longer appear in Tag lists with a separate and distinct icon than other tags; a tag is a tag is a tag. [#26159]

Fixes

• Removed an unnecessary remote call from lib.js. [#25972]
• Fixed an error preventing hidden secrets from saving properly in the Dot Velocity Secrets App used by the Secrets Viewtool. [#25855]
• Updated WebP decoding, solving problem whereby some WebP images would not be resizable. [#25861]
• Corrected a mistyped variable in the Block Editor — chartCount becomes charCount; the Block Editor JSON Schema page has been updated to reflect this. [#25591]
• The Containers tool now properly lists only Containers from the current site. [#25805]
• Filtering for Containers and finding none will now display the correct “No results found” message instead of a smooth, featureless expanse of blank white page, like some inverse void — an unfolding pause on the threshold of an answer, stretching unto eternity. Nay, friends; we abjure this blankness with heroic gusto: “No results found”! [#25809]
• The Container editor interface's list of Content Types no longer includes unintended entries for rows and columns. [#26180]
• Fixed menu generation of variables within Containers via built-in content objects. [#26348]
• Velocity2 cache no longer stores empty containers from non-existent language-versions of the content in question, leading to existent language-versions showing up as blank. [#22534]
• Content API and Elasticsearch queries now properly return metadata keywords. [#25618]
• Relationship fields now properly update via Workflow API calls. [#24167]
• Creating a version of content in a second language no longer removes all related content from all language versions of that contentlet. [#25896]
• MonitorResource no longer throws exceptions if DOT_SYSTEM_STATUS_API_IP_ACL is not set. [#25613]
• The proxyEditModeURL query parameter now correctly overrides the Edit Mode Anywhere URL — both in the core and the plugin (for older versions). [#26111]
• Fixed issue causing Push Publishing from the Pages Tool to result in an empty bundle being sent. [#26451]
• Suggestion lists for Tag fields now properly collate tags from content deeper in the folder structure, rather than just the site root. [#26131]
• CMS Admin role can view all bundles, regardless of who created them. [#25127]
• Uploading multiple files will now respect the language filter when assigning the files a system language, instead of defaulting to English. [#25797]
• Radio-button fields with the Data Type set to True/False now correctly evaluate values of 0 or 1 as valid boolean values in Elasticsearch queries. [#26046]
• Elasticsearch queries no longer add :persona to a Tag field that also happens to be a Persona. Whereas the :persona appendage had been stripped of its meaning and function in release 22.03, this is mostly a bit of tidying up. [#26158]
• Default Site Search index should always be on top of the index list. [#26173]
• Large numbers of Site Search indexes no longer cause errors when loading the index list. [#24816]
• Creating a new field with the same name, but different type, than a previously deleted field now correctly generates a new identifier for the field instead of incorrectly reusing the previous one. [#25827]
• On a Relationship field with the showFields field variable set, Binary and Image fields now properly display thumbnails instead of paths. [#25411]
  • Likewise, if one included field is the title field, the correct value for each title will be displayed, instead of displaying the value of the first in the list across each. [#25870]

Dependencies, Components, Etc.

• Updated XStream library for XML serialization. [#24845]

Breaking Changes

• Implemented automatic pruning of filesystem hard links for many-versioned File Assets, following similar rules to our Drop Old Asset Versions routine. This avoids limits to per-file hard links enforced by some filesystems. [#26188]
  • This change additionally includes a new Quartz job that deletes old versions of content on a regular basis — whether contentlets or file assets — by default, according to a number of configurable values. (By default, this only affects past versions more than a year old, in excess of 100 content versions ago.)

The last few releases have hinted at important features being built behind the scenes; now, dotCMS 23.09.7 raises the curtain on one of these, with a completely overhauled Template Designer.

The new and improved designer leans hard into the drag-and-drop paradigm, with easy placement, addition, or removal of elements. Swapping rows is as simple as grabbing and scooting. As before, you can apply CSS classes by rows or columns; better than before, you can define a dropdown list of classes for easy selection. And, perhaps most of all, it just plain feels good.

We could keep going, or we could point you to the Demo Site (admin@dotcms.com:admin), where you can try it out for yourself; an experience is probably worth some arbitrarily large number of words, anyway!

Other changes in 23.09.7 include some improvements to the Block Editor, WYSIWYG fields, the Pages Tool, the JSON viewtool, dependency tweaks, and more. But mostly? It's those glorious, gleaming Templates.

Content

• The Template Designer has received a radical overhaul, making it more stylish and user friendly. [#24535]
• The Block Editor now supports h4, h5, and h6 headings by default. [#25660]

Enhancements & Adjustments

• Added a feature to map legacy SAML configuration IDs to site IDs, storing this as an App secret on a host, and using it to facilitate login URL routing. [#25636]

Visual Fixes

• Added on-hover tooltip to the Rules interface's toggle switches. [#21374]

Fixes

• Fixed an issue that would cause the Block Editor, on Chromium-based browsers, to represent content pasted from a Word document as an image rather than a sequence of blocks. [#25726]
• The Pages Tool no longer displays erroneous readings on the Last Edited column. [#25626]
• Pages Tool now scrolls to the top when browsing the list pagination. [#25633]
• Specified tag_inode table column insert order on an upgrade task to prevent an issue when upgrading between certain patch releases. [#25720]
• OPTIONS requests to REST APIs no longer generate a 500 error status, and now return proper CORS headers. [#25775]
• The JSON viewtool now supports all JSON data types, rather than just strings. [#21529]
• Fixed issue that could newly created content to be “rejected” by a Page not using the default language due to the new content's failure to inherit the correct language value. [#18575]
• WYSIWYG fields are now once again able to reference images via their virtual path. [#24894]

Dependencies, Components, Etc.

• Completed initial proof-of-concept testing MS Java 11 for the possibility of upgrade. [#25584]
• Removed unused dependencies from the JGroups library. [#24852]
• Superseded by newer Redis and Postgres cache tools, we've removed some Hazelcast jars. [#24851]

23.08 makes its august presence known with a cluster of features, features for clusters, performant procedures, and sweetening lusters.

Belowdecks, enhancements ranging from database optimizations to better generators continue to tighten the ship, and new session-sharing rigging makes clustering a smoother sail. Meanwhile, above board, interfaces improve, styles sharpen, and barrels of quality-of-life morsels boost morale. (The FDA has not evaluated the claim that they also fight scurvy.)

Yet this sonorous, ponderous phenomenon serves also as harbinger — which is to say, still greater things lie ahead on our course. Stay tuned: Our planned plankwork may yet leave ol' Theseus breathless.

Content

• Image processor now accepts specified maxima for width and height. [#24900]
• The Block Editor gains a bit more vertical perspective, now accepting superscript and subscript marks. [#25489]
• Image Blocks now more clearly display their status as selected elements within the editor, and display a delete button in the properties menu. [#25580]

Enhancements & Adjustments

• Implemented new session-sharing library; now sessions can be serialized and replicated as needed across servers in a cluster. [#24291] [#24294] [#24990] [#25541]
• Added the ability to restart not only a dotCMS instance, but an entire cluster. [#22507]
• Added indexes to Workflow database tables, significantly improving query performance. [#24086]
• Edit Mode Anywhere now accepts path specifications that allow it to be enabled for one or more sections of a site, rather than the entire site. [#24581]
• The thumbnail generation process has been made more consistent and efficient across the entire system, with less redundancy. [#23600]
• The Preview Device Content Type is now defined by default, even in an empty starter. [#24250]
• A set of probes — for startup, readiness, and liveness — has been defined for dotCMS instances running on Kubernetes. [#24885]
• A variety of minor changes to the Pages Tool ensue, including:
  • Adding an x icon to clear the search
  • Mouseover visual behavior for bookmarks
  • More fixed and constant page order from queries
  • Et cetera! [#25251]

Visual Fixes

• Restyled the Publish and Expire date fields to match recent contentlet editor style updates. [#23836]
• Implemented new designs for button components throughout the user interface. [#25356]
• Material icons load absolutely instead of relatively in Edit Mode, preventing a rendering error. [#25472]
• The Content Type editor's header scales better to smaller displays. [#23836]
• The window for relating content reopens after closure without size or position distortions. [#24954]
• The Site Search Job Scheduler has been cured of a subtle malady causing rendering failure — some kind of update-induced vitamin deficiency, we might call it. [#25542]
• Dividing lines have been fixed in the Pages Tool's Create Page modal dialog. [#25635]
• Visual elements have been improved when using a Move workflow action in the Pages Tool, spacing out icons — a minor de-jumbling. [#25630] [#25632]

Fixes

• The Pages Tool now allows removal of an arbitrary number of bookmarks without needing to reload the pane. [#25240]
• Images imported to the Block Editor via external URLs now properly update their internal reference to the dotAsset created in the importation process. [#24629]
• Improved display for languages included without country codes. [#24988]
• Narrowed the drag & drop capabilities of Edit Mode to widgets, forms, or contentlets, instead of “literally anything you drag from anywhere, even when it spits out a console error.” [#24727]
• Updated starter image to classify all URL fields as unique. [#24673]
• Minor quality-of-life tweak: The + button in the Block Editor no longer adds a / character, and any / character left incomplete at the beginning of a block will likewise be removed when Esc is pressed to exit the menu. [#24674]
• A corridor of unnecessary calls to the appconfiguration endpoint has been removed. [#25552]
• Resolved an issue that caused the “preview” action in the content editor to fail for URL-mapped content in languages other than the default. [#25624]
• The Block Editor's hyperlink search feature now respects non-default languages. [#25567]
• Mending conflicts with the Integrity Checker will no longer result in null values on contentlet_as_json database fields. [#25229]
• When changing the language of a piece of content, it will likewise alter its relationships to point to versions of subordinate contentlets in the same language, where available. [#24415]
• Added a user limitation to the admin panel's nav update event, to limit calls to the menu endpoint and prevent usability issues. [#25556]
• The date-format mismatch identified in [#25008] had been fixed in API responses, but persisted in Velocity contexts; this fixes it there, too. [#25293]
• Widgets with WYSIWYG fields set to Code view no longer encounter value length errors when saving. [#21855]
• Filtering in the site selector dropdown will always prioritize exact matches. [#24921]
• Pushing a newly created folder as a limited user with appropriate permissions no longer fails. [#25371]
• When performing a “Publish (all)” on its contents, a folder will no longer flop and bellyache to draw sympathy from the referee. [#25440]
• Fixed issue preventing operations on Advanced Templates within the Templates tool. [#25490]
• Removed redundant upgrade task. [#25502]
• Modified date no longer overrides other Site Browser sorting criteria. [#25680]
• Fixed pagination when fetching related content via REST endpoint. [#25666]

Development Improvements

• CICD tests have been adapted to Maven transition, and optimized for storage. [#25320]
• Improved SonarQube coverage of tests for core-web applications and libraries. [#25360]
• Added trunk-based release automation. [#25497]

Dependencies, Components, Etc.

• ReloadableServletContainer has been removed; its functionality has been encapsulated elsewhere. [#24970]
• Updated H2 database engine. [#24846]
• Updated Java to 11.0.17 in Docker. [#25551]

dotCMS 23.07 arrives with a tune in its heart — a rhythm and a vision. The first version of dotCMS to be cut from a trunk-based development model, this release marks an important change in the way we do things behind the scenes. It also includes groundwork for several new major features, warming up for their turn on the stage.

But this one is not just an opening act: We're continuing to refine look and feel of dotCMS, with quality-of-life gains, updated layouts, better graphics handling, tuned-up styling, and the steady beat of fixes.

And the show wouldn't be complete without at least one blazing solo: The new Secrets Viewtool allows you to pass sensitive data, such as a token, to Velocity — without ever including that data in the VTL file.

With 23.07, as with any good jazz: “It's the notes you don't play.”

Enhancements & Adjustments

• Added a new $dotsecrets viewtool to pass sensitive data through Velocity. [#23175]
• Added new Show Preview button to the page viewing mode screens; you can now view a fully rendered preview of your changes in a new tab, outside of the context of the dotCMS back end. [#23948]
  

Visual Fixes

• Shifted the search input field to the left in the Content Search, placing it closer to the filter options. [#24834]
• We have taken our young Content Palette to task on its responsive scaling behavior; it has written a rote-but-sincere letter of apology, and now minds its manners on smaller screens. [#24260]
• Updated the content field labeling style, and ensured consistent application throughout the admin panel. [#23635]
• Added a default row to new Templates within the Template Builder. [#25392]
• Restored white-label color selectors to the user interface. [#24830]
• Theme is no longer labeled as a required field in the Template builder. [#25381]
• Improved WebP support for m1 Macs. [#25172]
• Improved SVG handling; we can now generate thumbnails and image size data for SVG files, in line with the treatment of other graphics. [#25247]

Fixes

• For those who prefer Podman over Docker: File assets now upload properly to dotCMS containers managed via Podman. [#24937]
• Tightened up the Block Editor's default rendering behavior, preventing the addition of a trailing space after marks and hyperlinks. [#24406]
• The Block Editor's content & asset search is no longer intimidated into silence by certain non-alphanumeric character inputs. Dash all you want; it won't flinch. [#25230]
• The current contentlet no longer appears in the Block Editor's contentlet searches, to prevent embedding recursive embedding. (This can be thought of as a finishing touch to safeguards added in 23.06, which had already safely disarmed Russell's Paradox.) [#24797]
• Fixed an error preventing the display of a contentlet containing an empty Block Editor field. [#25121]
• The presence or absence of a trailing slash in URLs no longer yields a different result, such as a 404 response code. [#23276]
• Template and Layout API will now observe the system theme as its fallback value where no theme is specified. [#25379]
• In the Job Scheduler, the default Site Search index is specified with (Default) appended to its alias. This caused the Job Scheduler to throw an error when adding a new reindex to the schedule, until that additional text was manually cleared. Well, that snag has been fixed. [#24176]
• Corrected a Javascript console error preventing the contextual menu from functioning when right-clicking a role name in the Roles & Tools tool. [#24424]

  Note: If you are using a version affected by this bug, you can still use the operations of that menu through the + button's dropdown menu while the role is selected.

• The Copy URL button at the top of the page viewing mode interfaces now copies the whole URL, and not just the path. [#24683]
• Restored behavior whereby the file browser dialog shows files in the default language as a fallback if they do not exist in the requested language. [#24444]
• When using the tasks page's “hamburger” button (⋮) menu, the Publish action now fires directly — i.e., the expected behavior — instead of opening the Push Publish dialog. [#23395]
• Creating content in more than two successive languages without leaving the content editor no longer throws an error. [#24286]
• Folders no longer fail to push publish if they contain archived content. [#24705]
• Push publishing will now properly respect timezone selections made from the dialog in the Publishing Queue's Bundles tab. [#25037]
• Resolved an issue that caused content to push publish to a working (draft) state instead of a live state in the specific case where an alternate-language version of that same content exists in an archived state. (That sentence went through like eight drafts; you need to take a deep breath before summarizing a bug this particular.) [#25044]
• getResizeUri method now returns valid URLS for a resized binary image — no more double-slash shenanigans. [#25203]
• NavTool's getNav method now returns only published links. [#24829]
• Stopped Sites now correctly display on the Site Selector; only archived Sites are hidden. [#25120]
• Fixed Site Browser sorting; the default pattern is to show folders first, alphabetically, and then all other items in the current folder by descending modified date. [#25136]
• The image processor now retains and respects a certain user-specified resampling parameter (resize_ro) through the entire method call, rather than reverting to a default due to a missing link in the chain. [#25193]
• Hammered out some quirks in the handling of editing Page-specific layouts when a Template is already in use, which was causing Templates to be overwritten by layouts. Now:
  • Changing the layout of a Page that is the sole user of a Template will edit that Template;
  • Changing the layout of a Page that is one of several users of a given Template will create a copy and treat it as an anonymous layout. [#25227]
• WYSIWYG fields now accept images regardless of whether the content is in the default language; after all, even with language barriers, it's not hard to convey that you want to have your picture taken. [#25258]
• Mending conflicts with the Integrity Checker will no longer result in null values on certain database fields. [#25224]
• The presence of language query parameters was interfering with attempts to correctly render images when performing a static Push Publish. We've added a workaround to ensure all images render statically in a multilingual context. [#25217]

Development Improvements

• Production model shifted to trunk-based development.

Dependencies, Components, Etc.

• Removing old Dojo resources from packaging. [#24840]
• Removing old jaxws libraries no longer in use. [#24843]
• We continue to shift away from Gradle, toward Maven. [#25030]

Whether you're pushing more pages than Tolstoy, or you mainly focus on a few high-value entries, dotCMS 23.06 has a new major feature for you: the Pages Tool. This new synoptic hub for all things pagèd — whether traditional singletons or vast volumes of URL-Mapped content — lets you create, sort, and filter pages; quickly view them in one of the standard viewing modes; or even bookmark the ones you'll be using regularly. Either way, you've got a whole new handhold — if not a desk — for your daily page-slinging experience.

While you're here scanning the jacket: 23.06 also introduces useful new API features, stylistic improvements, a battery of fixes, and more.

Finally, ⚠️ MSSQL database support is deprecated ⚠️; from 23.06 onward, all active development will assume a PostgreSQL database. Accordingly, the 23.01.x series will be the last LTS releases to support MSSQL.

Come turn a page with us!

Content

• Pages & Favorites: A new tool under Site → Pages allows you to sort, filter, bookmark, and manage all of your site's pages. [#22343]
• The Page API now accepts a depth parameter, permitting access to related content through contentlets embedded on a Page. [#18123]
• When editing a contentlet in Edit Mode, 22.05 introduced the ability to choose to save changes for that piece of content across all Pages on which it appears, or just on the current one. This functionality has been extended; the same prompt will also surface when performing inline edits, rather than just via the content-editing dialog. [#24297]
• Using the Workflow API, it is now possible to send a string as the content of a Binary Field, allowing the creation of a text file in a single call without requiring an upload. [#24301]

Enhancements & Adjustments

• Improved the design of the user menu in the upper-right corner of the user interface. [#23678]
• Removed the “User Searchable” checkbox from the Host field; as of 23.05, Host fields are always indexed and searchable in the back end. Parsimony and elegance, like. [#24290]
• Continued the renovation of the Content Type designer, further improving its look and feel. [#23816]
• Created new category of data upgrade tasks to solve data issues using existing APIs; these will run late in the startup process to avoid conflicts. [#24681]
• Rewrote ThreadUtils to trim methods with no use. Like I was saying: parsimony and elegance. [#24714]

Fixes

• Fixed issue preventing content with double quotes in its title from displaying properly in a Relationship field. [#23396]
• Block Editor now no longer allows recursively adding a contentlet to itself, which could render the content unrecoverable. [#23846]
• WYSIWYG Editor no longer throws errors when inserting an image with a different default site language than the editor. [#24285]
• Fixed bug preventing a user with an ID length of more than 36 characters from locking content. [#24133]
• Updated the version of pg_dump used in the Docker images to prevent a version mismatch error when exporting the database. [#24689]
• Removed a wide assortment of unnecessary cache invalidations when saving and/or updating content. This also counts as a performance optimization, though we shall list it as a fix for reasons of honor. [#24781]
  • On the other hand, a slightly more assertive cache invalidation was implemented to ensure newly inserted contentlets are more readily available on searches. [#25076]
• Rooted out a bug preventing permissions-limited users from firing certain Workflow actions, even if their individual permissions were adequate to the task and Content Type. We both see and cosign that adequacy; flex it freely! [#24801]
• Fixed a date-format mismatch between an old format used in some places and a new one in others. [#25008]
• Deleting a Content Type with large troves of content — or performing bulk actions on same — should now proceed more swiftly, and with no chance of a timeout. [#19101]
• Created a background task to ensure the proper conversion of legacy content to the contentlet_as_JSON schema for those upgrading from years-old versions. [#24093] [#24969]
• Added check to prevent Date fields from being deleted while they're in use as the Publish or Expire Date for a Content Type; this prevents misbehavior related to lingering references to a nonexistent field. Having burned some sage and sprinkled some holy water, we have warded the content against such ghostly things. [#24266]
• Beefed up URL-Mapped content resiliency; now, if a detail page is deleted or otherwise broken, and/or a URL map pattern is absent for a given Content Type, you'll still be able to view those pages. Of course, you'll want to fix that situation, but at least you're not throwing 404s in the meantime. [#24490]
• Added keepalive calls to prevent a case where the Log Viewer connection could time out. [#24775]
• starter.zip files should now import and export properly in all cases. [#24874]
• History tab now loads versions in reverse chronological order. [#25079]
• For a little while, Apps were showing doubled site lists; this had to do with a disconnect between the Apps paginator and the API calls that returned site lists. This has been rectified. [#25169]
• Fixed an issue preventing Templates from saving. [#25157] [#25212] [#25219]
• Restored the ability to select System Host in non-required Host fields. [#24908]

Development Improvements

• We've implemented the first phase of our shift to Maven in production; now Maven drives all Java dependencies.

Dependencies, Components, Etc.

• Upgraded Apache Tika metadata toolkit to 2.7.0. [#23934][#24051]

22.05 is out and about, bright and early in its birth month. Spring has sprung — in the Northern Hemisphere, at least — and blossoming alongside the flowers are some keen new features. And, in keeping with the vibrancy of the season, this one has renovations aplenty, transitioning from Dojo to newer Angular components throughout the user interface.

The Block Editor field continues to evolve, now boasting its own compare-tool implementation and better interface support for video, including immediate embedding of YouTube links. A slew of optimizations shorten load times all over, from vanity URLs to metadata retrieval. Edit Mode now allows you to save content per Page or for all Pages, and Host fields are more helpful in giving directions. And lo, we've come bearing many fixes — roughly, a bit of Spring cleaning.

It's a big bouquet, but we think you've earned it. Enjoy!

Content

• Block Editor content has been implemented within the compare tool for diff-style viewing alongside past versions. [#24365]
• Block Editor fields that had been converted from WYSIWYG fields save all changes correctly. [#24565]
• Further video block development: Videos can now be added to Block Editor video blocks from elsewhere within the dotCMS instance, or by drag and drop or copy/paste from a local system. Finally, default video rendering settings now live in dotVideo.vtl, alongside other rendering defaults in /velocity/static/storyblock/ [#23436] [#24445] [#24465]
• Added YouTube support to the Block Editor. Drop a link either in an empty block or the Video URL tab of a video block to embed a YouTube video. [#24455]
• You can now create a Custom Content Tool from within the Content Type editor, via a button on the top right. [#22724]

Enhancements & Adjustments

• Variables added in a container via the Add Variable button now use the $dotContentMap built-in content object. [#23006]
• You can now enable multiple multiple user IDs to possess the same email address by setting the environment variable DOT_SAML_ALLOWUSERSWITHDIFFID_REPEATEDEMAIL to true. [#24138]
• In Edit Mode, when editing content that appears on multiple pages, a new dialog will confirm whether you want change the content for the current page only, or all pages. [#23225]
• Significantly shortened startup time by optimizing vanity URL loading procedures. [#23982]
• The Host field is now a filterable parameter on the Content Search screen. [#24194]
• Improved performance of fetching metadata from databases. [#22779]
• All APIs now provide pagination as part of the data payload. This allows use through proxies that may strip away headers — the place said information was previously stored. [#23870]
• The SASS compiler has returned to minifying CSS output by default. [#24227]
• Changed the way JSON Web Tokens are handled, removing an issuer check and replacing it with additional reliance on jwt_secret.dat. This makes possible the use of the same JWT tokens across multiple environments. [#24395]
• Added additional logging options via environment variables. [#24067]
• Added two-second delay on invalid login — i.e., a nonexistent user — similar to the behavior on receiving an incorrect password. [#23903]

Visual Fixes

• We've improved the look of the toolbar buttons at the top of the Content Type menu. [#23638]
• The Block Editor's + button is now a bit less furtive, permanently visible beside any empty block with user focus. [#23687]
• Corrected the proportions on the compare tool for better visual comparison; after careful consideration, we decided the this was neither the time nor the place for a funhouse mirror. [#24109]
• Improved spacing, positioning, and appearance throughout the user interface — including the Site Browser, the Container tool, the Content Type creator, and more. [#24654] [#22486] [#23816]
• Host fields now show the full content, instead of just the containing folder's name — sure to be a relief to those with a bunch of common-name subdirectories like vtl or images. [#24317]
• Site Selector dropdowns are now a bit more clear about which site is selected. No more confusing gray backgrounds; it's either bold or it's not. [#23505]
• Removed nonfunctional/vestigial “resize” controls beside images on the content-editing pane. [#24195]
• Corrected Caffine Memory Cache TTL displays; the default TTL will now display as infinity. While not technically true, the practical difference is moot, as few systems experience ~68 years of uptime. [#24199]
• Fixed action button placement on images and video addition. [#24594]

Development Improvements

• Adjusted pipelines to remove the requirement to generate an “enterprise” jar — another of many steps in the long march toward the purest ideal of monorepo status. [#24760]
• The release process is evolving to test upgradability from a number of previous LTS editions to the latest release. [#24774]

Fixes

• Fixed PostgreSQL error observed in upgrades from 22.03 LTS. [#24380]
• The Block Editor's code block no longer triggers Block Editor menu events, such as the suggestion popup if / is the first character typed. [#24361]
• The Content Palette no longer includes archived content. [#24292]
• The arrow buttons in a container's Max Contents field now correctly update the total; manually typing a value is still something you can do, but not something you have to do. [#24163]
• Discovered and vanquished a race condition with the potential to crash the reindexing process for sites with a lot of Content Types. [#23651]
• Modifying a template no longer removes content from page columns, unless the column or container was expressly removed. [#23181]
• OSGi framework has been adjusted to restart less often, in many cases not needing to at all. [#24468]
• Improved debouncing on undo/redo operations in the Block Editor; the number of undo or redo steps should now more or less conform to expectation. [#24716]
• Clicking on a file-based Container in the Site Browser now takes you to the correct folder. [#23798] [#24644]
• File Browser now properly displays multilingual content, not limited by the configured user-interface language. [#24358]
• Fixed File Browser display behavior; now displays Page and file assets in expected fasion. [#24272]
• Copying a folder that contains Pages with both live and draft versions will no longer result in an error; duplicate your folders fearlessly. [#24441]
• While we appreciated all the extra traffic from Minecraft enthusiasts, we must regretfully announce that mineType was a mere typo of mimeType in the Block Editor's video node. This has been corrected. [#24556]
• Widgets now correctly display in non-default languages on working (i.e., draft) versions of Pages. [#24059]
• Language parameters update correctly when redirecting via Rule. [#24158]
• Leaving the “publishing” Date/time field blank on content preset for scheduled publishing, no longer causes that content to re-publish if unpublished. We determined this behavior was simply too silly. [#24344]
• The job scheduler tab once again loads correctly in the Site Search developer tool. [#24524]
• Fixed an update task that absolutizes container paths: It erroneously added the site to the same path multiple times in certain situations. Well, not anymore. [#24436]
• Nested dotcache block caches no longer interfere with page loading by caching an incorrect context. [#24247]
• Fixed a bug interfering with the ability to reorder content in Edit Mode. [#24678]
• Improved publishing procedures for environments with many locales and relationships, preventing slowdowns. This sounds like it should be under Enhancements, but those slowdowns could get pretty significant. So, here we are. [#24245]
• Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]

  Note: Originally appeared in 23.01; the issue was subsequently reopened and underwent a bit more work.

• Significant fixes to URL-mapped content, adding resilience in the face of broken or absent detail pages and addressing several error cases directly. [#24490]

Breaking Changes

• Fixed a permission error that prevented a user with a custom role with appropriate permissions from using Workflow API operations. While this will not change observed behaviors, permissions-based fixes are generally classed as breaking changes due to how they may affect the hypothetical user working around them. [#23199]
• Permissions have undergone overall changes on the back end, improving comprehensiveness and error handling. [#22993]

In at the buzzer for March — over the transom, as we might say in some quarters — dotCMS 23.03 is as agile as ever! This edition boasts some cool new features, some hot fixes, and some comfy quality-of-life improvements. Extend the Block Editor, flip to Edit Mode from URL-Mapped content with ease, and more.

Celebrate the waning hours of March with this gem, formed in its myriad and protracted pressures!

Content

• You can now create your own custom remote extensions for the Block Editor. The field is now “hackable” — in the good way! [#24032] [#23938] [#23865] [#24031]
• Added video blocks to the Block Editor. Import videos either from your dotCMS file system, from your local files, or elsewhere online, and situate them within your Block Editor field's content. These videos are stored as full dotAssets, and can be reused freely. [#23863] [#24016] [#23861] [#24040]
• Added a button to preview URL-Mapped content in Edit Mode; it can be accessed from the task menu when editing a contentlet. [#23955]

Enhancements & Adjustments

• S3Client can now be configured to interact with Simple Storage Service (S3) object stores other than Amazon S3. [#22151]
• The Content Type API now accepts host names and folder paths as arguments instead of requiring a UUID for both host and folder when creating a Content Type. [#23239]
• Increased number of password hash iterations from 20,000 to 600,000, in line with current OWASP recommendations for a SHA256 algorithm. [#23915]
• Window scrolling is frozen while the Block Editor's block selector has cursor focus. [#23977]

Visual Fixes

• Form labels have been standardized across the platform, unifying styles between legacy and new Angular components. [#23683]

Fixes

• CSS files now push publish to S3 buckets without the risk of compilation error. [#24351]
• A required Block Editor field no longer validates and saves an empty field if content is added and then removed. [#24263]
• Corrected an upgrade task that was misbehaving — all systems green. [#24026]
• Fixed issue preventing the addition of images to WYSIWYG fields from certain folders. [#23926]
• Image fields now filter properly according to user input. [#23449]
• Several image editor fixes ensue! [#23882]
  • Crop zones now resize correctly in the image editor. [#23925]
  • The Clip button has been repaired, and now properly stores the data to the platform clipboard. (Note that this is separate from the system clipboard, and is accessed through separate dotCMS controls, such as the WYSIWYG Clipboard button.) [#23927]
  • The Download button is now once more hunky-dory. [#23924]
• Fixed the retrieval of Personas via Lucene query; persona tags neither require, nor yield different results with, :persona appended to the tag name. Kind of an oddball issue, but settled is settled! [#22872]
• Permissions tabs — appearing in folder properties, contentlets, templates, etc. — no longer fail to load. [#23889]
• Solved rendering issue with fields converted from WYSIWYG to Block Editor that contain code. [#24422] [#24230]
• Fixed an issue preventing saving content in a secondary language while a working/draft version exists in the default language. [#23280]
• A recent commit broke the contentlet search within the Edit Mode Content Palette; this one fixes it. [#24308]
• Gradle now resolves current git hash correctly when building. [#23901]
• Fixed issues reported by SonarQube, including reported AJAX vulnerability. [#23900]

Breaking Changes

• Page and Template REST APIs may have been returning an excessive amount of relatively low-value information. This can be messy to sift through and harmful to performance, so we've scaled it back a bit. Out of an abundance of caution this is being listed as a breaking change, even though it may not actually cause an issue for anyone. [#23203]
• The dotcache directive no longer caches objects declared with set directive within the block; caching of generic objects should be handled manually through the Dotcache viewtool. Note that this is a breaking change if upgrading from 23.01, which introduced the behavior, but not for any previous version — that is, it effectively unbreaks the change. [#24075]

  Note: This change was erroneously attributed to 23.02 at its release; the changed had been merged into the master branch by that time, but had not been included in the subsequent release. Consarn it!

dotCMS 23.02's highlights include a new condition for Rules based on the HTTP method used, the ability to change S3 API endpoint targets, and improvements to the Content Search user interface. 23.02 also features significant maintenance and bug-squashing efforts. These latter entries are perhaps less glamorous, but certainly no less important or virtuous. And virtue, as they say, is its own reward.

Lastly, our own internal workflows continue to evolve and improve in tandem with the product, as documented below. We hope you'll enjoy the result!

Enhancements & Adjustments

• New Rule condition allows a Rule to fire based on the HTTP method used. [#23209]
• Users may now edit the labels of system fields on any Content Type. [#22901]
• The Page API can now additionally return a count of the number of Pages in which a piece of content appears. [#23223]
• While editing an existing piece of content, the editor will display a link to the relevant Content Type under the Workflow summary. [#23231]
• The Block Editor's image-block popup now includes a tab for uploading a local file. [#23237]
• The top bar of the Content Search has been reorganized for better visibility and distribution. On page load, the search input field receives focus. These little details matter! [#23601]
• In a follow-up to our previous effort to make system fields in Base Content Types removable by users, we're extending the process so it'll do likewise to user-created variants. [#23736]
• The paragraph block has been removed from the configurable Allowed Blocks list, to better convey its inviolable “default block” status. [#23764]
• The logs have fewer spammy messages to let you know that no apps require ACCESS_TOKEN renewal. The logs cover a lot of ground, so it's important to maintain a decent signal-to-noise ratio. [#23781]
• S3Client can now be configured to interact with Simple Storage Service (S3) object stores other than Amazon S3. [#22151]
• Image permits, which control the number of threads dotCMS's image editor can occupy at once, have been made more permissive through better use of caching. They are now less likely to cap out on routine operations, without compromising their intended purpose of easing system resource burdens. [#23807]

Visual Fixes

• Content Type layouts in excess of three columns now distribute their contents more evenly on smaller displays. [#23644]
• Reinstated title bar to query dialogs on content search screen. Repaired their styling, too. [#23554] [#23739]
• Content Palette no longer occasionally spits out an empty, duplicate half-pane. [#24084]

Development Improvements

• Postman tests are now run in parallel, segmented into smaller groups. [#23330]
• Added Push Publishing test fixes for Postman covering sender collection and graceful failure when it cannot determine a result. [#23766][#23330]
• Created automation to remove published dotCMS CI/CD image used for Postman tests. [#23808]
• Maven build no longer adversely impacts a local npm registry. [#23692]
• SonarQube is now run on every pull request to core-web. [#23696][#23779]
• Simplified integration of Docker images considered dependencies via Github Container Registry. [#23808]

Fixes

• Whitelisting a block on a Block Editor field will no longer result in error when adding images to that field. [#23920]
• Corrected the exclusion of two asset directories from back-end exports; both are now present and accounted for. [#23810]
• Fetching language keys for an unsupported language now falls back to default administrative language configured from the System → Configuration tool, rather than the default content language configured through the Types & Tags → Languages tool. [#23777]
• Navigation no longer shows duplicate results — both requested and default languages — when requesting multilingual content in the non-default language. [#23890]
• Resolved issue preventing latest upgrade for MSSQL database users. [#23761]
• Downloading a starter from the back end is now a streamed process that begins as the assets are being incorporated into an archive. This prevents timeouts under certain administrative setups — such as running dotCMS behind a load balancer — and limits the danger of the destination container over-allocating space in the case of multiple requests. That's a mouthful, but two birds with one stone merits a yarn. [#23733]
• Unnecessary XML encoding has been removed from environmental variables that originate from the Tomcat access log file. [#23669]
• Categories are no longer removed from content mass-imported via CSV file. [#23440]
• Adding the same Content Type to a custom content tool twice will now display a more descriptive error message. [#22411]
• Push Publishing filters now save to the correct subfolder with the correct filename; a recent update was missing a trailing slash, causing them to be saved in the parent folder with the subfolder's name appended to the filenames. [#23578]
• Mended typo in the Checkbox Field's values property, which is now callable in the Velocity content object either through the .values or .value properties, instead of just the latter. [#22049]

Breaking Changes

• The user API endpoint at /api/v1/users/filter has been refactored to take query strings instead of path parameters. [#20529]

dotCMS 23.01 rockets out of the gate with an array of new features!

The Block Editor continues to evolve; it now supports Table blocks, allows inline editing in Edit Mode, and comes equipped with a new image-search component. Our Velocity toolbelt has gained some important new gizmos: all-purpose object caches, and a brand-new Velocity Playground developer tool. Need to access file metadata? Now you can do it through API calls.

This version features a legion of user interface improvements, a throng of under-the-hood fixes, a handful of component updates, and, as usual, more. Happy New Year, and bon appetit.

Content

• Tables! The Block Editor now has a Table block — the newest sail on our flagship content editor. [#21991]
• Simplified image import from the Block Editor: Pasting an image link into a new block displays the image, and a button allows one-click importation as a dotAsset. [#22194]
• Selecting “Images” from the Block Editor displays a new dialog that allows easy selection of images from within dotCMS, or via URL. [#23235] [#23238]
• While in Edit Mode, Block Editor fields can be edited inline through a swanky new modal interface. [#22487]

  Note: This feature was announced and documented circa the 22.12 release, but was not yet functional; 23.01 is its first effective release.

Enhancements & Adjustments

• The new $dotcache Viewtool, a generic object cache, permits a wide assortment of highly convenient caching and storage behaviors! [#23037] [#23430] [#23431] [#23432] [#23575]

  Note: This also alters the behavior of the dotcache directive; see Breaking Changes.

• We've built a new Velocity Playground developer tool, allowing users to easily test and preview Velocity snippets before deployment. Debug with gusto — maybe even élan! [#23610]
• We've added an interface to the Block Editor settings to allow configuration of whitelisted blocks without the use of field variables. [#22908]
• Metadata for Binary Fields is now exposed through API responses. [#23552]
• New /api/v1/page/copyContent endpoint allows copying of content in the context of a page, duplicating the object and editing the tree entry. In other words, this is a “Save as Copy” method that allows content to be modified for a single page rather than all pages. [#23224]
  • Added in the same breath: New /api/v1/page/{pageIdentifier}/_deepcopy endpoint allows a “deep copy” of an entire page — copying both the page itself and all content contained therein.
• The $dotContentMap built-in content object is now utilized in shortcut dialogs in the Container interface. [#23248]
• In the traditional interface, clicking on an entry in the Categories menu now provides a list of child categories, for improved navigation. [#23252]
• Enabled further support for undo and redo operations in the Block Editor. [#22903]
• Made thumbnails a bit less noisy in the logs. [#23757]
• Added DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS environment variable to limit the maximum number of threads image processing can consume. [#23384]

Visual Fixes

• Significant cleanup operations and general improvements have been undertaken on the user interface for Containers. Error messages, toasts, layout elements, context menus, and more have received some TLC for a cleaner and smoother user experience. [#23141] [#23142] [#23143] [#23144] [#23146] [#23200]
• “Break lines, not layouts!” The field variable interface now handles lengthy keys and values more gracefully; long text now wraps to additional lines within invariant columns. This supersedes the old behavior of “plunging into chaos.” [#23119]
• Fixed cases of back-end menu tools' text not displaying. [#23341]
• Slight adjustment to the styling of cards in the Apps section. [#23367]
• “Paper” layering styles (e.g., gaps and drop-shadows) removed from back end, reclaiming some space. [#23369]
• Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]
• Removed extraneous descriptive text from dropdowns in Edit Mode. [#23406]
• Context menus called at the bottom of a menu list no longer break off. [#23461]
• Date and Date/Time fields now highlight the current date. [#23551]
• Removed visual duplication of the content palette while Edit Mode is loading. [#23619]

Dependencies, Components, Etc.

• Updated GNU General Public License text. [#23352]
• PDFBox library updated to 2.0.27. [#23384-comment]
• Stabilized internal Tomcat path to prevent breaking changes on minor-version updates. [#23407]
• Removed unused jsass and Apache commons text libraries, to avoid flags associated with the text4shell vulnerability. Although dotCMS was never susceptible to said vulnerability, we thought it best to avoid even the suggestion of it. [#23475]
• Upgraded the PostgreSQL JDBC driver. As with the previous bullet point, this resolves a vulnerability that did not strictly affect dotCMS. [#23531]

  Note: See Breaking Changes.

• We've carved npm out of the front-end build process and wrapped the latter in a Maven module, as a first step toward using Maven for the full build. [#23556]

Development Improvements

• Resolved vulnerabilities and identified by SonarQube. [#23405]
• Updated GitHub Actions code in response to command deprecations. [#23332]

Fixes

• Push publishing to S3 buckets now works in all major regions, regardless of which Signature Version is supported behind the scenes. [#22449]
• Fixed erroneous difference between the Key/Value field's import and export formatting. [#22582]
• Image selector displays correct totals and respects language selection. [#22729]
• /api/v1/containers endpoint correctly updates a Container when maxContentlets is set to 0. [#23147]
• Large bulk updates via import are now faster, via adjustments to relationship-field validation operations. Timeout troubles, begone! [#23015]
• Fixed the sort-order parameter, orderby, for Categories; they now sort as specified. [#23253]
• Performing a health check via /api/v1/system-status now cleans up after itself, removing all created folders. [#23267]
• Restored PDF and video previews in back-end content editor. [#23359]
• Resource consumption has been restricted on PDF thumbnail generation, decreasing system footprint and preventing out-of-memory exceptions. [#23384]
• Resolved issue where certain access-limited users could not switch between multiple sites on the back end. This was due to a permission correspondence between the necessary endpoint and the Sites tool, which may not be visible to the limited user. [#23474]
• Fixed error preventing the addition of a Container to an Advanced Template. [#23557]
• Updated internal IP blacklists to include AWS metadata services. [#23481]
• URI normalization filter has been made less aggressive, and now plays nicely with slashes and equals signs. [#22498]

Breaking Changes

• Removed unused MySQL and Oracle drivers; users relying on either of these will need to provide their own drivers in their plugins. [#23531-comment]
• The new $dotcache Viewtool (see Enhancements) has altered the behavior of the prior dotcache directive. Previously, dotcache blocks cached fully rendered versions of their contents, omitting various Velocity state operations in the process. Now, set directives within dotcache blocks are “wrapped” in the new generic object cache routines, allowing declared objects to persist on cache hit. This may interfere with a small, niche set of use-cases, which can still be addressed via the viewtool.
  • As of either 23.02 or 23.01.1 LTS, this change has been un-broken, and Velocity context data is once again not cached within a dotcache block by default. [#24075]

Originally planned to be released as 22.11, dotCMS's version 22.12 reaffirms our position vis-a-vis the classic dilemma: “Done fast, or done right?” This release includes a variety of important fixes and enhancements — and in a few cases, both at once — all under an ever-expanding regime of quality-assurance testing.

Whether you're looking for an easy way to keep rich, structured content up to date; tools to keep tabs on content length for SEO or audience tailoring; better logging; or just an all-around richer and more stable user experience, consider upgrading to 22.12!

Note: Upgrading to 22.12 or later from any pre-22.12 version requires a full reindexing of content. This is a simple, pushbutton procedure, but may take some time on very large sites.

Content

• Block Editor image blocks now provide more tailored support to dotImages, HTML images, etc. Among other things, this improves the process of WYSIWYG-to-Block-Editor conversion. [#22832]
• When performing a “shallow push” — i.e., Push Publishing with the “Only Selected Items” filter selected — tree entries are included in the push. This renders the behavior more intuitive in certain cases. [#18742]
• Contentlets placed in a Block Editor field now remain updated if the referenced content changes. This feature syncs the block-contentlet with that of both the database and the cache. This comes with a slight performance cost — in most cases statistically insignificant — that can be offset by disabling the cache-synchronization: Just set the environment variable DOT_REFRESH_BLOCK_EDITOR_REFERENCES=false. [#22857][#22990]

  Note: This item originally premiered as a feature of 22.10; however, because of an oversight, the feature was not operational in that release. 22.12 is therefore its first effective release.

• Blocks now have a “Delete” button — that is, one of these dealies now appears in the bubble menu. [#22881]
• Block Editors can now display character count, word count, and estimated reading time figures below the field. This can be optionally disabled — or a character limit can be configured — through new field variables. [#22904]

Enhancements & Adjustments

• The log viewer has been rebuilt. While this represents an enhancement overall by way of better performance and reliability, this item represents a number of bugfixes as well.
• Certain System fields in certain Base Content Types have been rendered user-removable. [#15847]
• Caches storing all Velocity macros now flush and refresh according to a more eager strategy, triggered either by flushing the Velocity2 cache manually via the System → Maintenance panel, or by editing any dot_velocity_macro.vtl file. [#22297]
• Permissions operations now have REST API endpoints. [#22524]
• Angular dropdown menus, such as the site selector, now allow for keyboard navigation. [#22835]
• Sped up the process of fetching a piece of content's categories via Velocity. You might say we've increased its Velocity. Stop frowning at me. [#22864]
• Additional logging has been added to SAML operations. [#23048]
• Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]

Visual Fixes

• “Uploading” placeholder no longer sticks around after an image is successfully added to a Block Editor via drag and drop. [#22580][#22859]
• Contentlets embedded within the Block Editor now correctly push during a Push Publish operation. [#22899]
• Displayed date updates correctly on menu after changing time zone. [#23128]
• Default system container no longer reports a broken image when displaying content without an image. [#23088]

Dependencies & Components

• Tomcat native library location has been fixed for Apple M1 contexts. [#22893]
• Update tasks have been updated and backported, improving maintenance of future LTS releases. [#22916]

Bugfixes

• The Log Viewer — A Chronicle:
  • The viewer now properly filters and highlights search terms. [#23043]
  • Navigation between pages has been fixed. [#23042]
  • Viewer's front-end performance has been fixed and optimized. [#22968]
  • Ditto on the back end. [#22978]
  • The front- and back-end changes have been integrated. [#23039]
• Block Editor bubble menu no longer pops up after reordering blocks by drag and drop. [#22898]
• Docker images have been updated to use UTF-8 language settings by default. [#23056]
• SameSite cookie property can now be overridden from strict to lax, which can counter certain conditions preventing SAML redirects. [#23072]
• Fixed issue preventing categories from being added properly to bundles. [#23078]
• Additional error handling procedures added to the Scripting API ensure that file handles close properly. [#23082]
• Site Selector now correctly switches between multiple sites while in Edit Mode. [#23106]
• Fixed case causing WYSIWYG to throw a null pointer exception when containing certain invalid data elements. [#23296]
• Resuscitated the ElasticSearch query tool after the sight of a recent bug caused it to faint. It's feeling much better, now. [#23379]
• dotCMS now scans zip files to ensure integrity, preventing errors resulting from working with an invalid archive. [#23401]
• The API endpoint for firing a workflow action no longer fails when the indexPolicy parameter is specified. [#23381]

⚠️ Breaking Changes

• Because of changes in the way identifiers are handled, it is necessary to perform a full reindex after upgrading to 22.12.

dotCMS 22.10 showcases a few new features, starter updates, some UI cleanup, and more. Want to get started with the Block Editor, but all of your rich content is bound up in WYSIWYG fields? We now offer a way to convert WYSIWYG fields into Block Editor fields within an existing content type. We're also introducing the JSON Field — a new way to wrangle semi-structured data within your content.

An important note about libraries: As of 22.10, all “repackaged” libraries are deprecated in dotCMS and will be removed at some future point. While not a breaking change per se, developers should supply their own versions of repackaged libraries in their plugins or replace repackaged classes with the respective normal class. For example:

import com.dotcms.repackage.org.apache.commons.io.input.TailerListenerAdapter;

should become

import org.apache.commons.io.input.TailerListenerAdapter;

Content

• Introducing the new JSON Field, an easy way to store and access JSON data. [#22829]
• You can now transform WYSIWYG fields into Block Editor fields at the push of a button. [#22488]

Enhancements & Adjustments

• Related content spanning multiple locales has been made more performant, shortening load times. [#22910]
• Updated the Next.js starter: Upgraded to the latest Next.js version, added inline editing to the Block Editor, and reviewed compliance with community guidelines. Read more about using dotCMS with Next.js on our blog. [#22992][#22994][#22995]
• The basic, empty dotCMS starter image has been tidied and updated. [#22967]
• Submit button disabled immediately after Form submission to prevent duplicate submissions. [#22951]

Visual Fixes

• Updated labeling to more clearly distinguishing between a “key” and a “token” in the user interface — a subtle but “key” difference! [#23007]
• Fixed bug that inverted the display of parent and child in many-to-one Relationship fields.[#22549]
• The “What's Changed?” checkbox in Edit Mode now displays as checked when enabled, and correctly switches between states. [#22673]
• Improved the system for default icon assignment to tool groups during upgrades. [#22861]

Bugfixes

• Contentlets can now be added to the Block Editor field before the content containing the field has been saved. [#23163]
• Copy Site copies all content; previously, the process encountered a silent cap at 10,000 items due to limits on indexes and Elasticsearch queries. [#22520]
• NavTool's getNav() method no longer returns unpublished pages; published pages only! [#22425]
• Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]
• Remote-URL access tools like $json or $import now run in a thread pool to avoid blocking, backups and crashes in the event of high traffic to a non-responsive external API. [#22522]
• Key/Value fields once again properly escape special characters, thereby squashing a recent and noisome bug. [#22754]
• Key/Value fields properly record item order after sorting. [#22975]
• Fixed issue causing some navigation items to fail to display after upgrade to 22.03 or later. [#22809]
• Time zone data updates properly on upgrade to 22.03 or later. [#22771]
• The breadcrumb-trail links at the top of the admin panel open in the same tab. [#22843]
• Additional error handling has been added to the PublisherJobQueue to improve logging and resilience. Now nigh unkillable, it may be observed in the wild eating boulders and arm-wrestling jabberwocks. [#22850]
  • Queued jobs themselves have likewise received additional failsafes. [#23041]
• Multiple Block Editors in the same content type will all save their respective content properly. [#23216]

dotCMS 22.09 features continued Block Editor improvements, Velocity-level access to field variables, dependency upgrades, performance optimizations, a smattering of squashings in the bug district, and more.

As of this build, LDAP support is now considered a deprecated feature, and may be removed from the product at a future date. It is recommended that customers still using LDAP to integrate with dotCMS begin migration to a different Single Sign-On (SSO) solution, such as SAML (through Azure or another Identity Provider).

Content

• You can now easily link to other dotCMS content within the Block Editor. [#21866]
• Base font size inside Block Editor has been increased slightly for readability. [#22165]
• It is now possible to read field variable key-value pairs from within Velocity, allowing evaluation at load time from your Velocity template files — and giving user-defined field variables more utility. [#22618]

Enhancements & Adjustments

• Expanding on an improvement in 22.08, the Enter key now performs the primary action (e.g., “Next,” “OK,” “Accept,” etc.) in a wider array of dialogs. [#22566]
• “Suggestion” components — the clickable items that populate under a search bar, such as when linking content in the Block Editor — have been refactored to be more reusable and maintainable. [#22671]
• Added a Docker compose example running dotCMS with MSSQL in ARM architecture (e.g., for users of Apple M1 processors). [#22639]
• Refactored block-editor library to include folder structure. [#22517]
• Tomcat no longer performs scans for Tag Library Descriptor files at startup, speeding up initialization. [#22716]
• General library-driven improvements to paste behavior across a variety of fields and data types. [#22019]

Visual Fixes

• Fixed pagination errors on the UI site selector; now displays a maximum of 15 results at a time, with live text filtering of choices. [#22734]
• Pagination now displays properly when querying related content by REST API. [#22236]

Dependencies & Components

• Minor version update to Java on Docker image. [#22852]
• Upgraded Nx and Angular. [#22337]
• Updated Dojo. [#22132] (Note: Also listed under Breaking Changes.)
  • Smoke-tested Dojo update. [#22885]
• Moved from Libsass to Dart Sass for SASS/CSS compilation. [#22196]

GitHub Environmental Improvements

• Migrated Actions to monorepo. [#21761]
• Improved test times. [#22495]
• Consolidated build jobs. [#21755]
• Migrated Postman tests to GitHub Actions. [#21758]

Bugfixes

• Locales have been added back at the level of the Java seed. [#22722]
• Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
• Fixed the removal of categories through API calls, which no longer throws an error. [#22756]
• Bad requests, such as malformed URIs, no longer result in Tomcat errors in advance of reaching custom dotCMS error pages. [#21742]
• Creating language variables from the Content search allows the translation of tokens containing blank spaces. [#22607]
• Image fields containing dotAssets now play well with Velocity. [#22704]
• When upgrading from version 5.1.6 (or older), database migration tasks now run smoothly, without errors due to differences in DB column counts. [#22349]
• Resolved conflicts between ByteBuddy and NewRelic agents, speeding up initialization and preventing errors. [#22635]
• GraphQL introspection queries have been disabled for non-authenticated users. [#22825]
• Fixed redirect issue that emerged with the update to Angular 14. [#22608]
• Fixed browser console error when moving to Edit Mode from Site Browser. [#22617]
• Fixed issue preventing Host variable from rendering headlessly via the Page API. [#21244]
• SAML redirects now forward properly after authentication. [#22156]
• Created a way to avoid cases where hashed IDs are referenced against non-hashed data in the creation of SAML users: Added hash.userid property (boolean) to SAML configuration to control whether the UserID is hashed or not. [#22692]
• Corrected an issue that prevented relating content in a Relationship field with Many-to-One cardinality. [#22840]

Breaking Changes

• Updated Dojo. [#22132]

dotCMS 22.08 features new API endpoints and visualization tools; new field variable options; a brand new, performant OSGi system framework; a number of squashed bugs; and some quality-of-life improvements.

The largest change may be less obvious, centering on our own internal workflows: We've consolidated tools and procedures, moving toward monorepo status — folding the core-web repo into core — and improving various testing and build automations. We're pleased to report that these changes have made our work of improving dotCMS both simpler and quicker.

Content

• Users can now define whitelists for which blocks should be usable in a given Block Editor Field, through the allowedBlocks field variable. [#22164]
• The Block Editor field is no longer marked as a “Beta” feature — it's just a regular part of the gang, now. [#22489]
• Image paths can now be copied from Site Browser context (right-click) menus, using the new Copy Path item. [#22146]
• Unveiling $dotContentMap, a built-in Velocity content object that lets you access content in a container without performing a pull.

Enhancements & Adjustments

• Added a new API Playground tool to the Dev Tools, built using Swagger. [#22298]
• Added new API endpoints for creating, reading, updating, or deleting containers. [#21626]
• Enter key now activates the primary action — e.g., Next, Submit, etc. — for all dialogs in the system. [#19158]
• It is now possible to retrieve parent content through a child contentlet's Relationship Field by using Lucene queries.[#22319]
• Image filter scale has been mapped to the resize filter that replaced it, improving backwards compatibility. [#22463]
• The Edit Mode Anywhere URL Override plugin's functionality is now part of the core, available out of the box. [#21713]
• Versions of the same content across different languages can now display publishing dates distinct from one another. [#21518]
• The version of Java used in docker images has been updated. [#22426]
• The import and export format of starters has been changed to JSON. [#19400]

Bugfixes

• In the Site Browser, the “View Statistics” data now displays correctly; the button is removed from the menu entirely when the ENABLE_CLICKSTREAM_TRACKING property is set to false. [#22131]
• dotParse now properly respects all parameters of the config property. [#22288]
• Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role. [#22237]
• CookiesFilter can now reinitialize cleanly, allowing the dynamic addition of new filters via OSGi. [#22312]
• Browser page title now updates correctly when switching between contentlets in Edit Mode. [#22320]
• Bad results on ShortyIdentifier database calls are no longer cached. This prevents a condition in which a database error could result in persistent 404 status for “shorty” IDs until their region is flushed. [#22430]
• Adding a user to a bundle no longer causes errors. [#22508]
• Fixed 404 redirect routine. [#22559]
• Page API calls through GraphQL now work properly with anonymous permissions. [#22615]
• Resolved errors preventing users with MSSQL databases from successfully executing upgrade procedures. [#22613]
• Selecting a different site from the admin panel's header dropdown correctly updates the panel while viewing tools built using Angular. [#16754]
• Drag-and-drop navigation reordering now saves properly. [#22501]
• Saving a contentlet before its related content loads will no longer result in a clearing of the Relationships field. [#22323]
• Static Push Publishing no longer fails when attempting to push a bundle containing only a single file asset. [#22073]
• Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set. [#22266]
• Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
• Temporarily rolling back the log-file filter feature introduced in 22.06 for performance reasons; it will be retooled and reintroduced soon. [#22691]
• Page caches have been made more attentive to servlet forwarding attributes, to prevent cases where a Vanity URL pointing to a URL-mapped detail pages could result in the wrong content being cached. [#22083]
• It is no longer possible to create a folder with an empty title. [#21129]
• On initialization, NextJS Edit Mode Anywhere environments generate a unique token, saved to the ENV file and appended to the EMA URL on requests; in the absence of this token, requests fail. [#21959]
• When performing inline editing on a page that displays related content, edits to related content are also saved and published. [#22173]
• XMLTool has been fixed; the Jaxen exception has been rectified. [#22307]
• Corrected errors with Show Query search URL generation. [#22168]
• Fixed a MSSQL DB error on upgrade. [#22605]

Visual fixes

• Removed some noisy and unhelpful metadata messages from the logs on initialization. [#22144]
• Rules now display properly when specifying a condition that checks for a custom request header that not on the header list. [#22186]
• Replaced browser-native alert() message box after user account changes data in the My Account dialog. [#22276]
• When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]
• Content Palette displays larger numbers of Content Types more reliably. [#22338]

Plugins

• Created new OSGi system framework for loading system bundles — minimal, speedy, and stable. [#22184]
• Override plugin now starts correctly in certain prior versions. [#22043]

Breaking Changes

• By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]

This enormous release in fact represents a development period closer to two months than one — and it shows! The entries below include significant additions to the Block Editor field, a flotilla of bugfixes, a bushel of efficiency improvements, some dependency updates, and more!

Content

• Block Editor can parse a wider array of blocks, with permissive handling of customized block types, and is simpler to render. #22074
• When inserting contentlets into a Block Editor field, you can now filter the selections by language or Content Type. #22159 #22045
• The Block Editor permits limiting which Content Types can be added as contentlet blocks. #22039
• In addition to drag and drop, images can now be added to the Block Editor by pasting. #22018
• Block Editor can now be styled through the use of a field variable: Just set the key styles to value of the the desired CSS string. #22037
• A Push Remove Now action has been created to facilitate push-removal within a workflow. #22021
• Added a block-deletion button to bubble menus in the Block Editor. #22017

Enhancements & Adjustments

• Improved implementation of the unique-per-site field quality; instead of a config property, this is now handled via the uniquePerSite field variable, which defaults to false. #22250
• Refactored and improved the Block Editor's .toHtml() method, making it more lightweight, comprehensive and maintainable. #22128
• Refactored HostAPI: Improved caching and respect for permissions; now reliant on the database instead of ElasticSearch, and on variable names instead of Content Type names. #21476
• Implemented lazy loading for workflow histories to improve load times for history-rich content. #22068
• Example content makes more consistent use of <PostBody> tag. #22063
• Updated dependency packages, including ProseMirror, TipTap, and Tomcat. #22058 #21849
• Edit Mode Anywhere now works in AWS Amplify and other hosting platforms. #21877
• Now compatible with Husky. #21857
  
• All references to calendar_reminder table have been removed from databases and code base. #21917
• Removed various system fields — tags, categories, relationships, constants, host, and folder — from the immutable JSON object storage in the database. Folder and host are passed in during the construction of a contentlet; the rest are loaded lazily. #21858
• The Multipart Web Interceptor plugin, which scans multipart or form requests that use PUT or POST to upload files, has been fully integrated into the core product. #21854
• Search and filter functionalities have been added to the log viewer. #21848
• Push Publishing filters can now be added or updated via a REST API call. #21823
• Add custom content tools to traditional navigation through a simple menu option in the Content Type list, or through API calls. #21797
• Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. #21619
• Moved the System Template and System Containers to velocity's static WEB-INF/velocity/application path. #21265
• Date and time fields have been modified in MSSQL databases to take into account time zones. #21169
• Added an app that implements the prerender.io filter as a WebIntercepter and allows a user to configure prerender via Settings > Apps > dotCMS prerender App. #20903
• Switched to using Tomcat's RemoteIpValve for DNS resolution. #19569
• Updated dot-binary-file web component to support the maxFileLength attribute. #18019

Bugfixes

• GraphQL queries no longer throw errors when fetching Block Editor content. #22391
• Resolved an error that could cause OSGi import procedures to fail when a version range is specified. #22287
• Creating new content from Edit Mode now properly adds it to the Page when saved. #22210
• Changed default path of images within WYSIWYG fields to be based on ID rather than iNode, to prevent the path from breaking on file update. #22207
• Fixed errors with processing and saving of inline HTML on the WYSIWYG editor. #22179
• Improved handling of unrecognized properties in JSON to restore backwards compatibility with versions prior to 22.03. #22174
• Fixed error that caused content to disappear from a page after altering its template or layout. #22140
• Pages with the show_on_menu option enabled no longer create exceptions in procedures that reorder navigation elements. #22137
• Users with Back-End User and Front-End User roles who sign into the front end are no longer delivered to the back-end Edit Mode version of the page after manual URL entry. #22124
• Fixed issue with database export streams that caused connection closure before file generation in instances behind a load balancer. #22116
• Enter key in the dialog to create or copy a Content Type now executes the operation, instead of moving focus to the icon selector. #22104
• No HTML field-validation regular expression no longer invalidates an entry if it detects a period. #22094
• Velocity rendering of Block Editor correctly displays all nested nodes. #22092
• Bundled content not assigned to a workflow will no longer fail to push publish. #22087
• Fixed error preventing Override plugin from functioning. #22043
• PageCache now only caches with response codes of 200. #22014
• Importing a contentlet containing a binary field with a null value no longer generates an error. #22004
• Pulling related content with no sorting parameter set now returns related content in the order it was added. #21929)
• Tags considered to be stored under specific sites rather than All Sites no longer fail to display. #21904
• Push Removal of a Static Pushed page no longer removes any other files required for that page to render. #21832
• Flag icons now display properly next to languages in the content list. #21827
• Static Push Publishing no longer sets an incorrect response type for content generated on a dynamic page. #21720
• Fixed bug that caused failures when copying a site. #21718
• User interface no longer displays an erroneous Type Error when uploading files via image fields. #21715
• Fixed WebP filter: no longer adds white background in Safari, and default quality no longer ruins perfectly good images. #21694 #21652
• Push publishing plugins no longer results in error. #21568
• Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. #21482
• When saving content via REST and using the WAIT_FOR index policy, the call will now properly pass down the parameter instead of defaulting to DEFER. #21469
• Fixed license requirement message in the Personas tool on the community edition. #21307
• Container removed from Advanced Template Designer now correctly disassociates from the template, and can be deleted. #21099
• Using Select All on categories before deleting no longer deletes even deselected items. #20400
• Fixed bug preventing content from exporting when all languages are selected. #19734
• Form submissions send files correctly. #18312
• Date and time data are now updated before timezone is factored in, to prevent date and time errors during upgrades. [#22381]

Visual fixes

• The read-only system container and system template are now more visually clear as to this status, with a greyed-out color scheme and contextual buttons removed. #22216 #22217
• Corrected a display issue where relationship fields, on editing, sometimes appeared to change the type selection, such that a many-to-many relationship would display as a one-to-many relationship. #22198
• Context menus, such as those behind the “hamburger” buttons in the Content Type menu, now display one at a time. #21996
• Minor improvements to the Edit Content Type window in the admin panel.
• Fixed pop-up that appears when dragging and dropping the Form Content Type to a container. #21747
• Content Types with two Relationship fields of the same type no longer display list of crossed-out unavailable languages. #21735
• Toggling the Code view in a WYSIWYG field on Content Type that requires scrolling no longer causes the scroll position to jump. #21492
• Improved logo displays on back-end menus. #22410

Plugins

• Fragments now only load when forced. On uploading, dotCMS reads the Export-Package from the fragment manifest, adds this to the OSGi-extras file, then moves the fragment to the undeployed folder and restarts the OSGi framework. This prevents interference with other plugins and allows OSGI to be cleanly started. #22055

Breaking Changes

• Replaced repackaged JSON-handling classes with more tractable code. #22118
• Updated several default configuration values, such as disallowing HTTP by default. #22006
• Removed unnecessary Spring jars for better parsimony and tidiness. #21944
• Initial admin password is now an automatically generated, non-guessable password recorded in the logs. Setting the configuration option INITIAL_ADMIN_PASSWORD can allow for overriding the generated password with a preset one. #21916
• Moved to use Gradle 7.3.3 in the build scripts.
• AspectJ has been removed. Instead, Bytebuddy is now inited at runtime and rewrites the bytecode to weave the annotations into the classes. Additionally, ByteBuddy does not need to be included as a java agent.
• The refactoring in #22128 changed the relevant rendering macro for block customizations to renderContentBlock.

As the flagship feature of version 22.05, we unveil our new Block Editor, a JSON-based WYSIWYG editor.

Inspired by such interfaces as WordPress's Gutenberg Editor, the Block Editor is an easy-to-use, feature-rich interface for creating and editing content — whether text, images, or any other custom content defined through dotCMS. We hope you'll enjoy it!

Our demo site has been updated to feature the Block Editor on blog posts. Test it out for yourself with email address admin@dotcms.com, password admin.

Bugfixes:

• Resolved Javascript console errors that resulted from adding a pre-existing widget to a page.
• Fixed Enterprise Edition license check misfiring on some page edits.
• Fixed bundle errors when reimporting a previously imported folder that has been renamed.
• Fixed the Show Archive checkbox in the Templates section.
• Pages built with URL Mapped content are now correctly created on a full-site Static Push.
• Fixed a case where specific conditions could cause drafted content to fail to Push Publish.

Visual fixes:

• Fixed cases of contextual menus cutting off at the bottom of their parent display pane.
• Improved display for “Add Row” button in the Content Type creation interface.
• License info renders more cleanly on Create Content modal dialog.

Content:

• New Block Editor (see above).
• Added ability to copy Content Types.
• Replaced Vanity URL base content type's Site field with a Host Folder field.
• Removed limit on number of widgets or forms displayed in Content Selector popup.
• Page titles now update to display the name of content being edited; multitab without fear!
• Unique fields on global Content Types can now be specified as unique globally or unique per site.
• Optimized saving procedures to improve performance.
• Improved clickability when relating content — click anywhere in the list's rows to toggle!
• Implemented storage of content info as JSON for MSSQL databases — as previously implemented for PostgreSQL.

Plugins:

• Improved OSGi plugin loading in server-cluster context.
• Fixed error preventing OSGi plugin undeployment.
• Fixed ability to upload multiple OSGi assets at once.

Enhancements & Adjustments:

• Changed folder handling to enforce knowable & consistent folder ID behavior.
• Added ability to create a whitelist of acceptable keys for Key/Value fields.
• Reinstated Publishing options in Template editor.
• JSON handling: Removed GSON dependency in favor of Jackson.
• Added integration tests for Integrity Checker.
• Edit Mode Anywhere app no longer sends the page.rendered property on POST unless enabled in the app.
• Optimized routines for bulk adjustment of permissions.

dotCMS 22.03 is made up of 44 fixes, improvements and new features. For more detail, the whole list of issues included in dotCMS 22.03 can be found on GitHub.

New Features and Enhancements

• Moved to Shenandoah Garbage Collector. Shenandoah is a “pauseless” garbage collector that also has the benifit of quickly returing unused memory back to the underlying operating system, rather than greedly holding on to it. Operationally, this results in dotCMS needing/using less memory over time, which is very important for density when running dotCMS in orchestrators. This change in the default garbage collection can be overridden by passing other options to the JVM.
• Better FS Caching. Binary file properties that are referenced in Velocity, e.g. $content.image1.width now rely on the assetMetadataCache to return things like size and image dimensions, rather than relying on slower operations that use the filesystem and often traverse the network with NFS.
• Legacy Data Model Improvements. Folders no longer rely on hiberate object mapping to persist data.
• Docker Image now uses Amazon's Corretto OpenJDK 11 under the covers. This change was made because Amazon's OpenJDK is supported over a long term and also contains a backported version of the Shenandoah Garbage Collector, which dotCMS (docker) now uses by default. This change should not affect how dotCMS is launched or run.
• It is now possible to disable drag and drop image upload from the WYSIWYG field. To do this, you need to add a field variable dragAndDrop with the value set to false.

Security

• When writing tmp files for newly uploaded files, the filenames are now scanned and rejected if they contain directory escaping characters, e.g. ../.

Changes/Improvements

• Ticked up our versions of Angular to 13.1.3 and PrimeNg to v13.1.0.
• CalendarEvents content type can now be deleted without causing a system error.
• Elasticsearch Client was upgraded to v7.10.2.
• Users with both backend and frontend roles can now preview/edit pages.
• Langauge Keys for backend i18n are now stored using the dotCMS version as the key, and will be automatically refreshed when the dotCMS version updates.
• The background is pleasingly blurred when a modal window is popped up in the backend.

Breaking Change

• dotCMS docker configuration variables have changed to align with running the binary. See the docker configuration page for more details.

dotCMS 22.02 is a fairly large release that consists of 89 fixes, improvements and new features. For more detail, the whole list of issues included in dotCMS 22.02 can be found on github.

New Features

• Content Editors rejoice — the content palette now allows for simple, click and drag content reuse.
• GraphQL now supports dotAssets (in addition to normal FileAssets) on File and Image fields
• Download a full sql dump and asset backup via api/Admin Screen (Postgres/Docker only).
• See job progress when running Bulk Actions across large numbers of contents.
• New Host Integrity Checker to ensure that the hostnames/id match across push publishing environments.
• Updated Docker Image, removed legacy configuration process and removed “special” docker environmental variables that were used only in dotCMS docker, unifing them with the variables that the dotCMS binary expects.
• Moving forward, environmental variables should be used to configure (almost) everything. If you need to configure something outside of what can be done via environmental variables, you should be prepared to either build a custom dotCMS docker image or mount in an override file.
• GZIP enabled by default in tomcat and is configurable via environmental variables.
• SMTP server now supports SMTPS and STARTTLS and should be configured via environmental variables.
• HTTP Responses now include a header x-dot-server that identifies which server in a cluster is responding. This can be disabled if needed.
• New velocity script actionlet can be used to abort an in-flight content workflow.

Changes/Improvements

• Site selector type searches uses wildcards, which is very helpful when searching/switching sites in multi-tenanted environments.
• Forms no longer require CSP “unsafe-eval” to be used.
• “What's changed” diff takes place on the client side and no longer uses outdated XML java libraries.
• Robustification - now the backend relies more on db than Elasticsearch. Previously, if the Elasticsearch index was down or broken, dotCMS could not render front end pages, navigation, templates or the site browser. Now these work. Github issues: #21284, #21283, #21385, #21360.
• Changed to FILE_SYSTEM for metadata storage by default. This changes from the previous incorrect default of storing the metadata in the db and prevents runaway DB load when cold starting a dotcms cluster.
• Fixed race condition when copying host.
• Removed noisy log when using edit mode.
• Removed unnecessary SAML logging.
• Allow dotCMS docker image to be build using GID=0, helpful when building a dotCMS image for openshift.
• Added “Bring Back” button to the new content compare screen.
• Removed a number of old/unused dotmarketing-config.properties that caused confusion.

Breaking Changes

• Installations using the dotCMS docker image will need to update their configurations and supply different environmental variables to configure dotCMS properly. Please see the “Docker Image Configuration Options” page on how to properly configure the dotCMS docker image.
• Hazelcast config removed from docker image. If you need to configure hazelcast, you will need to specifiy it as a cache provider and mount in a custom hazelcast-config.xml.

New Features

• Unlimited fields on content / content stored as JSON. Currently available in Postgres with plans on targeting MSSQL next.
• New content version compare screen shows a field by field comparison of what's changed on any give content.
• Widgets can render both markup and as json, allowing widgets to be used in headfull and headless implementations simultaneously.
• New Redis Pub/Sub and Cache Provider. Uses the Lettuce library under the covers, allows a cluster wide 2nd level cache to improve cold startup performance on large sites. The new Redis implementation also allows the pub/sub cache invalidation mechanism to be used when primary datastore is not Postgres.
• Default folders can now be set for image/file fields, rather than always having to browse from the site root, giving a better end user experience.
• Velocity tool $dotContentMap introduced as a beta feature: Access the content object from within a container without needing to call $dotcontent.find()!

Changes/Improvements

• Site “Host Name” is renamed “Site Key” and once set, users are discouraged from changing site keys. The “Site Key” should be treated and understood as immutable and should not be changed over the lifecycle of a site.
• Site Key (hostnames) can only accept characters that are valid for server/DNS names.
• ContentTypeAPI can now filter content type results by site/host.
• SAML authentication now correctly stores the last ip for the authenticated user
• $dotcontent.find("{id}") no longer uses elasticsearch to pull proper lang/version resulting in better performance and less log spamming from velocity.

Security Fixes

• Updated Log4j2 to 2.17.1, added {nolookups} to log4j2.xml config file, start java with -Dlog4j2.formatMsgNoLookups=true github #21485, #21393. See
• Prevent XMLTool from fetching remote entities github #21415
• Remote Calls - XMLTool, JSONTool and VanityUrl Proxy calls are now blocked for localhost and private networks by default. This is best practices as per OWASP security standards. This behavior can be disabled using configuration properties. github #21415
• TempFileAPI will only import by URL if user is an admin github #21400
• User.userId is now immutable once initialized github #21392

Breaking Changes

• UID/GID in our docker image has changed to 65001:65001. Previously, it was 1000000000:1000000000. In order to run the new dotCMS docker image, you will need to make sure that the user on your host has the proper uid/gid and that your shared assets folder that map into docker have the proper ownership. As an example:

  usermod -u 65001 dotcms
  groupmod -g 65001 dotcms
  chown -R dotcms.dotcms /assets/folder/root
  

• In Postgres implementations, content is now stored as JSON. This means if there is custom code that is directly queuing the contentlet table in the db (tisk, tisk, as this is bad practice), these queries will no longer work.
• Remote Calls - XML, JSONTool and VanityUrl Proxy calls are blocked for localhost and private networks by default. This is best practices as per OWASP security standards. If your implementation makes local calls using these tools, you can change/configure the network blacklist by setting a config variable.
• Site.hostname field can only accept characters that are valid for server/DNS names (via the ui).

More Information

For more detail on what is included in 22.01 release, please see the tagged github issues

dotCMS 21.11 is a release which includes several improvements, and fixes for several issues in previous releases.

Improvements in dotCMS 21.11

• Added multiple improvements to the import action in the Apps module. (#19747)
• Added improved messaging about how to add Apps. (#18707)
• Added a static cache to GraphQL to help with heavy queries.(#19981)
• Added the ability to change the default language in the UI.(#20887)
• Added the ability to generate secure passwords for users. (#20915)
• Combined Default Content View was added in Content Search. It includes the thumbnail and details. (#21014)
• Improvements were added to improve the handling of SVG images.(#21051)
• We have removed the repackaged xbill DNS jar that contained classes under com.dotcms.repackage.org.xbill.DNS.*. Customers should instead reference these classes here: org.xbill.DNS.*.(#20940)

Fixes

The 21.11 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.11, please visit the dotCMS Github Repository.