Cloud CMS Release 3.2.71
Published on 12/14/2021
CVE-2021-44228
This release contains the recommended Log4j upgrade to version 2.16.0
to address the Log4j vulnerability identified as CVE-2021-44228.
Cloud CMS recommends that customers upgrade to this release to ensure that Log4j is hardened against this vulnerability.
Customers running previous releases of the Cloud CMS API container can harden their environments by following the steps identified here:
https://gitana.io/documentation/docker/notices/cve-2021-44228.html
For more information on CVE-2021-44228, please see:
https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
Update Recommendations (On-Premise Only)
With this version of Cloud CMS, we have disabled the deprecated Elastic Search Transport Client and have switched to using our Condor HTTP client. As such, connectivity between the api
and elasticsearch
services are no longer using port 9300
by default. They are now using port 9200
by default.
Please check your configuration to make sure that the API can connect to Elastic Search’s HTTP Endpoint.
For information on configuring Elastic Search for Cloud CMS, please see:
https://gitana.io/documentation/docker/configuration/api-server.html#using-the-condor-http-client
For improved performance, we recommend you rebuild your cluster indexes. To do so, we recommend using the reindex-datastore
command via the Cloud CMS Command Line Client (https://gitana.io/documentation/cli.html#reindex-datastore).
You can execute it like this:
cloudcms admin reindex-datastore --datastoreTypeId cluster --datastoreId default --children --username <username> --password <password>
Where the username
and password
are the credentials for your administrator account.
Enhancements
Auto Translation
- Properties described by excludePaths in
f:auto-translate
will be copied as-is to translations when modified.
C# Driver
- Updated to improve support for tokens, refresh and retry handling for 401 responses and additional methods for Jobs, Projects, Releases and Nodes. For more information, see https://gitana.io/csharp.html.
Dictionary
- Feature configs in a child definition mandatoryFeatures will now override their parent config if present.
Python Driver
- Updated with a number of improvements including additional methods to work with Branches, Jobs and Nodes. For more information, see https://gitana.io/python.html.
SDK
- Updated sample integrations to Cloud CMS using Next.js, Nuxt and Gatsby. For more information, see:
https://github.com/gitana/sdk/tree/master/nextjs/sample
https://github.com/gitana/sdk/tree/master/nuxtjs/sample
https://github.com/gitana/sdk/tree/master/gatsbyjs/sample
SSL Termination
- Added documentation to provide guidance to customers on how to configure SSL termination for API and UI containers. This is provided as an alternative to the recommended guidance of using a separate SSL termination container (such as Nginx or Apache).
For more information on SSL termination for the API, see https://gitana.io/documentation/docker/configuration/api-server.html#configure-the-api-containers-as-ssl-termination-endpoints.
For more information on SSL termination for the UI, see https://gitana.io/documentation/docker/configuration/ui-server.html#ssl-termination.
Transfer
- Faster transfer import thanks to a refactor in how bulk DB writes and updates are being processed.
- Faster Copy, Deployment and Publishing thanks to a much faster implementation of binary asset copies and archive expansion.
- Optimized internal DB indexes and methods calls.
- Transfer archives now include separate
.metadata.json
files for each exported binary attachment, improving the accuracy of mimetype and filename tracking.
Bug Fixes
Content Model Builder
- Fix so that clicking back and forth between JSON and Visual builder preserves changes to JSON for local edits.
- Fix so that required blocks are handled properly.
Forms
- Fix so that strict HTML escaping is applied to configured helper text for nested form elements so as to prevent the possibility of script injection.
Log4j
- Updated to the latest recommended Log4j library (
2.16.0
) to ensure protection against CVE-2021-44228. See above in the release notes for more information.
Merge
- Fix so that merges work properly for cases where source or target merge objects are missing their
_features
block.
Preview and Thumbnails
- Fix so that the
f:previewable
(Preview) andf:thumbnailable
(Thumbnail) features generate multiple attachments in a single transaction. - Fix so that notification queue is optimized to reduce the number of invalidation messages sent during generation.
Temporary Files
- Fix so that temporary files are cleaned up properly during transfer import.
Full Changelog: https://github.com/gitana/cloudcms-docker-releases/compare/3.2.70...3.2.71
Ready to Get Started?
Unlock your data with smart content services and real-time deployment