Cloud CMS Release 3.2.76
Published on 04/15/2022
The following are the new features, enhancements and fixed issues for Cloud CMS 3.2.76 release.
CVE-2022-22965
This release is hardened against CVE-2022-22965. For more information on CVE-2022-22965, please visit:
https://gitana.io/documentation/docker/notices/cve-2022-22965.html
Upgrade Considerations
Please review the upgrade considerations provided here:
https://gitana.io/documentation/gitana/3.2/guide/guide/docker/upgrades/3-2-76.html
Enhancements
API
- The API now returns an
ETag
HTTP header field which is populated with the checksum for the requested resource. TheETag
can be retained and compared against future API responses to implement reliable client-side caching. The header value only changes when the requested resource has been modified. TheETag
header applies to JSON requests as well as binaries and attachments.
Attachments
- Any binary attachment written into Cloud CMS now automatically computes an MD5 checksum. This checksum is available on the
attachment
subobject of a node (or other Attachable type). The checksum can be used to determine if the attachment’s binary payload changed or has remained the same.
Branch Actions
- The User Interface for Pulling, Comparing and Copying between Branches has been improved to offer a more accurate picture of what has changed and what is available when executing those operations.
Spring
- The default Spring annotation-based request mapping handler adapter is now wrapped to ensure that Spring web bindings always exclude any Class accessor fields. This is to add programmatic-level innocuation against CVE-2022-22965.
Transfer
- When transferring binaries and attachments, the MD5 checksum is now used to reduce the time required to import. The checksum is compared to any existing attachments and, if nothing changed, the import operation is skilled for that attachment. The result is faster, lighter imports.
Bug Fixes
Default Forms
- Fix so that the User Interface will properly default to the first form available (alphabetically) when a document doesn’t have an existing
_formKey
in place.
Login
- Fix a bug so that error messages reported properly for additional cases where a user might fail a log in.
REST API
- Fix so that a 403 HTTP code is returned for additional cases where a user might encounter a NotAuthorizedException.
Sync Node Action
- Fix so that the SyncNode Workflow Handler properly passes full set of options for all usage cases.
- Fix so that Sync Node works as intended for cases where related nodes stored as siblings under a common folder export properly.
Transfer
- Fix so that search and path indexing takes less time for incremental tip-mode Node transfers.
- Fix that Directory data store Connection objects export and import as intended.
- Fix so that tip-mode Node transfer automatically repairs cases where referenced changesets are missing.
- Fix so that platform identifier is properly stamped onto import sub-job for copy jobs.
- Fix so that the correct tip-mode changeset is resolved for cases involving nested relators. This bug had caused incorrect relator target nodes to be exported.
Ready to Get Started?
Unlock your data with smart content services and real-time deployment