Changelogs

22.05 is out and about, bright and early in its birth month. Spring has sprung — in the Northern Hemisphere, at least — and blossoming alongside the flowers are some keen new features. And, in keeping with the vibrancy of the season, this one has renovations aplenty, transitioning from Dojo to newer Angular components throughout the user interface.

The Block Editor field continues to evolve, now boasting its own compare-tool implementation and better interface support for video, including immediate embedding of YouTube links. A slew of optimizations shorten load times all over, from vanity URLs to metadata retrieval. Edit Mode now allows you to save content per Page or for all Pages, and Host fields are more helpful in giving directions. And lo, we've come bearing many fixes — roughly, a bit of Spring cleaning.

It's a big bouquet, but we think you've earned it. Enjoy!

Content

• Block Editor content has been implemented within the compare tool for diff-style viewing alongside past versions. [#24365]
• Block Editor fields that had been converted from WYSIWYG fields save all changes correctly. [#24565]
• Further video block development: Videos can now be added to Block Editor video blocks from elsewhere within the dotCMS instance, or by drag and drop or copy/paste from a local system. Finally, default video rendering settings now live in dotVideo.vtl, alongside other rendering defaults in /velocity/static/storyblock/ [#23436] [#24445] [#24465]
• Added YouTube support to the Block Editor. Drop a link either in an empty block or the Video URL tab of a video block to embed a YouTube video. [#24455]
• You can now create a Custom Content Tool from within the Content Type editor, via a button on the top right. [#22724]

Enhancements & Adjustments

• Variables added in a container via the Add Variable button now use the $dotContentMap built-in content object. [#23006]
• You can now enable multiple multiple user IDs to possess the same email address by setting the environment variable DOT_SAML_ALLOWUSERSWITHDIFFID_REPEATEDEMAIL to true. [#24138]
• In Edit Mode, when editing content that appears on multiple pages, a new dialog will confirm whether you want change the content for the current page only, or all pages. [#23225]
• Significantly shortened startup time by optimizing vanity URL loading procedures. [#23982]
• The Host field is now a filterable parameter on the Content Search screen. [#24194]
• Improved performance of fetching metadata from databases. [#22779]
• All APIs now provide pagination as part of the data payload. This allows use through proxies that may strip away headers — the place said information was previously stored. [#23870]
• The SASS compiler has returned to minifying CSS output by default. [#24227]
• Changed the way JSON Web Tokens are handled, removing an issuer check and replacing it with additional reliance on jwt_secret.dat. This makes possible the use of the same JWT tokens across multiple environments. [#24395]
• Added additional logging options via environment variables. [#24067]
• Added two-second delay on invalid login — i.e., a nonexistent user — similar to the behavior on receiving an incorrect password. [#23903]

Visual Fixes

• We've improved the look of the toolbar buttons at the top of the Content Type menu. [#23638]
• The Block Editor's + button is now a bit less furtive, permanently visible beside any empty block with user focus. [#23687]
• Corrected the proportions on the compare tool for better visual comparison; after careful consideration, we decided the this was neither the time nor the place for a funhouse mirror. [#24109]
• Improved spacing, positioning, and appearance throughout the user interface — including the Site Browser, the Container tool, the Content Type creator, and more. [#24654] [#22486] [#23816]
• Host fields now show the full content, instead of just the containing folder's name — sure to be a relief to those with a bunch of common-name subdirectories like vtl or images. [#24317]
• Site Selector dropdowns are now a bit more clear about which site is selected. No more confusing gray backgrounds; it's either bold or it's not. [#23505]
• Removed nonfunctional/vestigial “resize” controls beside images on the content-editing pane. [#24195]
• Corrected Caffine Memory Cache TTL displays; the default TTL will now display as infinity. While not technically true, the practical difference is moot, as few systems experience ~68 years of uptime. [#24199]
• Fixed action button placement on images and video addition. [#24594]

Development Improvements

• Adjusted pipelines to remove the requirement to generate an “enterprise” jar — another of many steps in the long march toward the purest ideal of monorepo status. [#24760]
• The release process is evolving to test upgradability from a number of previous LTS editions to the latest release. [#24774]

Fixes

• Fixed PostgreSQL error observed in upgrades from 22.03 LTS. [#24380]
• The Block Editor's code block no longer triggers Block Editor menu events, such as the suggestion popup if / is the first character typed. [#24361]
• The Content Palette no longer includes archived content. [#24292]
• The arrow buttons in a container's Max Contents field now correctly update the total; manually typing a value is still something you can do, but not something you have to do. [#24163]
• Discovered and vanquished a race condition with the potential to crash the reindexing process for sites with a lot of Content Types. [#23651]
• Modifying a template no longer removes content from page columns, unless the column or container was expressly removed. [#23181]
• OSGi framework has been adjusted to restart less often, in many cases not needing to at all. [#24468]
• Improved debouncing on undo/redo operations in the Block Editor; the number of undo or redo steps should now more or less conform to expectation. [#24716]
• Clicking on a file-based Container in the Site Browser now takes you to the correct folder. [#23798] [#24644]
• File Browser now properly displays multilingual content, not limited by the configured user-interface language. [#24358]
• Fixed File Browser display behavior; now displays Page and file assets in expected fasion. [#24272]
• Copying a folder that contains Pages with both live and draft versions will no longer result in an error; duplicate your folders fearlessly. [#24441]
• While we appreciated all the extra traffic from Minecraft enthusiasts, we must regretfully announce that mineType was a mere typo of mimeType in the Block Editor's video node. This has been corrected. [#24556]
• Widgets now correctly display in non-default languages on working (i.e., draft) versions of Pages. [#24059]
• Language parameters update correctly when redirecting via Rule. [#24158]
• Leaving the “publishing” Date/time field blank on content preset for scheduled publishing, no longer causes that content to re-publish if unpublished. We determined this behavior was simply too silly. [#24344]
• The job scheduler tab once again loads correctly in the Site Search developer tool. [#24524]
• Fixed an update task that absolutizes container paths: It erroneously added the site to the same path multiple times in certain situations. Well, not anymore. [#24436]
• Nested dotcache block caches no longer interfere with page loading by caching an incorrect context. [#24247]
• Fixed a bug interfering with the ability to reorder content in Edit Mode. [#24678]
• Improved publishing procedures for environments with many locales and relationships, preventing slowdowns. This sounds like it should be under Enhancements, but those slowdowns could get pretty significant. So, here we are. [#24245]
• Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]

  Note: Originally appeared in 23.01; the issue was subsequently reopened and underwent a bit more work.

• Significant fixes to URL-mapped content, adding resilience in the face of broken or absent detail pages and addressing several error cases directly. [#24490]

Breaking Changes

• Fixed a permission error that prevented a user with a custom role with appropriate permissions from using Workflow API operations. While this will not change observed behaviors, permissions-based fixes are generally classed as breaking changes due to how they may affect the hypothetical user working around them. [#23199]
• Permissions have undergone overall changes on the back end, improving comprehensiveness and error handling. [#22993]

In at the buzzer for March — over the transom, as we might say in some quarters — dotCMS 23.03 is as agile as ever! This edition boasts some cool new features, some hot fixes, and some comfy quality-of-life improvements. Extend the Block Editor, flip to Edit Mode from URL-Mapped content with ease, and more.

Celebrate the waning hours of March with this gem, formed in its myriad and protracted pressures!

Content

• You can now create your own custom remote extensions for the Block Editor. The field is now “hackable” — in the good way! [#24032] [#23938] [#23865] [#24031]
• Added video blocks to the Block Editor. Import videos either from your dotCMS file system, from your local files, or elsewhere online, and situate them within your Block Editor field's content. These videos are stored as full dotAssets, and can be reused freely. [#23863] [#24016] [#23861] [#24040]
• Added a button to preview URL-Mapped content in Edit Mode; it can be accessed from the task menu when editing a contentlet. [#23955]

Enhancements & Adjustments

• S3Client can now be configured to interact with Simple Storage Service (S3) object stores other than Amazon S3. [#22151]
• The Content Type API now accepts host names and folder paths as arguments instead of requiring a UUID for both host and folder when creating a Content Type. [#23239]
• Increased number of password hash iterations from 20,000 to 600,000, in line with current OWASP recommendations for a SHA256 algorithm. [#23915]
• Window scrolling is frozen while the Block Editor's block selector has cursor focus. [#23977]

Visual Fixes

• Form labels have been standardized across the platform, unifying styles between legacy and new Angular components. [#23683]

Fixes

• CSS files now push publish to S3 buckets without the risk of compilation error. [#24351]
• A required Block Editor field no longer validates and saves an empty field if content is added and then removed. [#24263]
• Corrected an upgrade task that was misbehaving — all systems green. [#24026]
• Fixed issue preventing the addition of images to WYSIWYG fields from certain folders. [#23926]
• Image fields now filter properly according to user input. [#23449]
• Several image editor fixes ensue! [#23882]
  • Crop zones now resize correctly in the image editor. [#23925]
  • The Clip button has been repaired, and now properly stores the data to the platform clipboard. (Note that this is separate from the system clipboard, and is accessed through separate dotCMS controls, such as the WYSIWYG Clipboard button.) [#23927]
  • The Download button is now once more hunky-dory. [#23924]
• Fixed the retrieval of Personas via Lucene query; persona tags neither require, nor yield different results with, :persona appended to the tag name. Kind of an oddball issue, but settled is settled! [#22872]
• Permissions tabs — appearing in folder properties, contentlets, templates, etc. — no longer fail to load. [#23889]
• Solved rendering issue with fields converted from WYSIWYG to Block Editor that contain code. [#24422] [#24230]
• Fixed an issue preventing saving content in a secondary language while a working/draft version exists in the default language. [#23280]
• A recent commit broke the contentlet search within the Edit Mode Content Palette; this one fixes it. [#24308]
• Gradle now resolves current git hash correctly when building. [#23901]
• Fixed issues reported by SonarQube, including reported AJAX vulnerability. [#23900]

Breaking Changes

• Page and Template REST APIs may have been returning an excessive amount of relatively low-value information. This can be messy to sift through and harmful to performance, so we've scaled it back a bit. Out of an abundance of caution this is being listed as a breaking change, even though it may not actually cause an issue for anyone. [#23203]
• The dotcache directive no longer caches objects declared with set directive within the block; caching of generic objects should be handled manually through the Dotcache viewtool. Note that this is a breaking change if upgrading from 23.01, which introduced the behavior, but not for any previous version — that is, it effectively unbreaks the change. [#24075]

  Note: This change was erroneously attributed to 23.02 at its release; the changed had been merged into the master branch by that time, but had not been included in the subsequent release. Consarn it!

dotCMS 23.02's highlights include a new condition for Rules based on the HTTP method used, the ability to change S3 API endpoint targets, and improvements to the Content Search user interface. 23.02 also features significant maintenance and bug-squashing efforts. These latter entries are perhaps less glamorous, but certainly no less important or virtuous. And virtue, as they say, is its own reward.

Lastly, our own internal workflows continue to evolve and improve in tandem with the product, as documented below. We hope you'll enjoy the result!

Enhancements & Adjustments

• New Rule condition allows a Rule to fire based on the HTTP method used. [#23209]
• Users may now edit the labels of system fields on any Content Type. [#22901]
• The Page API can now additionally return a count of the number of Pages in which a piece of content appears. [#23223]
• While editing an existing piece of content, the editor will display a link to the relevant Content Type under the Workflow summary. [#23231]
• The Block Editor's image-block popup now includes a tab for uploading a local file. [#23237]
• The top bar of the Content Search has been reorganized for better visibility and distribution. On page load, the search input field receives focus. These little details matter! [#23601]
• In a follow-up to our previous effort to make system fields in Base Content Types removable by users, we're extending the process so it'll do likewise to user-created variants. [#23736]
• The paragraph block has been removed from the configurable Allowed Blocks list, to better convey its inviolable “default block” status. [#23764]
• The logs have fewer spammy messages to let you know that no apps require ACCESS_TOKEN renewal. The logs cover a lot of ground, so it's important to maintain a decent signal-to-noise ratio. [#23781]
• S3Client can now be configured to interact with Simple Storage Service (S3) object stores other than Amazon S3. [#22151]
• Image permits, which control the number of threads dotCMS's image editor can occupy at once, have been made more permissive through better use of caching. They are now less likely to cap out on routine operations, without compromising their intended purpose of easing system resource burdens. [#23807]

Visual Fixes

• Content Type layouts in excess of three columns now distribute their contents more evenly on smaller displays. [#23644]
• Reinstated title bar to query dialogs on content search screen. Repaired their styling, too. [#23554] [#23739]
• Content Palette no longer occasionally spits out an empty, duplicate half-pane. [#24084]

Development Improvements

• Postman tests are now run in parallel, segmented into smaller groups. [#23330]
• Added Push Publishing test fixes for Postman covering sender collection and graceful failure when it cannot determine a result. [#23766][#23330]
• Created automation to remove published dotCMS CI/CD image used for Postman tests. [#23808]
• Maven build no longer adversely impacts a local npm registry. [#23692]
• SonarQube is now run on every pull request to core-web. [#23696][#23779]
• Simplified integration of Docker images considered dependencies via Github Container Registry. [#23808]

Fixes

• Whitelisting a block on a Block Editor field will no longer result in error when adding images to that field. [#23920]
• Corrected the exclusion of two asset directories from back-end exports; both are now present and accounted for. [#23810]
• Fetching language keys for an unsupported language now falls back to default administrative language configured from the System → Configuration tool, rather than the default content language configured through the Types & Tags → Languages tool. [#23777]
• Navigation no longer shows duplicate results — both requested and default languages — when requesting multilingual content in the non-default language. [#23890]
• Resolved issue preventing latest upgrade for MSSQL database users. [#23761]
• Downloading a starter from the back end is now a streamed process that begins as the assets are being incorporated into an archive. This prevents timeouts under certain administrative setups — such as running dotCMS behind a load balancer — and limits the danger of the destination container over-allocating space in the case of multiple requests. That's a mouthful, but two birds with one stone merits a yarn. [#23733]
• Unnecessary XML encoding has been removed from environmental variables that originate from the Tomcat access log file. [#23669]
• Categories are no longer removed from content mass-imported via CSV file. [#23440]
• Adding the same Content Type to a custom content tool twice will now display a more descriptive error message. [#22411]
• Push Publishing filters now save to the correct subfolder with the correct filename; a recent update was missing a trailing slash, causing them to be saved in the parent folder with the subfolder's name appended to the filenames. [#23578]
• Mended typo in the Checkbox Field's values property, which is now callable in the Velocity content object either through the .values or .value properties, instead of just the latter. [#22049]

Breaking Changes

• The user API endpoint at /api/v1/users/filter has been refactored to take query strings instead of path parameters. [#20529]

dotCMS 23.01 rockets out of the gate with an array of new features!

The Block Editor continues to evolve; it now supports Table blocks, allows inline editing in Edit Mode, and comes equipped with a new image-search component. Our Velocity toolbelt has gained some important new gizmos: all-purpose object caches, and a brand-new Velocity Playground developer tool. Need to access file metadata? Now you can do it through API calls.

This version features a legion of user interface improvements, a throng of under-the-hood fixes, a handful of component updates, and, as usual, more. Happy New Year, and bon appetit.

Content

• Tables! The Block Editor now has a Table block — the newest sail on our flagship content editor. [#21991]
• Simplified image import from the Block Editor: Pasting an image link into a new block displays the image, and a button allows one-click importation as a dotAsset. [#22194]
• Selecting “Images” from the Block Editor displays a new dialog that allows easy selection of images from within dotCMS, or via URL. [#23235] [#23238]
• While in Edit Mode, Block Editor fields can be edited inline through a swanky new modal interface. [#22487]

  Note: This feature was announced and documented circa the 22.12 release, but was not yet functional; 23.01 is its first effective release.

Enhancements & Adjustments

• The new $dotcache Viewtool, a generic object cache, permits a wide assortment of highly convenient caching and storage behaviors! [#23037] [#23430] [#23431] [#23432] [#23575]

  Note: This also alters the behavior of the dotcache directive; see Breaking Changes.

• We've built a new Velocity Playground developer tool, allowing users to easily test and preview Velocity snippets before deployment. Debug with gusto — maybe even élan! [#23610]
• We've added an interface to the Block Editor settings to allow configuration of whitelisted blocks without the use of field variables. [#22908]
• Metadata for Binary Fields is now exposed through API responses. [#23552]
• New /api/v1/page/copyContent endpoint allows copying of content in the context of a page, duplicating the object and editing the tree entry. In other words, this is a “Save as Copy” method that allows content to be modified for a single page rather than all pages. [#23224]
  • Added in the same breath: New /api/v1/page/{pageIdentifier}/_deepcopy endpoint allows a “deep copy” of an entire page — copying both the page itself and all content contained therein.
• The $dotContentMap built-in content object is now utilized in shortcut dialogs in the Container interface. [#23248]
• In the traditional interface, clicking on an entry in the Categories menu now provides a list of child categories, for improved navigation. [#23252]
• Enabled further support for undo and redo operations in the Block Editor. [#22903]
• Made thumbnails a bit less noisy in the logs. [#23757]
• Added DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS environment variable to limit the maximum number of threads image processing can consume. [#23384]

Visual Fixes

• Significant cleanup operations and general improvements have been undertaken on the user interface for Containers. Error messages, toasts, layout elements, context menus, and more have received some TLC for a cleaner and smoother user experience. [#23141] [#23142] [#23143] [#23144] [#23146] [#23200]
• “Break lines, not layouts!” The field variable interface now handles lengthy keys and values more gracefully; long text now wraps to additional lines within invariant columns. This supersedes the old behavior of “plunging into chaos.” [#23119]
• Fixed cases of back-end menu tools' text not displaying. [#23341]
• Slight adjustment to the styling of cards in the Apps section. [#23367]
• “Paper” layering styles (e.g., gaps and drop-shadows) removed from back end, reclaiming some space. [#23369]
• Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]
• Removed extraneous descriptive text from dropdowns in Edit Mode. [#23406]
• Context menus called at the bottom of a menu list no longer break off. [#23461]
• Date and Date/Time fields now highlight the current date. [#23551]
• Removed visual duplication of the content palette while Edit Mode is loading. [#23619]

Dependencies, Components, Etc.

• Updated GNU General Public License text. [#23352]
• PDFBox library updated to 2.0.27. [#23384-comment]
• Stabilized internal Tomcat path to prevent breaking changes on minor-version updates. [#23407]
• Removed unused jsass and Apache commons text libraries, to avoid flags associated with the text4shell vulnerability. Although dotCMS was never susceptible to said vulnerability, we thought it best to avoid even the suggestion of it. [#23475]
• Upgraded the PostgreSQL JDBC driver. As with the previous bullet point, this resolves a vulnerability that did not strictly affect dotCMS. [#23531]

  Note: See Breaking Changes.

• We've carved npm out of the front-end build process and wrapped the latter in a Maven module, as a first step toward using Maven for the full build. [#23556]

Development Improvements

• Resolved vulnerabilities and identified by SonarQube. [#23405]
• Updated GitHub Actions code in response to command deprecations. [#23332]

Fixes

• Push publishing to S3 buckets now works in all major regions, regardless of which Signature Version is supported behind the scenes. [#22449]
• Fixed erroneous difference between the Key/Value field's import and export formatting. [#22582]
• Image selector displays correct totals and respects language selection. [#22729]
• /api/v1/containers endpoint correctly updates a Container when maxContentlets is set to 0. [#23147]
• Large bulk updates via import are now faster, via adjustments to relationship-field validation operations. Timeout troubles, begone! [#23015]
• Fixed the sort-order parameter, orderby, for Categories; they now sort as specified. [#23253]
• Performing a health check via /api/v1/system-status now cleans up after itself, removing all created folders. [#23267]
• Restored PDF and video previews in back-end content editor. [#23359]
• Resource consumption has been restricted on PDF thumbnail generation, decreasing system footprint and preventing out-of-memory exceptions. [#23384]
• Resolved issue where certain access-limited users could not switch between multiple sites on the back end. This was due to a permission correspondence between the necessary endpoint and the Sites tool, which may not be visible to the limited user. [#23474]
• Fixed error preventing the addition of a Container to an Advanced Template. [#23557]
• Updated internal IP blacklists to include AWS metadata services. [#23481]
• URI normalization filter has been made less aggressive, and now plays nicely with slashes and equals signs. [#22498]

Breaking Changes

• Removed unused MySQL and Oracle drivers; users relying on either of these will need to provide their own drivers in their plugins. [#23531-comment]
• The new $dotcache Viewtool (see Enhancements) has altered the behavior of the prior dotcache directive. Previously, dotcache blocks cached fully rendered versions of their contents, omitting various Velocity state operations in the process. Now, set directives within dotcache blocks are “wrapped” in the new generic object cache routines, allowing declared objects to persist on cache hit. This may interfere with a small, niche set of use-cases, which can still be addressed via the viewtool.
  • As of either 23.02 or 23.01.1 LTS, this change has been un-broken, and Velocity context data is once again not cached within a dotcache block by default. [#24075]

Originally planned to be released as 22.11, dotCMS's version 22.12 reaffirms our position vis-a-vis the classic dilemma: “Done fast, or done right?” This release includes a variety of important fixes and enhancements — and in a few cases, both at once — all under an ever-expanding regime of quality-assurance testing.

Whether you're looking for an easy way to keep rich, structured content up to date; tools to keep tabs on content length for SEO or audience tailoring; better logging; or just an all-around richer and more stable user experience, consider upgrading to 22.12!

Note: Upgrading to 22.12 or later from any pre-22.12 version requires a full reindexing of content. This is a simple, pushbutton procedure, but may take some time on very large sites.

Content

• Block Editor image blocks now provide more tailored support to dotImages, HTML images, etc. Among other things, this improves the process of WYSIWYG-to-Block-Editor conversion. [#22832]
• When performing a “shallow push” — i.e., Push Publishing with the “Only Selected Items” filter selected — tree entries are included in the push. This renders the behavior more intuitive in certain cases. [#18742]
• Contentlets placed in a Block Editor field now remain updated if the referenced content changes. This feature syncs the block-contentlet with that of both the database and the cache. This comes with a slight performance cost — in most cases statistically insignificant — that can be offset by disabling the cache-synchronization: Just set the environment variable DOT_REFRESH_BLOCK_EDITOR_REFERENCES=false. [#22857][#22990]

  Note: This item originally premiered as a feature of 22.10; however, because of an oversight, the feature was not operational in that release. 22.12 is therefore its first effective release.

• Blocks now have a “Delete” button — that is, one of these dealies now appears in the bubble menu. [#22881]
• Block Editors can now display character count, word count, and estimated reading time figures below the field. This can be optionally disabled — or a character limit can be configured — through new field variables. [#22904]

Enhancements & Adjustments

• The log viewer has been rebuilt. While this represents an enhancement overall by way of better performance and reliability, this item represents a number of bugfixes as well.
• Certain System fields in certain Base Content Types have been rendered user-removable. [#15847]
• Caches storing all Velocity macros now flush and refresh according to a more eager strategy, triggered either by flushing the Velocity2 cache manually via the System → Maintenance panel, or by editing any dot_velocity_macro.vtl file. [#22297]
• Permissions operations now have REST API endpoints. [#22524]
• Angular dropdown menus, such as the site selector, now allow for keyboard navigation. [#22835]
• Sped up the process of fetching a piece of content's categories via Velocity. You might say we've increased its Velocity. Stop frowning at me. [#22864]
• Additional logging has been added to SAML operations. [#23048]
• Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]

Visual Fixes

• “Uploading” placeholder no longer sticks around after an image is successfully added to a Block Editor via drag and drop. [#22580][#22859]
• Contentlets embedded within the Block Editor now correctly push during a Push Publish operation. [#22899]
• Displayed date updates correctly on menu after changing time zone. [#23128]
• Default system container no longer reports a broken image when displaying content without an image. [#23088]

Dependencies & Components

• Tomcat native library location has been fixed for Apple M1 contexts. [#22893]
• Update tasks have been updated and backported, improving maintenance of future LTS releases. [#22916]

Bugfixes

• The Log Viewer — A Chronicle:
  • The viewer now properly filters and highlights search terms. [#23043]
  • Navigation between pages has been fixed. [#23042]
  • Viewer's front-end performance has been fixed and optimized. [#22968]
  • Ditto on the back end. [#22978]
  • The front- and back-end changes have been integrated. [#23039]
• Block Editor bubble menu no longer pops up after reordering blocks by drag and drop. [#22898]
• Docker images have been updated to use UTF-8 language settings by default. [#23056]
• SameSite cookie property can now be overridden from strict to lax, which can counter certain conditions preventing SAML redirects. [#23072]
• Fixed issue preventing categories from being added properly to bundles. [#23078]
• Additional error handling procedures added to the Scripting API ensure that file handles close properly. [#23082]
• Site Selector now correctly switches between multiple sites while in Edit Mode. [#23106]
• Fixed case causing WYSIWYG to throw a null pointer exception when containing certain invalid data elements. [#23296]
• Resuscitated the ElasticSearch query tool after the sight of a recent bug caused it to faint. It's feeling much better, now. [#23379]
• dotCMS now scans zip files to ensure integrity, preventing errors resulting from working with an invalid archive. [#23401]
• The API endpoint for firing a workflow action no longer fails when the indexPolicy parameter is specified. [#23381]

⚠️ Breaking Changes

• Because of changes in the way identifiers are handled, it is necessary to perform a full reindex after upgrading to 22.12.

dotCMS 22.10 showcases a few new features, starter updates, some UI cleanup, and more. Want to get started with the Block Editor, but all of your rich content is bound up in WYSIWYG fields? We now offer a way to convert WYSIWYG fields into Block Editor fields within an existing content type. We're also introducing the JSON Field — a new way to wrangle semi-structured data within your content.

An important note about libraries: As of 22.10, all “repackaged” libraries are deprecated in dotCMS and will be removed at some future point. While not a breaking change per se, developers should supply their own versions of repackaged libraries in their plugins or replace repackaged classes with the respective normal class. For example:

import com.dotcms.repackage.org.apache.commons.io.input.TailerListenerAdapter;

should become

import org.apache.commons.io.input.TailerListenerAdapter;

Content

• Introducing the new JSON Field, an easy way to store and access JSON data. [#22829]
• You can now transform WYSIWYG fields into Block Editor fields at the push of a button. [#22488]

Enhancements & Adjustments

• Related content spanning multiple locales has been made more performant, shortening load times. [#22910]
• Updated the Next.js starter: Upgraded to the latest Next.js version, added inline editing to the Block Editor, and reviewed compliance with community guidelines. Read more about using dotCMS with Next.js on our blog. [#22992][#22994][#22995]
• The basic, empty dotCMS starter image has been tidied and updated. [#22967]
• Submit button disabled immediately after Form submission to prevent duplicate submissions. [#22951]

Visual Fixes

• Updated labeling to more clearly distinguishing between a “key” and a “token” in the user interface — a subtle but “key” difference! [#23007]
• Fixed bug that inverted the display of parent and child in many-to-one Relationship fields.[#22549]
• The “What's Changed?” checkbox in Edit Mode now displays as checked when enabled, and correctly switches between states. [#22673]
• Improved the system for default icon assignment to tool groups during upgrades. [#22861]

Bugfixes

• Contentlets can now be added to the Block Editor field before the content containing the field has been saved. [#23163]
• Copy Site copies all content; previously, the process encountered a silent cap at 10,000 items due to limits on indexes and Elasticsearch queries. [#22520]
• NavTool's getNav() method no longer returns unpublished pages; published pages only! [#22425]
• Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]
• Remote-URL access tools like $json or $import now run in a thread pool to avoid blocking, backups and crashes in the event of high traffic to a non-responsive external API. [#22522]
• Key/Value fields once again properly escape special characters, thereby squashing a recent and noisome bug. [#22754]
• Key/Value fields properly record item order after sorting. [#22975]
• Fixed issue causing some navigation items to fail to display after upgrade to 22.03 or later. [#22809]
• Time zone data updates properly on upgrade to 22.03 or later. [#22771]
• The breadcrumb-trail links at the top of the admin panel open in the same tab. [#22843]
• Additional error handling has been added to the PublisherJobQueue to improve logging and resilience. Now nigh unkillable, it may be observed in the wild eating boulders and arm-wrestling jabberwocks. [#22850]
  • Queued jobs themselves have likewise received additional failsafes. [#23041]
• Multiple Block Editors in the same content type will all save their respective content properly. [#23216]

dotCMS 22.09 features continued Block Editor improvements, Velocity-level access to field variables, dependency upgrades, performance optimizations, a smattering of squashings in the bug district, and more.

As of this build, LDAP support is now considered a deprecated feature, and may be removed from the product at a future date. It is recommended that customers still using LDAP to integrate with dotCMS begin migration to a different Single Sign-On (SSO) solution, such as SAML (through Azure or another Identity Provider).

Content

• You can now easily link to other dotCMS content within the Block Editor. [#21866]
• Base font size inside Block Editor has been increased slightly for readability. [#22165]
• It is now possible to read field variable key-value pairs from within Velocity, allowing evaluation at load time from your Velocity template files — and giving user-defined field variables more utility. [#22618]

Enhancements & Adjustments

• Expanding on an improvement in 22.08, the Enter key now performs the primary action (e.g., “Next,” “OK,” “Accept,” etc.) in a wider array of dialogs. [#22566]
• “Suggestion” components — the clickable items that populate under a search bar, such as when linking content in the Block Editor — have been refactored to be more reusable and maintainable. [#22671]
• Added a Docker compose example running dotCMS with MSSQL in ARM architecture (e.g., for users of Apple M1 processors). [#22639]
• Refactored block-editor library to include folder structure. [#22517]
• Tomcat no longer performs scans for Tag Library Descriptor files at startup, speeding up initialization. [#22716]
• General library-driven improvements to paste behavior across a variety of fields and data types. [#22019]

Visual Fixes

• Fixed pagination errors on the UI site selector; now displays a maximum of 15 results at a time, with live text filtering of choices. [#22734]
• Pagination now displays properly when querying related content by REST API. [#22236]

Dependencies & Components

• Minor version update to Java on Docker image. [#22852]
• Upgraded Nx and Angular. [#22337]
• Updated Dojo. [#22132] (Note: Also listed under Breaking Changes.)
  • Smoke-tested Dojo update. [#22885]
• Moved from Libsass to Dart Sass for SASS/CSS compilation. [#22196]

GitHub Environmental Improvements

• Migrated Actions to monorepo. [#21761]
• Improved test times. [#22495]
• Consolidated build jobs. [#21755]
• Migrated Postman tests to GitHub Actions. [#21758]

Bugfixes

• Locales have been added back at the level of the Java seed. [#22722]
• Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
• Fixed the removal of categories through API calls, which no longer throws an error. [#22756]
• Bad requests, such as malformed URIs, no longer result in Tomcat errors in advance of reaching custom dotCMS error pages. [#21742]
• Creating language variables from the Content search allows the translation of tokens containing blank spaces. [#22607]
• Image fields containing dotAssets now play well with Velocity. [#22704]
• When upgrading from version 5.1.6 (or older), database migration tasks now run smoothly, without errors due to differences in DB column counts. [#22349]
• Resolved conflicts between ByteBuddy and NewRelic agents, speeding up initialization and preventing errors. [#22635]
• GraphQL introspection queries have been disabled for non-authenticated users. [#22825]
• Fixed redirect issue that emerged with the update to Angular 14. [#22608]
• Fixed browser console error when moving to Edit Mode from Site Browser. [#22617]
• Fixed issue preventing Host variable from rendering headlessly via the Page API. [#21244]
• SAML redirects now forward properly after authentication. [#22156]
• Created a way to avoid cases where hashed IDs are referenced against non-hashed data in the creation of SAML users: Added hash.userid property (boolean) to SAML configuration to control whether the UserID is hashed or not. [#22692]
• Corrected an issue that prevented relating content in a Relationship field with Many-to-One cardinality. [#22840]

Breaking Changes

• Updated Dojo. [#22132]

dotCMS 22.08 features new API endpoints and visualization tools; new field variable options; a brand new, performant OSGi system framework; a number of squashed bugs; and some quality-of-life improvements.

The largest change may be less obvious, centering on our own internal workflows: We've consolidated tools and procedures, moving toward monorepo status — folding the core-web repo into core — and improving various testing and build automations. We're pleased to report that these changes have made our work of improving dotCMS both simpler and quicker.

Content

• Users can now define whitelists for which blocks should be usable in a given Block Editor Field, through the allowedBlocks field variable. [#22164]
• The Block Editor field is no longer marked as a “Beta” feature — it's just a regular part of the gang, now. [#22489]
• Image paths can now be copied from Site Browser context (right-click) menus, using the new Copy Path item. [#22146]
• Unveiling $dotContentMap, a built-in Velocity content object that lets you access content in a container without performing a pull.

Enhancements & Adjustments

• Added a new API Playground tool to the Dev Tools, built using Swagger. [#22298]
• Added new API endpoints for creating, reading, updating, or deleting containers. [#21626]
• Enter key now activates the primary action — e.g., Next, Submit, etc. — for all dialogs in the system. [#19158]
• It is now possible to retrieve parent content through a child contentlet's Relationship Field by using Lucene queries.[#22319]
• Image filter scale has been mapped to the resize filter that replaced it, improving backwards compatibility. [#22463]
• The Edit Mode Anywhere URL Override plugin's functionality is now part of the core, available out of the box. [#21713]
• Versions of the same content across different languages can now display publishing dates distinct from one another. [#21518]
• The version of Java used in docker images has been updated. [#22426]
• The import and export format of starters has been changed to JSON. [#19400]

Bugfixes

• In the Site Browser, the “View Statistics” data now displays correctly; the button is removed from the menu entirely when the ENABLE_CLICKSTREAM_TRACKING property is set to false. [#22131]
• dotParse now properly respects all parameters of the config property. [#22288]
• Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role. [#22237]
• CookiesFilter can now reinitialize cleanly, allowing the dynamic addition of new filters via OSGi. [#22312]
• Browser page title now updates correctly when switching between contentlets in Edit Mode. [#22320]
• Bad results on ShortyIdentifier database calls are no longer cached. This prevents a condition in which a database error could result in persistent 404 status for “shorty” IDs until their region is flushed. [#22430]
• Adding a user to a bundle no longer causes errors. [#22508]
• Fixed 404 redirect routine. [#22559]
• Page API calls through GraphQL now work properly with anonymous permissions. [#22615]
• Resolved errors preventing users with MSSQL databases from successfully executing upgrade procedures. [#22613]
• Selecting a different site from the admin panel's header dropdown correctly updates the panel while viewing tools built using Angular. [#16754]
• Drag-and-drop navigation reordering now saves properly. [#22501]
• Saving a contentlet before its related content loads will no longer result in a clearing of the Relationships field. [#22323]
• Static Push Publishing no longer fails when attempting to push a bundle containing only a single file asset. [#22073]
• Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set. [#22266]
• Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
• Temporarily rolling back the log-file filter feature introduced in 22.06 for performance reasons; it will be retooled and reintroduced soon. [#22691]
• Page caches have been made more attentive to servlet forwarding attributes, to prevent cases where a Vanity URL pointing to a URL-mapped detail pages could result in the wrong content being cached. [#22083]
• It is no longer possible to create a folder with an empty title. [#21129]
• On initialization, NextJS Edit Mode Anywhere environments generate a unique token, saved to the ENV file and appended to the EMA URL on requests; in the absence of this token, requests fail. [#21959]
• When performing inline editing on a page that displays related content, edits to related content are also saved and published. [#22173]
• XMLTool has been fixed; the Jaxen exception has been rectified. [#22307]
• Corrected errors with Show Query search URL generation. [#22168]
• Fixed a MSSQL DB error on upgrade. [#22605]

Visual fixes

• Removed some noisy and unhelpful metadata messages from the logs on initialization. [#22144]
• Rules now display properly when specifying a condition that checks for a custom request header that not on the header list. [#22186]
• Replaced browser-native alert() message box after user account changes data in the My Account dialog. [#22276]
• When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]
• Content Palette displays larger numbers of Content Types more reliably. [#22338]

Plugins

• Created new OSGi system framework for loading system bundles — minimal, speedy, and stable. [#22184]
• Override plugin now starts correctly in certain prior versions. [#22043]

Breaking Changes

• By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]

This enormous release in fact represents a development period closer to two months than one — and it shows! The entries below include significant additions to the Block Editor field, a flotilla of bugfixes, a bushel of efficiency improvements, some dependency updates, and more!

Content

• Block Editor can parse a wider array of blocks, with permissive handling of customized block types, and is simpler to render. #22074
• When inserting contentlets into a Block Editor field, you can now filter the selections by language or Content Type. #22159 #22045
• The Block Editor permits limiting which Content Types can be added as contentlet blocks. #22039
• In addition to drag and drop, images can now be added to the Block Editor by pasting. #22018
• Block Editor can now be styled through the use of a field variable: Just set the key styles to value of the the desired CSS string. #22037
• A Push Remove Now action has been created to facilitate push-removal within a workflow. #22021
• Added a block-deletion button to bubble menus in the Block Editor. #22017

Enhancements & Adjustments

• Improved implementation of the unique-per-site field quality; instead of a config property, this is now handled via the uniquePerSite field variable, which defaults to false. #22250
• Refactored and improved the Block Editor's .toHtml() method, making it more lightweight, comprehensive and maintainable. #22128
• Refactored HostAPI: Improved caching and respect for permissions; now reliant on the database instead of ElasticSearch, and on variable names instead of Content Type names. #21476
• Implemented lazy loading for workflow histories to improve load times for history-rich content. #22068
• Example content makes more consistent use of <PostBody> tag. #22063
• Updated dependency packages, including ProseMirror, TipTap, and Tomcat. #22058 #21849
• Edit Mode Anywhere now works in AWS Amplify and other hosting platforms. #21877
• Now compatible with Husky. #21857
  
• All references to calendar_reminder table have been removed from databases and code base. #21917
• Removed various system fields — tags, categories, relationships, constants, host, and folder — from the immutable JSON object storage in the database. Folder and host are passed in during the construction of a contentlet; the rest are loaded lazily. #21858
• The Multipart Web Interceptor plugin, which scans multipart or form requests that use PUT or POST to upload files, has been fully integrated into the core product. #21854
• Search and filter functionalities have been added to the log viewer. #21848
• Push Publishing filters can now be added or updated via a REST API call. #21823
• Add custom content tools to traditional navigation through a simple menu option in the Content Type list, or through API calls. #21797
• Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. #21619
• Moved the System Template and System Containers to velocity's static WEB-INF/velocity/application path. #21265
• Date and time fields have been modified in MSSQL databases to take into account time zones. #21169
• Added an app that implements the prerender.io filter as a WebIntercepter and allows a user to configure prerender via Settings > Apps > dotCMS prerender App. #20903
• Switched to using Tomcat's RemoteIpValve for DNS resolution. #19569
• Updated dot-binary-file web component to support the maxFileLength attribute. #18019

Bugfixes

• GraphQL queries no longer throw errors when fetching Block Editor content. #22391
• Resolved an error that could cause OSGi import procedures to fail when a version range is specified. #22287
• Creating new content from Edit Mode now properly adds it to the Page when saved. #22210
• Changed default path of images within WYSIWYG fields to be based on ID rather than iNode, to prevent the path from breaking on file update. #22207
• Fixed errors with processing and saving of inline HTML on the WYSIWYG editor. #22179
• Improved handling of unrecognized properties in JSON to restore backwards compatibility with versions prior to 22.03. #22174
• Fixed error that caused content to disappear from a page after altering its template or layout. #22140
• Pages with the show_on_menu option enabled no longer create exceptions in procedures that reorder navigation elements. #22137
• Users with Back-End User and Front-End User roles who sign into the front end are no longer delivered to the back-end Edit Mode version of the page after manual URL entry. #22124
• Fixed issue with database export streams that caused connection closure before file generation in instances behind a load balancer. #22116
• Enter key in the dialog to create or copy a Content Type now executes the operation, instead of moving focus to the icon selector. #22104
• No HTML field-validation regular expression no longer invalidates an entry if it detects a period. #22094
• Velocity rendering of Block Editor correctly displays all nested nodes. #22092
• Bundled content not assigned to a workflow will no longer fail to push publish. #22087
• Fixed error preventing Override plugin from functioning. #22043
• PageCache now only caches with response codes of 200. #22014
• Importing a contentlet containing a binary field with a null value no longer generates an error. #22004
• Pulling related content with no sorting parameter set now returns related content in the order it was added. #21929)
• Tags considered to be stored under specific sites rather than All Sites no longer fail to display. #21904
• Push Removal of a Static Pushed page no longer removes any other files required for that page to render. #21832
• Flag icons now display properly next to languages in the content list. #21827
• Static Push Publishing no longer sets an incorrect response type for content generated on a dynamic page. #21720
• Fixed bug that caused failures when copying a site. #21718
• User interface no longer displays an erroneous Type Error when uploading files via image fields. #21715
• Fixed WebP filter: no longer adds white background in Safari, and default quality no longer ruins perfectly good images. #21694 #21652
• Push publishing plugins no longer results in error. #21568
• Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. #21482
• When saving content via REST and using the WAIT_FOR index policy, the call will now properly pass down the parameter instead of defaulting to DEFER. #21469
• Fixed license requirement message in the Personas tool on the community edition. #21307
• Container removed from Advanced Template Designer now correctly disassociates from the template, and can be deleted. #21099
• Using Select All on categories before deleting no longer deletes even deselected items. #20400
• Fixed bug preventing content from exporting when all languages are selected. #19734
• Form submissions send files correctly. #18312
• Date and time data are now updated before timezone is factored in, to prevent date and time errors during upgrades. [#22381]

Visual fixes

• The read-only system container and system template are now more visually clear as to this status, with a greyed-out color scheme and contextual buttons removed. #22216 #22217
• Corrected a display issue where relationship fields, on editing, sometimes appeared to change the type selection, such that a many-to-many relationship would display as a one-to-many relationship. #22198
• Context menus, such as those behind the “hamburger” buttons in the Content Type menu, now display one at a time. #21996
• Minor improvements to the Edit Content Type window in the admin panel.
• Fixed pop-up that appears when dragging and dropping the Form Content Type to a container. #21747
• Content Types with two Relationship fields of the same type no longer display list of crossed-out unavailable languages. #21735
• Toggling the Code view in a WYSIWYG field on Content Type that requires scrolling no longer causes the scroll position to jump. #21492
• Improved logo displays on back-end menus. #22410

Plugins

• Fragments now only load when forced. On uploading, dotCMS reads the Export-Package from the fragment manifest, adds this to the OSGi-extras file, then moves the fragment to the undeployed folder and restarts the OSGi framework. This prevents interference with other plugins and allows OSGI to be cleanly started. #22055

Breaking Changes

• Replaced repackaged JSON-handling classes with more tractable code. #22118
• Updated several default configuration values, such as disallowing HTTP by default. #22006
• Removed unnecessary Spring jars for better parsimony and tidiness. #21944
• Initial admin password is now an automatically generated, non-guessable password recorded in the logs. Setting the configuration option INITIAL_ADMIN_PASSWORD can allow for overriding the generated password with a preset one. #21916
• Moved to use Gradle 7.3.3 in the build scripts.
• AspectJ has been removed. Instead, Bytebuddy is now inited at runtime and rewrites the bytecode to weave the annotations into the classes. Additionally, ByteBuddy does not need to be included as a java agent.
• The refactoring in #22128 changed the relevant rendering macro for block customizations to renderContentBlock.

As the flagship feature of version 22.05, we unveil our new Block Editor, a JSON-based WYSIWYG editor.

Inspired by such interfaces as WordPress's Gutenberg Editor, the Block Editor is an easy-to-use, feature-rich interface for creating and editing content — whether text, images, or any other custom content defined through dotCMS. We hope you'll enjoy it!

Our demo site has been updated to feature the Block Editor on blog posts. Test it out for yourself with email address admin@dotcms.com, password admin.

Bugfixes:

• Resolved Javascript console errors that resulted from adding a pre-existing widget to a page.
• Fixed Enterprise Edition license check misfiring on some page edits.
• Fixed bundle errors when reimporting a previously imported folder that has been renamed.
• Fixed the Show Archive checkbox in the Templates section.
• Pages built with URL Mapped content are now correctly created on a full-site Static Push.
• Fixed a case where specific conditions could cause drafted content to fail to Push Publish.

Visual fixes:

• Fixed cases of contextual menus cutting off at the bottom of their parent display pane.
• Improved display for “Add Row” button in the Content Type creation interface.
• License info renders more cleanly on Create Content modal dialog.

Content:

• New Block Editor (see above).
• Added ability to copy Content Types.
• Replaced Vanity URL base content type's Site field with a Host Folder field.
• Removed limit on number of widgets or forms displayed in Content Selector popup.
• Page titles now update to display the name of content being edited; multitab without fear!
• Unique fields on global Content Types can now be specified as unique globally or unique per site.
• Optimized saving procedures to improve performance.
• Improved clickability when relating content — click anywhere in the list's rows to toggle!
• Implemented storage of content info as JSON for MSSQL databases — as previously implemented for PostgreSQL.

Plugins:

• Improved OSGi plugin loading in server-cluster context.
• Fixed error preventing OSGi plugin undeployment.
• Fixed ability to upload multiple OSGi assets at once.

Enhancements & Adjustments:

• Changed folder handling to enforce knowable & consistent folder ID behavior.
• Added ability to create a whitelist of acceptable keys for Key/Value fields.
• Reinstated Publishing options in Template editor.
• JSON handling: Removed GSON dependency in favor of Jackson.
• Added integration tests for Integrity Checker.
• Edit Mode Anywhere app no longer sends the page.rendered property on POST unless enabled in the app.
• Optimized routines for bulk adjustment of permissions.

dotCMS 22.03 is made up of 44 fixes, improvements and new features. For more detail, the whole list of issues included in dotCMS 22.03 can be found on GitHub.

New Features and Enhancements

• Moved to Shenandoah Garbage Collector. Shenandoah is a “pauseless” garbage collector that also has the benifit of quickly returing unused memory back to the underlying operating system, rather than greedly holding on to it. Operationally, this results in dotCMS needing/using less memory over time, which is very important for density when running dotCMS in orchestrators. This change in the default garbage collection can be overridden by passing other options to the JVM.
• Better FS Caching. Binary file properties that are referenced in Velocity, e.g. $content.image1.width now rely on the assetMetadataCache to return things like size and image dimensions, rather than relying on slower operations that use the filesystem and often traverse the network with NFS.
• Legacy Data Model Improvements. Folders no longer rely on hiberate object mapping to persist data.
• Docker Image now uses Amazon's Corretto OpenJDK 11 under the covers. This change was made because Amazon's OpenJDK is supported over a long term and also contains a backported version of the Shenandoah Garbage Collector, which dotCMS (docker) now uses by default. This change should not affect how dotCMS is launched or run.
• It is now possible to disable drag and drop image upload from the WYSIWYG field. To do this, you need to add a field variable dragAndDrop with the value set to false.

Security

• When writing tmp files for newly uploaded files, the filenames are now scanned and rejected if they contain directory escaping characters, e.g. ../.

Changes/Improvements

• Ticked up our versions of Angular to 13.1.3 and PrimeNg to v13.1.0.
• CalendarEvents content type can now be deleted without causing a system error.
• Elasticsearch Client was upgraded to v7.10.2.
• Users with both backend and frontend roles can now preview/edit pages.
• Langauge Keys for backend i18n are now stored using the dotCMS version as the key, and will be automatically refreshed when the dotCMS version updates.
• The background is pleasingly blurred when a modal window is popped up in the backend.

Breaking Change

• dotCMS docker configuration variables have changed to align with running the binary. See the docker configuration page for more details.

dotCMS 22.02 is a fairly large release that consists of 89 fixes, improvements and new features. For more detail, the whole list of issues included in dotCMS 22.02 can be found on github.

New Features

• Content Editors rejoice — the content palette now allows for simple, click and drag content reuse.
• GraphQL now supports dotAssets (in addition to normal FileAssets) on File and Image fields
• Download a full sql dump and asset backup via api/Admin Screen (Postgres/Docker only).
• See job progress when running Bulk Actions across large numbers of contents.
• New Host Integrity Checker to ensure that the hostnames/id match across push publishing environments.
• Updated Docker Image, removed legacy configuration process and removed “special” docker environmental variables that were used only in dotCMS docker, unifing them with the variables that the dotCMS binary expects.
• Moving forward, environmental variables should be used to configure (almost) everything. If you need to configure something outside of what can be done via environmental variables, you should be prepared to either build a custom dotCMS docker image or mount in an override file.
• GZIP enabled by default in tomcat and is configurable via environmental variables.
• SMTP server now supports SMTPS and STARTTLS and should be configured via environmental variables.
• HTTP Responses now include a header x-dot-server that identifies which server in a cluster is responding. This can be disabled if needed.
• New velocity script actionlet can be used to abort an in-flight content workflow.

Changes/Improvements

• Site selector type searches uses wildcards, which is very helpful when searching/switching sites in multi-tenanted environments.
• Forms no longer require CSP “unsafe-eval” to be used.
• “What's changed” diff takes place on the client side and no longer uses outdated XML java libraries.
• Robustification - now the backend relies more on db than Elasticsearch. Previously, if the Elasticsearch index was down or broken, dotCMS could not render front end pages, navigation, templates or the site browser. Now these work. Github issues: #21284, #21283, #21385, #21360.
• Changed to FILE_SYSTEM for metadata storage by default. This changes from the previous incorrect default of storing the metadata in the db and prevents runaway DB load when cold starting a dotcms cluster.
• Fixed race condition when copying host.
• Removed noisy log when using edit mode.
• Removed unnecessary SAML logging.
• Allow dotCMS docker image to be build using GID=0, helpful when building a dotCMS image for openshift.
• Added “Bring Back” button to the new content compare screen.
• Removed a number of old/unused dotmarketing-config.properties that caused confusion.

Breaking Changes

• Installations using the dotCMS docker image will need to update their configurations and supply different environmental variables to configure dotCMS properly. Please see the “Docker Image Configuration Options” page on how to properly configure the dotCMS docker image.
• Hazelcast config removed from docker image. If you need to configure hazelcast, you will need to specifiy it as a cache provider and mount in a custom hazelcast-config.xml.

New Features

• Unlimited fields on content / content stored as JSON. Currently available in Postgres with plans on targeting MSSQL next.
• New content version compare screen shows a field by field comparison of what's changed on any give content.
• Widgets can render both markup and as json, allowing widgets to be used in headfull and headless implementations simultaneously.
• New Redis Pub/Sub and Cache Provider. Uses the Lettuce library under the covers, allows a cluster wide 2nd level cache to improve cold startup performance on large sites. The new Redis implementation also allows the pub/sub cache invalidation mechanism to be used when primary datastore is not Postgres.
• Default folders can now be set for image/file fields, rather than always having to browse from the site root, giving a better end user experience.
• Velocity tool $dotContentMap introduced as a beta feature: Access the content object from within a container without needing to call $dotcontent.find()!

Changes/Improvements

• Site “Host Name” is renamed “Site Key” and once set, users are discouraged from changing site keys. The “Site Key” should be treated and understood as immutable and should not be changed over the lifecycle of a site.
• Site Key (hostnames) can only accept characters that are valid for server/DNS names.
• ContentTypeAPI can now filter content type results by site/host.
• SAML authentication now correctly stores the last ip for the authenticated user
• $dotcontent.find("{id}") no longer uses elasticsearch to pull proper lang/version resulting in better performance and less log spamming from velocity.

Security Fixes

• Updated Log4j2 to 2.17.1, added {nolookups} to log4j2.xml config file, start java with -Dlog4j2.formatMsgNoLookups=true github #21485, #21393. See
• Prevent XMLTool from fetching remote entities github #21415
• Remote Calls - XMLTool, JSONTool and VanityUrl Proxy calls are now blocked for localhost and private networks by default. This is best practices as per OWASP security standards. This behavior can be disabled using configuration properties. github #21415
• TempFileAPI will only import by URL if user is an admin github #21400
• User.userId is now immutable once initialized github #21392

Breaking Changes

• UID/GID in our docker image has changed to 65001:65001. Previously, it was 1000000000:1000000000. In order to run the new dotCMS docker image, you will need to make sure that the user on your host has the proper uid/gid and that your shared assets folder that map into docker have the proper ownership. As an example:

  usermod -u 65001 dotcms
  groupmod -g 65001 dotcms
  chown -R dotcms.dotcms /assets/folder/root
  

• In Postgres implementations, content is now stored as JSON. This means if there is custom code that is directly queuing the contentlet table in the db (tisk, tisk, as this is bad practice), these queries will no longer work.
• Remote Calls - XML, JSONTool and VanityUrl Proxy calls are blocked for localhost and private networks by default. This is best practices as per OWASP security standards. If your implementation makes local calls using these tools, you can change/configure the network blacklist by setting a config variable.
• Site.hostname field can only accept characters that are valid for server/DNS names (via the ui).

More Information

For more detail on what is included in 22.01 release, please see the tagged github issues

dotCMS 21.11 is a release which includes several improvements, and fixes for several issues in previous releases.

Improvements in dotCMS 21.11

• Added multiple improvements to the import action in the Apps module. (#19747)
• Added improved messaging about how to add Apps. (#18707)
• Added a static cache to GraphQL to help with heavy queries.(#19981)
• Added the ability to change the default language in the UI.(#20887)
• Added the ability to generate secure passwords for users. (#20915)
• Combined Default Content View was added in Content Search. It includes the thumbnail and details. (#21014)
• Improvements were added to improve the handling of SVG images.(#21051)
• We have removed the repackaged xbill DNS jar that contained classes under com.dotcms.repackage.org.xbill.DNS.*. Customers should instead reference these classes here: org.xbill.DNS.*.(#20940)

Fixes

The 21.11 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.11, please visit the dotCMS Github Repository.

dotCMS 21.10 is a release which includes several improvements, and fixes for several issues in previous releases.

Improvements in dotCMS 21.10

• Improved how we save timezone information.(#20899)
• Improved logging for rules. (#20880)
• Improved Reindex log messages. (#20821)
• New dotCMS endpoint /v1/system-status/alive to check if the server is up.(#20827)
• Batik dependency was removed.(#20847)
• dotCMS now releases licenses on shutdown. (#20856)
• Type selector will no longer show when searching in a portlet with only one type. Like the image portlet. (#20861)
• Replaced Moment.js library with the date-fns library.(#19784)
• Warning log messages were updated when the user is lacking permissions to view a catagory associated with the contentlet.(#20801)
• Improved error message for when an invalid shard is entered in the creation of a site search index. (#17569)

Fixes

The 21.10 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.10, please visit the dotCMS Github Repository.

dotCMS 21.09 is a release which includes several improvements, and fixes for several issues in previous releases.

Announcements, Deprecations and Breaking Changes

• Breaking Change: The rest call /api/v2/users no longer exists please use /api/v1/users instead. Any use of /api/v2/users needs to be replaced.

Improvements in dotCMS 21.09

• Images can be added to a page using drag and drop. (#18411)
• A downloadable bundle manifest is now available for each bundle. (#20010)
• Icon picker and sort_order are now available on the content type screen and on the database. (#20426)
• Created content resource that can be found by id or inode. (#20429)
• A bulk move action is now available on the content search screen. (#20504)
• License.zip files will not be moved, rewritten or duplicated on startup.(#20591)
• Improved error messages for WorkflowAPIImpl. (#20636)
• Added REST call /api/v1/content (#20429)

Fixes

The 21.09 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.09, please visit the dotCMS Github Repository.

dotCMS 21.08 is a release which includes several improvements, and fixes for several issues in previous releases.

Announcements, Deprecations and Breaking Changes

• Breaking Change: dotCMS is moving from away from using Hibernate. If your company uses Hibernate in your custom code you should update it.
• Breaking Change: dotCMS is moving from Alpine a musl based docker image to Ubuntu LTS a glibc docker image. The minimized Java 11 distribution being used may not contain all the modules you are currently relying on for custom plugins.
• Breaking Change dotCMS will be completely deprecating support for Java 8 as of this version 21.08 and instead requiring Java 11 to run.

Improvements in dotCMS 21.08

• Admins can now choose the default view when they create a custom content tool. (#17877)
• Added the option to choose what fields are shown in a relationship field's overview. (#19215)
• Added automatic deletion of old inactive Elastic Search indices to prevent performance slowdowns. (#19931)
• Made multiple improvements to Site Resource. (#20557)
• Added a short lived cache for the MonitorResource. (#20578)
• Search and aggregation are now allowed on key/value fields through the REST API. (#20603)
• Edit Mode Anywhere now always expects UTF8. (#20629)
• Moved to glibc based Docker image from a musl based Docker image. (#20666)
• Created a Bash Command Line Interface (CLI) for users to checkout a dotCMS GitHub directory with all Content Types using curl then push that directory to a dotCMS instance. (#20369)
• Updated legacy data model by replacing HibernateUtil with DotConnect. (#19399) , (#19398), (#19394)

Fixes

The 21.08 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.08, please visit the dotCMS Github Repository.

dotCMS 21.06 is a release which includes several improvements, and fixes for several issues in previous releases.

Announcements, Deprecations and Breaking Changes

• dotCMS 21.06 can now run with Java 8 or Java 11 in order to run properly. That said, we expect that within the next 3 months, dotCMS will be deprecating support for Java 8 and instead require Java 11 to run. We will keep the community posted.
• Many new features have been introduced in 21.06 please see the New Features section to see all the new features.

New Features

The following new features have been added in dotCMS 21.06:

• dotCMS reimplemented the cache networking layer using postgres's pub/sub capabilities and made clustering easier and scaling more resilient.
  • Customers using Postgres will automatically be switched to the new transport on upgrade.
  • This allows postgres installations to cluster without relying on Hazelcast.(#20153)
  • Customers who wish to revert to Hazelcast transport can explicitly configure their cluster transport configuration
• dotCMS moved Docker images to the core repo and now builds docker images programatically with github action. This does the following:
  • Multi-arch docker images
  • Appropriate tags based on the build information
  • Dockpushes directly to dockerhub.
For more information see (#20248)

Improvements in dotCMS 21.06

• Enabled the ability to replace dotCMS logo on backend. (#19970)
• Created a new REST endpoint to return the version of versionables when the identifier is passed in. (#19778)
• Improved confusing E-mail address used for system and anonymous user. (#20095)
• Updated GraphQL PageAPI call. (#20203)
• Introduced new metadata attributes for GraphQL. (#20209)
• Improved error message for deleting a container used by a template. (#20277)
• Added the ability to copy a site from a REST call. (#20272)
• Updated bundle output file type to TAR/GZIP to improve performance. (#20325)
• Added the ability to specify in the GraphQL query if a given field should be returned velocity-rendered in the response. (#20407)
• Added header identifying what vanity URL directed the user to the page to help simplify debugging. (#20416)
• Improved how external caches and the dotCMS internal cache interact. (#20412)
• Added the ability to update a site via REST using Site Resource. (#20393)
• Added ability for Felix load to be overridden by enviromental variables. (#20601)

Fixes

The 21.06 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.06, please visit the dotCMS Github Repository.

Announcements, Deprecations and Breaking Changes

• This version requires a reindex after upgrade.
• dotCMS can now run with Java 8 or Java 11.
• We recommend that all new customers run on Java 11, and that all existing customers running dotCMS 21.05.1 or later migrate to using Java 11 as soon as practical.
• We expect that support for running on Java 8 will be deprecated before the end of the year. We will keep the community posted.
• The format of the "metadata" attribute of the contentlet object has changed.
• Code which accesses values in the metadata attribute may need to be modified to read values in the new format.
• Please see below for more information.

New Features

The following new features have been added in dotCMS 21.05.1:

• A new tool called Focal Point has been added to dotCMS.
• This tool allows a focal point to be set for images on the edit screen for images.
• The Focal Point will draw your customer's eye to the most important area of the image.
• Once a focal point is set for an image it will be persisted until it is changed.
• The newly revamped tool Enhanced Inline Editing has been added to dotCMS.
• This gives content editors the abiltity to edit content directly on the page edit screen as long as they add a specific HTML block to the container.
• See documentation for more information.
• A new tool called the GraphQL Playground has been introduced to this version of dotCMS.
• This tool provides an area for users to test GraphQL calls, and see what would be outputted.
• The GraphQL playground is available under dev tools.
• Example data is provided.
• Doing a headless bulk update is now possible using the workflow fire endpoint.
• The workflow fire endpoint can now take multiple pieces of content.
• See the Improvements in dotCMS section for details.
• Metadata has been greatly enhanced.
• Metadata now has new data including the data for a focal point along with many others.
• Metadata caching has been greatly improved. There is now a dedicated cache region for metadata, which may be sized and cleared separately from other cache regions.
• Metadata in the contentlet object is now returned as a map, instead of a string, allowing access to individual metadata fields without the need to parse a string.
• For more information, please see the documentation.
• A System Theme, Container, and Template have been introduced in this version of dotCMS.
• This gives the ability to create simple headless pages with a brand new instance of dotCMS.

Improvements in dotCMS 21.05.1

• Improved push publishing performance.(#19646)
• Streamlined log by removing uneccessary output.(#20313), (#20317)
• Added validation type none for SAML.(#20420)
• The ability to add multiple content pieces when calling the workflow fire endpoint now exists. (#20080)
• Improved error messages for Integrity Checker when fixing a File Asset conflict. (#20232)
• In Push Publishing improved error message when finding unique content after looking for a content match.(#20250)
• Added copy options for host ID's in app section.(#20135)
• Improve concurrency issues.(#20507)

Fixes

The 21.05.1 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.05.1, please visit the dotCMS Github Repository.

dotCMS 21.04 is a release which includes several improvements, and fixes for several issues in previous releases.

Announcements, Deprecations and Breaking Changes

• dotCMS 21.04 still requires Java 8 in order to run properly. That said, we expect that within the next 3 months, dotCMS will be deprecating support for Java 8 and instead require Java 11 to run. We will keep the community posted.
• Breaking Change: The UserProxy table in the database is now deprecated.
• The table is still available, but no new data will be added to it starting in this release and the get method will no longer work.
• The UserProxy table will be removed all together within the next 3 months.

Changes in dotCMS 21.04

• If you are upgrading, any existing push publishing configuration will continue to work normally and will be maintained.
• There is a `Get Token` utility on the Endpoint screen that can be used to generate and retrieve a valid token from the receiving server.
• To change Push Publishing Environments to use the "Receive From" configuration instead of automated authorization tokens, set the following `USE_JWT_TOKEN_IN_PUSH_PUBLISH` in the `dotmarketing-config.properties` file to `FALSE`.

Improvements in dotCMS 21.04

• Added an "Additional Information" map/json field on the User object that can be used to store additional user information. See the User Registration Plugin for an example of how to use this in code.
• Added "Don't show this again" checkbox to Edit User Page.(#20090)
• Added the ability to override portal.properties attributes with environmental variables.(#20068)
• Allow mail session to be configured via environmental variables.(#19813)
• Created a new container called the System Container this container allows all Content Types. (#19080)
• Improved logging messages for Get Token action in the Add Endpoints tab. (#20194)
• JSON Tool parsing improvements were added. (#20164)

Fixes

The 21.04 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.04, please visit the dotCMS Github Repository.

To view more information on these and other issues, please visit the dotCMS Github repository.