Changelogs

dotCMS 23.01.1 is the official designation of dotCMS 23.01 as a long-term supported release.

Representing the vast sum of changes since 22.03 — ten months of wild-eyed development, birthing new features with prophetic zeal — this roundup is large enough that we'll soon be reorganizing the changelog layout to accommodate this and, indeed, others like it.

For the moment, you'll find the new patches to 23.01 in the first section; underneath that, a feature rollup covering everything new from 22.05 through 23.01.

Finally, for a more conversational look at the LTS-to-LTS changes, check out the announcement on our blog!

LTS Patch (Changes Over 23.01)

Enhancements & Adjustments

• You can now enable multiple multiple user IDs to possess the same email address by setting the environment variable DOT_SAML_ALLOWUSERSWITHDIFFID_REPEATEDEMAIL to true. [#24138]
• S3Client can now be configured to interact with Simple Storage Service (S3) object stores other than Amazon S3. [#22151]

Fixes

• File Browser now properly displays multilingual content, not limited by the configured user-interface language. [#24358]
• Fixed File Browser display behavior; now displays Page and file assets in expected fasion. [#24272]
• Corrected the exclusion of two asset directories from back-end exports; both are now present and accounted for. [#23810]
• Resolved issue preventing latest upgrade for MSSQL database users. [#23761]
• Categories are no longer removed from content mass-imported via CSV file. [#23440]
• Language parameters update correctly when redirecting via Rule. [#24158]
• Widgets now correctly display in non-default languages on working (i.e., draft) versions of Pages. [#24059]
• Fixed issue preventing saving content in a secondary language while a working/draft version exists in the default language. [#23280]
• CSS files now push publish to S3 buckets without issue or compilation error. [#24351]
• Navigation no longer shows duplicate results — both requested and default languages — when requesting multilingual content in the non-default language. [#23890]

(Un)Breaking Changes

• The dotcache directive no longer caches objects declared with set directive within the block; caching of generic objects should be handled manually through the Dotcache viewtool. Note that this is a breaking change if upgrading from 23.01, which introduced the behavior, but not for any previous version — that is, it effectively unbreaks the change of agile 23.01. [#24075]

LTS-to-LTS Feature Rollup

Below are the key changes of note since the last LTS. For a lighter summary, see 23.01.1 LTS: The Upgrade to Upgrade To, on our blog.

Content

• Added the new Block Editor field. [Many!]
  • Create and edit content as self-contained “blocks” stored as portable JSON, well suited to either headless or traditional use.
  • Choose from a variety of block types: paragraphs, headings, images, lists, tables, block quotes, and more.
  • Can contain and display contentlets created in dotCMS — with user-defined rendering, whitelisting, and automatic updating.
  • Fully editable inline in Edit Mode.
  • Transform WYSIWYG fields into Block Editor fields at the push of a button.
• Added ability to copy Content Types. [#21697]
• Removed limit on number of widgets or forms displayed in Content Selector popup. [#21811]
• Implemented storage of content info as JSON for MSSQL databases — as previously implemented for PostgreSQL. [#21219]
• A Push Remove Now action has been created to facilitate push-removal within a workflow. [#22021]
• Image paths can now be copied from Site Browser context (right-click) menus, using the new Copy Path item. [#22146]
• Introducing the new JSON Field, an easy way to store and access JSON data. [#22829]
• When performing a “shallow push” — i.e., Push Publishing with the “Only Selected Items” filter selected — tree entries are included in the push. This renders the behavior more intuitive in certain cases. [#18742]
• Unique fields on global Content Types can now be specified as unique globally or unique per site. This is handled via the uniquePerSite field variable, which defaults to false. [#21781] [#22250]
• Added ability to create a whitelist of acceptable keys for Key/Value fields. [#19562]
• It is now possible to retrieve parent content through a child contentlet's Relationship Field by using Lucene queries.[#22319]
• System content:
  • Certain System fields in certain Base Content Types have been rendered user-removable. [#15847]
  • Removed various system fields — tags, categories, relationships, constants, host, and folder — from the immutable JSON object storage in the database. Folder and host are passed in during the construction of a contentlet; the rest are loaded lazily. [#21858]
  • Moved the System Template and System Containers to velocity's static WEB-INF/velocity/application path. #21265

Enhancements & Adjustments

• Velocity improvements:
  • We've built a new Velocity Playground developer tool, allowing users to easily test and preview Velocity snippets before deployment. Debug with gusto — maybe even élan! [#23610]
  • Caches storing all Velocity macros now flush and refresh according to a more eager strategy, triggered either by flushing the Velocity2 cache manually via the System → Maintenance panel, or by editing any dot_velocity_macro.vtl file. [#22297]
  • Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]
  • It is now possible to read field variable key-value pairs from within Velocity, allowing evaluation at load time from your Velocity template files — and giving user-defined field variables more utility. [#22618]
  • Added new $dotcache Viewtool, a generic object cache, permits a wide assortment of highly convenient caching and storage behaviors! [#23037] [#23430] [#23431] [#23432] [#23575]
  • Added $dotContentMap, a built-in Velocity content object that lets you access content in a container without performing a pull.
• API improvements:
  • Added a new API Playground tool to the Dev Tools, built using Swagger. [#22298]
  • Refactored HostAPI: Improved caching and respect for permissions; now reliant on the database instead of ElasticSearch, and on variable names instead of Content Type names. [#21476]
  • Metadata for Binary Fields is now exposed through API responses. [#23552]
  • Push Publishing filters can now be added or updated via a REST API call. [#21823]
  • Added new API endpoints for creating, reading, updating, or deleting containers. [#21626]
  • Permissions operations now have REST API endpoints. [#22524]
  • New /api/v1/page/copyContentlet endpoint allows copying of content in the context of a page, duplicating the object and editing the tree entry. In other words, this is a “Save as Copy” method that allows content to be modified for a single page rather than all pages. [#23224]
    • Added in the same breath: New /api/v1/page/{pageIdentifier}/_deepcopy endpoint allows a “deep copy” of an entire page — copying both the page itself and all content contained therein.
• Edit Mode Anywhere changes:
  • Now works in AWS Amplify and other hosting platforms. [#21877]
  • No longer sends the page.rendered property on POST unless enabled in the app. [#21786]
  • URL Override plugin's functionality is now part of the core, available out of the box. [#21713]
• Logging:
  • The log viewer has been rebuilt for performance and reliability. [#23043] [#23042] [#22968] [#22978] [#23039]
  • Additional logging has been added to SAML operations. [#23048]
  • Pulled various log messages that are more on the “noise” than “signal” end. [#23757] [#22144] [#23781]
• User experience tweaks, simplifications, etc.:
  • Enter key now activates the primary action — e.g., Next, Submit, etc. — for all dialogs in the system. [#19158] [#22566]
  • Improved clickability when relating content — click anywhere in the list's rows to toggle!
  • Add custom content tools to traditional navigation through a simple menu option in the Content Type list, or through API calls. [#21797]
  • In the traditional interface, clicking on an entry in the Categories menu now provides a list of child categories, for improved navigation. [#23252]
  • Angular dropdown menus, such as the site selector, now allow for keyboard navigation. [#22835]
• Changed folder handling to enforce knowable & consistent folder ID behavior. [#21801]
• Replaced Vanity URL base content type's Site field with a Host Folder field. [#21889]
• The Multipart Web Interceptor plugin, which scans multipart or form requests that use PUT or POST to upload files, has been fully integrated into the core product. [#21854]
• Date and time fields have been modified in MSSQL databases to take into account time zones. [#21169]
• Versions of the same content across different languages can now display publishing dates distinct from one another. [#21518]
• Updated dot-binary-file web component to support the maxFileLength attribute. [#18019]
• Image filter scale has been mapped to the resize filter that replaced it, improving backwards compatibility. [#22463]
• Switched to using Tomcat's RemoteIpValve for DNS resolution. [#19569]
• Updated the Next.js starter: Upgraded to the latest Next.js version, and reviewed compliance with community guidelines. Read more about using dotCMS with Next.js on our blog. [#22992][#22994][#22995]
• Added an app that implements the prerender.io filter as a WebIntercepter and allows a user to configure prerender via Settings → Apps → dotCMS prerender App. [#20903]
• Now compatible with Husky. [#21857]
• Various performance improvements!
  • Optimized routines for bulk adjustment of permissions. [#19358]
  • Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. [#21619]
  • Sped up the process of fetching a piece of content's categories via Velocity. You might say we've increased its Velocity. Stop frowning at me. [#22864]
  • Implemented lazy loading for workflow histories to improve load times for history-rich content. [#22068]
  • Tomcat no longer performs scans for Tag Library Descriptor files at startup, speeding up initialization. [#22716]
  • General library-driven improvements to paste behavior across a variety of fields and data types. [#22019]
  • Related content spanning multiple locales has been made more performant, shortening load times. [#22910]
  • Added DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS environment variable to limit the maximum number of threads image processing can consume. [#23384]

Visual Adjustments

• “Paper” layering styles (e.g., gaps and drop-shadows) removed from back end, reclaiming some space. [#23369]
• Significant cleanup operations and general improvements have been undertaken on the user interface for Containers. Error messages, toasts, layout elements, context menus, and more have received some TLC for a cleaner and smoother user experience. [#23141] [#23142] [#23143] [#23144] [#23146] [#23200]
• “Break lines, not layouts!” The field variable interface now handles lengthy keys and values more gracefully; long text now wraps to additional lines within invariant columns. This supersedes the old behavior of “plunging into chaos.” [#23119]
• Page titles now update to display the name of content being edited; multitab without fear! [#21701]
• Fixed cases of contextual menus cutting off at the bottom of their parent display pane. [#21979] [#23461]
• Replaced browser-native alert() message box after user account changes data in the My Account dialog. [#22276]
• When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]
• Fixed pagination errors on the UI site selector; now displays a maximum of 15 results at a time, with live text filtering of choices. [#22734]
• Slight adjustment to the styling of cards in the Apps section. [#23367]
• The read-only system container and system template are now more visually clear as to this status, with a greyed-out color scheme and contextual buttons removed. [#22216] [#22217]
• Pagination now displays properly when querying related content by REST API. [#22236]
• Updated labeling to more clearly distinguishing between a “key” and a “token” in the user interface — a subtle but “key” difference! [#23007]
• Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]
• Removed extraneous descriptive text from dropdowns in Edit Mode. [#23406]
• Date and Date/Time fields now highlight the current date. [#23551]

Dependencies, Components, Etc.

• JSON handling: Removed GSON in favor of Jackson. [#21641]
• Updated ProseMirror, TipTap, and Tomcat. [#22058] [#21849]
• The version of Java used in docker images has been updated. [#22426] [#22852]
• Upgraded Nx and Angular. [#22337]
• Updated Dojo. [#22132] (Note: Also listed under Breaking Changes.)
  • Smoke-tested Dojo update. [#22885]
• Moved from Libsass to Dart Sass for SASS/CSS compilation. [#22196]
• Tomcat native library location has been fixed for Apple M1 contexts. [#22893]
• Updated GNU General Public License text. [#23352]
• PDFBox library updated to 2.0.27. [#23384-comment]
• Stabilized internal Tomcat path to prevent breaking changes on minor-version updates. [#23407]
• Removed unused jsass and Apache commons text libraries, to avoid flags associated with the text4shell vulnerability. Although dotCMS was never susceptible to said vulnerability, we thought it best to avoid even the suggestion of it. [#23475]
• Upgraded the PostgreSQL JDBC driver. As with the previous bullet point, this resolves a vulnerability that did not strictly affect dotCMS. [#23531]
• We've carved npm out of the front-end build process and wrapped the latter in a Maven module, as a first step toward using Maven for the full build. [#23556]

Plugins

• Improved OSGi plugin loading in server-cluster context. [#21882]
• Fixed error preventing OSGi plugin undeployment. [#21879]
• Fixed ability to upload multiple OSGi assets at once. [#21685]
• Fragments now only load when forced. On uploading, dotCMS reads the Export-Package from the fragment manifest, adds this to the OSGi-extras file, then moves the fragment to the undeployed folder and restarts the OSGi framework. This prevents interference with other plugins and allows OSGI to be cleanly started. [#22055]
• Created new OSGi system framework for loading system bundles — minimal, speedy, and stable. [#22184]
• Override plugin now starts correctly in certain prior versions. [#22043]

Development Improvements

• Migrated Actions to monorepo. [#21761]
• Improved test times. [#22495]
• Consolidated build jobs. [#21755]
• Migrated Postman tests to GitHub Actions. [#21758]
• Resolved vulnerabilities and identified by SonarQube. [#23405]
• Updated GitHub Actions code in response to command deprecations. [#23332]
• Update tasks have been updated and backported, improving maintenance of future LTS releases. [#22916]

Breaking Changes

• Replaced repackaged JSON-handling classes with more tractable code. [#22118]
• Updated several default configuration values, such as disallowing HTTP by default. [#22006]
• Removed unnecessary Spring jars for better parsimony and tidiness. [#21944]
• Initial admin password is now an automatically generated, non-guessable password recorded in the logs. Setting the configuration option INITIAL_ADMIN_PASSWORD can allow for overriding the generated password with a preset one. [#21916]
• Moved to using Gradle 7.3.3 in the build scripts. [#21684]
• AspectJ has been removed. Instead, Bytebuddy is now inited at runtime and rewrites the bytecode to weave the annotations into the classes. Additionally, ByteBuddy does not need to be included as a java agent. [#21684]
• By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]
• Updated Dojo. [#22132]
• Removed unused MySQL and Oracle drivers; users relying on either of these will need to provide their own drivers in their plugins. [#23531-comment]

Fixes

• Corrected an issue that prevented relating content in a Relationship field with Many-to-One cardinality. [#22840]

Enhancements & Adjustments

• Added DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS environment variable to limit the maximum number of threads image processing can consume. [#23384]
• Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]
• Related content spanning multiple locales has been made more performant, shortening load times. [#22910]

Visual Fixes

• Fixed cases of back-end menu tools' text not displaying. [#23341]
• Displayed date updates correctly on menu after changing time zone. [#23128]
• Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]
• Fixed bug that inverted the display of parent and child in many-to-one Relationship fields.[#22549]
• Pagination now displays properly when querying related content by REST API. [#22236]
• Content Types with two Relationship fields of the same type no longer display list of crossed-out unavailable languages. #21735

Dependencies, Components, Etc.

• PDFBox library updated to 2.0.27. [#23384-comment]

Fixes

• Categories are no longer removed from content mass-imported via CSV file. [#23440]
• Resource consumption has been restricted on PDF thumbnail generation, decreasing system footprint and preventing out-of-memory exceptions. [#23384]
• Additional error handling has been added to the PublisherJobQueue to improve logging and resilience. [#22850]
• Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]
• Fixed the removal of categories through API calls, which no longer throws an error. [#22756]
• Image selector displays correct totals and respects language selection. [#22729]
• Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]
• Saving a contentlet before its related content loads will no longer result in a clearing of the Relationships field. [#22323]
• Pulling related content with no sorting parameter set now returns related content in the order it was added. #21929)
• Push Removal of a Static Pushed page no longer removes any other files required for that page to render. #21832
• Assign function under the Tasks tool no longer throws an error when attempting to change content not in the default language while a working version exists in the default language. [#23280]

Security

• XMLTool has been restricted from fetching remote entities. [#21415]

dotCMS 23.02's highlights include a new condition for Rules based on the HTTP method used, the ability to change S3 API endpoint targets, and improvements to the Content Search user interface. 23.02 also features significant maintenance and bug-squashing efforts. These latter entries are perhaps less glamorous, but certainly no less important or virtuous. And virtue, as they say, is its own reward.

Lastly, our own internal workflows continue to evolve and improve in tandem with the product, as documented below. We hope you'll enjoy the result!

Enhancements & Adjustments

• New Rule condition allows a Rule to fire based on the HTTP method used. [#23209]
• Users may now edit the labels of system fields on any Content Type. [#22901]
• The Page API can now additionally return a count of the number of Pages in which a piece of content appears. [#23223]
• While editing an existing piece of content, the editor will display a link to the relevant Content Type under the Workflow summary. [#23231]
• The Block Editor's image-block popup now includes a tab for uploading a local file. [#23237]
• The top bar of the Content Search has been reorganized for better visibility and distribution. On page load, the search input field receives focus. These little details matter! [#23601]
• In a follow-up to our previous effort to make system fields in Base Content Types removable by users, we're extending the process so it'll do likewise to user-created variants. [#23736]
• The paragraph block has been removed from the configurable Allowed Blocks list, to better convey its inviolable “default block” status. [#23764]
• The logs have fewer spammy messages to let you know that no apps require ACCESS_TOKEN renewal. The logs cover a lot of ground, so it's important to maintain a decent signal-to-noise ratio. [#23781]
• S3Client can now be configured to interact with Simple Storage Service (S3) object stores other than Amazon S3. [#22151]
• Image permits, which control the number of threads dotCMS's image editor can occupy at once, have been made more permissive through better use of caching. They are now less likely to cap out on routine operations, without compromising their intended purpose of easing system resource burdens. [#23807]

Visual Fixes

• Content Type layouts in excess of three columns now distribute their contents more evenly on smaller displays. [#23644]
• Reinstated title bar to query dialogs on content search screen. Repaired their styling, too. [#23554] [#23739]

Development Improvements

• Postman tests are now run in parallel, segmented into smaller groups. [#23330]
• Added Push Publishing test fixes for Postman covering sender collection and graceful failure when it cannot determine a result. [#23766][#23330]
• Created automation to remove published dotCMS CI/CD image used for Postman tests. [#23808]
• Maven build no longer adversely impacts a local npm registry. [#23692]
• SonarQube is now run on every pull request to core-web. [#23696][#23779]
• Simplified integration of Docker images considered dependencies via Github Container Registry. [#23808]

Fixes

• Whitelisting a block on a Block Editor field will no longer result in error when adding images to that field. [#23920]
• Corrected the exclusion of two asset directories from back-end exports; both are now present and accounted for. [#23810]
• Fetching language keys for an unsupported language now falls back to default administrative language configured from the System → Configuration tool, rather than the default content language configured through the Types & Tags → Languages tool. [#23777]
• Multilingual sites no longer simultaneously display default-language navigation elements when non-default-language navigation is requested. [#23890]
• Resolved issue preventing latest upgrade for MSSQL database users. [#23761]
• Downloading a starter from the back end is now a streamed process that begins as the assets are being incorporated into an archive. This prevents timeouts under certain administrative setups — such as running dotCMS behind a load balancer — and limits the danger of the destination container over-allocating space in the case of multiple requests. That's a mouthful, but two birds with one stone merits a yarn. [#23733]
• Unnecessary XML encoding has been removed from environmental variables that originate from the Tomcat access log file. [#23669]
• Categories are no longer removed from content mass-imported via CSV file. [#23440]
• Adding the same Content Type to a custom content tool twice will now display a more descriptive error message. [#22411]
• Push Publishing filters now save to the correct subfolder with the correct filename; a recent update was missing a trailing slash, causing them to be saved in the parent folder with the subfolder's name appended to the filenames. [#23578]
• Mended typo in the Checkbox Field's values property, which is now callable in the Velocity content object either through the .values or .value properties, instead of just the latter. [#22049]

Breaking Changes

• The user API endpoint at /api/v1/users/filter has been refactored to take query strings instead of path parameters. [#20529]
• The dotcache directive no longer caches objects declared with set directive within the block; caching of generic objects should be handled manually through the Dotcache viewtool. Note that this is a breaking change if upgrading from 23.01, which introduced the behavior, but not for any previous version — that is, it effectively unbreaks the change. [#24075]

dotCMS 23.01 rockets out of the gate with an array of new features!

The Block Editor continues to evolve; it now supports Table blocks, allows inline editing in Edit Mode, and comes equipped with a new image-search component. Our Velocity toolbelt has gained some important new gizmos: all-purpose object caches, and a brand-new Velocity Playground developer tool. Need to access file metadata? Now you can do it through API calls.

This version features a legion of user interface improvements, a throng of under-the-hood fixes, a handful of component updates, and, as usual, more. Happy New Year, and bon appetit.

Content

• Tables! The Block Editor now has a Table block — the newest sail on our flagship content editor. [#21991]
• Simplified image import from the Block Editor: Pasting an image link into a new block displays the image, and a button allows one-click importation as a dotAsset. [#22194]
• Selecting “Images” from the Block Editor displays a new dialog that allows easy selection of images from within dotCMS, or via URL. [#23235] [#23238]
• While in Edit Mode, Block Editor fields can be edited inline through a swanky new modal interface. [#22487]

  Note: This feature was announced and documented circa the 22.12 release, but was not yet functional; 23.01 is its first effective release.

Enhancements & Adjustments

• The new $dotcache Viewtool, a generic object cache, permits a wide assortment of highly convenient caching and storage behaviors! [#23037] [#23430] [#23431] [#23432] [#23575]

  Note: This also alters the behavior of the dotcache directive; see Breaking Changes.

• We've built a new Velocity Playground developer tool, allowing users to easily test and preview Velocity snippets before deployment. Debug with gusto — maybe even élan! [#23610]
• We've added an interface to the Block Editor settings to allow configuration of whitelisted blocks without the use of field variables. [#22908]
• Metadata for Binary Fields is now exposed through API responses. [#23552]
• New /api/v1/page/copyContentlet endpoint allows copying of content in the context of a page, duplicating the object and editing the tree entry. In other words, this is a “Save as Copy” method that allows content to be modified for a single page rather than all pages. [#23224]
  • Added in the same breath: New /api/v1/page/{pageIdentifier}/_deepcopy endpoint allows a “deep copy” of an entire page — copying both the page itself and all content contained therein.
• The $dotContentMap built-in content object is now utilized in shortcut dialogs in the Container interface. [#23248]
• In the traditional interface, clicking on an entry in the Categories menu now provides a list of child categories, for improved navigation. [#23252]
• Enabled further support for undo and redo operations in the Block Editor. [#22903]
• Made thumbnails a bit less noisy in the logs. [#23757]
• Added DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS environment variable to limit the maximum number of threads image processing can consume. [#23384]

Visual Fixes

• Significant cleanup operations and general improvements have been undertaken on the user interface for Containers. Error messages, toasts, layout elements, context menus, and more have received some TLC for a cleaner and smoother user experience. [#23141] [#23142] [#23143] [#23144] [#23146] [#23200]
• “Break lines, not layouts!” The field variable interface now handles lengthy keys and values more gracefully; long text now wraps to additional lines within invariant columns. This supersedes the old behavior of “plunging into chaos.” [#23119]
• Fixed cases of back-end menu tools' text not displaying. [#23341]
• Slight adjustment to the styling of cards in the Apps section. [#23367]
• “Paper” layering styles (e.g., gaps and drop-shadows) removed from back end, reclaiming some space. [#23369]
• Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]
• Removed extraneous descriptive text from dropdowns in Edit Mode. [#23406]
• Context menus called at the bottom of a menu list no longer break off. [#23461]
• Date and Date/Time fields now highlight the current date. [#23551]
• Removed visual duplication of the content palette while Edit Mode is loading. [#23619]

Dependencies, Components, Etc.

• Updated GNU General Public License text. [#23352]
• PDFBox library updated to 2.0.27. [#23384-comment]
• Stabilized internal Tomcat path to prevent breaking changes on minor-version updates. [#23407]
• Removed unused jsass and Apache commons text libraries, to avoid flags associated with the text4shell vulnerability. Although dotCMS was never susceptible to said vulnerability, we thought it best to avoid even the suggestion of it. [#23475]
• Upgraded the PostgreSQL JDBC driver. As with the previous bullet point, this resolves a vulnerability that did not strictly affect dotCMS. [#23531]

  Note: See Breaking Changes.

• We've carved npm out of the front-end build process and wrapped the latter in a Maven module, as a first step toward using Maven for the full build. [#23556]

Development Improvements

• Resolved vulnerabilities and identified by SonarQube. [#23405]
• Updated GitHub Actions code in response to command deprecations. [#23332]

Fixes

• Push publishing to S3 buckets now works in all major regions, regardless of which Signature Version is supported behind the scenes. [#22449]
• Fixed erroneous difference between the Key/Value field's import and export formatting. [#22582]
• Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]
• Image selector displays correct totals and respects language selection. [#22729]
• /api/v1/containers endpoint correctly updates a Container when maxContentlets is set to 0. [#23147]
• Large bulk updates via import are now faster, via adjustments to relationship-field validation operations. Timeout troubles, begone! [#23015]
• Fixed the sort-order parameter, orderby, for Categories; they now sort as specified. [#23253]
• Performing a health check via /api/v1/system-status now cleans up after itself, removing all created folders. [#23267]
• Restored PDF and video previews in back-end content editor. [#23359]
• Resource consumption has been restricted on PDF thumbnail generation, decreasing system footprint and preventing out-of-memory exceptions. [#23384]
• Resolved issue where certain access-limited users could not switch between multiple sites on the back end. This was due to a permission correspondence between the necessary endpoint and the Sites tool, which may not be visible to the limited user. [#23474]
• Fixed error preventing the addition of a Container to an Advanced Template. [#23557]
• Updated internal IP blacklists to include AWS metadata services. [#23481]
• URI normalization filter has been made less aggressive, and now plays nicely with slashes and equals signs. [#22498]

Breaking Changes

• Removed unused MySQL and Oracle drivers; users relying on either of these will need to provide their own drivers in their plugins. [#23531-comment]
• The new $dotcache Viewtool (see Enhancements) has altered the behavior of the prior dotcache directive. Previously, dotcache blocks cached fully rendered versions of their contents, omitting various Velocity state operations in the process. Now, set directives within dotcache blocks are “wrapped” in the new generic object cache routines, allowing declared objects to persist on cache hit. This may interfere with a small, niche set of use-cases, which can still be addressed via the viewtool.
  • As of either 23.02 or 23.01.1 LTS, this change has been un-broken, and Velocity context data is once again not cached within a dotcache block by default. [#24075]

Bugfixes

• Fixed bug that inverted the display of parent and child in many-to-one Relationship fields. [#22549]
• Fixed a case where specific conditions could cause drafted content to fail to Push Publish. [#21966]
• dotCMS now scans zip files to ensure integrity, preventing errors resulting from working with an invalid archive. [#23401]
• Remote-URL access tools like $json or $import now run in a thread pool to avoid blocking, backups and crashes in the event of high traffic to a non-responsive external API. [#22522]
• Fixed issue where certain access-limited users could not switch between multiple sites on the back end. This was due to a permission correspondence between the necessary endpoint and the Sites tool, which may not be visible to the limited user. [#23474]
• Large bulk updates via import are now faster, via adjustments to relationship-field validation operations. Timeout troubles, begone! [#23015]
• Resolved erroneous difference between the Key/Value field's import and export formatting. [#22582]

Breaking Changes

• By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]

Bugfixes

• TempFileAPI will now only import by URL if the user is an admin, to reduce exposure to server-side request forgeries. Per OWASP best practices, requests to non-pubic hosts are disallowed. For improved transparency, the source IP has been added to the request as a URL parameter. [#21400]
• dotCMS now scans zip files to ensure integrity, preventing errors resulting from working with an invalid archive. [#23401]
• Remote-URL access tools like $json or $import now run in a thread pool to avoid blocking, backups and crashes in the event of high traffic to a non-responsive external API. [#22522]
• Fixed issue where certain access-limited users could not switch between multiple sites on the back end. This was due to a permission correspondence between the necessary endpoint and the Sites tool, which may not be visible to the limited user. [#23474]
• Large bulk updates via import are now faster, via adjustments to relationship-field validation operations. Timeout troubles, begone! [#23015]
• Resolved erroneous difference between the Key/Value field's import and export formatting. [#22582]

Breaking Changes

• By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]

Originally planned to be released as 22.11, dotCMS's version 22.12 reaffirms our position vis-a-vis the classic dilemma: “Done fast, or done right?” This release includes a variety of important fixes and enhancements — and in a few cases, both at once — all under an ever-expanding regime of quality-assurance testing.

Whether you're looking for an easy way to keep rich, structured content up to date; tools to keep tabs on content length for SEO or audience tailoring; better logging; or just an all-around richer and more stable user experience, consider upgrading to 22.12!

Note: Upgrading to 22.12 or later from any pre-22.12 version requires a full reindexing of content. This is a simple, pushbutton procedure, but may take some time on very large sites.

Content

• Block Editor image blocks now provide more tailored support to dotImages, HTML images, etc. Among other things, this improves the process of WYSIWYG-to-Block-Editor conversion. [#22832]
• When performing a “shallow push” — i.e., Push Publishing with the “Only Selected Items” filter selected — tree entries are included in the push. This renders the behavior more intuitive in certain cases. [#18742]
• Contentlets placed in a Block Editor field now remain updated if the referenced content changes. This feature syncs the block-contentlet with that of both the database and the cache. This comes with a slight performance cost — in most cases statistically insignificant — that can be offset by disabling the cache-synchronization: Just set the environment variable DOT_REFRESH_BLOCK_EDITOR_REFERENCES=false. [#22857][#22990]

  Note: This item originally premiered as a feature of 22.10; however, because of an oversight, the feature was not operational in that release. 22.12 is therefore its first effective release.

• Blocks now have a “Delete” button — that is, one of these dealies now appears in the bubble menu. [#22881]
• Block Editors can now display character count, word count, and estimated reading time figures below the field. This can be optionally disabled — or a character limit can be configured — through new field variables. [#22904]

Enhancements & Adjustments

• The log viewer has been rebuilt. While this represents an enhancement overall by way of better performance and reliability, this item represents a number of bugfixes as well.
• Certain System fields in certain Base Content Types have been rendered user-removable. [#15847]
• Caches storing all Velocity macros now flush and refresh according to a more eager strategy, triggered either by flushing the Velocity2 cache manually via the System → Maintenance panel, or by editing any dot_velocity_macro.vtl file. [#22297]
• Permissions operations now have REST API endpoints. [#22524]
• Angular dropdown menus, such as the site selector, now allow for keyboard navigation. [#22835]
• Sped up the process of fetching a piece of content's categories via Velocity. You might say we've increased its Velocity. Stop frowning at me. [#22864]
• Additional logging has been added to SAML operations. [#23048]
• Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]

Visual Fixes

• “Uploading” placeholder no longer sticks around after an image is successfully added to a Block Editor via drag and drop. [#22580][#22859]
• Contentlets embedded within the Block Editor now correctly push during a Push Publish operation. [#22899]
• Displayed date updates correctly on menu after changing time zone. [#23128]
• Default system container no longer reports a broken image when displaying content without an image. [#23088]

Dependencies & Components

• Tomcat native library location has been fixed for Apple M1 contexts. [#22893]
• Update tasks have been updated and backported, improving maintenance of future LTS releases. [#22916]

Bugfixes

• The Log Viewer — A Chronicle:
  • The viewer now properly filters and highlights search terms. [#23043]
  • Navigation between pages has been fixed. [#23042]
  • Viewer's front-end performance has been fixed and optimized. [#22968]
  • Ditto on the back end. [#22978]
  • The front- and back-end changes have been integrated. [#23039]
• Block Editor bubble menu no longer pops up after reordering blocks by drag and drop. [#22898]
• Docker images have been updated to use UTF-8 language settings by default. [#23056]
• SameSite cookie property can now be overridden from strict to lax, which can counter certain conditions preventing SAML redirects. [#23072]
• Fixed issue preventing categories from being added properly to bundles. [#23078]
• Additional error handling procedures added to the Scripting API ensure that file handles close properly. [#23082]
• Site Selector now correctly switches between multiple sites while in Edit Mode. [#23106]
• Fixed case causing WYSIWYG to throw a null pointer exception when containing certain invalid data elements. [#23296]
• Resuscitated the ElasticSearch query tool after the sight of a recent bug caused it to faint. It's feeling much better, now. [#23379]
• dotCMS now scans zip files to ensure integrity, preventing errors resulting from working with an invalid archive. [#23401]
• The API endpoint for firing a workflow action no longer fails when the indexPolicy parameter is specified. [#23381]

⚠️ Breaking Changes

• Because of changes in the way identifiers are handled, it is necessary to perform a full reindex after upgrading to 22.12.

Bugfixes

• SAML redirects now forward properly after authentication. [#22156]
• Added a way to avoid cases where hashed IDs are referenced against non-hashed data in the creation of SAML users: Created hash.userid property (boolean) to SAML configuration to control whether the UserID is hashed or not. [#22692]
• Bulk adjustment of large quantities of permissions can no longer deadlock the database. [#19358]
• Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. [#21482]
• Fixed WebP filter: no longer adds white background in Safari, and default quality no longer ruins perfectly good images. [#21694] [#21652]
• Fixed issue with database export streams that caused connection closure before file generation in instances behind a load balancer. [#22116]
• Users with Back-End User and Front-End User roles who sign into the front end are no longer delivered to the back-end Edit Mode version of the page after manual URL entry. [#22124]
• When upgrading from version 5.1.6 (or older), database migration tasks now run smoothly, without errors due to differences in DB column counts. [#22349]
• Restored missing locales for Velocity localization operations. [#22603]
• Fixed a MSSQL DB error on upgrade. [#22605]
• Time zone data updates properly on upgrade to 22.03 or later. [#22771]
• Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
• Fixed issue causing some navigation items to fail to display after upgrade to 22.03 or later. [#22809]
• Fixed the Show Archive checkbox in the Templates section. [#21885]
• Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
• NavTool's getNav() method no longer returns unpublished pages; published pages only! [#22425]
• Copy Site copies all content; previously, the process encountered a silent cap at 10,000 items due to limits on indexes and Elasticsearch queries. [#22520]
• Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]

Visual Fixes

• When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]
• Content Palette displays larger numbers of Content Types more reliably. [#22338]
• The “What's Changed?” checkbox in Edit Mode now displays as checked when enabled, and correctly switches between states. [#22673]
• Pagination now displays properly when querying related content by REST API. [#22236]
• Displayed date updates correctly on menu after changing time zone. [#23128]
• Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]

Enhancements and Adjustments

• Switched to using Tomcat's RemoteIpValve for DNS resolution. [#19569]
• Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. [#21619]
• Reinstated Publishing options in Template editor. [#21612]
• Various improvements have been implemented in upgrade routines. [#22916]
• Submit button disabled immediately after Form submission to prevent duplicate submissions. [#22951]
• Implemented storage of content info as JSON for MSSQL databases — as previously implemented for PostgreSQL. [#21219]
• Removed various system fields — tags, categories, relationships, constants, host, and folder — from the immutable JSON object storage in the database. Folder and host are passed in during the construction of a contentlet; the rest are loaded lazily. [#21858]
• Related content spanning multiple locales has been made more performant, shortening load times. [#22910]
• Queued jobs have received additional failsafes against long waits for dependencies. [#23041]
• Improved ContentMap category lookups to be quicker and less expensive. [#22864]

Dependencies & Components

• Minor version update to Java on Docker image. [#22852]
• Updated Tomcat to subsequent minor version. [#21849]

dotCMS 22.10 showcases a few new features, starter updates, some UI cleanup, and more. Want to get started with the Block Editor, but all of your rich content is bound up in WYSIWYG fields? We now offer a way to convert WYSIWYG fields into Block Editor fields within an existing content type. We're also introducing the JSON Field — a new way to wrangle semi-structured data within your content.

An important note about libraries: As of 22.10, all “repackaged” libraries are deprecated in dotCMS and will be removed at some future point. While not a breaking change per se, developers should supply their own versions of repackaged libraries in their plugins or replace repackaged classes with the respective normal class. For example:

import com.dotcms.repackage.org.apache.commons.io.input.TailerListenerAdapter;

should become

import org.apache.commons.io.input.TailerListenerAdapter;

Content

• Introducing the new JSON Field, an easy way to store and access JSON data. [#22829]
• You can now transform WYSIWYG fields into Block Editor fields at the push of a button. [#22488]

Enhancements & Adjustments

• Related content spanning multiple locales has been made more performant, shortening load times. [#22910]
• Updated the Next.js starter: Upgraded to the latest Next.js version, added inline editing to the Block Editor, and reviewed compliance with community guidelines. Read more about using dotCMS with Next.js on our blog. [#22992][#22994][#22995]
• The basic, empty dotCMS starter image has been tidied and updated. [#22967]
• Submit button disabled immediately after Form submission to prevent duplicate submissions. [#22951]

Visual Fixes

• Updated labeling to more clearly distinguishing between a “key” and a “token” in the user interface — a subtle but “key” difference! [#23007]
• Fixed bug that inverted the display of parent and child in many-to-one Relationship fields.[#22549]
• The “What's Changed?” checkbox in Edit Mode now displays as checked when enabled, and correctly switches between states. [#22673]
• Improved the system for default icon assignment to tool groups during upgrades. [#22861]

Bugfixes

• Contentlets can now be added to the Block Editor field before the content containing the field has been saved. [#23163]
• Copy Site copies all content; previously, the process encountered a silent cap at 10,000 items due to limits on indexes and Elasticsearch queries. [#22520]
• NavTool's getNav() method no longer returns unpublished pages; published pages only! [#22425]
• Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]
• Remote-URL access tools like $json or $import now run in a thread pool to avoid blocking, backups and crashes in the event of high traffic to a non-responsive external API. [#22522]
• Key/Value fields once again properly escape special characters, thereby squashing a recent and noisome bug. [#22754]
• Key/Value fields properly record item order after sorting. [#22975]
• Fixed issue causing some navigation items to fail to display after upgrade to 22.03 or later. [#22809]
• Time zone data updates properly on upgrade to 22.03 or later. [#22771]
• The breadcrumb-trail links at the top of the admin panel open in the same tab. [#22843]
• Additional error handling has been added to the PublisherJobQueue to improve logging and resilience. Now nigh unkillable, it may be observed in the wild eating boulders and arm-wrestling jabberwocks. [#22850]
  • Queued jobs themselves have likewise received additional failsafes. [#23041]
• Multiple Block Editors in the same content type will all save their respective content properly. [#23216]

Bugfixes

• Copy Site copies all content; previously, the process encountered a silent cap at 10,000 items due to limits on indexes and Elasticsearch queries. [#22520]
• Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]
• Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
• Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set. [#22266]
• Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role. [#22237]
• Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
• Users with Front-End and Back-End permissions logged in to the front end are no longer redirected automatically to the same page in (Back-End) Edit Mode after manual URL entry. [#22124]
• Pushing a single piece of archived content no longer directly affects — i.e., unpublishes — other versions of the same content. [#21624]
• Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. [#21619]
• Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. [#21482]
• Switched to using Tomcat's RemoteIpValve for DNS resolution. [#19569]
• A Content Type having a many-to-many relationship to itself will no longer cause contentlets to lose their many-to-many relationships under certain conditions. [#20491]
• $dotcontent viewtool respects the passed languageID and no longer returns the wrong language in certain situations. [#19774]

dotCMS 22.09 features continued Block Editor improvements, Velocity-level access to field variables, dependency upgrades, performance optimizations, a smattering of squashings in the bug district, and more.

As of this build, LDAP support is now considered a deprecated feature, and may be removed from the product at a future date. It is recommended that customers still using LDAP to integrate with dotCMS begin migration to a different Single Sign-On (SSO) solution, such as SAML (through Azure or another Identity Provider).

Content

• You can now easily link to other dotCMS content within the Block Editor. [#21866]
• Base font size inside Block Editor has been increased slightly for readability. [#22165]
• It is now possible to read field variable key-value pairs from within Velocity, allowing evaluation at load time from your Velocity template files — and giving user-defined field variables more utility. [#22618]

Enhancements & Adjustments

• Expanding on an improvement in 22.08, the Enter key now performs the primary action (e.g., “Next,” “OK,” “Accept,” etc.) in a wider array of dialogs. [#22566]
• “Suggestion” components — the clickable items that populate under a search bar, such as when linking content in the Block Editor — have been refactored to be more reusable and maintainable. [#22671]
• Added a Docker compose example running dotCMS with MSSQL in ARM architecture (e.g., for users of Apple M1 processors). [#22639]
• Refactored block-editor library to include folder structure. [#22517]
• Tomcat no longer performs scans for Tag Library Descriptor files at startup, speeding up initialization. [#22716]
• General library-driven improvements to paste behavior across a variety of fields and data types. [#22019]

Visual Fixes

• Fixed pagination errors on the UI site selector; now displays a maximum of 15 results at a time, with live text filtering of choices. [#22734]
• Pagination now displays properly when querying related content by REST API. [#22236]

Dependencies & Components

• Minor version update to Java on Docker image. [#22852]
• Upgraded Nx and Angular. [#22337]
• Updated Dojo. [#22132] (Note: Also listed under Breaking Changes.)
  • Smoke-tested Dojo update. [#22885]
• Moved from Libsass to Dart Sass for SASS/CSS compilation. [#22196]

GitHub Environmental Improvements

• Migrated Actions to monorepo. [#21761]
• Improved test times. [#22495]
• Consolidated build jobs. [#21755]
• Migrated Postman tests to GitHub Actions. [#21758]

Bugfixes

• Locales have been added back at the level of the Java seed. [#22722]
• Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
• Fixed the removal of categories through API calls, which no longer throws an error. [#22756]
• Bad requests, such as malformed URIs, no longer result in Tomcat errors in advance of reaching custom dotCMS error pages. [#21742]
• Creating language variables from the Content search allows the translation of tokens containing blank spaces. [#22607]
• Image fields containing dotAssets now play well with Velocity. [#22704]
• When upgrading from version 5.1.6 (or older), database migration tasks now run smoothly, without errors due to differences in DB column counts. [#22349]
• Resolved conflicts between ByteBuddy and NewRelic agents, speeding up initialization and preventing errors. [#22635]
• GraphQL introspection queries have been disabled for non-authenticated users. [#22825]
• Fixed redirect issue that emerged with the update to Angular 14. [#22608]
• Fixed browser console error when moving to Edit Mode from Site Browser. [#22617]
• Fixed issue preventing Host variable from rendering headlessly via the Page API. [#21244]
• SAML redirects now forward properly after authentication. [#22156]
• Created a way to avoid cases where hashed IDs are referenced against non-hashed data in the creation of SAML users: Added hash.userid property (boolean) to SAML configuration to control whether the UserID is hashed or not. [#22692]
• Corrected an issue that prevented relating content in a Relationship field with Many-to-One cardinality. [#22840]

Breaking Changes

• Updated Dojo. [#22132]

Enhancements

• Minor version update to Java on Docker image. [#22852]
• Updating permissions is now faster, and no longer deadlocks the database when repermissioning structures containing large quantities of content. [#19358]

Bugfixes

• When upgrading from version 5.1.6 (or older), database migration tasks now run smoothly, without errors due to differences in DB column counts. [#22349]
• Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
• Restored missing locales for Velocity localization operations. [#22603]
• Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set. [#22266]
• Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role. [#22237]
• Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
• Users with Front-End and Back-End permissions logged in to the front end are no longer redirected automatically to the same page in (Back-End) Edit Mode after manual URL entry. [#22124]
• Pushing a single piece of archived content no longer directly affects — i.e., unpublishes — other versions of the same content. [#21624]
• Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. [#21619]
• Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. [#21482]
• Switched to using Tomcat's RemoteIpValve for DNS resolution. [#19569]
• A Content Type having a many-to-many relationship to itself will no longer cause contentlets to lose their many-to-many relationships under certain conditions. [#20491]

Visual Fixes

• When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]

dotCMS 22.08 features new API endpoints and visualization tools; new field variable options; a brand new, performant OSGi system framework; a number of squashed bugs; and some quality-of-life improvements.

The largest change may be less obvious, centering on our own internal workflows: We've consolidated tools and procedures, moving toward monorepo status — folding the core-web repo into core — and improving various testing and build automations. We're pleased to report that these changes have made our work of improving dotCMS both simpler and quicker.

Content

• Users can now define whitelists for which blocks should be usable in a given Block Editor Field, through the allowedBlocks field variable. [#22164]
• The Block Editor field is no longer marked as a “Beta” feature — it's just a regular part of the gang, now. [#22489]
• Image paths can now be copied from Site Browser context (right-click) menus, using the new Copy Path item. [#22146]
• Unveiling $dotContentMap, a built-in Velocity content object that lets you access content in a container without performing a pull.

Enhancements & Adjustments

• Added a new API Playground tool to the Dev Tools, built using Swagger. [#22298]
• Added new API endpoints for creating, reading, updating, or deleting containers. [#21626]
• Enter key now activates the primary action — e.g., Next, Submit, etc. — for all dialogs in the system. [#19158]
• It is now possible to retrieve parent content through a child contentlet's Relationship Field by using Lucene queries.[#22319]
• Image filter scale has been mapped to the resize filter that replaced it, improving backwards compatibility. [#22463]
• The Edit Mode Anywhere URL Override plugin's functionality is now part of the core, available out of the box. [#21713]
• Versions of the same content across different languages can now display publishing dates distinct from one another. [#21518]
• The version of Java used in docker images has been updated. [#22426]
• The import and export format of starters has been changed to JSON. [#19400]

Bugfixes

• In the Site Browser, the “View Statistics” data now displays correctly; the button is removed from the menu entirely when the ENABLE_CLICKSTREAM_TRACKING property is set to false. [#22131]
• dotParse now properly respects all parameters of the config property. [#22288]
• Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role. [#22237]
• CookiesFilter can now reinitialize cleanly, allowing the dynamic addition of new filters via OSGi. [#22312]
• Browser page title now updates correctly when switching between contentlets in Edit Mode. [#22320]
• Bad results on ShortyIdentifier database calls are no longer cached. This prevents a condition in which a database error could result in persistent 404 status for “shorty” IDs until their region is flushed. [#22430]
• Adding a user to a bundle no longer causes errors. [#22508]
• Fixed 404 redirect routine. [#22559]
• Page API calls through GraphQL now work properly with anonymous permissions. [#22615]
• Resolved errors preventing users with MSSQL databases from successfully executing upgrade procedures. [#22613]
• Selecting a different site from the admin panel's header dropdown correctly updates the panel while viewing tools built using Angular. [#16754]
• Drag-and-drop navigation reordering now saves properly. [#22501]
• Saving a contentlet before its related content loads will no longer result in a clearing of the Relationships field. [#22323]
• Static Push Publishing no longer fails when attempting to push a bundle containing only a single file asset. [#22073]
• Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set. [#22266]
• Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
• Temporarily rolling back the log-file filter feature introduced in 22.06 for performance reasons; it will be retooled and reintroduced soon. [#22691]
• Page caches have been made more attentive to servlet forwarding attributes, to prevent cases where a Vanity URL pointing to a URL-mapped detail pages could result in the wrong content being cached. [#22083]
• It is no longer possible to create a folder with an empty title. [#21129]
• On initialization, NextJS Edit Mode Anywhere environments generate a unique token, saved to the ENV file and appended to the EMA URL on requests; in the absence of this token, requests fail. [#21959]
• When performing inline editing on a page that displays related content, edits to related content are also saved and published. [#22173]
• XMLTool has been fixed; the Jaxen exception has been rectified. [#22307]
• Corrected errors with Show Query search URL generation. [#22168]
• Fixed a MSSQL DB error on upgrade. [#22605]

Visual fixes

• Removed some noisy and unhelpful metadata messages from the logs on initialization. [#22144]
• Rules now display properly when specifying a condition that checks for a custom request header that not on the header list. [#22186]
• Replaced browser-native alert() message box after user account changes data in the My Account dialog. [#22276]
• When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]
• Content Palette displays larger numbers of Content Types more reliably. [#22338]

Plugins

• Created new OSGi system framework for loading system bundles — minimal, speedy, and stable. [#22184]
• Override plugin now starts correctly in certain prior versions. [#22043]

Breaking Changes

• By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]

Enhancements

• It is now possible to retrieve parent content through a child contentlet's Relationship Field by using Lucene queries.
• Date and time fields have been modified in MSSQL databases to include time zone data.

Bugfixes

• An error that could cause OSGi import procedures to fail has been corrected.
• No HTML field-validation regular expression no longer invalidates an entry if it detects a period.
• Pages with the show_on_menu option enabled no longer create exceptions in procedures that reorder navigation elements.
• Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role.
• Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set.
• Resolved an error that could cause OSGi import procedures to fail when a version range is specified.
• dotParse now properly respects all parameters of the config property.
• Date and time data are now updated before timezone is factored in, to prevent date and time errors during upgrades.
• Bad results on ShortyIdentifier database calls are no longer cached. This prevents a condition in which a database error could result in persistent 404 status for “shorty” IDs until their region is flushed.
• Updated SSL configuration to resolve an inactive port in the Docker image.

Visual Fixes

• Corrected a display issue where relationship fields, on editing, sometimes appeared to change the type selection, such that a many-to-many relationship would display as a one-to-many relationship.
• Improved logo displays on back-end menus.

Plugins

• Fragments now only load when forced. On uploading, dotCMS reads the Export-Package from the fragment manifest, adds this to the OSGi-extras file, then moves the fragment to the undeployed folder and restarts the OSGi framework. This prevents interference with other plugins.
• Improved OSGi plugin loading in server-cluster context.

Bugfixes

• Dispatcher now correctly sets servlet URI request parameter, preventing errors in certain Velocity calls.
• New URI normalization filter has been made less aggressive, and now plays nicely with slashes and equals signs.

Bugfixes

• Dispatcher now correctly sets servlet URI request parameter, preventing errors in certain Velocity calls.
• New URI normalization filter has been made less aggressive, and now plays nicely with slashes and equals signs.

Bugfixes

• Bad results on ShortyIdentifier database calls are no longer cached. This prevents a condition in which a database error could result in persistent 404 status for ShortyIDs until their region is flushed.

Bugfixes

• Bad results on ShortyIdentifier database calls are no longer cached. This prevents a condition in which a database error could result in persistent 404 status for ShortyIDs until their region is flushed.

This enormous release in fact represents a development period closer to two months than one — and it shows! The entries below include significant additions to the Block Editor field, a flotilla of bugfixes, a bushel of efficiency improvements, some dependency updates, and more!

Content

• Block Editor can parse a wider array of blocks, with permissive handling of customized block types, and is simpler to render. #22074
• When inserting contentlets into a Block Editor field, you can now filter the selections by language or Content Type. #22159 #22045
• The Block Editor permits limiting which Content Types can be added as contentlet blocks. #22039
• In addition to drag and drop, images can now be added to the Block Editor by pasting. #22018
• Block Editor can now be styled through the use of a field variable: Just set the key styles to value of the the desired CSS string. #22037
• A Push Remove Now action has been created to facilitate push-removal within a workflow. #22021
• Added a block-deletion button to bubble menus in the Block Editor. #22017

Enhancements & Adjustments

• Improved implementation of the unique-per-site field quality; instead of a config property, this is now handled via the uniquePerSite field variable, which defaults to false. #22250
• Refactored and improved the Block Editor's .toHtml() method, making it more lightweight, comprehensive and maintainable. #22128
• Refactored HostAPI: Improved caching and respect for permissions; now reliant on the database instead of ElasticSearch, and on variable names instead of Content Type names. #21476
• Implemented lazy loading for workflow histories to improve load times for history-rich content. #22068
• Example content makes more consistent use of <PostBody> tag. #22063
• Updated dependency packages, including ProseMirror, TipTap, and Tomcat. #22058 #21849
• Edit Mode Anywhere now works in AWS Amplify and other hosting platforms. #21877
• Now compatible with Husky. #21857
  
• All references to calendar_reminder table have been removed from databases and code base. #21917
• Removed various system fields — tags, categories, relationships, constants, host, and folder — from the immutable JSON object storage in the database. Folder and host are passed in during the construction of a contentlet; the rest are loaded lazily. #21858
• The Multipart Web Interceptor plugin, which scans multipart or form requests that use PUT or POST to upload files, has been fully integrated into the core product. #21854
• Search and filter functionalities have been added to the log viewer. #21848
• Push Publishing filters can now be added or updated via a REST API call. #21823
• Add custom content tools to traditional navigation through a simple menu option in the Content Type list, or through API calls. #21797
• Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. #21619
• Moved the System Template and System Containers to velocity's static WEB-INF/velocity/application path. #21265
• Date and time fields have been modified in MSSQL databases to take into account time zones. #21169
• Added an app that implements the prerender.io filter as a WebIntercepter and allows a user to configure prerender via Settings > Apps > dotCMS prerender App. #20903
• Switched to using Tomcat's RemoteIpValve for DNS resolution. #19569
• Updated dot-binary-file web component to support the maxFileLength attribute. #18019

Bugfixes

• GraphQL queries no longer throw errors when fetching Block Editor content. #22391
• Resolved an error that could cause OSGi import procedures to fail when a version range is specified. #22287
• Creating new content from Edit Mode now properly adds it to the Page when saved. #22210
• Changed default path of images within WYSIWYG fields to be based on ID rather than iNode, to prevent the path from breaking on file update. #22207
• Fixed errors with processing and saving of inline HTML on the WYSIWYG editor. #22179
• Improved handling of unrecognized properties in JSON to restore backwards compatibility with versions prior to 22.03. #22174
• Fixed error that caused content to disappear from a page after altering its template or layout. #22140
• Pages with the show_on_menu option enabled no longer create exceptions in procedures that reorder navigation elements. #22137
• Users with Back-End User and Front-End User roles who sign into the front end are no longer delivered to the back-end Edit Mode version of the page after manual URL entry. #22124
• Fixed issue with database export streams that caused connection closure before file generation in instances behind a load balancer. #22116
• Enter key in the dialog to create or copy a Content Type now executes the operation, instead of moving focus to the icon selector. #22104
• No HTML field-validation regular expression no longer invalidates an entry if it detects a period. #22094
• Velocity rendering of Block Editor correctly displays all nested nodes. #22092
• Bundled content not assigned to a workflow will no longer fail to push publish. #22087
• Fixed error preventing Override plugin from functioning. #22043
• PageCache now only caches with response codes of 200. #22014
• Importing a contentlet containing a binary field with a null value no longer generates an error. #22004
• Pulling related content with no sorting parameter set now returns related content in the order it was added. #21929)
• Tags considered to be stored under specific sites rather than All Sites no longer fail to display. #21904
• Push Removal of a Static Pushed page no longer removes any other files required for that page to render. #21832
• Flag icons now display properly next to languages in the content list. #21827
• Static Push Publishing no longer sets an incorrect response type for content generated on a dynamic page. #21720
• Fixed bug that caused failures when copying a site. #21718
• User interface no longer displays an erroneous Type Error when uploading files via image fields. #21715
• Fixed WebP filter: no longer adds white background in Safari, and default quality no longer ruins perfectly good images. #21694 #21652
• Push publishing plugins no longer results in error. #21568
• Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. #21482
• When saving content via REST and using the WAIT_FOR index policy, the call will now properly pass down the parameter instead of defaulting to DEFER. #21469
• Fixed license requirement message in the Personas tool on the community edition. #21307
• Container removed from Advanced Template Designer now correctly disassociates from the template, and can be deleted. #21099
• Using Select All on categories before deleting no longer deletes even deselected items. #20400
• Fixed bug preventing content from exporting when all languages are selected. #19734
• Form submissions send files correctly. #18312
• Date and time data are now updated before timezone is factored in, to prevent date and time errors during upgrades. [#22381]

Visual fixes

• The read-only system container and system template are now more visually clear as to this status, with a greyed-out color scheme and contextual buttons removed. #22216 #22217
• Corrected a display issue where relationship fields, on editing, sometimes appeared to change the type selection, such that a many-to-many relationship would display as a one-to-many relationship. #22198
• Context menus, such as those behind the “hamburger” buttons in the Content Type menu, now display one at a time. #21996
• Minor improvements to the Edit Content Type window in the admin panel.
• Fixed pop-up that appears when dragging and dropping the Form Content Type to a container. #21747
• Content Types with two Relationship fields of the same type no longer display list of crossed-out unavailable languages. #21735
• Toggling the Code view in a WYSIWYG field on Content Type that requires scrolling no longer causes the scroll position to jump. #21492
• Improved logo displays on back-end menus. #22410

Plugins

• Fragments now only load when forced. On uploading, dotCMS reads the Export-Package from the fragment manifest, adds this to the OSGi-extras file, then moves the fragment to the undeployed folder and restarts the OSGi framework. This prevents interference with other plugins and allows OSGI to be cleanly started. #22055

Breaking Changes

• Replaced repackaged JSON-handling classes with more tractable code. #22118
• Updated several default configuration values, such as disallowing HTTP by default. #22006
• Removed unnecessary Spring jars for better parsimony and tidiness. #21944
• Initial admin password is now an automatically generated, non-guessable password recorded in the logs. Setting the configuration option INITIAL_ADMIN_PASSWORD can allow for overriding the generated password with a preset one. #21916
• Moved to use Gradle 7.3.3 in the build scripts.
• AspectJ has been removed. Instead, Bytebuddy is now inited at runtime and rewrites the bytecode to weave the annotations into the classes. Additionally, ByteBuddy does not need to be included as a java agent.
• The refactoring in #22128 changed the relevant rendering macro for block customizations to renderContentBlock.