Changelogs

Last Updated: Dec 5, 2022
documentation for the dotCMS Content Management System
            Older Versions →

LTS dotCMS releases

dotCMS will periodically specify specific product releases as Long-Term Supported (LTS) releases, which will be maintained for a longer period than other dotCMS releases, and which will provide a number of advantages for customers that choose to install them.

Please see the Long Term Supported Releases page for more information and Current Releases for downloads.

Version Release Date End of Life Date
v23.01.2 LTS Apr 27, 2023 Sep 22, 2024
v22.03.6 LTS May 12, 2023 Oct 11, 2023
v21.06.14 LTS Feb 23, 2023 Apr 30, 2023

Agile dotCMS Releases

Rows with the icon: are Breaking Change Releases. This means that upgrading to this version will require extra testing and possible architecture updates.

Please see Current Releases for downloads.

Version Release Date End of Life Date
v23.05 May 1, 2023 May 1, 2024
v23.03 Mar 31, 2023 Mar 31, 2024
v23.02 Feb 21, 2023 Feb 21, 2024
v23.01 Jan 12, 2023 Jan 12, 2024
v22.12 Dec 9, 2022 Dec 9, 2023
v22.10 Oct 26, 2022 Oct 26, 2023
v22.09 Sep 15, 2022 Sep 15, 2023
v22.08 Aug 10, 2022 Aug 10, 2023

dotCMS 22.03.6 LTS

Available: May 12, 2023 Demo starter image: 20220209

Enhancements & Adjustments

  • Image permits, which control the number of threads dotCMS's image editor can occupy at once, have been made more permissive through better use of caching. They are now less likely to cap out on routine operations, without compromising their intended purpose of easing system resource burdens. [#23807]
  • Increased number of password hash iterations from 20,000 to 600,000, in line with current OWASP recommendations for a SHA256 algorithm. [#23915]
  • Significantly shortened startup time by optimizing vanity URL loading procedures. [#23982]
  • Changed the way JSON Web Tokens are handled, removing an issuer check and replacing it with additional reliance on jwt_secret.dat. This makes possible the use of the same JWT tokens across multiple environments. [#24395]

Fixes

  • Fixed issue preventing content with double quotes in its title from displaying properly in a Relationship fields. [#23396]
  • Bad requests, such as malformed URIs, no longer result in Tomcat errors in advance of reaching custom dotCMS error pages. [#21742]
  • Bundled content not assigned to a workflow will no longer fail to push publish. #22087
  • Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]
  • Performing a health check via /api/v1/system-status now cleans up after itself, removing all created folders. [#23267]
  • Image fields now filter properly according to user input. [#23449]
  • Permissions tabs — appearing in folder properties, contentlets, templates, etc. — no longer fail to load. [#23889]
  • Improved publishing procedures for environments with many locales and relationships, preventing slowdowns. This sounds like it should be under Enhancements, but those slowdowns could get pretty significant. So, here we are. [#24245]
  • Leaving the “publishing” Date/time field blank on content preset for scheduled publishing, no longer causes that content to re-publish if unpublished. We determined this behavior was simply too silly. [#24344]
  • Relationship fields now correctly respect changes to their “required” status; formerly, the checkbox would display according to your changed selection, but the content would not follow suit functionally. [#22532]
  • Updated the /webp/ image filter to accommodate recent versions of Safari capable of rendering WebP files; now WebP is served to sufficiently new versions of Safari, and JPEG to older ones. [#21652]

dotCMS 23.05

Available: May 1, 2023 Demo starter image: 20230112

22.05 is out and about, bright and early in its birth month. Spring has sprung — in the Northern Hemisphere, at least — and blossoming alongside the flowers are some keen new features. And, in keeping with the vibrancy of the season, this one has renovations aplenty, transitioning from Dojo to newer Angular components throughout the user interface.

The Block Editor field continues to evolve, now boasting its own compare-tool implementation and better interface support for video, including immediate embedding of YouTube links. A slew of optimizations shorten load times all over, from vanity URLs to metadata retrieval. Edit Mode now allows you to save content per Page or for all Pages, and Host fields are more helpful in giving directions. And lo, we've come bearing many fixes — roughly, a bit of Spring cleaning.

It's a big bouquet, but we think you've earned it. Enjoy!

Content

  • Block Editor content has been implemented within the compare tool for diff-style viewing alongside past versions. [#24365]
  • Block Editor fields that had been converted from WYSIWYG fields save all changes correctly. [#24565]
  • Further video block development: Videos can now be added to Block Editor video blocks from elsewhere within the dotCMS instance, or by drag and drop or copy/paste from a local system. Finally, default video rendering settings now live in dotVideo.vtl, alongside other rendering defaults in /velocity/static/storyblock/ [#23436] [#24445] [#24465]
  • Added YouTube support to the Block Editor. Drop a link either in an empty block or the Video URL tab of a video block to embed a YouTube video. [#24455]
  • You can now create a Custom Content Tool from within the Content Type editor, via a button on the top right. [#22724]

Enhancements & Adjustments

  • Variables added in a container via the Add Variable button now use the $dotContentMap built-in content object. [#23006]
  • You can now enable multiple multiple user IDs to possess the same email address by setting the environment variable DOT_SAML_ALLOWUSERSWITHDIFFID_REPEATEDEMAIL to true. [#24138]
  • In Edit Mode, when editing content that appears on multiple pages, a new dialog will confirm whether you want change the content for the current page only, or all pages. [#23225]
  • Significantly shortened startup time by optimizing vanity URL loading procedures. [#23982]
  • The Host field is now a filterable parameter on the Content Search screen. [#24194]
  • Improved performance of fetching metadata from databases. [#22779]
  • All APIs now provide pagination as part of the data payload. This allows use through proxies that may strip away headers — the place said information was previously stored. [#23870]
  • The SASS compiler has returned to minifying CSS output by default. [#24227]
  • Changed the way JSON Web Tokens are handled, removing an issuer check and replacing it with additional reliance on jwt_secret.dat. This makes possible the use of the same JWT tokens across multiple environments. [#24395]
  • Added additional logging options via environment variables. [#24067]
  • Added two-second delay on invalid login — i.e., a nonexistent user — similar to the behavior on receiving an incorrect password. [#23903]

Visual Fixes

  • We've improved the look of the toolbar buttons at the top of the Content Type menu. [#23638]
  • The Block Editor's + button is now a bit less furtive, permanently visible beside any empty block with user focus. [#23687]
  • Corrected the proportions on the compare tool for better visual comparison; after careful consideration, we decided the this was neither the time nor the place for a funhouse mirror. [#24109]
  • Improved spacing, positioning, and appearance throughout the user interface — including the Site Browser, the Container tool, the Content Type creator, and more. [#24654] [#22486] [#23816]
  • Host fields now show the full content, instead of just the containing folder's name — sure to be a relief to those with a bunch of common-name subdirectories like vtl or images. [#24317]
  • Site Selector dropdowns are now a bit more clear about which site is selected. No more confusing gray backgrounds; it's either bold or it's not. [#23505]
  • Removed nonfunctional/vestigial “resize” controls beside images on the content-editing pane. [#24195]
  • Corrected Caffine Memory Cache TTL displays; the default TTL will now display as infinity. While not technically true, the practical difference is moot, as few systems experience ~68 years of uptime. [#24199]

Development Improvements

  • Adjusted pipelines to remove the requirement to generate an “enterprise” jar — another of many steps in the long march toward the purest ideal of monorepo status. [#24760]
  • The release process is evolving to test upgradability from a number of previous LTS editions to the latest release. [#24774]

Fixes

  • Fixed PostgreSQL error observed in upgrades from 22.03 LTS. [#24380]
  • The Block Editor's code block no longer triggers Block Editor menu events, such as the suggestion popup if / is the first character typed. [#24361]
  • The Content Palette no longer includes archived content. [#24292]
  • The arrow buttons in a container's Max Contents field now correctly update the total; manually typing a value is still something you can do, but not something you have to do. [#24163]
  • Discovered and vanquished a race condition with the potential to crash the reindexing process for sites with a lot of Content Types. [#23651]
  • Modifying a template no longer removes content from page columns, unless the column or container was expressly removed. [#23181]
  • OSGi framework has been adjusted to restart less often, in many cases not needing to at all. [#24468]
  • Improved debouncing on undo/redo operations in the Block Editor; the number of undo or redo steps should now more or less conform to expectation. [#24716]
  • Clicking on a file-based Container in the Site Browser now takes you to the correct folder. [#24644]
  • File Browser now properly displays multilingual content, not limited by the configured user-interface language. [#24358]
  • Fixed File Browser display behavior; now displays Page and file assets in expected fasion. [#24272]
  • Copying a folder that contains Pages with both live and draft versions will no longer result in an error; duplicate your folders fearlessly. [#24441]
  • While we appreciated all the extra traffic from Minecraft enthusiasts, we must regretfully announce that mineType was a mere typo of mimeType in the Block Editor's video node. This has been corrected. [#24556]
  • Widgets now correctly display in non-default languages on working (i.e., draft) versions of Pages. [#24059]
  • Language parameters update correctly when redirecting via Rule. [#24158]
  • Leaving the “publishing” Date/time field blank on content preset for scheduled publishing, no longer causes that content to re-publish if unpublished. We determined this behavior was simply too silly. [#24344]
  • The job scheduler tab once again loads correctly in the Site Search developer tool. [#24524]
  • Fixed an update task that absolutizes container paths: It erroneously added the site to the same path multiple times in certain situations. Well, not anymore. [#24436]
  • Nested dotcache block caches no longer interfere with page loading by caching an incorrect context. [#24247]
  • Fixed a bug interfering with the ability to reorder content in Edit Mode. [#24678]
  • Improved publishing procedures for environments with many locales and relationships, preventing slowdowns. This sounds like it should be under Enhancements, but those slowdowns could get pretty significant. So, here we are. [#24245]
  • Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]

    Note: Originally appeared in 23.01; the issue was subsequently reopened and underwent a bit more work.

  • Significant fixes to URL-mapped content, adding resilience in the face of broken or absent detail pages and addressing several error cases directly. [#24490]

Breaking Changes

  • Fixed a permission error that prevented a user with a custom role with appropriate permissions from using Workflow API operations. While this will not change observed behaviors, permissions-based fixes are generally classed as breaking changes due to how they may affect the hypothetical user working around them. [#23199]
  • Permissions have undergone overall changes on the back end, improving comprehensiveness and error handling. [#22993]

dotCMS 23.01.2 LTS

Available: Apr 27, 2023 Demo starter image: 20221010

Enhancements & Adjustments

  • Significantly shortened startup time by optimizing vanity URL loading procedures. [#23982]
  • Image permits, which control the number of threads dotCMS's image editor can occupy at once, have been made more permissive through better use of caching. They are now less likely to cap out on routine operations, without compromising their intended purpose of easing system resource burdens. [#23807]
  • Increased number of password hash iterations from 20,000 to 600,000, in line with current OWASP recommendations for a SHA256 algorithm. [#23915]
  • Changed the way JSON Web Tokens are handled, removing an issuer check and replacing it with additional reliance on jwt_secret.dat. This makes possible the use of the same JWT tokens across multiple environments. [#24395]

Fixes

  • Block Editor fields that had been converted from WYSIWYG fields save all changes correctly. [#24565]
  • Image fields now filter properly according to user input. [#23449]
  • Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]

    Note: Originally appeared in 23.01 agile; the issue was subsequently reopened and underwent a bit more work.

  • Fixed issue preventing content with double quotes in its title from displaying properly in a Relationship field. [#23396]
  • Leaving the “publishing” Date/time field blank on content preset for scheduled publishing, no longer causes that content to re-publish if unpublished. We determined this behavior was simply too silly. [#24344]
  • Permissions tabs — appearing in folder properties, contentlets, templates, etc. — no longer fail to load. [#23889]
  • Fixed an update task that absolutizes container paths: It erroneously added the site to the same path multiple times in certain situations. Well, not anymore. [#24436]
  • Copying a folder that contains Pages with both live and draft versions will no longer result in an error; duplicate your folders fearlessly. [#24441]
  • Created a background task to ensure the proper conversion of legacy content to the contentlet_as_JSON schema for those upgrading from years-old versions. [#24093]
  • Fixed PostgreSQL error observed in upgrades from 22.03.4 LTS to 23.01.1 LTS. [#24380]
  • Improved publishing procedures for environments with many locales and relationships, preventing slowdowns. This sounds like it should be under Enhancements, but those slowdowns could get pretty significant. So, here we are. [#24245]

dotCMS 23.03

Available: Mar 31, 2023 Demo starter image: 20230112

In at the buzzer for March — over the transom, as we might say in some quarters — dotCMS 23.03 is as agile as ever! This edition boasts some cool new features, some hot fixes, and some comfy quality-of-life improvements. Extend the Block Editor, flip to Edit Mode from URL-Mapped content with ease, and more.

Celebrate the waning hours of March with this gem, formed in its myriad and protracted pressures!

Content

  • You can now create your own custom remote extensions for the Block Editor. The field is now “hackable” — in the good way! [#24032] [#23938] [#23863] [#23865] [#24031]
  • Added video blocks to the Block Editor. Import videos either from your dotCMS file system, from your local files, or elsewhere online, and situate them within your Block Editor field's content. These videos are stored as full dotAssets, and can be reused freely. [#23863] [#24016] [#23861] [#24040]
  • Added a button to preview URL-Mapped content in Edit Mode; it can be accessed from the task menu when editing a contentlet. [#23955]

Enhancements & Adjustments

  • S3Client can now be configured to interact with Simple Storage Service (S3) object stores other than Amazon S3. [#22151]
  • The Content Type API now accepts host names and folder paths as arguments instead of requiring a UUID for both host and folder when creating a Content Type. [#23239]
  • Increased number of password hash iterations from 20,000 to 600,000, in line with current OWASP recommendations for a SHA256 algorithm. [#23915]
  • Window scrolling is frozen while the Block Editor's block selector has cursor focus. [#23977]

Visual Fixes

  • Form labels have been standardized across the platform, unifying styles between legacy and new Angular components. [#23683]

Fixes

  • CSS files now push publish to S3 buckets without the risk of compilation error. [#24351]
  • A required Block Editor field no longer validates and saves an empty field if content is added and then removed. [#24263]
  • Corrected an upgrade task that was misbehaving — all systems green. [#24026]
  • Fixed issue preventing the addition of images to WYSIWYG fields from certain folders. [#23926]
  • Image fields now filter properly according to user input. [#23449]
  • Several image editor fixes ensue! [#23882]
    • Crop zones now resize correctly in the image editor. [#23925]
    • The Clip button has been repaired, and now properly stores the data to the platform clipboard. (Note that this is separate from the system clipboard, and is accessed through separate dotCMS controls, such as the WYSIWYG Clipboard button.) [#23927]
    • The Download button is now once more hunky-dory. [#23924]
  • Fixed the retrieval of Personas via Lucene query; persona tags neither require, nor yield different results with, :persona appended to the tag name. Kind of an oddball issue, but settled is settled! [#22872]
  • Permissions tabs — appearing in folder properties, contentlets, templates, etc. — no longer fail to load. [#23889]
  • Solved rendering issue with fields converted from WYSIWYG to Block Editor that contain code. [#24422]
  • Fixed an issue preventing saving content in a secondary language while a working/draft version exists in the default language. [#23280]
  • A recent commit broke the contentlet search within the Edit Mode Content Palette; this one fixes it. [#24308]
  • Gradle now resolves current git hash correctly when building. [#23901]
  • Fixed issues reported by SonarQube, including reported AJAX vulnerability. [#23900]

Breaking Changes

  • Page and Template REST APIs may have been returning an excessive amount of relatively low-value information. This can be messy to sift through and harmful to performance, so we've scaled it back a bit. Out of an abundance of caution this is being listed as a breaking change, even though it may not actually cause an issue for anyone. [#23203]
  • The dotcache directive no longer caches objects declared with set directive within the block; caching of generic objects should be handled manually through the Dotcache viewtool. Note that this is a breaking change if upgrading from 23.01, which introduced the behavior, but not for any previous version — that is, it effectively unbreaks the change. [#24075]

    Note: This change was erroneously attributed to 23.02 at its release; the changed had been merged into the master branch by that time, but had not been included in the subsequent release. Consarn it!


dotCMS 22.03.5 LTS

Available: Mar 29, 2023 Demo starter image: 20220209

Enhancements & Adjustments

  • Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]

Visual Fixes

  • Content Types with two Relationship fields of the same type no longer display list of crossed-out unavailable languages. #21735
  • Fixed cases of back-end menu tools' text not displaying while collapsed. [#23341]
  • File Browser now properly displays multilingual content, not limited by the configured user-interface language. [#24358]
  • Fixed File Browser display behavior; now displays Page and file assets in expected fasion. [#24272]

Fixes

  • Fixed issue preventing saving content in a secondary language while a working/draft version exists in the default language. [#23280]
  • Categories are no longer removed from content mass-imported via CSV file. [#23440]
  • Saving a contentlet before its related content loads will no longer result in a clearing of the Relationships field. [#22323]
  • Resolved issue preventing latest upgrade for MSSQL database users. [#23761]
  • Fixed error that caused content to disappear from a page after altering its template or layout. #22140
  • Pulling related content with no sorting parameter set now returns related content in the order it was added. #21929)
  • Push Removal of a Static Pushed page no longer removes any other files required for that page to render. #21832
  • Corrected an issue that prevented relating content in a Relationship field with Many-to-One cardinality. [#22840]
  • Corrected the exclusion of two asset directories from back-end exports; both are now present and accounted for. [#23810]
  • Resource consumption has been restricted on PDF thumbnail generation, decreasing system footprint and preventing out-of-memory exceptions. [#23384]
  • Added DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS environment variable to limit the maximum number of threads image processing can consume. [#23384]
  • Fixed the removal of categories through API calls, which no longer throws an error. [#22756]
  • Additional error handling has been added to the PublisherJobQueue to improve logging and resilience. Nigh unkillable, this beast swims in magma, breathes jet exhaust, and revels in the elders' oft-whispered warning: Hunt not the PublisherJobQueue. [#22850]
  • Image selector displays correct totals and respects language selection. [#22729]
  • Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]
  • Navigation no longer shows duplicate results — both requested and default languages — when requesting multilingual content in the non-default language. [#23890]
  • Fixed issue preventing categories from being added properly to bundles. [#23078]
  • Adding a user to a bundle no longer causes errors. [#22508]
  • Language parameters update correctly when redirecting via Rule. [#24158]
  • Copying a folder that contains Pages with both live and draft versions will no longer result in an error; duplicate your folders fearlessly. [#24441]
  • Fixed an update task that absolutizes container paths: It erroneously added the site to the same path multiple times in certain situations. Well, not anymore. [#24436]

Dependencies, Components, Etc.

  • PDFBox library updated to 2.0.27. [#23384]

dotCMS 23.01.1 LTS

Available: Mar 22, 2023 Demo starter image: 20221010

dotCMS 23.01.1 is the official designation of dotCMS 23.01 as a long-term supported release.

Representing the vast sum of changes since 22.03 — ten months of wild-eyed development, birthing new features with prophetic zeal — this roundup is large enough that we'll soon be reorganizing the changelog layout to accommodate this and, indeed, others like it.

For the moment, you'll find the new patches to 23.01 in the first section; underneath that, a feature rollup covering everything new from 22.05 through 23.01.

Finally, for a more conversational look at the LTS-to-LTS changes, check out the announcement on our blog!

LTS Patch (Changes Over 23.01)

Enhancements & Adjustments

  • You can now enable multiple multiple user IDs to possess the same email address by setting the environment variable DOT_SAML_ALLOWUSERSWITHDIFFID_REPEATEDEMAIL to true. [#24138]
  • S3Client can now be configured to interact with Simple Storage Service (S3) object stores other than Amazon S3. [#22151]

Fixes

  • File Browser now properly displays multilingual content, not limited by the configured user-interface language. [#24358]
  • Fixed File Browser display behavior; now displays Page and file assets in expected fasion. [#24272]
  • Corrected the exclusion of two asset directories from back-end exports; both are now present and accounted for. [#23810]
  • Resolved issue preventing latest upgrade for MSSQL database users. [#23761]
  • Categories are no longer removed from content mass-imported via CSV file. [#23440]
  • Language parameters update correctly when redirecting via Rule. [#24158]
  • Widgets now correctly display in non-default languages on working (i.e., draft) versions of Pages. [#24059]
  • Fixed issue preventing saving content in a secondary language while a working/draft version exists in the default language. [#23280]
  • CSS files now push publish to S3 buckets without issue or compilation error. [#24351]
  • Navigation no longer shows duplicate results — both requested and default languages — when requesting multilingual content in the non-default language. [#23890]

(Un)Breaking Changes

  • The dotcache directive no longer caches objects declared with set directive within the block; caching of generic objects should be handled manually through the Dotcache viewtool. Note that this is a breaking change if upgrading from 23.01, which introduced the behavior, but not for any previous version — that is, it effectively unbreaks the change of agile 23.01. [#24075]

LTS-to-LTS Feature Rollup

Below are the key changes of note since the last LTS. For a lighter summary, see 23.01.1 LTS: The Upgrade to Upgrade To, on our blog.

Content

  • Added the new Block Editor field. [Many!]
    • Create and edit content as self-contained “blocks” stored as portable JSON, well suited to either headless or traditional use.
    • Choose from a variety of block types: paragraphs, headings, images, lists, tables, block quotes, and more.
    • Can contain and display contentlets created in dotCMS — with user-defined rendering, whitelisting, and automatic updating.
    • Fully editable inline in Edit Mode.
    • Transform WYSIWYG fields into Block Editor fields at the push of a button.
  • Added ability to copy Content Types. [#21697]
  • Removed limit on number of widgets or forms displayed in Content Selector popup. [#21811]
  • Implemented storage of content info as JSON for MSSQL databases — as previously implemented for PostgreSQL. [#21219]
  • A Push Remove Now action has been created to facilitate push-removal within a workflow. [#22021]
  • Image paths can now be copied from Site Browser context (right-click) menus, using the new Copy Path item. [#22146]
  • Introducing the new JSON Field, an easy way to store and access JSON data. [#22829]
  • When performing a “shallow push” — i.e., Push Publishing with the “Only Selected Items” filter selected — tree entries are included in the push. This renders the behavior more intuitive in certain cases. [#18742]
  • Unique fields on global Content Types can now be specified as unique globally or unique per site. This is handled via the uniquePerSite field variable, which defaults to false. [#21781] [#22250]
  • Added ability to create a whitelist of acceptable keys for Key/Value fields. [#19562]
  • It is now possible to retrieve parent content through a child contentlet's Relationship Field by using Lucene queries.[#22319]
  • System content:
    • Certain System fields in certain Base Content Types have been rendered user-removable. [#15847]
    • Removed various system fields — tags, categories, relationships, constants, host, and folder — from the immutable JSON object storage in the database. Folder and host are passed in during the construction of a contentlet; the rest are loaded lazily. [#21858]
    • Moved the System Template and System Containers to velocity's static WEB-INF/velocity/application path. #21265

Enhancements & Adjustments

  • Velocity improvements:
    • We've built a new Velocity Playground developer tool, allowing users to easily test and preview Velocity snippets before deployment. Debug with gusto — maybe even élan! [#23610]
    • Caches storing all Velocity macros now flush and refresh according to a more eager strategy, triggered either by flushing the Velocity2 cache manually via the System → Maintenance panel, or by editing any dot_velocity_macro.vtl file. [#22297]
    • Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]
    • It is now possible to read field variable key-value pairs from within Velocity, allowing evaluation at load time from your Velocity template files — and giving user-defined field variables more utility. [#22618]
    • Added new $dotcache Viewtool, a generic object cache, permits a wide assortment of highly convenient caching and storage behaviors! [#23037] [#23430] [#23431] [#23432] [#23575]
    • Added $dotContentMap, a built-in Velocity content object that lets you access content in a container without performing a pull.
  • API improvements:
    • Added a new API Playground tool to the Dev Tools, built using Swagger. [#22298]
    • Refactored HostAPI: Improved caching and respect for permissions; now reliant on the database instead of ElasticSearch, and on variable names instead of Content Type names. [#21476]
    • Metadata for Binary Fields is now exposed through API responses. [#23552]
    • Push Publishing filters can now be added or updated via a REST API call. [#21823]
    • Added new API endpoints for creating, reading, updating, or deleting containers. [#21626]
    • Permissions operations now have REST API endpoints. [#22524]
    • New /api/v1/page/copyContentlet endpoint allows copying of content in the context of a page, duplicating the object and editing the tree entry. In other words, this is a “Save as Copy” method that allows content to be modified for a single page rather than all pages. [#23224]
      • Added in the same breath: New /api/v1/page/{pageIdentifier}/_deepcopy endpoint allows a “deep copy” of an entire page — copying both the page itself and all content contained therein.
  • Edit Mode Anywhere changes:
    • Now works in AWS Amplify and other hosting platforms. [#21877]
    • No longer sends the page.rendered property on POST unless enabled in the app. [#21786]
    • URL Override plugin's functionality is now part of the core, available out of the box. [#21713]
  • Logging:
  • User experience tweaks, simplifications, etc.:
    • Enter key now activates the primary action — e.g., Next, Submit, etc. — for all dialogs in the system. [#19158] [#22566]
    • Improved clickability when relating content — click anywhere in the list's rows to toggle!
    • Add custom content tools to traditional navigation through a simple menu option in the Content Type list, or through API calls. [#21797]
    • In the traditional interface, clicking on an entry in the Categories menu now provides a list of child categories, for improved navigation. [#23252]
    • Angular dropdown menus, such as the site selector, now allow for keyboard navigation. [#22835]
  • Changed folder handling to enforce knowable & consistent folder ID behavior. [#21801]
  • Replaced Vanity URL base content type's Site field with a Host Folder field. [#21889]
  • The Multipart Web Interceptor plugin, which scans multipart or form requests that use PUT or POST to upload files, has been fully integrated into the core product. [#21854]
  • Date and time fields have been modified in MSSQL databases to take into account time zones. [#21169]
  • Versions of the same content across different languages can now display publishing dates distinct from one another. [#21518]
  • Updated dot-binary-file web component to support the maxFileLength attribute. [#18019]
  • Image filter scale has been mapped to the resize filter that replaced it, improving backwards compatibility. [#22463]
  • Switched to using Tomcat's RemoteIpValve for DNS resolution. [#19569]
  • Updated the Next.js starter: Upgraded to the latest Next.js version, and reviewed compliance with community guidelines. Read more about using dotCMS with Next.js on our blog. [#22992][#22994][#22995]
  • Added an app that implements the prerender.io filter as a WebIntercepter and allows a user to configure prerender via Settings → Apps → dotCMS prerender App. [#20903]
  • Now compatible with Husky. [#21857]
  • Various performance improvements!
    • Optimized routines for bulk adjustment of permissions. [#19358]
    • Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. [#21619]
    • Sped up the process of fetching a piece of content's categories via Velocity. You might say we've increased its Velocity. Stop frowning at me. [#22864]
    • Implemented lazy loading for workflow histories to improve load times for history-rich content. [#22068]
    • Tomcat no longer performs scans for Tag Library Descriptor files at startup, speeding up initialization. [#22716]
    • General library-driven improvements to paste behavior across a variety of fields and data types. [#22019]
    • Related content spanning multiple locales has been made more performant, shortening load times. [#22910]
    • Added DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS environment variable to limit the maximum number of threads image processing can consume. [#23384]

Visual Adjustments

  • “Paper” layering styles (e.g., gaps and drop-shadows) removed from back end, reclaiming some space. [#23369]
  • Significant cleanup operations and general improvements have been undertaken on the user interface for Containers. Error messages, toasts, layout elements, context menus, and more have received some TLC for a cleaner and smoother user experience. [#23141] [#23142] [#23143] [#23144] [#23146] [#23200]
  • “Break lines, not layouts!” The field variable interface now handles lengthy keys and values more gracefully; long text now wraps to additional lines within invariant columns. This supersedes the old behavior of “plunging into chaos.” [#23119]
  • Page titles now update to display the name of content being edited; multitab without fear! [#21701]
  • Fixed cases of contextual menus cutting off at the bottom of their parent display pane. [#21979] [#23461]
  • Replaced browser-native alert() message box after user account changes data in the My Account dialog. [#22276]
  • When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]
  • Fixed pagination errors on the UI site selector; now displays a maximum of 15 results at a time, with live text filtering of choices. [#22734]
  • Slight adjustment to the styling of cards in the Apps section. [#23367]
  • The read-only system container and system template are now more visually clear as to this status, with a greyed-out color scheme and contextual buttons removed. [#22216] [#22217]
  • Pagination now displays properly when querying related content by REST API. [#22236]
  • Updated labeling to more clearly distinguishing between a “key” and a “token” in the user interface — a subtle but “key” difference! [#23007]
  • Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]
  • Removed extraneous descriptive text from dropdowns in Edit Mode. [#23406]
  • Date and Date/Time fields now highlight the current date. [#23551]

Dependencies, Components, Etc.

  • JSON handling: Removed GSON in favor of Jackson. [#21641]
  • Updated ProseMirror, TipTap, and Tomcat. [#22058] [#21849]
  • The version of Java used in docker images has been updated. [#22426] [#22852]
  • Upgraded Nx and Angular. [#22337]
  • Updated Dojo. [#22132] (Note: Also listed under Breaking Changes.)
    • Smoke-tested Dojo update. [#22885]
  • Moved from Libsass to Dart Sass for SASS/CSS compilation. [#22196]
  • Tomcat native library location has been fixed for Apple M1 contexts. [#22893]
  • Updated GNU General Public License text. [#23352]
  • PDFBox library updated to 2.0.27. [#23384-comment]
  • Stabilized internal Tomcat path to prevent breaking changes on minor-version updates. [#23407]
  • Removed unused jsass and Apache commons text libraries, to avoid flags associated with the text4shell vulnerability. Although dotCMS was never susceptible to said vulnerability, we thought it best to avoid even the suggestion of it. [#23475]
  • Upgraded the PostgreSQL JDBC driver. As with the previous bullet point, this resolves a vulnerability that did not strictly affect dotCMS. [#23531]
  • We've carved npm out of the front-end build process and wrapped the latter in a Maven module, as a first step toward using Maven for the full build. [#23556]

Plugins

  • Improved OSGi plugin loading in server-cluster context. [#21882]
  • Fixed error preventing OSGi plugin undeployment. [#21879]
  • Fixed ability to upload multiple OSGi assets at once. [#21685]
  • Fragments now only load when forced. On uploading, dotCMS reads the Export-Package from the fragment manifest, adds this to the OSGi-extras file, then moves the fragment to the undeployed folder and restarts the OSGi framework. This prevents interference with other plugins and allows OSGI to be cleanly started. [#22055]
  • Created new OSGi system framework for loading system bundles — minimal, speedy, and stable. [#22184]
  • Override plugin now starts correctly in certain prior versions. [#22043]

Development Improvements

  • Migrated Actions to monorepo. [#21761]
  • Improved test times. [#22495]
  • Consolidated build jobs. [#21755]
  • Migrated Postman tests to GitHub Actions. [#21758]
  • Resolved vulnerabilities and identified by SonarQube. [#23405]
  • Updated GitHub Actions code in response to command deprecations. [#23332]
  • Update tasks have been updated and backported, improving maintenance of future LTS releases. [#22916]

Breaking Changes

  • Replaced repackaged JSON-handling classes with more tractable code. [#22118]
  • Updated several default configuration values, such as disallowing HTTP by default. [#22006]
  • Removed unnecessary Spring jars for better parsimony and tidiness. [#21944]
  • Initial admin password is now an automatically generated, non-guessable password recorded in the logs. Setting the configuration option INITIAL_ADMIN_PASSWORD can allow for overriding the generated password with a preset one. [#21916]
  • Moved to using Gradle 7.3.3 in the build scripts. [#21684]
  • AspectJ has been removed. Instead, Bytebuddy is now inited at runtime and rewrites the bytecode to weave the annotations into the classes. Additionally, ByteBuddy does not need to be included as a java agent. [#21684]
  • By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]
  • Updated Dojo. [#22132]
  • Removed unused MySQL and Oracle drivers; users relying on either of these will need to provide their own drivers in their plugins. [#23531-comment]

dotCMS 21.06.14 LTS

Available: Feb 23, 2023 Demo starter image: 20210615

Fixes


dotCMS 21.06.13 LTS

Available: Feb 22, 2023 Demo starter image: 20210615

Enhancements & Adjustments

  • Added DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS environment variable to limit the maximum number of threads image processing can consume. [#23384]
  • Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]
  • Related content spanning multiple locales has been made more performant, shortening load times. [#22910]

Visual Fixes

  • Fixed cases of back-end menu tools' text not displaying. [#23341]
  • Displayed date updates correctly on menu after changing time zone. [#23128]
  • Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]
  • Fixed bug that inverted the display of parent and child in many-to-one Relationship fields.[#22549]
  • Pagination now displays properly when querying related content by REST API. [#22236]
  • Content Types with two Relationship fields of the same type no longer display list of crossed-out unavailable languages. #21735

Dependencies, Components, Etc.

Fixes

  • Categories are no longer removed from content mass-imported via CSV file. [#23440]
  • Resource consumption has been restricted on PDF thumbnail generation, decreasing system footprint and preventing out-of-memory exceptions. [#23384]
  • Additional error handling has been added to the PublisherJobQueue to improve logging and resilience. [#22850]
  • Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]
  • Fixed the removal of categories through API calls, which no longer throws an error. [#22756]
  • Image selector displays correct totals and respects language selection. [#22729]
  • Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]
  • Saving a contentlet before its related content loads will no longer result in a clearing of the Relationships field. [#22323]
  • Pulling related content with no sorting parameter set now returns related content in the order it was added. #21929)
  • Push Removal of a Static Pushed page no longer removes any other files required for that page to render. #21832
  • Assign function under the Tasks tool no longer throws an error when attempting to change content not in the default language while a working version exists in the default language. [#23280]

Security

  • XMLTool has been restricted from fetching remote entities. [#21415]

dotCMS 23.02

Available: Feb 21, 2023 Demo starter image: 20230112

dotCMS 23.02's highlights include a new condition for Rules based on the HTTP method used, the ability to change S3 API endpoint targets, and improvements to the Content Search user interface. 23.02 also features significant maintenance and bug-squashing efforts. These latter entries are perhaps less glamorous, but certainly no less important or virtuous. And virtue, as they say, is its own reward.

Lastly, our own internal workflows continue to evolve and improve in tandem with the product, as documented below. We hope you'll enjoy the result!

Enhancements & Adjustments

  • New Rule condition allows a Rule to fire based on the HTTP method used. [#23209]
  • Users may now edit the labels of system fields on any Content Type. [#22901]
  • The Page API can now additionally return a count of the number of Pages in which a piece of content appears. [#23223]
  • While editing an existing piece of content, the editor will display a link to the relevant Content Type under the Workflow summary. [#23231]
  • The Block Editor's image-block popup now includes a tab for uploading a local file. [#23237]
  • The top bar of the Content Search has been reorganized for better visibility and distribution. On page load, the search input field receives focus. These little details matter! [#23601]
  • In a follow-up to our previous effort to make system fields in Base Content Types removable by users, we're extending the process so it'll do likewise to user-created variants. [#23736]
  • The paragraph block has been removed from the configurable Allowed Blocks list, to better convey its inviolable “default block” status. [#23764]
  • The logs have fewer spammy messages to let you know that no apps require ACCESS_TOKEN renewal. The logs cover a lot of ground, so it's important to maintain a decent signal-to-noise ratio. [#23781]
  • S3Client can now be configured to interact with Simple Storage Service (S3) object stores other than Amazon S3. [#22151]
  • Image permits, which control the number of threads dotCMS's image editor can occupy at once, have been made more permissive through better use of caching. They are now less likely to cap out on routine operations, without compromising their intended purpose of easing system resource burdens. [#23807]

Visual Fixes

  • Content Type layouts in excess of three columns now distribute their contents more evenly on smaller displays. [#23644]
  • Reinstated title bar to query dialogs on content search screen. Repaired their styling, too. [#23554] [#23739]
  • Content Palette no longer occasionally spits out an empty, duplicate half-pane. [#24084]

Development Improvements

  • Postman tests are now run in parallel, segmented into smaller groups. [#23330]
  • Added Push Publishing test fixes for Postman covering sender collection and graceful failure when it cannot determine a result. [#23766][#23330]
  • Created automation to remove published dotCMS CI/CD image used for Postman tests. [#23808]
  • Maven build no longer adversely impacts a local npm registry. [#23692]
  • SonarQube is now run on every pull request to core-web. [#23696][#23779]
  • Simplified integration of Docker images considered dependencies via Github Container Registry. [#23808]

Fixes

  • Whitelisting a block on a Block Editor field will no longer result in error when adding images to that field. [#23920]
  • Corrected the exclusion of two asset directories from back-end exports; both are now present and accounted for. [#23810]
  • Fetching language keys for an unsupported language now falls back to default administrative language configured from the System → Configuration tool, rather than the default content language configured through the Types & Tags → Languages tool. [#23777]
  • Navigation no longer shows duplicate results — both requested and default languages — when requesting multilingual content in the non-default language. [#23890]
  • Resolved issue preventing latest upgrade for MSSQL database users. [#23761]
  • Downloading a starter from the back end is now a streamed process that begins as the assets are being incorporated into an archive. This prevents timeouts under certain administrative setups — such as running dotCMS behind a load balancer — and limits the danger of the destination container over-allocating space in the case of multiple requests. That's a mouthful, but two birds with one stone merits a yarn. [#23733]
  • Unnecessary XML encoding has been removed from environmental variables that originate from the Tomcat access log file. [#23669]
  • Categories are no longer removed from content mass-imported via CSV file. [#23440]
  • Adding the same Content Type to a custom content tool twice will now display a more descriptive error message. [#22411]
  • Push Publishing filters now save to the correct subfolder with the correct filename; a recent update was missing a trailing slash, causing them to be saved in the parent folder with the subfolder's name appended to the filenames. [#23578]
  • Mended typo in the Checkbox Field's values property, which is now callable in the Velocity content object either through the .values or .value properties, instead of just the latter. [#22049]

Breaking Changes

  • The user API endpoint at /api/v1/users/filter has been refactored to take query strings instead of path parameters. [#20529]

dotCMS 23.01

Available: Jan 12, 2023 Demo starter image: 20221010

dotCMS 23.01 rockets out of the gate with an array of new features!

The Block Editor continues to evolve; it now supports Table blocks, allows inline editing in Edit Mode, and comes equipped with a new image-search component. Our Velocity toolbelt has gained some important new gizmos: all-purpose object caches, and a brand-new Velocity Playground developer tool. Need to access file metadata? Now you can do it through API calls.

This version features a legion of user interface improvements, a throng of under-the-hood fixes, a handful of component updates, and, as usual, more. Happy New Year, and bon appetit.

Content

  • Tables! The Block Editor now has a Table block — the newest sail on our flagship content editor. [#21991]
  • Simplified image import from the Block Editor: Pasting an image link into a new block displays the image, and a button allows one-click importation as a dotAsset. [#22194]
  • Selecting “Images” from the Block Editor displays a new dialog that allows easy selection of images from within dotCMS, or via URL. [#23235] [#23238]
  • While in Edit Mode, Block Editor fields can be edited inline through a swanky new modal interface. [#22487]

    Note: This feature was announced and documented circa the 22.12 release, but was not yet functional; 23.01 is its first effective release.

Enhancements & Adjustments

  • The new $dotcache Viewtool, a generic object cache, permits a wide assortment of highly convenient caching and storage behaviors! [#23037] [#23430] [#23431] [#23432] [#23575]

    Note: This also alters the behavior of the dotcache directive; see Breaking Changes.

  • We've built a new Velocity Playground developer tool, allowing users to easily test and preview Velocity snippets before deployment. Debug with gusto — maybe even élan! [#23610]
  • We've added an interface to the Block Editor settings to allow configuration of whitelisted blocks without the use of field variables. [#22908]
  • Metadata for Binary Fields is now exposed through API responses. [#23552]
  • New /api/v1/page/copyContentlet endpoint allows copying of content in the context of a page, duplicating the object and editing the tree entry. In other words, this is a “Save as Copy” method that allows content to be modified for a single page rather than all pages. [#23224]
    • Added in the same breath: New /api/v1/page/{pageIdentifier}/_deepcopy endpoint allows a “deep copy” of an entire page — copying both the page itself and all content contained therein.
  • The $dotContentMap built-in content object is now utilized in shortcut dialogs in the Container interface. [#23248]
  • In the traditional interface, clicking on an entry in the Categories menu now provides a list of child categories, for improved navigation. [#23252]
  • Enabled further support for undo and redo operations in the Block Editor. [#22903]
  • Made thumbnails a bit less noisy in the logs. [#23757]
  • Added DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS environment variable to limit the maximum number of threads image processing can consume. [#23384]

Visual Fixes

  • Significant cleanup operations and general improvements have been undertaken on the user interface for Containers. Error messages, toasts, layout elements, context menus, and more have received some TLC for a cleaner and smoother user experience. [#23141] [#23142] [#23143] [#23144] [#23146] [#23200]
  • “Break lines, not layouts!” The field variable interface now handles lengthy keys and values more gracefully; long text now wraps to additional lines within invariant columns. This supersedes the old behavior of “plunging into chaos.” [#23119]
  • Fixed cases of back-end menu tools' text not displaying. [#23341]
  • Slight adjustment to the styling of cards in the Apps section. [#23367]
  • “Paper” layering styles (e.g., gaps and drop-shadows) removed from back end, reclaiming some space. [#23369]
  • Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]
  • Removed extraneous descriptive text from dropdowns in Edit Mode. [#23406]
  • Context menus called at the bottom of a menu list no longer break off. [#23461]
  • Date and Date/Time fields now highlight the current date. [#23551]
  • Removed visual duplication of the content palette while Edit Mode is loading. [#23619]

Dependencies, Components, Etc.

  • Updated GNU General Public License text. [#23352]
  • PDFBox library updated to 2.0.27. [#23384-comment]
  • Stabilized internal Tomcat path to prevent breaking changes on minor-version updates. [#23407]
  • Removed unused jsass and Apache commons text libraries, to avoid flags associated with the text4shell vulnerability. Although dotCMS was never susceptible to said vulnerability, we thought it best to avoid even the suggestion of it. [#23475]
  • Upgraded the PostgreSQL JDBC driver. As with the previous bullet point, this resolves a vulnerability that did not strictly affect dotCMS. [#23531]

    Note: See Breaking Changes.

  • We've carved npm out of the front-end build process and wrapped the latter in a Maven module, as a first step toward using Maven for the full build. [#23556]

Development Improvements

  • Resolved vulnerabilities and identified by SonarQube. [#23405]
  • Updated GitHub Actions code in response to command deprecations. [#23332]

Fixes

  • Push publishing to S3 buckets now works in all major regions, regardless of which Signature Version is supported behind the scenes. [#22449]
  • Fixed erroneous difference between the Key/Value field's import and export formatting. [#22582]
  • Image selector displays correct totals and respects language selection. [#22729]
  • /api/v1/containers endpoint correctly updates a Container when maxContentlets is set to 0. [#23147]
  • Large bulk updates via import are now faster, via adjustments to relationship-field validation operations. Timeout troubles, begone! [#23015]
  • Fixed the sort-order parameter, orderby, for Categories; they now sort as specified. [#23253]
  • Performing a health check via /api/v1/system-status now cleans up after itself, removing all created folders. [#23267]
  • Restored PDF and video previews in back-end content editor. [#23359]
  • Resource consumption has been restricted on PDF thumbnail generation, decreasing system footprint and preventing out-of-memory exceptions. [#23384]
  • Resolved issue where certain access-limited users could not switch between multiple sites on the back end. This was due to a permission correspondence between the necessary endpoint and the Sites tool, which may not be visible to the limited user. [#23474]
  • Fixed error preventing the addition of a Container to an Advanced Template. [#23557]
  • Updated internal IP blacklists to include AWS metadata services. [#23481]
  • URI normalization filter has been made less aggressive, and now plays nicely with slashes and equals signs. [#22498]

Breaking Changes

  • Removed unused MySQL and Oracle drivers; users relying on either of these will need to provide their own drivers in their plugins. [#23531-comment]
  • The new $dotcache Viewtool (see Enhancements) has altered the behavior of the prior dotcache directive. Previously, dotcache blocks cached fully rendered versions of their contents, omitting various Velocity state operations in the process. Now, set directives within dotcache blocks are “wrapped” in the new generic object cache routines, allowing declared objects to persist on cache hit. This may interfere with a small, niche set of use-cases, which can still be addressed via the viewtool.
    • As of either 23.02 or 23.01.1 LTS, this change has been un-broken, and Velocity context data is once again not cached within a dotcache block by default. [#24075]

dotCMS 22.03.4 LTS

Available: Jan 4, 2023 Demo starter image: 20220209

Bugfixes

  • Fixed bug that inverted the display of parent and child in many-to-one Relationship fields. [#22549]
  • Fixed a case where specific conditions could cause drafted content to fail to Push Publish. [#21966]
  • dotCMS now scans zip files to ensure integrity, preventing errors resulting from working with an invalid archive. [#23401]
  • Remote-URL access tools like $json or $import now run in a thread pool to avoid blocking, backups and crashes in the event of high traffic to a non-responsive external API. [#22522]
  • Fixed issue where certain access-limited users could not switch between multiple sites on the back end. This was due to a permission correspondence between the necessary endpoint and the Sites tool, which may not be visible to the limited user. [#23474]
  • Large bulk updates via import are now faster, via adjustments to relationship-field validation operations. Timeout troubles, begone! [#23015]
  • Resolved erroneous difference between the Key/Value field's import and export formatting. [#22582]

Breaking Changes

  • By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]

dotCMS 21.06.12 LTS

Available: Jan 4, 2023 Demo starter image: 20210615

Bugfixes

  • TempFileAPI will now only import by URL if the user is an admin, to reduce exposure to server-side request forgeries. Per OWASP best practices, requests to non-pubic hosts are disallowed. For improved transparency, the source IP has been added to the request as a URL parameter. [#21400]
  • dotCMS now scans zip files to ensure integrity, preventing errors resulting from working with an invalid archive. [#23401]
  • Remote-URL access tools like $json or $import now run in a thread pool to avoid blocking, backups and crashes in the event of high traffic to a non-responsive external API. [#22522]
  • Fixed issue where certain access-limited users could not switch between multiple sites on the back end. This was due to a permission correspondence between the necessary endpoint and the Sites tool, which may not be visible to the limited user. [#23474]
  • Large bulk updates via import are now faster, via adjustments to relationship-field validation operations. Timeout troubles, begone! [#23015]
  • Resolved erroneous difference between the Key/Value field's import and export formatting. [#22582]

Breaking Changes

  • By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]

dotCMS 22.12

Available: Dec 9, 2022 Demo starter image: 20221010

Originally planned to be released as 22.11, dotCMS's version 22.12 reaffirms our position vis-a-vis the classic dilemma: “Done fast, or done right?” This release includes a variety of important fixes and enhancements — and in a few cases, both at once — all under an ever-expanding regime of quality-assurance testing.

Whether you're looking for an easy way to keep rich, structured content up to date; tools to keep tabs on content length for SEO or audience tailoring; better logging; or just an all-around richer and more stable user experience, consider upgrading to 22.12!

Note: Upgrading to 22.12 or later from any pre-22.12 version requires a full reindexing of content. This is a simple, pushbutton procedure, but may take some time on very large sites.

Content

  • Block Editor image blocks now provide more tailored support to dotImages, HTML images, etc. Among other things, this improves the process of WYSIWYG-to-Block-Editor conversion. [#22832]
  • When performing a “shallow push” — i.e., Push Publishing with the “Only Selected Items” filter selected — tree entries are included in the push. This renders the behavior more intuitive in certain cases. [#18742]
  • Contentlets placed in a Block Editor field now remain updated if the referenced content changes. This feature syncs the block-contentlet with that of both the database and the cache. This comes with a slight performance cost — in most cases statistically insignificant — that can be offset by disabling the cache-synchronization: Just set the environment variable DOT_REFRESH_BLOCK_EDITOR_REFERENCES=false. [#22857][#22990]

    Note: This item originally premiered as a feature of 22.10; however, because of an oversight, the feature was not operational in that release. 22.12 is therefore its first effective release.

  • Blocks now have a “Delete” button — that is, one of these dealies now appears in the bubble menu. [#22881]
  • Block Editors can now display character count, word count, and estimated reading time figures below the field. This can be optionally disabled — or a character limit can be configured — through new field variables. [#22904]

Enhancements & Adjustments

  • The log viewer has been rebuilt. While this represents an enhancement overall by way of better performance and reliability, this item represents a number of bugfixes as well.
  • Certain System fields in certain Base Content Types have been rendered user-removable. [#15847]
  • Caches storing all Velocity macros now flush and refresh according to a more eager strategy, triggered either by flushing the Velocity2 cache manually via the System → Maintenance panel, or by editing any dot_velocity_macro.vtl file. [#22297]
  • Permissions operations now have REST API endpoints. [#22524]
  • Angular dropdown menus, such as the site selector, now allow for keyboard navigation. [#22835]
  • Sped up the process of fetching a piece of content's categories via Velocity. You might say we've increased its Velocity. Stop frowning at me. [#22864]
  • Additional logging has been added to SAML operations. [#23048]
  • Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]

Visual Fixes

  • “Uploading” placeholder no longer sticks around after an image is successfully added to a Block Editor via drag and drop. [#22580][#22859]
  • Contentlets embedded within the Block Editor now correctly push during a Push Publish operation. [#22899]
  • Displayed date updates correctly on menu after changing time zone. [#23128]
  • Default system container no longer reports a broken image when displaying content without an image. [#23088]

Dependencies & Components

  • Tomcat native library location has been fixed for Apple M1 contexts. [#22893]
  • Update tasks have been updated and backported, improving maintenance of future LTS releases. [#22916]

Bugfixes

  • The Log Viewer — A Chronicle:
    • The viewer now properly filters and highlights search terms. [#23043]
    • Navigation between pages has been fixed. [#23042]
    • Viewer's front-end performance has been fixed and optimized. [#22968]
    • Ditto on the back end. [#22978]
    • The front- and back-end changes have been integrated. [#23039]
  • Block Editor bubble menu no longer pops up after reordering blocks by drag and drop. [#22898]
  • Docker images have been updated to use UTF-8 language settings by default. [#23056]
  • SameSite cookie property can now be overridden from strict to lax, which can counter certain conditions preventing SAML redirects. [#23072]
  • Fixed issue preventing categories from being added properly to bundles. [#23078]
  • Additional error handling procedures added to the Scripting API ensure that file handles close properly. [#23082]
  • Site Selector now correctly switches between multiple sites while in Edit Mode. [#23106]
  • Fixed case causing WYSIWYG to throw a null pointer exception when containing certain invalid data elements. [#23296]
  • Resuscitated the ElasticSearch query tool after the sight of a recent bug caused it to faint. It's feeling much better, now. [#23379]
  • dotCMS now scans zip files to ensure integrity, preventing errors resulting from working with an invalid archive. [#23401]
  • The API endpoint for firing a workflow action no longer fails when the indexPolicy parameter is specified. [#23381]

⚠️ Breaking Changes

  • Because of changes in the way identifiers are handled, it is necessary to perform a full reindex after upgrading to 22.12.

dotCMS 22.03.3 LTS

Available: Nov 14, 2022 Demo starter image: 20220209

Bugfixes

  • SAML redirects now forward properly after authentication. [#22156]
  • Added a way to avoid cases where hashed IDs are referenced against non-hashed data in the creation of SAML users: Created hash.userid property (boolean) to SAML configuration to control whether the UserID is hashed or not. [#22692]
  • Bulk adjustment of large quantities of permissions can no longer deadlock the database. [#19358]
  • Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. [#21482]
  • Fixed WebP filter: no longer adds white background in Safari, and default quality no longer ruins perfectly good images. [#21694] [#21652]
  • Fixed issue with database export streams that caused connection closure before file generation in instances behind a load balancer. [#22116]
  • Users with Back-End User and Front-End User roles who sign into the front end are no longer delivered to the back-end Edit Mode version of the page after manual URL entry. [#22124]
  • When upgrading from version 5.1.6 (or older), database migration tasks now run smoothly, without errors due to differences in DB column counts. [#22349]
  • Restored missing locales for Velocity localization operations. [#22603]
  • Fixed a MSSQL DB error on upgrade. [#22605]
  • Time zone data updates properly on upgrade to 22.03 or later. [#22771]
  • Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
  • Fixed issue causing some navigation items to fail to display after upgrade to 22.03 or later. [#22809]
  • Fixed the Show Archive checkbox in the Templates section. [#21885]
  • Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
  • NavTool's getNav() method no longer returns unpublished pages; published pages only! [#22425]
  • Copy Site copies all content; previously, the process encountered a silent cap at 10,000 items due to limits on indexes and Elasticsearch queries. [#22520]
  • Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]

Visual Fixes

  • When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]
  • Content Palette displays larger numbers of Content Types more reliably. [#22338]
  • The “What's Changed?” checkbox in Edit Mode now displays as checked when enabled, and correctly switches between states. [#22673]
  • Pagination now displays properly when querying related content by REST API. [#22236]
  • Displayed date updates correctly on menu after changing time zone. [#23128]
  • Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]

Enhancements and Adjustments

  • Switched to using Tomcat's RemoteIpValve for DNS resolution. [#19569]
  • Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. [#21619]
  • Reinstated Publishing options in Template editor. [#21612]
  • Various improvements have been implemented in upgrade routines. [#22916]
  • Submit button disabled immediately after Form submission to prevent duplicate submissions. [#22951]
  • Implemented storage of content info as JSON for MSSQL databases — as previously implemented for PostgreSQL. [#21219]
  • Removed various system fields — tags, categories, relationships, constants, host, and folder — from the immutable JSON object storage in the database. Folder and host are passed in during the construction of a contentlet; the rest are loaded lazily. [#21858]
  • Related content spanning multiple locales has been made more performant, shortening load times. [#22910]
  • Queued jobs have received additional failsafes against long waits for dependencies. [#23041]
  • Improved ContentMap category lookups to be quicker and less expensive. [#22864]

Dependencies & Components

  • Minor version update to Java on Docker image. [#22852]
  • Updated Tomcat to subsequent minor version. [#21849]

dotCMS 22.10

Available: Oct 26, 2022 Demo starter image: 20221010

dotCMS 22.10 showcases a few new features, starter updates, some UI cleanup, and more. Want to get started with the Block Editor, but all of your rich content is bound up in WYSIWYG fields? We now offer a way to convert WYSIWYG fields into Block Editor fields within an existing content type. We're also introducing the JSON Field — a new way to wrangle semi-structured data within your content.

An important note about libraries: As of 22.10, all “repackaged” libraries are deprecated in dotCMS and will be removed at some future point. While not a breaking change per se, developers should supply their own versions of repackaged libraries in their plugins or replace repackaged classes with the respective normal class. For example:

import com.dotcms.repackage.org.apache.commons.io.input.TailerListenerAdapter;

should become

import org.apache.commons.io.input.TailerListenerAdapter;

Content

Enhancements & Adjustments

Visual Fixes

  • Updated labeling to more clearly distinguishing between a “key” and a “token” in the user interface — a subtle but “key” difference! [#23007]
  • Fixed bug that inverted the display of parent and child in many-to-one Relationship fields.[#22549]
  • The “What's Changed?” checkbox in Edit Mode now displays as checked when enabled, and correctly switches between states. [#22673]
  • Improved the system for default icon assignment to tool groups during upgrades. [#22861]

Bugfixes

  • Contentlets can now be added to the Block Editor field before the content containing the field has been saved. [#23163]
  • Copy Site copies all content; previously, the process encountered a silent cap at 10,000 items due to limits on indexes and Elasticsearch queries. [#22520]
  • NavTool's getNav() method no longer returns unpublished pages; published pages only! [#22425]
  • Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]
  • Remote-URL access tools like $json or $import now run in a thread pool to avoid blocking, backups and crashes in the event of high traffic to a non-responsive external API. [#22522]
  • Key/Value fields once again properly escape special characters, thereby squashing a recent and noisome bug. [#22754]
  • Key/Value fields properly record item order after sorting. [#22975]
  • Fixed issue causing some navigation items to fail to display after upgrade to 22.03 or later. [#22809]
  • Time zone data updates properly on upgrade to 22.03 or later. [#22771]
  • The breadcrumb-trail links at the top of the admin panel open in the same tab. [#22843]
  • Additional error handling has been added to the PublisherJobQueue to improve logging and resilience. Now nigh unkillable, it may be observed in the wild eating boulders and arm-wrestling jabberwocks. [#22850]
    • Queued jobs themselves have likewise received additional failsafes. [#23041]
  • Multiple Block Editors in the same content type will all save their respective content properly. [#23216]

dotCMS 5.3.8.14 LTS

Available: Sep 30, 2022 Demo starter image: 20200909

Bugfixes

  • Copy Site copies all content; previously, the process encountered a silent cap at 10,000 items due to limits on indexes and Elasticsearch queries. [#22520]
  • Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]
  • Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
  • Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set. [#22266]
  • Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role. [#22237]
  • Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
  • Users with Front-End and Back-End permissions logged in to the front end are no longer redirected automatically to the same page in (Back-End) Edit Mode after manual URL entry. [#22124]
  • Pushing a single piece of archived content no longer directly affects — i.e., unpublishes — other versions of the same content. [#21624]
  • Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. [#21619]
  • Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. [#21482]
  • Switched to using Tomcat's RemoteIpValve for DNS resolution. [#19569]
  • A Content Type having a many-to-many relationship to itself will no longer cause contentlets to lose their many-to-many relationships under certain conditions. [#20491]
  • $dotcontent viewtool respects the passed languageID and no longer returns the wrong language in certain situations. [#19774]

dotCMS 22.09

Available: Sep 15, 2022 Demo starter image: 20220713

dotCMS 22.09 features continued Block Editor improvements, Velocity-level access to field variables, dependency upgrades, performance optimizations, a smattering of squashings in the bug district, and more.

As of this build, LDAP support is now considered a deprecated feature, and may be removed from the product at a future date. It is recommended that customers still using LDAP to integrate with dotCMS begin migration to a different Single Sign-On (SSO) solution, such as SAML (through Azure or another Identity Provider).

Content

  • You can now easily link to other dotCMS content within the Block Editor. [#21866]
  • Base font size inside Block Editor has been increased slightly for readability. [#22165]
  • It is now possible to read field variable key-value pairs from within Velocity, allowing evaluation at load time from your Velocity template files — and giving user-defined field variables more utility. [#22618]

Enhancements & Adjustments

  • Expanding on an improvement in 22.08, the Enter key now performs the primary action (e.g., “Next,” “OK,” “Accept,” etc.) in a wider array of dialogs. [#22566]
  • “Suggestion” components — the clickable items that populate under a search bar, such as when linking content in the Block Editor — have been refactored to be more reusable and maintainable. [#22671]
  • Added a Docker compose example running dotCMS with MSSQL in ARM architecture (e.g., for users of Apple M1 processors). [#22639]
  • Refactored block-editor library to include folder structure. [#22517]
  • Tomcat no longer performs scans for Tag Library Descriptor files at startup, speeding up initialization. [#22716]
  • General library-driven improvements to paste behavior across a variety of fields and data types. [#22019]

Visual Fixes

  • Fixed pagination errors on the UI site selector; now displays a maximum of 15 results at a time, with live text filtering of choices. [#22734]
  • Pagination now displays properly when querying related content by REST API. [#22236]

Dependencies & Components

  • Minor version update to Java on Docker image. [#22852]
  • Upgraded Nx and Angular. [#22337]
  • Updated Dojo. [#22132] (Note: Also listed under Breaking Changes.)
    • Smoke-tested Dojo update. [#22885]
  • Moved from Libsass to Dart Sass for SASS/CSS compilation. [#22196]

GitHub Environmental Improvements

  • Migrated Actions to monorepo. [#21761]
  • Improved test times. [#22495]
  • Consolidated build jobs. [#21755]
  • Migrated Postman tests to GitHub Actions. [#21758]

Bugfixes

  • Locales have been added back at the level of the Java seed. [#22722]
  • Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
  • Fixed the removal of categories through API calls, which no longer throws an error. [#22756]
  • Bad requests, such as malformed URIs, no longer result in Tomcat errors in advance of reaching custom dotCMS error pages. [#21742]
  • Creating language variables from the Content search allows the translation of tokens containing blank spaces. [#22607]
  • Image fields containing dotAssets now play well with Velocity. [#22704]
  • When upgrading from version 5.1.6 (or older), database migration tasks now run smoothly, without errors due to differences in DB column counts. [#22349]
  • Resolved conflicts between ByteBuddy and NewRelic agents, speeding up initialization and preventing errors. [#22635]
  • GraphQL introspection queries have been disabled for non-authenticated users. [#22825]
  • Fixed redirect issue that emerged with the update to Angular 14. [#22608]
  • Fixed browser console error when moving to Edit Mode from Site Browser. [#22617]
  • Fixed issue preventing Host variable from rendering headlessly via the Page API. [#21244]
  • SAML redirects now forward properly after authentication. [#22156]
  • Created a way to avoid cases where hashed IDs are referenced against non-hashed data in the creation of SAML users: Added hash.userid property (boolean) to SAML configuration to control whether the UserID is hashed or not. [#22692]
  • Corrected an issue that prevented relating content in a Relationship field with Many-to-One cardinality. [#22840]

Breaking Changes


dotCMS 21.06.11 LTS

Available: Sep 8, 2022 Demo starter image: 20210615

Enhancements

  • Minor version update to Java on Docker image. [#22852]
  • Updating permissions is now faster, and no longer deadlocks the database when repermissioning structures containing large quantities of content. [#19358]

Bugfixes

  • When upgrading from version 5.1.6 (or older), database migration tasks now run smoothly, without errors due to differences in DB column counts. [#22349]
  • Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
  • Restored missing locales for Velocity localization operations. [#22603]
  • Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set. [#22266]
  • Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role. [#22237]
  • Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
  • Users with Front-End and Back-End permissions logged in to the front end are no longer redirected automatically to the same page in (Back-End) Edit Mode after manual URL entry. [#22124]
  • Pushing a single piece of archived content no longer directly affects — i.e., unpublishes — other versions of the same content. [#21624]
  • Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. [#21619]
  • Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. [#21482]
  • Switched to using Tomcat's RemoteIpValve for DNS resolution. [#19569]
  • A Content Type having a many-to-many relationship to itself will no longer cause contentlets to lose their many-to-many relationships under certain conditions. [#20491]

Visual Fixes

  • When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]

dotCMS 22.08

Available: Aug 10, 2022 Demo starter image: 20220713

dotCMS 22.08 features new API endpoints and visualization tools; new field variable options; a brand new, performant OSGi system framework; a number of squashed bugs; and some quality-of-life improvements.

The largest change may be less obvious, centering on our own internal workflows: We've consolidated tools and procedures, moving toward monorepo status — folding the core-web repo into core — and improving various testing and build automations. We're pleased to report that these changes have made our work of improving dotCMS both simpler and quicker.

Content

  • Users can now define whitelists for which blocks should be usable in a given Block Editor Field, through the allowedBlocks field variable. [#22164]
  • The Block Editor field is no longer marked as a “Beta” feature — it's just a regular part of the gang, now. [#22489]
  • Image paths can now be copied from Site Browser context (right-click) menus, using the new Copy Path item. [#22146]
  • Unveiling $dotContentMap, a built-in Velocity content object that lets you access content in a container without performing a pull.

Enhancements & Adjustments

  • Added a new API Playground tool to the Dev Tools, built using Swagger. [#22298]
  • Added new API endpoints for creating, reading, updating, or deleting containers. [#21626]
  • Enter key now activates the primary action — e.g., Next, Submit, etc. — for all dialogs in the system. [#19158]
  • It is now possible to retrieve parent content through a child contentlet's Relationship Field by using Lucene queries.[#22319]
  • Image filter scale has been mapped to the resize filter that replaced it, improving backwards compatibility. [#22463]
  • The Edit Mode Anywhere URL Override plugin's functionality is now part of the core, available out of the box. [#21713]
  • Versions of the same content across different languages can now display publishing dates distinct from one another. [#21518]
  • The version of Java used in docker images has been updated. [#22426]
  • The import and export format of starters has been changed to JSON. [#19400]

Bugfixes

  • In the Site Browser, the “View Statistics” data now displays correctly; the button is removed from the menu entirely when the ENABLE_CLICKSTREAM_TRACKING property is set to false. [#22131]
  • dotParse now properly respects all parameters of the config property. [#22288]
  • Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role. [#22237]
  • CookiesFilter can now reinitialize cleanly, allowing the dynamic addition of new filters via OSGi. [#22312]
  • Browser page title now updates correctly when switching between contentlets in Edit Mode. [#22320]
  • Bad results on ShortyIdentifier database calls are no longer cached. This prevents a condition in which a database error could result in persistent 404 status for “shorty” IDs until their region is flushed. [#22430]
  • Adding a user to a bundle no longer causes errors. [#22508]
  • Fixed 404 redirect routine. [#22559]
  • Page API calls through GraphQL now work properly with anonymous permissions. [#22615]
  • Resolved errors preventing users with MSSQL databases from successfully executing upgrade procedures. [#22613]
  • Selecting a different site from the admin panel's header dropdown correctly updates the panel while viewing tools built using Angular. [#16754]
  • Drag-and-drop navigation reordering now saves properly. [#22501]
  • Saving a contentlet before its related content loads will no longer result in a clearing of the Relationships field. [#22323]
  • Static Push Publishing no longer fails when attempting to push a bundle containing only a single file asset. [#22073]
  • Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set. [#22266]
  • Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
  • Temporarily rolling back the log-file filter feature introduced in 22.06 for performance reasons; it will be retooled and reintroduced soon. [#22691]
  • Page caches have been made more attentive to servlet forwarding attributes, to prevent cases where a Vanity URL pointing to a URL-mapped detail pages could result in the wrong content being cached. [#22083]
  • It is no longer possible to create a folder with an empty title. [#21129]
  • On initialization, NextJS Edit Mode Anywhere environments generate a unique token, saved to the ENV file and appended to the EMA URL on requests; in the absence of this token, requests fail. [#21959]
  • When performing inline editing on a page that displays related content, edits to related content are also saved and published. [#22173]
  • XMLTool has been fixed; the Jaxen exception has been rectified. [#22307]
  • Corrected errors with Show Query search URL generation. [#22168]
  • Fixed a MSSQL DB error on upgrade. [#22605]

Visual fixes

  • Removed some noisy and unhelpful metadata messages from the logs on initialization. [#22144]
  • Rules now display properly when specifying a condition that checks for a custom request header that not on the header list. [#22186]
  • Replaced browser-native alert() message box after user account changes data in the My Account dialog. [#22276]
  • When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]
  • Content Palette displays larger numbers of Content Types more reliably. [#22338]

Plugins

  • Created new OSGi system framework for loading system bundles — minimal, speedy, and stable. [#22184]
  • Override plugin now starts correctly in certain prior versions. [#22043]

Breaking Changes

  • By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]

dotCMS 22.03.2 LTS

Available: Aug 2, 2022 Demo starter image: 20220209

Enhancements

  • It is now possible to retrieve parent content through a child contentlet's Relationship Field by using Lucene queries.
  • Date and time fields have been modified in MSSQL databases to include time zone data.

Bugfixes

  • An error that could cause OSGi import procedures to fail has been corrected.
  • No HTML field-validation regular expression no longer invalidates an entry if it detects a period.
  • Pages with the show_on_menu option enabled no longer create exceptions in procedures that reorder navigation elements.
  • Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role.
  • Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set.
  • Resolved an error that could cause OSGi import procedures to fail when a version range is specified.
  • dotParse now properly respects all parameters of the config property.
  • Date and time data are now updated before timezone is factored in, to prevent date and time errors during upgrades.
  • Bad results on ShortyIdentifier database calls are no longer cached. This prevents a condition in which a database error could result in persistent 404 status for “shorty” IDs until their region is flushed.
  • Updated SSL configuration to resolve an inactive port in the Docker image.

Visual Fixes

  • Corrected a display issue where relationship fields, on editing, sometimes appeared to change the type selection, such that a many-to-many relationship would display as a one-to-many relationship.
  • Improved logo displays on back-end menus.

Plugins

  • Fragments now only load when forced. On uploading, dotCMS reads the Export-Package from the fragment manifest, adds this to the OSGi-extras file, then moves the fragment to the undeployed folder and restarts the OSGi framework. This prevents interference with other plugins.
  • Improved OSGi plugin loading in server-cluster context.

            Older Versions →

On this page

×

We Dig Feedback

Selected excerpt:

×