Changelogs

Last Updated: Sep 8, 2023
documentation for the dotCMS Content Management System

LTS dotCMS releases

dotCMS will periodically specify specific product releases as Long-Term Supported (LTS) releases, which will be maintained for a longer period than other dotCMS releases, and which will provide a number of advantages for customers that choose to install them.

dotCMS is committed to the security and stability of our latest LTS versions. In our ongoing efforts to protect users, we have established specific timelines for resolving detected vulnerabilities. Note that the responsibility outlined here concerns vulnerabilities that are relevant to live, supported versions. Users on current LTS versions will benefit from security updates in accordance with our established schedules.

Please see the Long Term Supported Releases page for more information and Current Releases for downloads.

Major Version Current Patch Last Updated End of Life Date
24.04.24 LTS 24.04.24v2 May 28, 2024 Nov 6, 2025
23.10.24 LTS 23.10.24v10 May 28, 2024 May 19, 2025
23.01 LTS 23.01.17 May 28, 2024 Sep 22, 2024
22.03 LTS 22.03.15 Apr 15, 2024 Feb 11, 2024
21.06 LTS 21.06.14 Feb 23, 2023 ⚠️ Apr 30, 2023
5.3.8 LTS 5.3.8.14 Sep 30, 2022 Sep 30, 2022
5.2.8 LTS 5.2.8.4 Feb 16, 2021 Jun 2, 2022
⌛ Notice: This major version is past its End of Life date and no longer receives updates.

dotCMS 21.06.14 LTS

Available: Feb 23, 2023 Demo starter image: 20210615

Fixes


dotCMS 21.06.13 LTS

Available: Feb 22, 2023 Demo starter image: 20210615

Enhancements & Adjustments

  • Added DOT_IMAGE_GENERATION_SIMULTANEOUS_REQUESTS environment variable to limit the maximum number of threads image processing can consume. [#23384]
  • Added a method to assign categories to content via Velocity, usable in a Workflow via Velocity script actionlet. [#23009]
  • Related content spanning multiple locales has been made more performant, shortening load times. [#22910]

Visual Fixes

  • Fixed cases of back-end menu tools' text not displaying. [#23341]
  • Displayed date updates correctly on menu after changing time zone. [#23128]
  • Push publishing queue displays all bundles, even when one or more fail to publish. [#23062]
  • Fixed bug that inverted the display of parent and child in many-to-one Relationship fields.[#22549]
  • Pagination now displays properly when querying related content by REST API. [#22236]
  • Content Types with two Relationship fields of the same type no longer display list of crossed-out unavailable languages. #21735

Dependencies, Components, Etc.

Fixes

  • Categories are no longer removed from content mass-imported via CSV file. [#23440]
  • Resource consumption has been restricted on PDF thumbnail generation, decreasing system footprint and preventing out-of-memory exceptions. [#23384]
  • Additional error handling has been added to the PublisherJobQueue to improve logging and resilience. [#22850]
  • Copying a folder containing a page no longer copies the content displayed in that page's containers. [#22763]
  • Fixed the removal of categories through API calls, which no longer throws an error. [#22756]
  • Image selector displays correct totals and respects language selection. [#22729]
  • Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]
  • Saving a contentlet before its related content loads will no longer result in a clearing of the Relationships field. [#22323]
  • Pulling related content with no sorting parameter set now returns related content in the order it was added. #21929)
  • Push Removal of a Static Pushed page no longer removes any other files required for that page to render. #21832
  • Assign function under the Tasks tool no longer throws an error when attempting to change content not in the default language while a working version exists in the default language. [#23280]

Security

  • XMLTool has been restricted from fetching remote entities. [#21415]

dotCMS 21.06.12 LTS

Available: Jan 4, 2023 Demo starter image: 20210615

Bugfixes

  • TempFileAPI will now only import by URL if the user is an admin, to reduce exposure to server-side request forgeries. Per OWASP best practices, requests to non-pubic hosts are disallowed. For improved transparency, the source IP has been added to the request as a URL parameter. [#21400]
  • dotCMS now scans zip files to ensure integrity, preventing errors resulting from working with an invalid archive. [#23401]
  • Remote-URL access tools like $json or $import now run in a thread pool to avoid blocking, backups and crashes in the event of high traffic to a non-responsive external API. [#22522]
  • Fixed issue where certain access-limited users could not switch between multiple sites on the back end. This was due to a permission correspondence between the necessary endpoint and the Sites tool, which may not be visible to the limited user. [#23474]
  • Large bulk updates via import are now faster, via adjustments to relationship-field validation operations. Timeout troubles, begone! [#23015]
  • Resolved erroneous difference between the Key/Value field's import and export formatting. [#22582]

Breaking Changes

  • By default, dotCMS no longer follows redirects when accessing remote URLs programmatically. This change is configurable, and can be reversed by setting the REMOTE_CALL_ALLOW_REDIRECTS property to true. [#22512]

dotCMS 21.06.11 LTS

Available: Sep 8, 2022 Demo starter image: 20210615

Enhancements

  • Minor version update to Java on Docker image. [#22852]
  • Updating permissions is now faster, and no longer deadlocks the database when repermissioning structures containing large quantities of content. [#19358]

Bugfixes

  • When upgrading from version 5.1.6 (or older), database migration tasks now run smoothly, without errors due to differences in DB column counts. [#22349]
  • Workflow changes save properly for all users, including new users or users with special characters in their name. [#22696]
  • Restored missing locales for Velocity localization operations. [#22603]
  • Static Push Publishing no longer fails when pushing certain Base Content Types when a default language other than English is set. [#22266]
  • Corrected issue that prevented limited users with sitewide viewing permissions from viewing content not explicitly permitted for their role. [#22237]
  • Revamped push-publishing of users: It is now possible to push an individual user instead of all users, and interface labeling is clearer throughout. [#22149]
  • Users with Front-End and Back-End permissions logged in to the front end are no longer redirected automatically to the same page in (Back-End) Edit Mode after manual URL entry. [#22124]
  • Pushing a single piece of archived content no longer directly affects — i.e., unpublishes — other versions of the same content. [#21624]
  • Removed performance drag from supporting on-the-fly configuration changes via file watchers and other blocking patterns, which are unsuited to a containerized paradigm. [#21619]
  • Updating a Binary field via REST API no longer removes the value from other Binary fields in the same contentlet. [#21482]
  • Switched to using Tomcat's RemoteIpValve for DNS resolution. [#19569]
  • A Content Type having a many-to-many relationship to itself will no longer cause contentlets to lose their many-to-many relationships under certain conditions. [#20491]

Visual Fixes

  • When changing a password, verbose error message now displays when new password does not meet security requirements. [#22204]

dotCMS 21.06.10 LTS

Available: Jul 5, 2022 Demo starter image: 20210615

Bugfixes

  • Dispatcher now correctly sets servlet URI request parameter, preventing errors in certain Velocity calls.
  • New URI normalization filter has been made less aggressive, and now plays nicely with slashes and equals signs.

dotCMS 21.06.9 LTS

Available: Jun 29, 2022 Demo starter image: 20210615

Bugfixes

  • Bad results on ShortyIdentifier database calls are no longer cached. This prevents a condition in which a database error could result in persistent 404 status for ShortyIDs until their region is flushed.

dotCMS 21.06.8 LTS

Available: Jun 10, 2022 Demo starter image: 20210615

Bugfixes:

  • Pages built with URL Mapped content are now correctly created on a full-site Static Push.
    • URL Mapped content likewise shows up properly in site search indices when including folders.
  • Fixed a case where specific conditions could cause drafted content to fail to Push Publish.
  • Changes to SCSS files are now recognized and processed immediately, without any delays from caching behavior.
  • Fixed navigation error affecting users with both Back-End User and Front-End User roles; URLs now update correctly when editing multiple page assets sequentially.
  • When a Site/Folder field is removed from a Content Type, content of that type will continue to live where it was originally placed, rather than move to SYSTEM_HOST.
  • Fixed issue in which dotAsset titles would display as their identifiers on certain admin panel searches.
  • Can now load extremely large images — whether vast in dimensions or file size — without issue.

Content:

  • Removed limit on number of widgets or forms displayed in Content Selector popup.

Enhancements:


dotCMS 21.06.7 LTS

Available: Mar 9, 2022 Demo starter image: 20210615

dotCMS 21.06.7 is a LTS release which includes several improvements, and fixes for several issues in previous releases.

Fixes

The 21.06.7 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.06.7, please visit the dotCMS Github Repository.

Issue Github Link
[Site Copy] : Copying a Site randomly fails #21204
db passwords with characters (specifically @ and possibly others) will break pub/sub due to the connection string #21363
Add the ability to stop/abort a workflow on velocity script actionlet #21252
Past Time Machine not working #21097
SAML - Allow expression substitution from SAML roles mapped to dotCMS roles by role key #20773
Unable to push publish user #20805
We need to obfuscate some environmental variables #20757
Sanitizing file name #21791
Large Bundles make the viewing publishing queue slow #20971
[Push Publishing] : Single quote in content's title breaks JavaScript code in the portlet #21699

dotCMS 21.06.4 LTS

Available: Dec 13, 2021 Demo starter image: 20210615

dotCMS 21.06.4 is a LTS release which includes several improvements, and fixes for several issues in previous releases.

Announcements, Deprecations and Breaking Changes

  • Breaking Change: The rest call /api/v2/users no longer exists please use /api/v1/users instead. Any use of /api/v2/users needs to be replaced.

Improvements in dotCMS 21.06.4

  • Improved error messages for WorkflowAPIImpl. (#20636)
  • Added the option to choose what fields are shown in a relationship field's overview. (#19215)
  • Added automatic deletion of old inactive Elastic Search indices to prevent performance slowdowns. (#19931)
  • Made multiple improvements to Site Resource. (#20557)
  • A bulk move action is now available on the content search screen. (#20504)
  • License.zip files will not be moved, rewritten or duplicated on startup.(#20591)
  • Moved to glibc based Docker image from a musl based Docker image. (#20666)
  • Edit Mode Anywhere now always expects UTF8. (#20629)
  • Additional GraphQL logging was added. (#20764)

Fixes

The 21.06.4 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.06.4, please visit the dotCMS Github Repository.

Issue Conditions Github Link
Duplicates of the same language were allowed to be created. A language should not be able to be created if a language with the exact same values already exist. #7342
In specific situations the network information did not show on the network tab and an error was produced. Only occurred when a license was applied for the first time and the network tab was navigated to right after. #20647
IPUtils was sometimes returning false incorrectly. Only occurred when a specific IP utilizing a \ was passed in. #20578
Users sometimes were unable to create a multilingual blog. Only occurred on the populate content for language page where the default content is shown. #20505
Workflow could not be copied in certain circumstances. Only occurred when the Notify Assigned action was included in the workflow. #20501
URL field values were not included in pages in certain situations. The URL field values were not included when the page was exported from Content->Search. #20405
User couldn't view or edit a piece of content when it has certain multilingual properties. Only occurred when that content referenced a non-default language on a page that didn't exist in the default language. #20494
Copy workflow button sometimes resulted in incorrect next steps. Only occurred sporadically. #18111
Generating a resource link for file assets in certain circumstances failed. Only occurred when the file asset had a legacy identifier. #20597
Contentlet sometimes failed to render and threw an error in certain cases. Only occurred for content that had a file or image in its Content Type and the file/image was not published when the user was viewing the page. #18014
The add content button was sometimes showing up twice when adding or moving content in a specific container. Only occurred the dotCMS instance had legacy data. #20623
Update site was not correctly updating the aliases. This occurred when you Updated the site via the REST call. #20638
In certain situations when running containerized dotCMS initialization was getting stuck. Only occurred when new nodes were coming up and Tika was trying to initialize. #20640
Settings were sometimes not respected when an image was inserted into the WYSIWYG. Only occurred when WYSIWYG_IMAGE_URL_PATTERN was set on the image. #20642
Widgets index policy on a page was sometimes overridden by the default. Only occurred when an index policy was set in a code snippet widget on the page. #20649
Error was created when certain response header rules were set. Only occurred when the header required single quotes. #20659
Users were not allowed to push publish in another time zone in certain situations. Occurred when the user was trying to push publish in another timezone at a time that has already past in there current timezone. #20674
Users were able to login as all users in certain situations. Occurred when a user did not have login as permissions but were still able to use it. #20677
Vanity URLs could be created without required data. The vanity URL could be created without the title and the forward to field filled in. #20685
Site name was not able to updated a specific way. Issue occurred when trying to update a site name via the Update Site REST call. #20688
dotCDN was not invalidating the correct information on prod ion certain situations. Issue occurred when push publishing data that had been invalidated on auth. #20690
Error occurred when upgrading to 21.06 with a specific dotCMS setup. Issue occurred when a managed database was being used. #20725
OutOfMemoryError occurred when the user tried to import a Bundle Occurred when many events were triggered at the same time. #20799
Users would sometimes see a multilingual site in the wrong language. Occurred when the site was static and the default language was selected. #20469
Pulling tags with GraphQL returned an error in logs in specific circumstances. The error only occurred there were no tags existing. #20719
Classes assigned to rows in layout designer were removed in certain situations. Only occurred when one row in the layout designer was deleted all the rows below it would be effected. #20519
An exception was thrown on a fresh installation of the full starter depending on the database used. The exception was only thrown if MSSQL was used as the database. #20669
Image paths and CSS file paths were sometimes incorrect after a Static Publish or Time Machine run. Only occurred when the image path and dimensions were passed in a code snippet widget. #20707
Running fix conflicts after running an integrity check caused errors in specific situations. The error only occurred when trying to fix folder conflicts. #20714

dotCMS 21.06.3 LTS

Available: Sep 12, 2021 Demo starter image: 20210615

dotCMS 21.06.3 is a LTS release which includes several improvements, and fixes for several issues in previous releases.

Announcements, Deprecations and Breaking Changes

  • Breaking Change: The rest call /api/v2/users no longer exists please use /api/v1/users instead. Any use of /api/v2/users needs to be replaced.

Improvements in dotCMS 21.06.3

  • Improved error messages for WorkflowAPIImpl. (#20636)
  • Added the option to choose what fields are shown in a relationship field's overview. (#19215)
  • Added automatic deletion of old inactive Elastic Search indices to prevent performance slowdowns. (#19931)
  • Made multiple improvements to Site Resource. (#20557)
  • A bulk move action is now available on the content search screen. (#20504)
  • License.zip files will not be moved, rewritten or duplicated on startup.(#20591)
  • Moved to glibc based Docker image from a musl based Docker image. (#20666)
  • Edit Mode Anywhere now always expects UTF8. (#20629)
  • Additional GraphQL logging was added. (#20764)

Fixes

The 21.06.3 release includes fixes for the following reported issues.
For a list of issues addressed in dotCMS 21.06.3, please visit the dotCMS Github Repository.

Issue Conditions Github Link
Duplicates of the same language were allowed to be created. A language should not be able to be created if a language with the exact same values already exist. #7342
In specific situations the network information did not show on the network tab and an error was produced. Only occurred when a license was applied for the first time and the network tab was navigated to right after. #20647
IPUtils was sometimes returning false incorrectly. Only occurred when a specific IP utilizing a \ was passed in. #20578
Users sometimes were unable to create a multilingual blog. Only occurred on the populate content for language page where the default content is shown. #20505
Workflow could not be copied in certain circumstances. Only occurred when the Notify Assigned action was included in the workflow. #20501
URL field values were not included in pages in certain situations. The URL field values were not included when the page was exported from Content->Search. #20405
User couldn't view or edit a piece of content when it has certain multilingual properties. Only occurred when that content referenced a non-default language on a page that didn't exist in the default language. #20494
Copy workflow button sometimes resulted in incorrect next steps. Only occurred sporadically. #18111
Generating a resource link for file assets in certain circumstances failed. Only occurred when the file asset had a legacy identifier. #20597
Contentlet sometimes failed to render and threw an error in certain cases. Only occurred for content that had a file or image in its Content Type and the file/image was not published when the user was viewing the page. #18014
The add content button was sometimes showing up twice when adding or moving content in a specific container. Only occurred the dotCMS instance had legacy data. #20623
Update site was not correctly updating the aliases. This occurred when you Updated the site via the REST call. #20638
In certain situations when running containerized dotCMS initialization was getting stuck. Only occurred when new nodes were coming up and Tika was trying to initialize. #20640
Settings were sometimes not respected when an image was inserted into the WYSIWYG. Only occurred when WYSIWYG_IMAGE_URL_PATTERN was set on the image. #20642
Widgets index policy on a page was sometimes overridden by the default. Only occurred when an index policy was set in a code snippet widget on the page. #20649
Error was created when certain response header rules were set. Only occurred when the header required single quotes. #20659
Users were not allowed to push publish in another time zone in certain situations. Occurred when the user was trying to push publish in another timezone at a time that has already past in there current timezone. #20674
Users were able to login as all users in certain situations. Occurred when a user did not have login as permissions but were still able to use it. #20677
Vanity URLs could be created without required data. The vanity URL could be created without the title and the forward to field filled in. #20685
Site name was not able to updated a specific way. Issue occurred when trying to update a site name via the Update Site REST call. #20688
dotCDN was not invalidating the correct information on prod ion certain situations. Issue occurred when push publishing data that had been invalidated on auth. #20690
Error occurred when upgrading to 21.06 with a specific dotCMS setup. Issue occurred when a managed database was being used. #20725
OutOfMemoryError occurred when the user tried to import a Bundle Occurred when many events were triggered at the same time. #20799
Users would sometimes see a multilingual site in the wrong language. Occurred when the site was static and the default language was selected. #20469
Pulling tags with GraphQL returned an error in logs in specific circumstances. The error only occurred there were no tags existing. #20719
Classes assigned to rows in layout designer were removed in certain situations. Only occurred when one row in the layout designer was deleted all the rows below it would be effected. #20519
An exception was thrown on a fresh installation of the full starter depending on the database used. The exception was only thrown if MSSQL was used as the database. #20669
Image paths and CSS file paths were sometimes incorrect after a Static Publish or Time Machine run. Only occurred when the image path and dimensions were passed in a code snippet widget. #20707
Running fix conflicts after running an integrity check caused errors in specific situations. The error only occurred when trying to fix folder conflicts. #20714

On this page

×

We Dig Feedback

Selected excerpt:

×