Last Updated: Sep 8, 2023
documentation for the dotCMS Content Management System

LTS dotCMS releases

dotCMS will periodically specify specific product releases as Long-Term Supported (LTS) releases, which will be maintained for a longer period than other dotCMS releases, and which will provide a number of advantages for customers that choose to install them.

dotCMS is committed to the security and stability of our latest LTS versions. In our ongoing efforts to protect users, we have established specific timelines for resolving detected vulnerabilities. Note that the responsibility outlined here concerns vulnerabilities that are relevant to live, supported versions. Users on current LTS versions will benefit from security updates in accordance with our established schedules.

Please see the Long Term Supported Releases page for more information and Current Releases for downloads.

Major Version Current Patch Last Updated End of Life Date
24.04.24 LTS 24.04.24v2 May 28, 2024 Nov 6, 2025
23.10.24 LTS 23.10.24v10 May 28, 2024 May 19, 2025
23.01 LTS 23.01.17 May 28, 2024 Sep 22, 2024
22.03 LTS 22.03.15 Apr 15, 2024 Feb 11, 2024
21.06 LTS 21.06.14 Feb 23, 2023 Apr 30, 2023
5.3.8 LTS Sep 30, 2022 Sep 30, 2022
5.2.8 LTS Feb 16, 2021 Jun 2, 2022

dotCMS 23.10.24v10 LTS

Available: May 28, 2024 Demo starter image: 20230712

Enhancements & Adjustments


  • Duplicating content currently related as child to other content no longer results in cardinality errors; copied content is properly created without relationships. [#26283]
  • Textarea field height has been corrected; now displays as several times the size of a Text field by default. [#26597]
  • Fixed Google Maps feature when setting rules related to visitor location. [#27531]
  • Fixed error where, when push-publishing to two different environments — one static, one dynamic — the normally untracked entry for the static push would appear in the pushed assets table with a null endpoint. [#27928]
  • Introduced safeguards against system objects being push published. [#28173]
  • Better default fallthrough behavior has been implemented for cases in which no translation key is found; this prevents system menu labels from being replaced with ugly class names like com.dotcms.repackage.javax.portlet.BlahBlahBlah or similar. [#26660]

dotCMS 23.10.24v9 LTS

Available: May 6, 2024 Demo starter image: 20230712

Enhancements & Adjustments

  • Added additional short-TTL cache to permissions lookups, to improve performance on successive checks over large content pulls. [#28230]


  • Startup tasks are more selectively executed, running according to a stricter evaluation of their necessity. [#28110]
  • Binary field now correctly shows thumbnail previews of uploaded PDF files. [#28105]
  • Calls to the System Table no longer block calls to other system configuration properties, because we deemed this behavior “boorish and uncouth.” [#27878]
  • The Site or Folder field was no longer visible in the Relate Content dialog, so we sawed a panel out of its wall, then slid the field in place behind, allowing its light to filter through. It really opens up the room. [#27563]
  • The Secrets Viewtool can now properly parse the inode from URLs. This is important to ensure that it can properly check code's last editor to ensure they have permission to call on the secret. [#27516]
  • Fixed import behavior on content with Site/Folder fields, which was incorrectly expecting an inode instead of an identifier. [#27361]
  • The Site Browser now correctly remembers which folders had been expanded or collapsed after returning from elsewhere in the admin panel. [#26582]
  • Key/Value fields no longer perform HTML encodings on inappropriate characters (commas and colons) when returning HTML-encoded values. [#25903]
  • Fixed static push publishing to S3 buckets in the us-east-2 region. [#24698]

dotCMS 23.10.24v8 LTS

Available: Apr 15, 2024 Demo starter image: 20230712


  • Scaled back some excessively verbose log entries. [#27910]
  • Corrected role checks when requiring multiple roles to access a resource. [#27909]

Dependencies, Components, Etc.

  • Updated Postgres JDBC driver. The vulnerability this update resolves did not affect dotCMS, as we do not use the setting in question. Still, automated scans that don't know any better were very noisy about this. So… we may as well. [#27894]

dotCMS 23.10.24v7 LTS

Available: Apr 1, 2024 Demo starter image: 20230712

Enhancements & Adjustments

  • Page API additionally returns content related to the Page asset itself, on calls with a depth of 2. [#27775]

  • Removed a number of unnecessary database calls from content editor screen. [#27187]

  • Task detail comments now display in reverse chronological order. [#25729]


  • The dropdown menu in the content comparison tool will now display more than 20 versions at a time for comparison. [#26815]


  • Bundles now display the user who created them to appropriately permissioned users. [#26224]
  • Fixed errors when deleting unpublished bundles via REST API calls. [#26201]
  • Bundles now properly display contents in excess of 20 items when expanded in the Publishing Queue. [#26170]
  • Image fields now correctly receive headers in CSV exports of contentlets. [#26004]
  • Fixed unresponsive Import button when importing categories via CSV. [#25653]
  • Users with limited permissions can edit Pages and content within their purview, even if they do not have access to the Content Search tool. [#22698]
  • Optimized queries to reduce Site Browser loading time when accessing a folder with more than 1,000 items. [#23195]

dotCMS 23.10.24v6 LTS

Available: Mar 18, 2024 Demo starter image: 20230712


  • Adjusted $UtilMethods.isImage() method to prevent it from blocking and thereby bogging down a system. [#27883]
  • Fixed error that prevented the system from returning identity provider IDs instead of the Site identifier as part of the ACS URL in a SAML response, even if the properties are configured to behave that way. [#27832]
  • All edits to the System Template will create an offshoot layout instead of modifying the template itself. [#26415]
  • Updated starter image: The Language Variable Content Type has been flagged in the starter as not being a system type, enabling user creation of this content. [#25891]
  • Custom Layouts now always push with their associated Page, even if selecting a Push Publishing filter that does not include Templates. [#22385]
  • Experiments are now enabled by default. [#27671]
  • Implemented remaining changes needed for successful backport of AI plugin compatibility. [#27787]


  • Hid the download button for bundles pushed to static environment, as these are not downloadable. [#26542]

dotCMS 23.10.24v5 LTS

Available: Mar 4, 2024 Demo starter image: 20230712


  • Limited users with appropriate permissions can now create Content Types on the System Host. [#25296]

dotCMS 23.10.24v4 LTS

Available: Feb 20, 2024 Demo starter image: 20230712


  • Publish Date parameter no longer prevents the scheduled content from being exported. [#27007]
    • Also fixes a related issue that prevents export while filtering by a large number of categories.
  • Changed default Pub/Sub provider value in line with recently built Pub/Sub architecture. [#26706]
  • Folder permissions are now properly editable on an individual basis, even if the folder uses a legacy inode. [#26693]
  • Fixed improper encoding of Cyrillic URLs via Vanity URL redirect. [#26640]
  • Relationship fields now respect and reflect the order in which related contentlets are received via Workflow Action. [#26439]
  • The sysPublishDate field has been restored to the ElasticSearch object; it now indexes and queries properly. [#25233]
  • Languages API no longer throws 400 errors when duplicates of non-unique keys exist. [#24082]
  • Creating new, different-language versions of existing content via API now completes successfully and without error. [#26861]
  • Changed order of precedence for system properties; environment variables take highest precedence, followed by the system-table database, and lastly the file-based and mostly default entries. [#26825]

dotCMS 23.10.24v3 LTS

Available: Feb 7, 2024 Demo starter image: 20230712


  • Publish Date parameter no longer prevents the scheduled content from being exported. [#27007]
    • Also fixes a related issue that prevents export while filtering by a large number of categories.
  • Changed default Pub/Sub provider value in line with recently built Pub/Sub architecture. [#26706]
  • Folder permissions are now properly editable on an individual basis, even if the folder uses a legacy inode. [#26693]
  • Fixed improper encoding of Cyrillic URLs via Vanity URL redirect. [#26640]
  • Relationship fields now respect and reflect the order in which related contentlets are received via Workflow Action. [#26439]
  • The sysPublishDate field has been restored to the ElasticSearch object; it now indexes and queries properly. [#25233]
  • Languages API no longer throws 400 errors when duplicates of non-unique keys exist. [#24082]
  • Creating new, different-language versions of existing content via API now completes successfully and without error. [#26861]
  • Changed order of precedence for system properties; environment variables take highest precedence, followed by the system-table database, and lastly the file-based and mostly default entries. [#26825]

dotCMS 23.10.24v2 LTS

Available: Jan 22, 2024 Demo starter image: 20230712

dotCMS 23.10.24v2 is the first version of the 23.10.24 LTS series to support Experiments! Users can now perform A/B tests natively within Pages, controlling experimental weighting, traffic proportions, scheduling, and metrics for evaluation — and even allowing the promotion of a variant to the Page's “main” version at the click of a button.

Read more in the Experimentation documentation.

Enhancements & Adjustments

  • Added support for Experiments.

dotCMS 23.10.24v1 LTS

Available: Jan 4, 2024 Demo starter image: 20230712

Enhancements & Adjustments

  • Added indexes to the databases responsible for inode and identifier lookups, improving lookup performance by a factor of as much as 4600x on large sites. [#26926]
  • Storage providers have been reconfigured to load lazily to improve system performance. [#26933]
  • Added concurrency control and error handling to API storage classes, as well as safeguards against possible null or runtime exceptions when accessing certain binary or metadata properties. [#26915]
  • Implemented a caching mechanism for retrieving content version information. [#26931]
  • Users can now configure database connection timeouts by way of a new DB_CONNECTION_TIMEOUT configuration property. [#26897]
  • Removed the system's behavior of refreshing properties before fetching — a useful tactic for binary installs, but an unnecessary performance drag in the era of containerized instances. [#26896]


  • Binary fields no longer throw 500 errors when uploading files larger than 100mb. [#27047]
  • Resolved a bug capping the number of sites the site selector would display to limited-permissions users. [#26980]
  • Fixed GraphQL caching, which now behaves in the expected manner. [#26970]
  • GraphQL now returns Date & Time fields in the correct, system-standard format. [#26890]
  • Restored the catalina.out Velocity log, once again visible in the Log Viewer. [#26934]
  • Selecting “All” on the Content Search language filter now correctly shows all language versions of displayed content, rather than only the first language in which a given contentlet was created. [#27039]
  • Pub/Sub architecture now defaults to SSL connections, preventing failures when interfacing with PostgreSQL instances that only accept SSL. [#26481]
  • Global CORS header now respect configuration changes made through environment variables. [#26391]
  • PNG filter no longer returns a 404 when acceessing an image. [#26374]
  • Removed unnecessary and burdensome SQL queries associated with newer “full-width” display fields; now their relevant lookups are read properly from cache. [#26840]


Available: Nov 17, 2023 Demo starter image: 20230712

Whereas 23.10.24 LTS's initial designation represents a rollup of all the changes since the designation of 23.01 LTS, this release's notes are quite long!

Numerous entries have been grouped into narrower subsections to better organize this huge assortment of changes, and to hopefully provide a handhold for those searching searching the page for a specific topic. (Please note that some items cover topics germane to multiple categories, but have been placed according to perceived relevance.)


Block Editor

  • You can now create your own custom remote extensions for the Block Editor. The field is now “hackable” — in the good way! [#24032] [#23938] [#23865] [#24031]
  • Added video blocks to the Block Editor. Import videos either from your dotCMS file system, from your local files, or elsewhere online, and situate them within your Block Editor field's content. These videos are stored as full dotAssets, and can be reused freely. Default video rendering settings live in dotVideo.vtl, alongside other rendering defaults in /velocity/static/storyblock/ [#23863] [#24016] [#23861] [#24040] [#23436] [#24445] [#24465]
  • Added YouTube support to the Block Editor. Drop a link either in an empty block or the Video URL tab of a video block to embed a YouTube video. [#24455]
  • Block Editor content has been implemented within the compare tool for diff-style viewing alongside past versions. [#24365]
  • The Block Editor now supports h4, h5, h6, superscript, and subscript marks. [#25489] [#25660]
  • The Block Editor's image-block popup now includes a tab for uploading a local file. [#23237]
  • The paragraph block has been removed from the configurable Allowed Blocks list, to better convey its inviolable “default block” status. [#23764]
  • Image Blocks now more clearly display their status as selected elements within the editor, and display a delete button in the properties menu. [#25580]

Edit Mode

  • In Edit Mode, when editing content that appears on multiple pages, a new dialog will confirm whether you want change the content for the current page only, or all pages. [#23225]
    • The same prompt will also surface when performing inline edits, rather than just via the content-editing dialog. [#24297]
  • Added a button to preview URL-Mapped content in Edit Mode; it can be accessed from the task menu when editing a contentlet. [#23955]
  • Added new Show Preview button to the page viewing mode screens; you can now view a fully rendered preview of your changes in a new tab, outside of the context of the dotCMS back end. [#23948]
  • By default, the Edit Mode button will always open in “Standard” view, rather than one of the Preview Devices. [#25278]
  • The Preview Device Content Type is now defined by default, even in an empty starter. [#24250]


  • The Page API now accepts a depth parameter, permitting access to related content through contentlets embedded on a Page. [#18123]
  • The Page API can now additionally return a count of the number of Pages in which a piece of content appears. [#23223]
  • Using the Workflow API, it is now possible to send a string as the content of a Binary Field, allowing the creation of a text file in a single call without requiring an upload. [#24301]
  • Image API now accepts specified maxima for width and height. [#24900]
  • The Content Type API now accepts host names and folder paths as arguments instead of requiring a UUID for both host and folder when creating a Content Type. [#23239]
  • All APIs now provide pagination as part of the data payload. This allows use through proxies that may strip away headers — the place said information was previously stored. [#23870]
  • Created new category of data upgrade tasks to solve data issues using existing APIs; these will run late in the startup process to avoid conflicts. [#24681]

Enhancements & Adjustments


Fields & Data Models

  • System fields are removable by users in both Base Content Types and user-created variants. [#23736]
  • Users may now edit the labels of system fields on any Content Type. [#22901]
  • Removed the “User Searchable” checkbox from the Host field; Host fields are always indexed and searchable in the back end. [#24290]
  • The Host field is now a filterable parameter on the Content Search screen. [#24194]


  • Increased number of password hash iterations from 20,000 to 600,000, in line with current OWASP recommendations for a SHA256 algorithm. [#23915]
  • Changed the way JSON Web Tokens are handled, removing an issuer check and replacing it with additional reliance on jwt_secret.dat. This makes possible the use of the same JWT tokens across multiple environments. [#24395]
  • Added two-second delay on invalid login — i.e., a nonexistent user — similar to the behavior on receiving an incorrect password. [#23903]
  • Added a feature to map legacy SAML configuration IDs to site IDs, storing this as an App secret on a host, and using it to facilitate login URL routing. [#25636]
  • Added support for RelayState parameter in SAML. [#22533]


  • The logs have fewer spammy messages to let you know that no apps require ACCESS_TOKEN renewal. The logs cover a lot of ground, so it's important to maintain a decent signal-to-noise ratio. [#23781]
  • Added additional logging options via environment variables. [#24067]

Cluster Control

  • Implemented new session-sharing library; now sessions can be serialized and replicated as needed across servers in a cluster. [#24291] [#24294] [#24990] [#25541]
  • Added the ability to restart not only a dotCMS instance, but an entire cluster. [#22507]

Rules, Push Publishing, and Other Improvements

  • New Rule condition allows a Rule to fire based on the HTTP method used. [#23209]
  • S3Client can now be configured to interact with Simple Storage Service (S3) object stores other than Amazon S3. [#22151]
  • Image permits, which control the number of threads dotCMS's image editor can occupy at once, have been made more permissive through better use of caching. They are now less likely to cap out on routine operations, without compromising their intended purpose of easing system resource burdens. [#23807]
  • Variables added in a container via the Add Variable button now use the $dotContentMap built-in content object. [#23006]
  • You can now enable multiple multiple user IDs to possess the same email address by setting the environment variable DOT_SAML_ALLOWUSERSWITHDIFFID_REPEATEDEMAIL to true. [#24138]
  • Edit Mode Anywhere now accepts path specifications that allow it to be enabled for one or more sections of a site, rather than the entire site. [#24581]
  • A set of probes — for startup, readiness, and liveness — has been defined for dotCMS instances running on Kubernetes. [#24885]

Performance Optimizations

  • Significantly shortened startup time by optimizing vanity URL loading procedures. [#23982]
  • Improved performance of fetching metadata from databases. [#22779]
  • The SASS compiler has returned to minifying CSS output by default. [#24227]
  • Rewrote ThreadUtils to trim methods with no current use. [#24714]
  • Added indexes to Workflow database tables, significantly improving query performance. [#24086]
  • The thumbnail generation process has been made more consistent and efficient across the entire system, with less redundancy. [#23600]
  • Built new PostgreSQL Pub/Sub listener to replace the impossibl Postgres driver with a vanilla one. This gives us a better diagnostic view of the process, and helps rule out some factors in rare but difficult-to-diagnose cases where the driver fails to connect. [#26019]

Interface Improvements

  • Improved spacing, positioning, and appearance throughout the user interface — including the Site Browser, the Container tool, the Content Type creator, and more. [#24654] [#22486] [#23816] [#25862] [#26063] [#24084] [#23554] [#23635] [#23836]
  • Form labels have been standardized across the platform, unifying styles between legacy and new Angular components. [#23683]
  • Improved the design of the user menu in the upper-right corner of the user interface. [#23678]
  • Block Editor fields, WYSIWYG fields, textarea and other fields now fill the editing pane when they are the sole item in a tab. [#26222]
  • The Block Editor's + button is now a bit less furtive, permanently visible beside any empty block with user focus. [#23687]
  • Window scrolling is frozen while the Block Editor's block selector has cursor focus. [#23977]
  • The top bar of the Content Search has been reorganized for better visibility and distribution. On page load, the search input field receives focus. These little details matter! [#23601]
  • Continued the renovation of the Content Type designer, further improving its look and feel. [#23816] [#23638]
  • While editing an existing piece of content, the editor will display a link to the relevant Content Type under the Workflow summary. [#23231]
  • Content Type layouts in excess of three columns now distribute their contents more evenly on smaller displays. [#23644] [#23739]
  • Corrected the proportions on the compare tool for better visual comparison; after careful consideration, we decided the this was neither the time nor the place for a funhouse mirror. [#24109]
  • Host fields now show the full content path, instead of just the containing folder's name — sure to be a relief to those with a bunch of common-name subdirectories like vtl or images. [#24317]
  • Site Selector dropdowns are now a bit more clear about which site is selected. No more confusing gray backgrounds; it's either bold or it's not. [#23505]
  • Removed nonfunctional/vestigial “resize” controls beside images on the content-editing pane. [#24195]
  • Corrected Caffine Memory Cache TTL displays; the default TTL will now display as infinity. While not technically true, the practical difference is moot, as few systems experience ~68 years of uptime. [#24199]
  • Fixed action button placement on images and video addition. [#24594]
  • Shifted the search input field to the left in the Content Search, placing it closer to the filter options. [#24834]
  • We have taken our young Content Palette to task on its responsive scaling behavior; it has written a rote-but-sincere letter of apology, and now minds its manners on smaller screens. [#24260]
  • The Content Type editor's header scales better to smaller displays. [#23836]
  • Restored white-label color selectors to the user interface. [#24830]
  • Improved WebP support for m1 Macs. [#25172]
  • Improved SVG handling; we can now generate thumbnails and image size data for SVG files, in line with the treatment of other graphics. [#25247]
  • Implemented new designs for button components throughout the user interface. [#25356]
  • Material icons load absolutely instead of relatively in Edit Mode, preventing a rendering error. [#25472]
  • The window for relating content reopens after closure without size or position distortions. [#24954]
  • The Site Search Job Scheduler has been cured of a subtle malady causing rendering failure — some kind of update-induced vitamin deficiency, we might call it. [#25542]
  • Added on-hover tooltip to the Rules interface's toggle switches. [#21374]
  • Fixed styles for the Template dropdown used in creating new pages. [#25918]
  • Implemented new designs to input, textarea, and autocomplete components of PrimeNG library. [#25759] [#26056]
  • Fixed form fields for creating a new persona. [#25791]
  • Preview Device visualizations accessible through Page Viewing Modes no longer statically clip in an unhelpful fashion out of view on a smaller window; now they helpfully permit scrolling as appropriate. [#25276]
    • Preview screens, likewise, render the intended sizes, unmodified by any margins created by an unnecessary device representation. [#25815]
    • (Incidentally, we removed those unnecessary device representations, too.)
  • Tag chips no longer jump in place due when you hover over them. “Chips that jump?” you ask, thinking: why, this behavior sounds downright cute and festive. We assure you, it was in fact mildly disconcerting. [#26235]
  • User-defined Block Editor input styles are now properly applied to the field. [#26370]
  • Added a max-height style to Content Types lists in the Containers editor. [#26422]
  • [#23836]
  • Personas no longer appear in Tag lists with a separate and distinct icon than other tags; a tag is a tag is a tag. [#26159]


Block Editor Fixes

  • Whitelisting a block on a Block Editor field will no longer result in error when adding images to that field. [#23920]
  • Block Editor fields that had been converted from WYSIWYG fields save all changes correctly. [#24565]
  • A required Block Editor field no longer validates and saves an empty field if content is added and then removed. [#24263]
  • Solved rendering issue with fields converted from WYSIWYG to Block Editor that contain code. [#24422] [#24230]
  • The Block Editor's code block no longer triggers Block Editor menu events, such as the suggestion popup if / is the first character typed. [#24361]
  • Improved debouncing on undo/redo operations in the Block Editor; the number of undo or redo steps should now more or less conform to expectation. [#24716]
  • While we appreciated all the extra traffic from Minecraft enthusiasts, we must regretfully announce that mineType was a mere typo of mimeType in the Block Editor's video node. This has been corrected. [#24556]
  • Block Editor now no longer allows recursively adding a contentlet to itself, which could render the content unrecoverable. [#23846]
  • Tightened up the Block Editor's default rendering behavior, preventing the addition of a trailing space after marks and hyperlinks. [#24406]
  • The Block Editor's content & asset search is no longer intimidated into silence by certain non-alphanumeric character inputs. Dash all you want; it won't flinch. [#25230]
  • The current contentlet no longer appears in the Block Editor's contentlet searches, to prevent embedding recursive embedding. (This can be thought of as a finishing touch to safeguards added in 23.06, which had already safely disarmed Russell's Paradox.) [#24797]
  • Fixed an error preventing the display of a contentlet containing an empty Block Editor field. [#25121]
  • Images imported to the Block Editor via external URLs now properly update their internal reference to the dotAsset created in the importation process. [#24629]
  • Minor quality-of-life tweak: The + button in the Block Editor no longer adds a / character, and any / character left incomplete at the beginning of a block will likewise be removed when Esc is pressed to exit the menu. [#24674]
  • The Block Editor's hyperlink search feature now respects non-default languages. [#25567]
  • Fixed an issue that would cause the Block Editor, on Chromium-based browsers, to represent content pasted from a Word document as an image rather than a sequence of blocks. [#25726]
  • Corrected a mistyped variable in the Block Editor — chartCount becomes charCount; the Block Editor JSON Schema page has been updated to reflect this. [#25591]

Other Field Fixes

  • Mended typo in the Checkbox Field's values property, which is now callable in the Velocity content object either through the .values or .value properties, instead of just the latter. [#22049]
  • Fixed issue preventing the addition of images to WYSIWYG fields from certain folders. [#23926]
  • Image fields now filter properly according to user input. [#23449]
  • Resolved errors resulting from blanking an existing date field or checking “Never” on an expiration date field. [#22667] [#22350]
  • Fixed issue preventing content with double quotes in its title from displaying properly in a Relationship field. [#23396]
  • WYSIWYG Editor no longer throws errors when inserting an image with a different default site language than the editor. [#24285]
  • Added check to prevent Date fields from being deleted while they're in use as the Publish or Expire Date for a Content Type; this prevents misbehavior related to lingering references to a nonexistent field. Having burned some sage and sprinkled some holy water, we have warded the content against such ghostly things. [#24266]
  • Restored the ability to select System Host in non-required Host fields. [#24908]
  • WYSIWYG fields now accept images regardless of whether the content is in the default language; after all, even with language barriers, it's not hard to convey that you want to have your picture taken. [#25258]
  • Widgets with WYSIWYG fields set to Code view no longer encounter value length errors when saving. [#21855]
  • WYSIWYG fields are now once again able to reference images via their virtual path. [#24894]
  • Radio-button fields with the Data Type set to True/False now correctly evaluate values of 0 or 1 as valid boolean values in Elasticsearch queries. [#26046]
  • Creating a new field with the same name, but different type, than a previously deleted field now correctly generates a new identifier for the field instead of incorrectly reusing the previous one. [#25827]
  • On a Relationship field with the showFields field variable set, Binary and Image fields now properly display thumbnails instead of paths. [#25411]
    • Likewise, if one included field is the title field, the correct value for each title will be displayed, instead of displaying the value of the first in the list across each. [#25870]

Language Fixes

  • Fetching language keys for an unsupported language now falls back to default administrative language configured from the System → Configuration tool, rather than the default content language configured through the Types & Tags → Languages tool. [#23777]
  • Navigation no longer shows duplicate results — both requested and default languages — when requesting multilingual content in the non-default language. [#23890]
  • Widgets now correctly display in non-default languages on working (i.e., draft) versions of Pages. [#24059]
  • Language parameters update correctly when redirecting via Rule. [#24158]
  • Restored behavior whereby the file browser dialog shows files in the default language as a fallback if they do not exist in the requested language. [#24444]
  • Creating content in more than two successive languages without leaving the content editor no longer throws an error. [#24286]
  • The presence of language query parameters was interfering with attempts to correctly render images when performing a static Push Publish. We've added a workaround to ensure all images render statically in a multilingual context. [#25217]
  • Improved display for languages included without country codes. [#24988]
  • When changing the language of a piece of content, it will likewise alter its relationships to point to versions of subordinate contentlets in the same language, where available. [#24415]
  • Fixed issue that could newly created content to be “rejected” by a Page not using the default language due to the new content's failure to inherit the correct language value. [#18575
  • Creating a version of content in a second language no longer removes all related content from all language versions of that contentlet. [#25896]
  • Uploading multiple files will now respect the language filter when assigning the files a system language, instead of defaulting to English. [#25797]

Publishing & Push Publishing Fixes

  • CSS files now push publish to S3 buckets without the risk of compilation error. [#24351]
  • Push Publishing filters now save to the correct subfolder with the correct filename; a recent update was missing a trailing slash, causing them to be saved in the parent folder with the subfolder's name appended to the filenames. [#23578]
  • Folders no longer fail to push publish if they contain archived content. [#24705]
  • Push publishing will now properly respect timezone selections made from the dialog in the Publishing Queue's Bundles tab. [#25037]
  • Resolved an issue that caused content to push publish to a working (draft) state instead of a live state in the specific case where an alternate-language version of that same content exists in an archived state. (That sentence went through like eight drafts; you need to take a deep breath before summarizing a bug this particular.) [#25044]
  • Pushing a newly created folder as a limited user with appropriate permissions no longer fails. [#25371]
  • When performing a “Publish (all)” on its contents, a folder will no longer flop and bellyache to draw sympathy from the referee. [#25440]
  • Fixed issue causing Push Publishing from the Pages Tool to result in an empty bundle being sent. [#26451]
  • CMS Admin role can view all bundles, regardless of who created them. [#25127]

Asset & File Fixes

  • Corrected the exclusion of two asset directories from back-end exports; both are now present and accounted for. [#23810]
  • File Browser now properly displays multilingual content, not limited by the configured user-interface language. [#24358]
  • Fixed File Browser display behavior; now displays Page and file assets in expected fashion. [#24272]
  • Copying a folder that contains Pages with both live and draft versions will no longer result in an error; duplicate your folders fearlessly. [#24441]

Template & Container Fixes

  • The arrow buttons in a container's Max Contents field now correctly update the total; manually typing a value is still something you can do, but not something you have to do. [#24163]
  • Modifying a template no longer removes content from page columns, unless the column or container was expressly removed. [#23181]
  • Clicking on a file-based Container in the Site Browser now takes you to the correct folder. [#23798] [#24644]
  • Fixed an issue preventing Templates from saving. [#25157] [#25212] [#25219]
  • Hammered out some quirks in the handling of editing Page-specific layouts when a Template is already in use, which was causing Templates to be overwritten by layouts. Now:
    • Changing the layout of a Page that is the sole user of a Template will edit that Template;
    • Changing the layout of a Page that is one of several users of a given Template will create a copy and treat it as an anonymous layout. [#25227]
  • Fixed issue preventing operations on Advanced Templates within the Templates tool. [#25490]
  • The Containers tool now properly lists only Containers from the current site. [#25805]
  • Filtering for Containers and finding none will now display the correct “No results found” message instead of a smooth, featureless expanse of blank white page, like some inverse void — an unfolding pause on the threshold of an answer, stretching unto eternity. Nay, friends; we abjure this blankness with heroic gusto: “No results found”! [#25809]
  • The Container editor interface's list of Content Types no longer includes unintended entries for rows and columns. [#26180]
  • Fixed menu generation of variables within Containers via built-in content objects. [#26348]

Category, Tag, & Persona Fixes

  • Categories are no longer removed from content mass-imported via CSV file. [#23440]
  • Fixed the retrieval of Personas via Lucene query; persona tags neither require, nor yield different results with, :persona appended to the tag name. Kind of an oddball issue, but settled is settled! [#22872]
  • Suggestion lists for Tag fields now properly collate tags from content deeper in the folder structure, rather than just the site root. [#26131]
  • Elasticsearch queries no longer add :persona to a Tag field that also happens to be a Persona. Whereas the :persona appendage had been stripped of its meaning and function in release 22.03, this is mostly a bit of tidying up. [#26158]

Page & Content Fixes

  • Significant fixes to URL-mapped content, adding resilience in the face of broken or absent detail pages and addressing several error cases directly. [#24490]
  • Beefed up URL-Mapped content resiliency; now, if a detail page is deleted or otherwise broken, and/or a URL map pattern is absent for a given Content Type, you'll still be able to view those pages. Of course, you'll want to fix that situation, but at least you're not throwing 404s in the meantime. [#24490]
  • History tab now loads versions in reverse chronological order. [#25079]
  • Resolved an issue that caused the “preview” action in the content editor to fail for URL-mapped content in languages other than the default. [#25624]
  • The Content Palette no longer includes archived content. [#24292]
  • Fixed a bug interfering with the ability to reorder content in Edit Mode. [#24678]
  • The Copy URL button at the top of the page viewing mode interfaces now copies the whole URL, and not just the path. [#24683]
  • Narrowed the drag & drop capabilities of Edit Mode to widgets, forms, or contentlets, instead of “literally anything you drag from anywhere, even when it spits out a console error.” [#24727]
  • The proxyEditModeURL query parameter now correctly overrides the Edit Mode Anywhere URL — both in the core and the plugin (for older versions). [#26111]

Site & Indexing Fixes

  • Stopped Sites now correctly display on the Site Selector; only archived Sites are hidden. [#25120]
  • Fixed Site Browser sorting; the default pattern is to show folders first, alphabetically, and then all other items in the current folder by descending modified date. [#25136]
  • Filtering in the site selector dropdown will always prioritize exact matches. [#24921]
  • Modified date no longer overrides other Site Browser sorting criteria. [#25680]
  • Default Site Search index should always be on top of the index list. [#26173]
  • Large numbers of Site Search indexes no longer cause errors when loading the index list. [#24816]
  • For a little while, Apps were showing doubled site lists; this had to do with a disconnect between the Apps paginator and the API calls that returned site lists. This has been rectified. [#25169]

API Fixes

  • Template and Layout API will now observe the system theme as its fallback value where no theme is specified. [#25379]
  • Fixed pagination when fetching related content via REST endpoint. [#25666]
  • OPTIONS requests to REST APIs no longer generate a 500 error status, and now return proper CORS headers. [#25775]
  • Content API and Elasticsearch queries now properly return metadata keywords. [#25618]
  • Relationship fields now properly update via Workflow API calls. [#24167]

Image Editor Fixes

  • Several image editor fixes ensue! [#23882]
    • Crop zones now resize correctly in the image editor. [#23925]
    • The Clip button has been repaired, and now properly stores the data to the platform clipboard. (Note that this is separate from the system clipboard, and is accessed through separate dotCMS controls, such as the WYSIWYG Clipboard button.) [#23927]
    • The Download button is now once more hunky-dory. [#23924]
  • getResizeUri method now returns valid URLS for a resized binary image — no more double-slash shenanigans. [#25203]
  • The image processor now retains and respects a certain user-specified resampling parameter (resize_ro) through the entire method call, rather than reverting to a default due to a missing link in the chain. [#25193]
  • Updated WebP decoding, solving problem whereby some WebP images would not be resizable. [#25861]

Velocity Viewtool Fixes

  • NavTool's getNav method now returns only published links. [#24829]
  • The JSON viewtool now supports all JSON data types, rather than just strings. [#21529]

Permission Fixes

  • Permissions tabs — appearing in folder properties, contentlets, templates, etc. — no longer fail to load. [#23889]
  • Fixed an issue preventing saving content in a secondary language while a working/draft version exists in the default language. [#23280]
  • A recent commit broke the contentlet search within the Edit Mode Content Palette; this one fixes it. [#24308]
  • Gradle now resolves current git hash correctly when building. [#23901]
  • Rooted out a bug preventing permissions-limited users from firing certain Workflow actions, even if their individual permissions were adequate to the task and Content Type. We both see and cosign that adequacy; flex it freely! [#24801]

Task & Scheduling Fixes

  • Leaving the “publishing” Date/time field blank on content preset for scheduled publishing, no longer causes that content to re-publish if unpublished. We determined this behavior was simply too silly. [#24344]
  • The job scheduler tab once again loads correctly in the Site Search developer tool. [#24524]
  • In the Job Scheduler, the default Site Search index is specified with (Default) appended to its alias. This caused the Job Scheduler to throw an error when adding a new reindex to the schedule, until that additional text was manually cleared. Well, that snag has been fixed. [#24176]
  • When using the tasks page's “hamburger” button (⋮) menu, the Publish action now fires directly — i.e., the expected behavior — instead of opening the Push Publish dialog. [#23395]

Plugin Fixes

  • OSGi framework has been adjusted to restart less often, in many cases not needing to at all. [#24468]

Caching Fixes

  • Nested dotcache block caches no longer interfere with page loading by caching an incorrect context. [#24247]
  • Removed a wide assortment of unnecessary cache invalidations when saving and/or updating content. This also counts as a performance optimization, though we shall list it as a fix for reasons of honor. [#24781]
    • On the other hand, a slightly more assertive cache invalidation was implemented to ensure newly inserted contentlets are more readily available on searches. [#25076]
  • Velocity2 cache no longer stores empty containers from non-existent language-versions of the content in question, leading to existent language-versions showing up as blank. [#22534]

Docker, Chassis, & Starter Fixes

  • Downloading a starter from the back end is now a streamed process that begins as the assets are being incorporated into an archive. This prevents timeouts under certain administrative setups — such as running dotCMS behind a load balancer — and limits the danger of the destination container over-allocating space in the case of multiple requests. That's a mouthful, but two birds with one stone merits a yarn. [#23733]
  • Fixed an update task that absolutizes container paths: It erroneously added the site to the same path multiple times in certain situations. Well, not anymore. [#24436]
  • Updated the version of pg_dump used in the Docker images to prevent a version mismatch error when exporting the database. [#24689]
  • Created a background task to ensure the proper conversion of legacy content to the contentlet_as_JSON schema for those upgrading from years-old versions. [#24093] [#24969]
  • files should now import and export properly in all cases. [#24874]
  • For those who prefer Podman over Docker: File assets now upload properly to dotCMS containers managed via Podman. [#24937]
  • Updated starter image to classify all URL fields as unique. [#24673]

Logging & Messaging Fixes

  • Unnecessary XML encoding has been removed from environmental variables that originate from the Tomcat access log file. [#23669]
  • Adding the same Content Type to a custom content tool twice will now display a more descriptive error message. [#22411]
  • Added keepalive calls to prevent a case where the Log Viewer connection could time out. [#24775]

General Stability & Performance Fixes

  • Discovered and vanquished a race condition with the potential to crash the reindexing process for sites with a lot of Content Types. [#23651]
  • Improved publishing procedures for environments with many locales and relationships, preventing slowdowns. This sounds like it should be under Enhancements, but those slowdowns could get pretty significant. So, here we are. [#24245]
  • Fixed bug preventing a user with an ID length of more than 36 characters from locking content. [#24133]
  • Fixed a date-format mismatch between an old format used in some places and a new one in others. [#25008] [#25293]
  • Deleting a Content Type with large troves of content — or performing bulk actions on same — should now proceed more swiftly, and with no chance of a timeout. [#19101]
  • The presence or absence of a trailing slash in URLs no longer yields a different result, such as a 404 response code. [#23276]
  • Corrected a Javascript console error preventing the contextual menu from functioning when right-clicking a role name in the Roles & Tools tool. [#24424]
  • Mending conflicts with the Integrity Checker will no longer result in null values on certain database fields. [#25224]
  • A corridor of unnecessary calls to the appconfiguration endpoint has been removed. [#25552]
  • Mending conflicts with the Integrity Checker will no longer result in null values on contentlet_as_json database fields. [#25229]
  • Added a user limitation to the admin panel's nav update event, to limit calls to the menu endpoint and prevent usability issues. [#25556]
  • Removed an unnecessary remote call from lib.js. [#25972]
  • MonitorResource no longer throws exceptions if DOT_SYSTEM_STATUS_API_IP_ACL is not set. [#25613]
  • Implemented automatic pruning of filesystem hard links for many-versioned File Assets, following similar rules to our Drop Old Asset Versions routine. This avoids limits to per-file hard links enforced by some filesystems. [#26188]
    • This change additionally includes a new Quartz job that deletes old versions of content on a regular basis — whether contentlets or file assets — by default, according to a number of configurable values. (By default, this only affects past versions more than a year old, in excess of 100 content versions ago.)

Development Improvements

  • Postman tests are now run in parallel, segmented into smaller groups. [#23330]
  • Added Push Publishing test fixes for Postman covering sender collection and graceful failure when it cannot determine a result. [#23766][#23330]
  • Created automation to remove published dotCMS CI/CD image used for Postman tests. [#23808]
  • Maven build no longer adversely impacts a local npm registry. [#23692]
  • SonarQube is now run on every pull request to core-web. [#23696][#23779]
  • Simplified integration of Docker images considered dependencies via Github Container Registry. [#23808]
  • Adjusted pipelines to remove the requirement to generate an “enterprise” jar — another of many steps in the long march toward the purest ideal of monorepo status. [#24760]
  • The release process is evolving to test upgradability from a number of previous LTS editions to the latest release. [#24774]
  • We've implemented the first phase of our shift to Maven in production; now Maven drives all Java dependencies.
  • Production model shifted to trunk-based development.
  • CICD tests have been adapted to Maven transition, and optimized for storage. [#25320]
  • Improved SonarQube coverage of tests for core-web applications and libraries. [#25360]
  • Added trunk-based release automation. [#25497]

Dependencies, Components, Etc.

  • Upgraded Apache Tika metadata toolkit to 2.7.0. [#23934][#24051]
  • Removing old Dojo resources from packaging. [#24840]
  • Removing old jaxws libraries no longer in use. [#24843]
  • We continue to shift away from Gradle, toward Maven. [#25030]
  • ReloadableServletContainer has been removed; its functionality has been encapsulated elsewhere. [#24970]
  • Updated H2 database engine. [#24846]
  • Updated Java to 11.0.17 in Docker. [#25551]
  • Completed initial proof-of-concept testing MS Java 11 for the possibility of upgrade. [#25584]
  • Removed unused dependencies from the JGroups library. [#24852]
  • Superseded by newer Redis and Postgres cache tools, we've removed some Hazelcast jars. [#24851]
  • Updated XStream library for XML serialization. [#24845]

Breaking Changes

  • ⚠️ MSSQL databases are not supported ⚠️; databases must use PostgreSQL.
  • The user API endpoint at /api/v1/users/filter has been refactored to take query strings instead of path parameters. [#20529]
  • Page and Template REST APIs may have been returning an excessive amount of relatively low-value information. This can be messy to sift through and harmful to performance, so we've scaled it back a bit. Out of an abundance of caution this is being listed as a breaking change, even though it may not actually cause an issue for anyone. [#23203]
  • Fixed a permission error that prevented a user with a custom role with appropriate permissions from using Workflow API operations. While this will not change observed behaviors, permissions-based fixes are generally classed as breaking changes due to how they may affect the hypothetical user working around them. [#23199]
  • Permissions have undergone overall changes on the back end, improving comprehensiveness and error handling. [#22993]

On this page


We Dig Feedback

Selected excerpt: