Changelogs

Last Updated: Jun 17, 2024
documentation for the dotCMS Content Management System

LTS dotCMS releases

dotCMS will periodically specify specific product releases as Long-Term Supported (LTS) releases, which will be maintained for a longer period than other dotCMS releases, and which will provide a number of advantages for customers that choose to install them.

dotCMS is committed to the security and stability of our latest LTS versions. In our ongoing efforts to protect users, we have established specific timelines for resolving detected vulnerabilities. Note that the responsibility outlined here concerns vulnerabilities that are relevant to live, supported versions. Users on current LTS versions will benefit from security updates in accordance with our established schedules.

Please see the Long Term Supported Releases page for more information and Current Releases for downloads.

Major Version Current Patch Last Updated End of Life Date
24.04.24 LTS 24.04.24v4 Jul 9, 2024 Nov 6, 2025
23.10.24 LTS 23.10.24v12 Jul 9, 2024 May 19, 2025
23.01 LTS 23.01.19 Jul 9, 2024 Sep 22, 2024
22.03 LTS 22.03.15 Apr 15, 2024 Feb 11, 2024
21.06 LTS 21.06.14 Feb 23, 2023 Apr 30, 2023
5.3.8 LTS 5.3.8.14 Sep 30, 2022 Sep 30, 2022
5.2.8 LTS 5.2.8.4 Feb 16, 2021 Jun 2, 2022


dotCMS 24.04.24v4 LTS

Available: Jul 9, 2024 Demo starter image: 20230712

Enhancements & Adjustments

Fixes

  • Content API now hits a cache instead of the database when determining whether a UUID passed is an identifier or an inode. [#28897]
  • Fetching of language identifiers now properly refers to cache, rather than calling the database every time. [#28890]
  • Push Publishing no longer has a 10,000-item limit. [#23131]
  • Fixed regular expression governing password validation to behave more consistently with special characters at different points in the string, etc. [#23292]

Dependencies, Components, Etc.

  • Redis implementation now supports ACL authentication via usernames and passwords. [#28863]

dotCMS 24.04.24v3 LTS

Available: Jun 25, 2024 Demo starter image: 20230712

Enhancements & Adjustments

Fixes

  • API responses now return expected data for fields labeled description. [#28785]
  • Fixed bug causing default-language fall-throughs to fail. [#28769]
  • When pushing a page that does not exist in the default language, the system will now properly evaluate its template. [#28760]
  • Updated update task (a second-order update!) to fix the way it addresses the month of March with regard to Daylight Savings Time. [#28695]
  • Updated LTS telemetry plugin. [#28689]
  • $dotcontent viewtool is now permissioned appropriately for the user when utilized in the Send email Workflow sub-action. [#28352]
  • The venerable # character is now decoded correctly when called upon in rules and vanity URLs. [#28089]
  • Fixed importation of page assets via export file. [#28306]
  • Content types now properly display in the content search when the system property is true. [#28284]

Security

  • Patched one medium security issue.

dotCMS 24.04.24v2 LTS

Available: May 28, 2024 Demo starter image: 20230712

Enhancements & Adjustments

Fixes

  • Introduced safeguards against system objects being push published. [#28173]

dotCMS 24.04.24v1 LTS

Available: May 8, 2024 Demo starter image: 20230712

Enhancements & Adjustments

  • Added additional short-TTL cache to permissions lookups, to improve performance on successive checks over large content pulls. [#28230]

Fixes

  • Apps configurations can now be properly imported from older versions. [#28427]

dotCMS 24.04.24v0 LTS

Available: May 6, 2024 Demo starter image: 20230712

Per tradition, the designation of a new long-term supported major release calls for one honkin' big changelog — a vast rollup representing all the ingredients and techniques applied since the previous LTS feast. You may scroll and scroll, and find yet more text than you can comfortably consume in a single sitting; for a smorgasbord of this size, questions of artful plating give way to those of artful troughing.

Table manners? The relic of a simpler time — a lost and hazy idyll.

Still, we leave you with the last vestiges of that past civility: We've grouped changes into more permissive and granular thematic trays. And for your utensil, we're proud to draw your attention the most beautiful thing in the room: your face.

Mangia!

🟣 Features

  • The Universal Visual Editor is here to provide full in-context editing for headless websites, single-page applications, and other remote apps designed to pull content from dotCMS. [#26644]
    • This design will soon peek out from behind its feature flag to replace the classic Edit Mode as the editor for traditional pages, as well. True universality arrives soon, friends; soon…
  • New Page Tools accessible through the editor: services to help gauge best practices on security, accessibility, and more. [#24862]
  • Experiments have graduated from beta testing: Perform A/B testing right on your pages, see detailed visualizations of the outcomes, and promote the better candidate at a click. Contact a customer success representative to get started!
  • Our new dotAI component — previously a plugin, but now a full core feature — offers the power to incorporate OpenAI tools into your dotCMS workflows, create semantic searches, generate tags and content, and more. [#26495] [#27437] [#26505] [#26506]
    • Note: dotCMS 24.04.24 LTS should not use the plugin version; if upgrading from a version that required the plugin, please undeploy the plugin. See the dotAI documentation for further details.
  • New Announcements Menu shares important information from dotCMS, plus a friendly set of links. [#25733] [#25737] Announcements Menu.
  • The arrival of the prophesied dotCMS CLI heralds a new era of CI/CD resplendence! And yea, there was much rejoicing! [#27906]
  • Create your own Scripting API endpoints using Javascript instead of Velocity, by using the application/apijs folder. [#26227]

🟣 Enhancements & Adjustments

Page & Template Editing

APIs

  • Added a new method to the Page API to retrieve the set of languages in which a Page is available. [#27185]
  • Improved usefulness of error messages on the /v1/users endpoint. [#27742]
  • Page API additionally returns content related to the Page asset itself, on calls with a depth of 2. [#27775]
  • Content Type API now accepts a sites query parameter to filter results by one or more Sites. [#27731]
  • Added API methods to update and fetch custom content tools. [#27920]
  • Added /api/v1/contentReport endpoint, capable of providing a list of Content Types and any existing contentlets of each type that live under a given Site or folder entity. This is helpful when making structural decisions, such as the placement or deletion of those entities. [#27755]

Content, Fields & Data Models

  • Implemented a caching mechanism for retrieving content version information. [#26931]
  • editableAsText property now surfaces in metadata for appropriate file types. [#26910]
  • Implemented a chainable metadata provider that incorporates both file system and database elements that allows better performance, better file asset storage routines, and tidier S3 file asset storage. [#24307]
  • Added a justified alignment to the Block Editor's bubble menu. [#26421]

Logging, Messaging, Info

  • More detailed build information now visible in Settings -> Maintenance -> System Info. [#25571]
  • Task detail comments now display in reverse chronological order. [#25729]

Sites & Clusters

  • The Site selector's sorting criteria has been altered, now favoring the shortest match first; this avoids the behavior where many subdomains might top the list when you search for the parent domain. [#27447]
  • Added cluster prefixes to facilitate serving multiple dotCMS instances from one Redis database. [#26932]

Performance Optimizations

  • Storage providers have been reconfigured to load lazily to improve system performance. [#26933]
  • Removed the system's behavior of refreshing properties before fetching — a useful tactic for binary installs, but an unnecessary performance drag in the era of containerized instances. [#26896]
  • Added indexes to the databases responsible for inode and identifier lookups, improving lookup performance by a factor of as much as 4600x on large sites. [#26926]
  • Added concurrency control and error handling to API storage classes, as well as safeguards against possible null or runtime exceptions when accessing certain binary or metadata properties. [#26915]

Administration & Configuration

  • Users can now configure database connection timeouts by way of a new DB_CONNECTION_TIMEOUT configuration property. [#26897]
  • Changed order of precedence for system properties; environment variables take highest precedence, followed by the system-table database, and lastly the file-based and mostly default dotmarketing-config.properties entries. [#26825]
  • Added DOT_REDIRECT_AFTER_LOGIN system property that allows overriding the default redirect after signing in to dotCMS; if you would rather it not send you straight to the admin panel, your wish is this property's command. [#27344]
  • System table loading has been shifted from a purely lazy strategy to an eager preload on startup, plus caching. [#27020]
  • Apps configurations can now be overridden via environment variable, with options to show or hide altogether any values so overridden. This presents a clean, hierarchical method of App configuration in cloud or multitenant settings. [#25953]
  • In line with changes in license distribution methods, we've removed the ability to copy and paste licenses into dotCMS from Settings -> Configuration -> Licensing; licenses are now applied exclusively via the Upload option. [#27891]

🟣 Interface & UX

Content & Page

  • Assorted adjustments to Page Editor interface. [#24862] [#26982] [#28278]
  • The contentlet editor now shows previews of a variety of uploaded files — images, videos, text files, PDFs, and more — along with dimensions and size. [#26105]
  • Page lock switch now has the correct default state when one admin is viewing a page locked by another admin. [#26221]
  • Workflow Actions menus have improved wrapping behaviors. [#26740]
  • In the Content Type editor, the Field list now scrolls all the way to the bottom, instead of bottoming out the scroll bar with a short ways to go. [#27399]
  • The dropdown menu in the content comparison tool will now display more than 20 versions at a time for comparison. [#26815]
  • The Page Editor's “Open in New Tab” link now reads “Open Published Version” — clarifying that the user will view a live, rather than draft, version. [#28347]

Site Browser

  • Site Browser now sorts folders by name, even if different from title, and even after a renaming occurs; what's the point of having alphabetical order, otherwise? [#24482]
  • The Site Browser now correctly remembers which folders had been expanded or collapsed after returning from elsewhere in the admin panel. [#26582]

Fields

  • Improved the styling of Date & Time field selectors. [#26408]
  • Helper dialogs providing information about fields have been updated to prevent content from overflowing their boundaries. [#26602]
  • Textarea field height has been corrected; now displays as several times the size of a Text field by default. [#26597]

System & General

  • Updated styling on User and Sign In As menus. [#25742] [#25743]
  • Apps list now scrolls properly on small screens. [#26834]
  • Fixed Apps card styles such that the App integration icons aren't covered with a blue circle. [#27445]
  • Dojo buttons now click appropriately over their whole area, rather than just their text. [#26621]
  • Fixed several cases where some menu items would overlap in improper ways due to absolute positioning. [#26603]
  • Hid the download button for bundles pushed to static environment, as these are not downloadable. [#26542]
  • Changed checkboxes' transparent backgrounds to white. [#27486]
  • Fixed responsive qualities of autocomplete in cases such as Tag fields. [#27421]
  • Notifications dropdown now displays message indicating clearly when there are no new notifications. [#27368]
  • Fixed link text on the License Needed screen. [#27672]

🟣 Fixes

Fields

  • The Block Editor dropdown that allows changing block types now accepts scroll input from the mouse wheel and keyboard, in line with other Block Editor menu scrolling behaviors. [#26694]
  • A bug was causing the Block Editor to crash when Table blocks were added to the Allowed Blocks list in the field settings. This bug has been summarily squashed, with statistically negligible remorse! [#27101]
  • Thumbnails now display correctly in the Block Editor's Contentlet blocks. [#28055]
  • Relationship fields now respect and reflect the order in which related contentlets are received via Workflow Action. [#26439]
  • Relationship fields' maximum variable lengths have been extended from 35 to 255 characters. [#26605]
  • When duplicating content with certain relationship types — one-to-one, many-to-one — the copy will be created without duplicating those relationships, to prevent cardinality violations. [#26283]
  • The presence of a non-required Site/Folder field in a Content Type no longer causes duplication of contentlets of that type to fail. [#26459]
  • Binary Field once again autocompletes the title and file name fields on upload. [#27389]
  • Adding multiple Binary Fields no longer results in error prompts about their respective asset names. [#27523]
  • Restored file hyperlinks to the Binary Field info modal. [#28115]
  • Binary field now correctly shows thumbnail previews of uploaded PDF files. [#28105]
  • Fixed discrepancy that caused the live version of a binary field to appear as a preview in the contentlet editor instead of the current working version. [#27390]
  • The Site or Folder field was no longer visible in the Relate Content dialog, so we sawed a panel out of its wall, then slid the field in place behind, allowing its light to filter through. It really opens up the room. [#27563]
  • Fixed import behavior on content with Site/Folder fields, which was incorrectly expecting an inode instead of an identifier. [#27361]
  • Image fields now correctly receive headers in CSV exports of contentlets. [#26004]
  • Key/Value fields no longer perform HTML encodings on inappropriate characters (commas and colons) when returning HTML-encoded values. [#25903]

Language Fixes

  • Fixed a messaging service error that was preventing proper translation key resolution, affecting multilingual control labels. [#26894]
    • Likewise, better default fallthrough behavior has been implemented for cases in which no translation key is found. [#26660]
  • Languages API no longer throws 400 errors when duplicates of non-unique keys exist. [#24082]
  • Content-editor dialog now opens in the current language in which the parent Page is being displayed. [#27297]
  • Creating new, different-language versions of existing content via API now completes successfully and without error. [#26861]
  • Fixed improper encoding of Cyrillic URLs via Vanity URL redirect. [#26640]
  • Selecting “All” on the Content Search language filter now correctly shows all language versions of displayed content, rather than only the first language in which a given contentlet was created. [#27039]
  • Better error handling, clarity, and resolution when attempting to navigate to the default-language version of a Page, when the Page only exists in a non-default language. [#27281]

Publishing & Push Publishing

  • Removed a bad reference preventing Pages from push publishing correctly from the Pages Tool. [#26451]
  • Pages with a scheduled future date for either publishing or expiration are no longer excluded from Page API responses. [#26480]
  • The sysPublishDate field has been restored to the ElasticSearch object; it now indexes and queries properly. [#25233]
  • Bundles now properly display contents in excess of 20 items when expanded in the Publishing Queue. [#26170]
  • Bundles now display the user who created them to appropriately permissioned users. [#26224]
  • Fixed errors when deleting unpublished bundles via REST API calls. [#26201]
  • Custom Layouts now always push with their associated Page, even if selecting a Push Publishing filter that does not include Templates. [#22385]
  • Fixed static push publishing to S3 buckets in the us-east-2 region. [#24698]
  • Fixed error where, when push-publishing to two different environments — one static, one dynamic — the normally untracked entry for the static push would appear in the pushed assets table with a null endpoint. [#27928]

Assets & Files

  • PNG filter no longer returns a 404 when acceessing an image. [#26374]
  • Fixed Content Search filtering behavior with images; now they are found and filtered properly, with no duplicate entries. [#26477]
  • Removed the 255-character limit on the validation of text fields; this was likely to affect, for instance, Vanity URLs with very long addresses. [#26774]

Templates & Containers

  • All edits to the System Template will create an offshoot layout instead of modifying the template itself. [#26415]
  • Removing all Content Types from a Container no longer creates difficulties for associating new Content Types to that Container. [#26686]
  • Fixed an issue with the Template Designer that caused content to be added or removed when removing or adding Containers. [#26413]
  • Updating a template that uses the same container in multiple boxes will no longer result in displaced content among pages using that template. [#27816]
  • Making layout changes in the Template Designer and directly to the Page content no longer causes inconsistencies in content placement within the Template. [#27689]
  • Left offsets in the Template are now correctly respected by the headless rendering behavior. [#27406]

Pages & Content

  • If you arrive at the content editor from the list provided by the Content Type editor's “View” link, closing that editor will no longer take you to a blank page. [#26787]
  • Adding a contentlet to a Page in Edit Mode will no longer reset the Site Browser's filter to “All Languages.” [#26758]
  • Fixed issue preventing Edit Mode from locking Pages properly. [#26585]
  • Publish Date parameter no longer prevents the scheduled content from being exported. [#27007]
    • Also fixes a related issue that prevents export while filtering by a large number of categories.
  • An Experiment can no longer continue to register events for a time after its scheduled ending date. [#27451]
  • Content Search tool correctly displays checks in checkboxes beside results. [#27503]
  • Fixed issue where contentlets can be uneditable when accessing through Card view in the Content Search. [#27522]
  • Repaired uncaught Failed to Fetch exceptions when previewing a Page in Edit Mode with the SEO feature enabled. [#27601]
  • Variants can no longer render after an Experiment has been ended; attempts to do so will only render the default variant. [#27748]
  • Pages with an active Experiment now also refer to the Site, and not just the path, when determining whether a redirect is necessary. [#27906]
  • Deleting the parent page of an Experiment no longer causes certain underlying Experiments API calls to fail. [#28238]

APIs

  • When uploading a file by URL through the Temp API, the response now includes the MIME type and file extension. [#26340] [#26791]
  • GraphQL now returns Date & Time fields in the correct, system-standard format. [#26890]
  • Fixed GraphQL caching, which now behaves in the expected manner. [#26970]
  • The Workflow API can now archive content successfully. [#22921]
  • The endpoint to fire Workflows now accepts several date formats as input successfully. [#26704]
  • REST API sets language ID correctly when a new user is created via v1/users endpoint. [#27319]

Velocity Viewtools

  • Adjusted $UtilMethods.isImage() method to prevent it from blocking and thereby bogging down a system. [#27883]
  • The Secrets Viewtool can now properly parse the inode from URLs. This is important to ensure that it can properly check code's last editor to ensure they have permission to call on the secret. [#27516]

Permissions

  • Users with limited permissions can edit Pages and content within their purview, even if they do not have access to the Content Search tool. [#22698]
  • Folder permissions are now properly editable on an individual basis, even if the folder uses a legacy inode. [#26693]
  • Resolved a bug capping the number of sites the site selector would display to limited-permissions users. [#26980]
  • Limited users with appropriate permissions can now create Content Types on the System Host. [#25296]
  • Corrected role checks when requiring multiple roles to access a resource. [#27909]

Docker & Starters

  • File inclusions updated in Docker images to ensure forms function in Edit Mode. [#26957]
  • Updated starter image: The Language Variable Content Type has been flagged in the starter as not being a system type, enabling user creation of this content. [#25891]
  • dotCMS dev container no longer fails to start without a license. [#27759]
  • Updated docker compose examples with new flag configuration to prevent possible startup interruptions. [#27740]

Database & Infrastructure

  • Pub/Sub architecture now defaults to SSL connections, preventing failures when interfacing with PostgreSQL instances that only accept SSL. [#26481]
  • Changed default Pub/Sub provider value in line with recently built Pub/Sub architecture. [#26706]
  • Fixed “Download DB Dump” functionality under Settings -> Maintenance -> Tools. [#27537]

Logging & Messaging

  • Debug logging has been added to the SASS compiler's execution process, to better reflect and diagnose any problems it encounters. [#27008]
  • Restored the catalina.out Velocity log, once again visible in the Log Viewer. [#26934]
  • Corrected typo in a server-side validation error message. [#26729]

Security

  • Scaled back some excessively verbose log entries. [#27910]
  • Global CORS header now respect configuration changes made through environment variables. [#26391]
  • Fixed error that prevented the system from returning identity provider IDs instead of the Site identifier as part of the ACS URL in a SAML response, even if the properties are configured to behave that way. [#27832]

General Stability & Performance

  • Reserved names are now evaluated in case-insensitive fashion, for improved consistency. [#26796]
  • Fixed reserved-name protection for identifier and inode. [#22372]
  • Set Response Headers Rule Action now accepts double quote characters in the value field. [#26987]
  • Fixed Google Maps feature when setting rules related to visitor location. [#27531]
  • Fixed a conflict in the analytics infrastructure causing errors at startup. [#28305]
  • Deleting a Site that contains Content Types and content items no longer silently fails, and now provides an extra prompt to warn of the deletion of such items. [#27862]
  • Fixed unresponsive Import button when importing categories via CSV. [#25653]

🟣 Development Improvements

  • New release-candidate automation handles generating and publishing Docker images. [#26296]
  • Improved procedure for downgrading from current trunk build to the latest LTS patch. [#27002]
  • Automated procedure of replacing Next Release label with the appropriate version label on release process. [#26547]
  • Altered handling of feature flags to simplify feature rollouts. [#27708]

🟣 Dependencies, Components, Etc.

  • Upgraded Tomcat from 9.0.60 to 9.0.85. [#26722]
  • Removed Jetty Server dependencies. [#24847]
  • RedisSessionManager added to Maven build. [#26991]
  • Updated JSON Small and Fast Parser to 2.4.9. [#24849]
  • Updated XStream library. We did so recently, but we've given it another bump — from 1.4.8 to 1.4.20. [#21060]
  • Updated Postgres JDBC driver. The vulnerability this update resolves did not affect dotCMS, as we do not use the setting in question. Still, automated scans that don't know any better were very noisy about this. So… we may as well. [#27894]

⚠️ ️ Breaking Changes

  • None since 23.10.24 LTS!

On this page

×

We Dig Feedback

Selected excerpt:

×