Security
SSL Security Advisory
The POODLE attack (PaddingOracleOnDowngradedLegacyEncryption) allows to steal “secure” HTTP cookies when SSL 3.0 is being used. We strongly recommend disabling SSL 3.0 support in your apache webserver configuration and if needed to update the openssl library once a fix for this issue has been released.
Bugfix RT58560
When a page is modified and republished during a publish process that published this page, it could happen that not all dependencies of the republished page were correctly dirted. This has been fixed now.
Bugfix RT58589
When creating folders over the REST API, the inheritable object tags from the mother folder were not automatically set for the new created folder. This has been fixed now.
Bugfix RT58599
Some errors, that occurred while rendering the tree will be logged now.
Bugfix RT58544
When an editor using Aloha Editor on Internet Explorer tried to leave the edited page (e.g. by clicking into the tree) with unsaved changes, a confirm message was shown, whether the changes should be saved before leaving the page. However, saving never worked, regardless of whether “OK“ or “Cancel” was clicked. Since it is not possible to save the page in an asynchronous call when leaving the page (the browser just would not issue the asynchronous save request), the behaviour when just leaving the page with unsaved changes has now been unified for all browsers: The user will get a notification message, explaining that unsaved changes would be lost when leaving the page.
Bugfix RT58067
The import of pages will now give more explicit error messages (in the server log) when the process fails due to data inconsistencies.
Bugfix RT58531
When an editor without permission to publish a page tried to publish a page that was missing some mandatory tags, the page would be put into the queue nevertheless. This is incorrect, the check for missing mandatory tags has to be done before putting the page into the queue. The behaviour has been changed now, so that it is not possible to put a page into the queue, if it is missing mandatory tags.
Bugfix RT58564
Fixed a SGB error that occured in some cases, when trying to upload a new file in the tag fill dialog.
Bugfix RT58557
In the previous bugfix RT58305, a background job that deletes broken content tags was added. However when a broken tag was found it caused the Tomcat to wrongly block the startup due to a not logged error. The error handling of background jobs has also been improved.
Bugfix RT58574
Editing pages with Aloha Editor: When using the method addDeleteButton() to add delete buttons to blocks, that contain nested blocks, the delete button was also attached to the nested blocks. This has been fixed now.
Bugfix RT58572
When content repositories, that have instant publishing enabled are not available, this might affect the whole system. With some new configuration options, it is possible to have instant publishing temporarily disabled in case of availability problems. See Instant Publishing in the Guides for details.
Bugfix RT58589
Creating new folders in the backend sometimes produced an SGB due to duplicate object tags. The folder was created in the DB, but caches were not properly cleared, which caused some problems afterwards. This has been fixed now, duplicate object tags will be ignored now.
Bugfix RT58566
Saving the tag definitions of a template possibly takes some time, because it could affect many pages. This could lead to a timeout in the request, which resulted in an SGB, although the process of saving the tag definition was successful. This has been changed now, so that if saving the tag definitions takes longer, the process will be taken to the background and the user will get a notification, when saving is complete.
Bugfix RT58599
The tree used to select the target folders when copying pages internally used too many requests to the REST API. This has been fixed now, which will reduce the render times for the tree.
Bugfix RT58539
When creating pages from within the todo tool, the language was not correctly set, if the Node, the user had visited last, did not have that language activated. This has been fixed now, the language will now be checked against the languages of the Node, where the page is created.
Bugfix RT58573
When generating a filename from the page name, the result was empty, if the name contained only whitespace characters. Also, a filename that begins with a dot could cause problems. This has been fixed, so that in both cases the filename will begin with “1” instead.
The ‘sanitize names‘ feature now allows the configuration of the standard replacement character. Also the list of allowed characters can be extended. See: Sanitize names
Bugfix RT58570
In some situations, dirting of folders upon changed object properties might not work, because a new object tag object had been created since the folder was last published. Storing of dependencies has been improved to be insensitive against such situations. It is important to note, that this change will only affect objects, that are republished after this update.
Bugfix RT58561
Some issues of export and import of channel structures have been fixed.
For these fixes, it is important that both the source and target system are update to the newest version of GCN, before doing the export and import.
- When importing a master node together with at least one channel, that contained at least one localized folder, into a system, where neither of the nodes already existed, it could happen, that the import failed with an “Internal error“.
- When exporting a master with channel and subchannel, it could happen that the this channel structure was not imported correctly.
- When resolving a conflict with behaviour “copy“, some parts of the new created object possibly had the same global IDs as the
imported object, which could lead to “Internal errors“ in subsequent imports. - When resolving a conflict with behaviour “copy” and then doing another import of the same bundle, the conflict
would not be detected again, which could lead to unwanted overwriting of the local object.
Bugfix RT58596
When publishing into a non MCCR content repository and not using multithreaded publishing, the motherid of an object sometimes would not be updated after the object had been moved to another folder. This has been fixed now.
Bugfix RT58537
Image Manipulation: The error “include imagemanipulation2 not found.” which showed up in the error log but had no functional consequence was fixed.
This Gentics Content.Node version includes the Aloha Editor 1.1.4 – 27.10.2014
This Gentics Content.Node version includes the .Node Version 2.0.15