Skip to main content

v4.7.18 release

v4.7.18 had seven improvements and five bug fixes.

Significant improvements

  • Restored access for non-developer roles to production guides through the help control , and improved usability of the production guide widget.
  • URLs used for applying watermarks now use the AES/GCM/NoPadding mode of operation instead of the less secure AES/ECB.
  • Disabled external entity resolution in the SAML XML parser, thereby helping to prevent XML eXternal Entity (XXE) attacks.
  • Replaced the class org.apache.commons.lang3.RandomStringUtils with org.apache.commons.text.RandomStringGenerator to more securely generate API keys.
  • Replaced the class org.apache.commons.lang3.RandomStringUtils with org.apache.commons.text.RandomStringGenerator in the GraphQL explorer to more securely generate nonces.
  • Replaced the function HMAC SHA-1 with HMAC SHA-256 to more securely generate a Tool User Time Based One Time Password.
  • Improved performance of database initialization when instances of legacy types contain references to other objects.

Significant defects addressed

  • Corrected an issue preventing proper layout of the search field when a site has a banner. Specifically, when a site has a banner, and an editor opened > Content Templates, the search field below the banner was not laid out correctly.
  • Corrected an issue throwing an error Invalid advanced query when searching for a keyword with the search panel in board view.
  • Corrected an issue in which upgrading to version 4.7.16 invalidated existing SAML credentials. Release 4.7.18 includes a patch for restoring the validity of those credentials.
  • Corrected an issue preventing screen readers from properly announcing word and character counts.
  • Corrected an issue causing the method JspUtils#getAbsoluteUrl to return an http URL when an https URL is available.