Online Chanel Release Notes

[]

Legend:

• New = New feature
• Fix = Bugfix
• Opt = Optimization
• Kis = Known issue
• Rem = Remark
• Dep = Deprecated
• Chg = Changes Previous Functionality
• Ref = Major refactoring, functionality should be identical to previous.

Version 2023.1.0 released 2023-10-25

Fix Fixed handling of PNG optimization in DIC

• Symptom: When the input file (dic_master) is an unsupported variant of png (colormap+alpha, maybe others) and the variant is also PNG, processing fails
• Cause: The optimization library does not handle unsupported formats at all and just throws some random exception.
• Solution: Exception is handled and the unoptimized png is served instead.

Version 2022.2.0 released 2023-04-06

Rem JDK17

2022.1 is the last release with support for JDK11, from 2022.2 on JDK17 is now required!

Version 2022.1.0 released 2022-08-17

Opt AppComService: contribute to satellite health state

AppComService now contributes to the satellite health state if certificates (censhare-Server/rmis) are about to expire

Opt DataStore: shutdown after CDB backup

set environment variable DATASTORE_EXIT_AFTER_BACKUP=true, after the first backup, the satellite will shutdown (e.g. usefull in a docker rebuild task)

Opt Amazon SDK 1.12.268

updated amazon sdk to 1.12.268

Opt Jetty 10.0.11

updated jetty to 10.0.11

Fix Adds support for authorized AWS EC2 medata detection

• Symptom: S3 storage is disabled on some EC2 instances, even though it's correctly configured
• Cause: The IMDSv1 is disabled by a commandline command "aws ec2 modify-instance-metadata-options --http-tokens required" (or a corresponding CloudFormation directive), which means that EC2 environment autodetection fails. This is interpreted as "no EC2 roles are available" and when combined with lack of access/secret key pair, the S3 is disabled completely.
• Solution: Use the IMDSv2 API to obtain authorization token. To future-proof the solution, it is also possible to override this detection completely via environment variable "S3_REGION_OVERRIDE" (must be set to a correct region value).

Opt preview - CORS Headers

for preview cors headers origins can now be whitelisted (exact match), if nothing is specified, the previous behaviour is used, and every request is passed through. This fixes also issues with the preview in WP-Clients.

Opt build support for external repository (true)

support for the external repository https://binaries.censhare.com has been added. to use this add properties binaries_user, binaries_api_key to your gradle config, or set the enviroment variables BINARIES_USER, BINARIES_KEY

Opt Support for encrypted PEMs (true)

Private Keys (PEM) encoded can now also be provided encrypted for community session manager & webserver. in this case the password has to be provided as "password" attribute on the pem element.

Fix Fixes NullPointerException with empty filter (xpath) expression

• Symptom: filter not working
• Cause: an exception is thrown and caught if an empty filter is set
• Solution: do not use filter expression if string is empty

Opt Variable Replacement in OSGI configurations (true)

In OSGi Configurations now variables can be used. Variables can be used in text nodes or in attribute node. The pattern is ${env:<ENVIRONMENTVARIABLE>} or ${env:<ENVIRONMENTVARIABLE/JSONPOINTER>}. Only the complete value of the Node can be replaced. e.g <test secret="${env:SECRET}"> <key> ${env:RSA/key} </key> <cert> ${env:RSA/cert} </cert> </test>

Opt jackson-databind 2.16.2.1

updated jackson-databind to 2.16.2.1

Version 2021.2.3 released 2022-03-21

Rem support JDK17

Support for jdk17 added. As Builtin JavaScript Support was removed with jdk17, support for JavaScript in Log Filters (AccessLogAppender) is removed when using JDK17.

Rem builtin jquery support removed

the builtin jquery support has been removed, as the version is rather outdated and has CVEs attached to it (1.7)

Version 2021.2.2 released 2022-03-17

Version 2021.2.4 released 2022-02-15

Version 2021.2.1 released 2022-02-14

Opt Jetty 9.4.45.v20220203

updated jetty to 9.4.45.v20220203

Opt OC: Freemarker rendering model - Added NavigationTreeNodeModel.assetId

The NavigationTreeNodeModel now allows direct access to the ID of its declaring navigation asset via the key "assetId".

Opt OC: Widget configuration extension

In the widget's XML configuration it's now possible to: - Create additional widget parameters which do not exist in the underlying component. This needs to be enabled using compatibility flag widget-allow-parameter-creation="true" - Reference (and load) other components from a widget parameter. This needs to be enabled using compatibility flag widget-allow-component-reference="true"

Version 2021.2.0.1 released 2022-01-28

Opt WebServer: Allow to restrict which X-Forwarded-Headers are evaluated (true)

Configuration Options are now available to disable specific X-Forwarded-Headers X-Forwarded-Host (default: false) X-Forwared-Server (default: false) X-Forwarded-Proto (default: true) X-Forwarded-Port (default: false)

Opt Jetty 9.4.44.v20210927

updated jetty to 9.4.44.v20210927

Opt Updated Dependencies: logback

updated logback to 1.2.10

Fix Fixes datastore sync splitting update packages in chunks (true)

• Symptom: Satellite got an OOM error while syncing an update of many assets with large inlined storage items.
• Cause: After target USN of 0 was reached, the boundary when to split the update into multiple chunks was raised to Long.MAX_VALUE.
• Solution: Keep the configured soft max size of storage item data per chunk in any case.

Fix Fixes info about deleted assets in datastore statistics

• Symptom: Number of assets to be deleted is constantly raising.
• Cause: Deleted assets which are not known by the datastore were ignored.
• Solution: Fixed calculation.

Opt Form element 'checkbox-group'

extend set of form elements by 'checkbox-group', failing validation if no child element 'checkbox' is active

Version 2021.2.0 released 2021-10-12

Version 2021.1.1 released 2021-09-21

Opt Updated Dependencies: slf4j / logback

updated slf4j to 1.7.32 updated logback to 1.2.5

Opt Datastore: catch exception if hardlinking failed

If hardlinking fails, the exception is caught and the next datastore backup is tested, if none can be opened, the CDB will be rebuild

Version 2021.1.0 released 2021-08-02

Opt DataStore: AssetChange Notifications improved

AssteChange notificates now do not contain deletes for assets not in datastore anymore. Additionally Information about current/previous assettype is added.

Opt Jetty 9.4.43.v20210629

updated jetty to 9.4.43.v20210629

Version 2020.3.3 released 2021-07-30

Version 2020.3.2.1 released 2021-07-05

Opt WebServer: request/response header max sizes now configurable

request / response header max sizes are now configurable, default is 8KB.

Version 2020.3.2 released 2021-07-02

Fix StorageItemRequest - delegate - wrong datastore service used (true)

• Symptom: assets filtered by the datastorefilter of the OnlineChannel Configuration could be accessed anyway
• Cause: unfiltered datastore used
• Solution: use filtered datastore

Opt Dyamic Image Cache: copy image metadata (true)

It is now possible to copy all image metadata to generated images, if the source format of the image is the same format as the output. so copy is possible from png to png, jpg to jpg, but not from png to jpg, or from jpg to png. All metadata will be copied, which can lead to inconsitent metadata on the image. this can be enabled in the Configuration <config ... copy-all-metadata="true"> this will enforce an rebuild of all images.

Opt SISModel: TextContentHelper (true)

changed from new Locale(asset.getLanguage()) to MiscUtilities.stringToLocale(asset.getLanguage()). new Locale("fr_FR)" - "fr_fr" MiscUtilities.stringToLocale("fr_FR") - "fr_FR" now using the Same Mechanism as LocaleNavigationTreeNodeParameterResolver

Opt Jetty 9.4.40.v20210413

updated jetty to 9.4.40.v20210413

Opt WebServer: rewriterules: do not rewrite request uri for redirects

redirects will not rewrite request uri anymore

Chg LoginComponent: check offsite redirect on logout (true)

• Symptom: redirect to external site on logout possible
• Cause: redirect call wrongly parameterized
• Solution: fix call parameters

Opt WebServer: do not show stacktraces (true)

stacktraces (earlier than the OCSite handles) will not be shown anymore. This can be reenabled in the Webserver configuration

Fix WebServer: truncate ip for forwarded ipv6 not working properly

• Symptom: MDC field mdc_cs_remoteIp empty
• Cause: when forwarded remote IPv6 maybe passed in as [ipv6]
• Solution: strip square brackets.

Opt Community Session Manager / SAML Provider: attribute mapper: extended parameters

site and session are now also passed to the mapped, so a sismodel Configuration can be used

Opt DataStore supports virus check via censhare-Server (true)

DataStore now supports virus checking of storage item files before committing. This can be enabled in the DataStore Configuration setting commit@virus-check=true. This feature has to be supported by censhare-Server and will be introduced there with 2021.1. If enabled and NOT supported by the server, committing files will throw an exception.

Rem Cookie SameSite attribute

If cookies with SameSite attribute are used by the CommunitySessionManager, the WebServer necessarily needs to have cookie compliance level set to RFC6265. CommunitySessionManagerConfiguration: session/[attributes-cookie|remember-cookie|session-cookie]/@same-site="[NONE|STRICT|LAX]" WebServerConfiguration: compatibility/@cookie-compliance="RFC6265"

Opt Jetty jetty-9.4.38.v20210224

updated jetty to 9.4.38.v20210224

Fix CommunitySessionManager: fix binary incompatiblity

• Symptom: compile errors on client projects / NoSuchMethod
• Cause: public method signature changed
• Solution: re-add old signature again

Version 2020.3.1 released 2021-02-15

Fix DeploymentServer: thread exhaustion

• Symptom: Thread Leakage
• Cause: Pipes were not released if an osgi bundle / osgi configuration could not be loaded from the server
• Solution: after transfer finally close the the logger and make sure all pipes are released

Opt WebServer: contribute to satellite health state

WebServer now contributes to the satellite health state if certificates are about to expire

Opt Community Session Manager / SAML Provider: attribute mapper: extended parameters

the provider id and NameId of the authenticated party are also provided to the attribute mapper

Opt Path Style Support for S3 access

Dynamic Image Cache and DataStore support now "path style access" to S3. this has to be switched on adding xml attribute 'path-style-access="true"' to the bucket configuration

Opt ImageRequestDelegate: convert-alias urls + watermark

support for watermarks in convert-alias urls added

Opt Community Session Manager / SAML Provider: contribute to satellite health state

Community Session Mananger and SAML now contribute to the satellite health state if misconfigured or if certificates used with saml are about to expire

Opt ImageRequestDelegate: support HEAD requests

HEAD requests are no suppored by the Image Request Delegate

Opt WebServer: adjust default excluded weak ciphers

Adjusted excluded ciphers to jetty default: "^.*_(MD5|SHA|SHA1)$", "^TLSRSA.*$", "^SSL_.*$", "^.*NULL.*$", "^.*anon.*$", "^.*CBC.*$"

these chipers can be renabled by explicitly configuring the excluded ciphers for the connector: <ciphers> <cipher exclude="true">.*RC4.*</cipher> <cipher exclude="true">.*DES.*</cipher> </ciphers>

Version 2020.2.2 released 2021-01-19

Opt disable indices by default if not configured otherwise

as some indices won't be able to build properly due to restricitons in the oc these will now be disabled by default currently this is: censhare:function.oc-live-tagged-file-id

Fix DynamicImageChace: resource leak with watermark (true)

• Symptom: Connections in CLOSE_WAIT, open file handles
• Cause: if watermark is used, input stream is not closed
• Solution: use autoclosing try-catch

Opt AWS S3 SDK 1.11.917

updated aws s3 sdk to 1.11.917

Opt Jetty 9.4.35.v20201120

updated jetty to 9.4.35.v20201120

Opt AWS S3 SDK 1.11.911

updated aws s3 sdk to 1.11.911

Opt SISModel: ListProvider/Search added additional count calculation for combinator OR (multiselect) (true)

There is a new mode for Count calculation in the Facettted values for multiselect (or) available. This should provide the numbers of the seperate items, and not the expected total result. You can activate this per facette (attribute: use-multi-facet-or-2="true") or by setting compatibility/search/facet@use-multi-facet-or-2="true" in the site configuration. CAVEAT: - that this mode has it's limitation when one asset can have multiple values, as these values are reverse calculated from the total result counts, this can give too low/high numbers. - this adds additional facets to your query which will have an performance impact on your query.

Fix SAML - logout request - name id type (true)

• Symptom: logout not successfull
• Cause: logout request does not specify the correct format for nameid
• Solution: use format configured for the request as well

Opt Satellite / Windows: support local.jvm.options

local.jvm.options is now supported in config.properties to have local jvm settings on this machine, not overwritten by server

Fix deleted filter filters to many assets (true)

• Symptom: asset in deletion state 'UNDEFINED' and 'LOCKED' are filtered
• Cause: only deletion state 'NONE' was the only valid state
• Solution: filter assets in states 'MARKED', 'PHYSICAL', 'PROPOSED'

Opt Satellite Cert generate: removed warnings insecure hash algorithm

switched from SHA1withRSA to SHA256withRSA

Opt Jetty 9.4.34.v20201102

updated jetty to 9.4.34.v20201102

Opt Dynamic Image Cache: full support for element index

New behaviour looking the correct storage storage item using elementidx. This wasn't taken in account everywhere correctly. This needs to be activated by a newly introduced compatiblity switch.

Version 2020.2.1 released 2020-10-23

Opt Jetty 9.4.32.v20200930

updated jetty to 9.4.32.v20200930

Opt DataStore: support for SortGroups added

QueryResult now supports the retrival of SortGroups if sorts group are requested during sorting, subresults are delivered for specified groups, sometimes the "auto" mode is enough.

Opt Satellite: Json/Gelf Encoders support for SLF4J markers added

SLF4j markers are now supported in the Gelf and Json Encoders of the satellte. Support for multiple markers for the GELF encoder needs to be explicitly enabled as arrays are not covered by GELF standard. MultiMarker Support requires also update of the censhare Satellite. Not all log messages are already tagged, a feature which will grow over time. Example Configuration: <encoder class="com.censhare.satellite.logging.encoder.GelfEncoder"> <mdcSeperator>_</mdcSeperator> <multipleMarkers>true</multipleMarkers> </encoder>

Opt SAML - logout request - binding / signing improvements

logout requests now use the same binding types & signing settings as the auth requests

Opt OC: CSM - Login / E-Mailfallback

If the login using a Provider (e.g. SAML/Facebook) provides an email address in addition to the provider specific id string, CSM

Opt OC: Authentication Interceptor Improvements

when visiblity filters (component-delegate/@apply-permissions="true" in OC config) were active, requests for assets invisible to the unauthenticated user, resulted in a 404. A new behaviour can be actived by setting component-delegate/@check-unfiltered-navigation-state="true". This switch will cause a second try to "resolveForward" (from url to navigation state) with the bare site datastore if the session is not authenticated (and no though no session filters applied). This is indicated to the AuthententicationInterceptor causiing a redirect to the login page. This needs to be activated manualy and tested, if it fits the application needs.

Fix OC SDK/ Demo Project fixed Java dependency

• Symptom: Compile Errors
• Cause: Still dependency on JDK8 while other dependencies require JDK11
• Solution: require JDK11

Opt Form Generator: added target for sending mails using direct SMTP connection

Sending Mails is now supported by using a direct SMTP connection

Opt OC: bouncer now keeps querystring

bouncer now keeps the querystring of the url after successful authentication

Fix WebServer: truncate ip address resolved hostname provided by X-Forwarded-Headers

• Symptom: requests logged in access log or using forwarded="true" could do a dns lookup for incoming hostnames on the forwarded header
• Cause: Used InetAddres.getByName() does DNS lookup
• Solution: Use address parsing from library

New Loading components / resources / skins from OSGi Bundle (true)

A New way to add components / static resources and skins is introduced. these can be provided through OSGi by know. For this you can implement the interfaces (and register in OSGi) com.censhare.oc.system.site.rrd.StaticResourceLoader com.censhare.oc.system.component.rendering.SkinResolver com.censhare.oc.system.component.ComponentDataLoader or use a Predefined version like com.censhare.oc.system.bundle.BundleLoader in your custom Activator. for an example please see com.censhare.oc.demo.Activator in the demo project inside the SDK.

Opt VideoModel inits from video-tag always

The VideoModel was reading 'autoplay' and 'videoAspectRatio' only from video xml tag if a poster was also provided. Change is to be activated by compatibility flag in OC-config.

Opt Jetty 9.4.31.v20200723

updated jetty to 9.4.31.v20200723

Fix WebServer: rewriterules not in access og (true)

• Symptom: requests answered by rewriterules (pattern/regex) not showing up in the request log
• Cause: wrong order in initialisation
• Solution: fix order

Version 2020.2.0 released 2020-08-11

Fix CommunitySessionManager: hash passwords using bcrypt failed

• Symptom: updating password failed, recovering password failed on the save password step
• Cause: wrong parameter count
• Solution: fix method invocation

Version 2020.1.3 released 2020-07-14

Opt DatastoreConnectedModel implements boolean only

it is now supported to remove scalar model by use of compatibility flag from 'DatastoreConnectedModel' improving usability in templating. Removing scalar model allows intuitive 'cs-if="cs.datastore.isConnected"' instead of clumsy 'cs-if="cs.datastore.isConnected && true"'

Opt Jetty 9.4.30.v20200611

updated jetty to 9.4.30.v20200611

Opt Webserver: added support for static headers

additional headers can now be configured for each vhost (and the default host)

Opt CommunitySessionManager: hash passwords using bcrypt by default

passwords are now hashed using bcrypt by default. an switch is added to the CommunitySessionManager config to update the assets after login if not using bycrypt already (default off)

Version 2020.1.2 released 2020-04-20

Opt DataStore: shared s3 file system with server / iam roles

if shared s3 file system with server and iam roles were used, local (developement satellites) wouldn't start. if secret-key / access-key is not specified, an additional check is done to verify if satellite is running in EC2, if not the fs configuration is skipped.

Opt DataStore: index type hierachical

index type hierachical is now supported in the datastore configuration

Opt Jetty 9.4.28.v20200408

updated jetty to 9.4.28.v20200408

Version 2020.1.1 released 2020-04-15

Fix WebServer: Cookie Compliance (Response Cookies) (true)

• Symptom: exception cookie does not match RFC6265, whilst in compatibility RFC2965 is selected
• Cause: cookie compliance was only set for request cookies
• Solution: set cookie compliance also for response cookies

Version 2020.1.0 released 2020-03-23

Opt Jetty 9.4.27.v20200227

updated jetty to 9.4.27.v20200227

Version 2019.3.1.1 released 2020-01-30

Opt OC: DataStoreFilter

OC DataStore Filters now support also to filter for deletion=0 (NONE). Additionally the code has been so a FilteredDataStoreService can be configured as instance in OSGi (dependent on another real DataStoreService) and be just together with HCMS e.g.

Opt Jetty 9.4.26.v20200117

updated jetty to 9.4.26.v20200117

Opt ComponentActions: validation

the @Action annotation has been extended to support @Action(validate="true"), in case of true the component needs to implement the interface "com.censhare.oc.system.component.ComponentAction.ActionValidation", otherwise an exception is thrown.

Opt WebServer: Allow to restrict which Forwarded-Headers are evaluated (true)

Extended the connector configuration, so that in the forwarded case, the "Forwarded" - header or the group of "X-Forwarded-*" - headers can be used, or both (default, as before), in case of both the "Forwarded" - header is prefered. This setting should be restricted to the HTTP request headers, which are actually created by the proxy or load balancer that is used, otherwise values could be spoofed by the original requestor. The new sample configuration is restricted to the X-Forwarded-Headers.

Version 2019.3.1 released 2019-12-18

Opt OCSite - allow access to image service

added getter to oc site to provice easy access to image service api

Opt OCSession - support cookie attribute same site (true)

added support for same site attributes in session manager configuration for different cookies

Opt OCSession - allow access to session id

OCSession no provides read access to the session id, if this is supported by the underlying session manager. dependening on the implementation this session id is only available for logged in users.

Opt Jetty 9.4.24.v20191120

updated jetty to 9.4.24.v20191120

Version 2019.3.0 released 2019-11-25

Opt DataStore: add possibility to mark storage items as stream - only (true)

it is now supported to mark storage items as stream - only. these storage items will be downloaded from the censhare-Server via the RMI-Connection everytime their input stream is requested. <storage> .... <stream-only xpath="storage_item``[@filelength>102400 and not( ../starts-with(../@type,'module.') or @key='dic_master' or ../@domain='root.system.online.static_resources.' or starts-with(@mimetype, 'text/'))]"/> </storage> automaticly excluded are storage items whiche are inlined / indexed

Opt Visibililty Filters (Permission Groups)

it is now supported to supply your own visibilty filter implementation by extending com.censhare.oc.system.component.IPermissionFilter an sample implemntation can be found in the demo project in class com.censhare.oc.demo.site.MyPermissionFilter

Opt freemarker 2.3.29

updated freemarker to 2.3.29

Opt Updated GC settings in default JVM Configuration/config.properties

updated gc settings to contain actual timestamp in log

Version 2019.2.4 released 2019-11-06

Opt Jetty 9.4.22.v20191022

updated jetty to 9.4.22.v20191022

Version 2019.2.3 released 2019-10-22

Opt FormUtil: support input type 'number'

form input type 'number' is now supported

Opt SAML - relayState

SAML now allows the use of the relayState in an request to transfer the redirectTarget

Opt Jetty 9.4.21.v20190926

updated jetty to 9.4.21.v20190926

Opt LinkModel: changed content disposition for downloads if target="new-window" (true)

if "new-window" is choosen as target for a link to a storage item, a normal url is generated where no "Content-Disposition: attachment" header is added to the HTTP response.

Opt OpenSAML 3.4.3

updated OpenSAML to 3.4.3

Opt Jetty 9.4.20.v20190813

updated jetty to 9.4.20.v20190813

Opt Datastore synchronization: limit size of the pipeline (true)

Synchronization pipeline contains two queues with limited size, to avoid excessive memory consumption. Default limit is 10 update packages of total size 25 MiB (soft limit: update package can be added to queue even if the resulting size is exceeded, as long as the queue is not full before adding). Both of these values can be changed in datastore configuration.

New New configuration option to disable deployment and code execution from server (true)

Deployment and service calls from server can be disabled if required by restrictive security policy. All bundles and configuration files must be deployed from local directory instead.

New Attribute whitelist for checksum-based asset change detection (true)

Configuration of attributes that are part of asset change detection checksum can be now specified either as a "blacklist" (sequence of <exclude> elements specifying which attributes are ignored) or as a "whitelist" (sigle <exclude attribute="*"> and sequence of <include> elements specifying which attributes are part of the checksum).

Version 2019.2.2.1 released 2019-08-21

Opt DependencyUpdate: Apache Felix

updated apache felix dependencies to their latest versions: org.apache.felix.framework: 6.0.2 -> 6.0.3 org.apache.felix.configadmin: 1.9.2 -> 1.9.16 org.apache.felix.log: 1.0.1 -> 1.2.0 org.apache.felix.metatype: 1.2.0 -> 1.2.2

Opt SISModel: asset-types & nodenames for wrappers now configurable (2)

for sismodel wrappers the sites to bind to are now configurable (default all sites)

Fix Dynamic Image Cache: fixed crop calculation (true)

• Symptom: croppings from the asset not used
• Cause: wrong alias was compared with the cropping feature
• Solution: use correct alias

Fix DataStore: no change notifications on modifications

• Symptom: no change notfications send for modifications
• Cause: during refactoring to provide better method based on real modifications introduced in 2019.2.2, the type for modification was switched and were handled as deletion
• Solution: use proper type for changey

Fix Dynamic Image Cache: reduce requests to S3

• Symptom: too many requests to s3
• Cause: broken expiry check
• Solution: fixed expiry check and added direct check for file, then falling back to listing to reduce costs

Opt CommunitySessionManager: black list sessions on logout (true)

to prevent existing sessions from beiing reused after logout, you can enable blacklisting of sessions. in this case on logout session ids and timeouts are persistent at the asset. This behaviour is disabled by default. You can enable it in the Community Session Manager Configuration >session .... blacklist-session-on-logout="true"< the asset feature "censhare:module.oc.session-blacklist" needs to be present for this to work.

Version 2019.2.2 released 2019-08-02

Fix Filtered DataStoreSession for alternative path resolution

• Symptom: alternative path was resolved to correct path, but after redirect a 404 occured
• Cause: an unfiltered datastore session was used to calculate the target path
• Solution: use datastore session from component context

Fix Apply domain filter to resources root as well

The domain filter for resources in the OC configuration is now also applied to the resources root. Enabled by compatibility switch: apply-filter-to-resources-root="true"

Fix Satellite Installer - error in Debian 10

• Symptom: not gzip error
• Cause: shopt checkwinsize is on by default in scripts now
• Solution: change variable name in script

Opt Webserver: removed custom error handler

removed custom error handler as the change were obsolet

Fix Jetty: MaxFormContentSize / MaxFormKeys wrongly intialized with 0 (true)

• Symptom: HTTP POST with no Content-Length may return HTTP 400
• Cause: if no Content-Length is given, the MaxFormContentSize of will block after the throw a "Form too Large"
• Solution: initialize with -1, to use the jetty defaults

New Asset change detection by checksum

When enabled in DataStore configuration (element change-detection), AssetChangeEvent is generated only for assets whose content really changed, fully ignoring metadata attributes like currversion, checkout status, all sid and rowid, etc. "CCN snapshots" also contain all necessary data and their diff() method give results consistent with the generated events (this allowing synchronization to "catch up" after restart).

Opt Jetty 9.4.19.v20190610

updated jetty to 9.4.19.v20190610

Opt Static Asset Resolver - to url transformation cacheing

added cacheing layer in the url calculation per request to improve the speed of the transformation form navigation state to url

Opt ComponentContext Attributes - extended with flush parameters

ComponentContext Attributes can now add flushing parameters, so these are deleted if the locale or datastore filters change

Version 2019.2.1 released 2019-06-25

Fix BootStrapConfiguration did not write back since 2019.2.0

• Symptom: changes in jvm configuration were not written back to config.properties
• Cause: missing registration as ConfigurationListener in OSGI
• Solution: register in OSGI

Opt RMI: keepalive and readtimeout (true)

activated tcp keepalive and socket read timeout for new installations, this can be activated by extending your satellites config.properties: com.censhare.satellite.appcom.impl.RMIAppComService$socket-keep-alive=true com.censhare.satellite.appcom.impl.RMIAppComService$socket-read-timeout=900000

Opt DataStore: Improved Connection Check with timeout (true)

added a timeout to the call to the OCDataStoreService for connection checking

Fix Mediaportal download info: Use localized asset name if available (true)

• Symptom: Basket download info in mediaportal may not show correct localized asset name.
• Cause: Name feature was used, but locale attribute not considered.
• Solution: Use localized asset name if available.

Fix HTTP2 Support

• Symptom: WebServer did not start with http2="true"
• Cause: Missing ALPN provider
• Solution: added the missing ALPN provider jar

Opt WebServer: added option to specifiy default hostname for connector (true)

Added an Option to specifiy an hostname / port for an connector, which is used instead of the system's ip address if the Host header is missing (HTTP/1.0)

e.g. <connector port="8095" forwarded="false" secure="false" forwarded-levels="1" http10-hostname="www.censhare.com" http10-port="443"/>

Opt WebServer: adjust default excluded weak ciphers (true)

Adjusted excluded ciphers to jetty default: "^.*_(MD5|SHA|SHA1)$", "^TLSRSA.*$", "^SSL_.*$", "^.*NULL.*$", "^.*anon.*$"

these chipers can be renabled by explicitly configuring the excluded ciphers for the connector: <ciphers> <cipher exclude="true">.*RC4.*</cipher> <cipher exclude="true">.*DES.*</cipher> </ciphers>

Fix DataStore: live applied changes trigger DataStore rebuild after satellite restart

• Symptom: DataStore starts rebuild after Satellite / DataStore restart / no changes in config between stop & start
• Cause: the live applyable changes were not considered in the rebuild descision
• Solution: test also for live applyable changes, before triggering rebuild

Opt DataStore: UpdateStage - extended loggiing

update stage is now also logging the time for update calls

Opt Push-S3: precheck shadow file

if the server announces to use shadow files (since 2019.2.1) to the datastore, the datastore can do a check to s3, if the shadow file already exists and thous avoid triggering this check by the server. this can help reduce the indexing of storage items if the satellite is nearer to s3

Opt RMI-Compression enabled by default

the use of rmi compression is now enabled by default (level 1), this can be disabled again in the config.properties by setting com.censhare.satellite.appcom.impl.RMIAppComService$compression=

Fix Restart of OCService incomplete due to dependency restart failed

• Symptom: parts of the site were missing, e.g custom.configuration was not available
• Cause: during shutdown (caused by removing a dependency) a service registration was tried to deregister multiple times
• Solution: clear list of service registrations after unregister to avoid duplicate deregistration

Opt Jetty 9.4.18.v20190429

updated jetty to 9.4.18.v20190429.

Opt ProductModel - added property mainOrMedia

newly added property mainOrMedia lists all assets with main image or media relation (first main image, then media) in a distinct way (assets with both relations will onyl be considered once)

Fix SAML: don't allow login if not all encrypted assertions could be decrypted

• Symptom: login successfull, but no assertions were decrypted
• Cause: missing check
• Solution: check if all encrypted assertions could be decrypted, otherwise abort the login

Fix Fix potential OOM from Dynamic Image Cache

• Symptom: Potential OOM Exception
• Cause: a reference to the image asset was kept
• Solution: replace field reference to image asset with a method-scope variable

Version 2019.2.0 released 2019-04-25

Rem Java 11

Java 11 is now required, openjdk is now used for development and testing.

New Allow Formular Generator targets to inidciate that they can be executed without app server connection (true)

The FormularGeneratorTarget was extended so that targets could indicate that they don't need an app server connection to be executed. On the frontend side this can be evaluated via FormularGenerator component's parameter targetsNeedAppServerForProcessing. Additionally the parameter preloadTarget needs to be set to true.

Opt RMI Communication: support proxy settings

RMIAppComServices now supports the same settings as the censhare Client

Opt Facebook Login: updated API from 2.8 to 3.2

updated facebook rest api call from version 2.8 to 3.2

Opt Dynamic Image Cache: Improve S3 Read-After-Write behaviour

to improve behaviour, a newly generated image is returned directly from memory to the receiver, instead of streaming it again from s3

Fix Data store live reconfiguration in group mode (true)

• Symptom: The data store service is restarted instead of live reconfigured in group mode.
• Cause: The configuration is modified internally in group mode which is treated as change requiring a restart.
• Solution: Apply internal modification to configuration before checking if a live reconfiguration is possible.

Fix Dynamic Image Cache: fix hash calculation (true)

• Symptom: Changes in croppings are not reflected on scaled images
• Cause: the hash calculation didn't consider the deprecated use of the cropping asset-rel features directly as asset-features
• Solution: consider the asset-rel features on asset if the correct features were not used

New CORS headers for static resources (true)

Allows to send HTTP access control headers for cross-site requests to static resources. Since only simple methods GET and HEAD are valid for these resources, CORS-preflight requests are not supported. If the given Origin is within the allowed list, an appropriate Allow-Origin header is sent. The settings are looked up by asset features "censhare:module.oc.cors" / "censhare:module.oc.cors.allow-origin" recursively up to the resources root.

New Sismodel: add model for product item group

New sismodel für type "product item group" added. To get a flattened list of all product items either directly underneath product or underneath product item groups, use key 'productItemsFlat' on the product model. Add key for media related assets of product.

Opt DataStore: skip forced rebuild if feature is disabled

skip the datastore rebuild/restart if the change in of a feature config is only to set it disabled

Opt DataStore: wrap checkpoint/backup in transaction

use a transaction to ensure checkpoint/backup calls are not interfering with commits

Opt DataStore: skip feature with invalid attribute mapping

An invalid feature attribute mapping could break the datastore synchronisation (invalid syntax, unsupported xpath-expressions used). Theses features are now skipped and not added to the datastore.

Opt DataStore: update index definition if mapping or type changes

the index is now updated on changes in master data for features (changes on mapping or value_type) if the feature already exists in the datastore. old data in the index stays unaffected, an rebuild needs to be triggered manually.

Opt WebServer: RewriteRules allow limiting to http or https

rewrite rules can now be limited to one scheme (e.g. to redirect to https)

Opt AWS S3 ECS credentials

The Online Channel Data Store S3 support will now use the ECS credentials when running as insider ECS and an IAM role is assigned to the task definition.

Please check your IAM roles for ECS containers and tasks if you are updating a Online Channel running in ECS. It will not longer have the container role when a role is assigned to its task definition.

Opt Community Session Manager: set password date

if available the community session manager now sets the feature "censhare:module.oc.password-date" when the password is updated (if the feature is available in the masteredata)

Version 2018.3.3 released 2019-01-25

Opt Extended Freemarker NodeModel support (true)

NodeModel now supports ?next_sibling & ?previous_sibling

Fix DefaultSessionManager: Locale Selection for Request (true)

• Symptom: prerequsite: site default locale different from jvm locale when requesting a site without a url segment and no Accept-Language header, the jvm default locale was used, not the site default locale
• Cause: Request.getLocale() defaults to Locale.getDefault()
• Solution: check if a Accept-Language header is present, otherwise use the site locale

Opt SISModel: asset-types & nodenames for wrappers now configurable (true)

for sismodel wrappers the asset types or node names (depending on type) are now configurable

Fix Fixed HTTP multi range requests

• Symptom: when requesting multiple ranges in one request, the second part delivered a wrong part of the input stream
• Cause: skipping was not relative to the latest point
• Solution: remember last position and skip relative to this position in the stream

New Facet source available in faceted search result (true)

Query result now provides alternate view of faceted results, grouped by facet source instead of feature key. This applies only to facets with non-null source; in standard Online Channel, this map is always empty. ˙Headless CMS, however, uses this to identify facet values from different part of the query.

Opt WebServer: connection limit / rate limit added

now new options to limit the webserver connections are offered: default values are: connections="1000" accept-rate-limit="1000" accept-rate-limit-period-in-ms="1000"

Opt Satellite file handle limit

Increase recommended file handle limit 8192 to 16384. Please adjust the systemd service file on upgrades.

Fix Locale fallbacks for localized text assets

• Symptom: Multiple locale fallbacks for one locale are defined in the Online Portal configuration, but the localized content on the website does not reflect the order of the fallbacks, changing the order has no effect.
• Cause: When searching for locale fallback TextContentHelper methods does not sort the available alternatives by priority of configuration.
• Solution: Changed TextContentHelper to sort available alternatives by priority of configuration.

Opt StorageItemContent.getInputStream(offset,length)

To support range requests efficiently for AWS S3 the StorageItemContent was extended to pass this range information to S3, or equally to the local storage. ResponseData was extended to able to take advantage from above extention.

Opt Jetty 9.4.14.v20181114

updated jetty to 9.4.14.v20181114.

Opt OC: NavigationState - clear parameters if active node changes

added option to clear invalid parameters from last navigation state if active node is set to a new value. this can lead to a non-resolvable state. this is a new behavior and needs to be enabled using compatibility flag navigation-state-remove-invalid-parameter-values="true"

New OC: Instance DataStore Filters

added option to replace standard filters for period, template flag and outputchannel with specific ones which provide better performance when used to filter getAsset() calls

Version 2018.3.2 released 2018-12-11

Opt SAML: extended attribute mapping

extended attribute mapping to also map XSBoolean, XSInteger and XSAny besides the already supported XSString

Version 2018.3.1 released 2018-11-27

Version 2018.3.0 released 2018-11-23

Fix Hierarchical Feature Mode

• Symptom: Neither setting the default hierarchical feature mode in a version 1 data store configuration nor setting the hierarchical feature mode per feature in a version 2 data store configuration has any effect.
• Cause: The internal transformation from version 1 to 2 data store configurations always sets the default hierarchical feature mode to "store-hierarchical". The per feature configuration is always overwritten with the default mode.
• Solution: Take the configured default hierarchical feature mode into account during data store configuration transformation from version 1 to 2. Don't set the default mode for features that are already explicitly configured.

Opt Satellite.sh: restart on OOM

Satellite.sh now automatically restarts the satellite on OOM if the satellite is started with -XX:+ExitOnOutOfMemoryError

New AutoScaling: Support for db on shared FileSystem (true)

It is now supported to put the db in group mode on a shared file system like EFS, and use snapshots of these databases when autoscaling

Version 2018.2.3 released 2018-10-29

Opt Support multiple regions for AWS S3 filesystems used by Data Store storage item push

For Satellites running in different regions, they now can select an S3 bucket in their own region.

Rem Remote DataStore removed

RemoteDataStore bundle is now removed from the build / release

Version 2018.2.2.1 released 2018-10-16

Version 2018.2.2 released 2018-09-28

Opt OCConfig: force canonical redirects to be permanent (true)

Allow by OnlineChannel configuration 'redirect-to-canonical@always-permanent' to enforce all canonical redirects to use HTTP.301 response state. If omitted or 'false' (default) redirects to browser locale use HTTP.302.

Opt DIC: improve urls / support for "no crop" images (true)

The ImageRequestDelegate can now: - convert aliases to concrete settings on url generation so multiple aliases with the same setting are getting the same url - use a "contentHash" instead of ccn / version of a asset to determine change - redirect to a canonical url The ImageService now supports "noCrop" version of Images with feature 'censhare:module.oc.dic-image-no-crop'. In this case always the whole image is used and centered in surrounding image with the selected background color (default black) or transparent (for png). The Above Mentioned ContentHash is also used while store the files to reduce unnecessary computation of images.

Version 2018.2.0 released 2018-07-26

Opt DataStore: improve syncronisation speed (true)

Disable hashcode checking for immutable storage item files, to improve sync speed. If the storage item files reside on a file system with a usage type other than "assets" (like module assets), they are still checked to ensure the current content is synchronized. The cached table "filesystem_dev" must be added to the datastore configuration, in order to detect the file system usage.

Version 2018.1.4 released 2018-07-20

Version 2018.1.4 released 2018-07-20

Fix Community Session Manager / SAML: debug logging breaks dom

• Symptom: Exception during signature verification: signature validation failed: org.symptom.xmlsec.signature.support.SignatureException: Apache xmlsec IdResolver could not resolve the Element for id reference:
• Cause: during logging the elements (for debugging) were attached to a new dom (marshalling/unmarshalling), which did not contain the reference to the correct dom anymore
• Solution: debug logging modified, so marshalling is skipped

Rem removed deprecated parallelism option from datastore configuration

removed deprecated parallelism option from datastore configuration. This is superseeded by the request limiter.

Opt Added authentication for AWS S3 filesystems via IAM role

If the attributes access-key and secret-key are missing, EC2 instance profile credentials will be used.

Opt FulltextSearchComponent / ListProvider support different relations for searchProductRelation

Added option to ListProviders / FulltextSearchComponent of sismodel to support switching the relation from user.description. (default) to another e.g. (user.channel-content.)

Opt Proxy: support https

Option to support https added.

Version 2018.1.3 released 2018-06-26

Opt Jetty 9.4.11.v20180605

updated jetty to 9.4.11.v20180605

Opt freemarker 2.3.28

updated freemarker to 2.3.28

Version 2018.1.2 released 2018-06-12

New OCSite supporting cookie policies

OC instances now support cookie policies which are enforced on every request operated in this sites context. Policies are defined for a cookie name via a pattern, and check if the value of another cookie matches a given pattern. This can be used to implement multi level functionalities (like remember/attributescookie is not allowed, but session cookie is allowed) If the Cookie is not set, this is interpreted as empty string value.

Opt OCDataStore: options added to delay the registration of the datastore

to increase initial speed of the instances & and add the possiblity to wait for the data store to be ready the registration of the datastore in osgi can now be delayed.

Opt update apache felix to 5.8.10

updated apache felix frame to 5.8.10, configadmin to 1.9.0, metatype to 1.2.0

Opt condensed resources: improved content-type header

added "; charset=utf-8" and switched from application/javascript to text/javascript

Opt bountycastle 1.59

updated bountycastle to version 1.59

Opt Optimize Cache-Control headers

for immutable resources like static resources accessed with the immutable url, and storage items and images with non-persistent urls add the "immutable" tag to the Cache-Control header

Opt Guava 25.0

updated guava to 25.0-jre

Fix Redirect onsite check failed for URL without scheme

• Symptom: RedirectUtil's onsite check did not detect an URL starting with double slash (like //censhare.com/) as offsite location
• Cause: java.net.URI.isAbsolute() doesn't consider URLs without scheme as absolute
• Solution: Check if the hostname of the provided URL matches the current one

Opt Jetty 9.4.10.v20180503

updated jetty to 9.4.10.v20180503

Opt slow queries

reduced loglevel of slow query logs and moved to own logger.

Opt Satellite JVM options improved

Added -XX:+ExitOnOutOfMemoryError to the Satellite's JVM options in the default configuration file, existing installations are not affected autmatically. Shutting down the Satellite should prevent it from running in an undefined state without being noticed.

Option requires at least JDK 8u92 (was released in April 2016)

New extend relation on data source collection

Before that, the fixed relation used "target." to get the article from datasource collection , now user can define relation (like target., user. etc) on widget level

Version 2018.1.1 released 2018-04-20

Opt expose providerid of current session

extended OCSessionManager.OCSession interface to provide a way, to get the AuthProvider used for the current session

Version 2018.1.0 released 2018-04-03

Fix Input stream leak

• Symptom: Data store S3 connection pool running out of available connections with ConnectionPoolTimeoutException.
• Cause: The input streams created by the data store service were not closed correctly during inlining of invalid XML content.
• Solution: Use try with resources statement for all internal streams and add a finalizer which closes and logs a warning for streams that are returned in the API.

Fix Page Number on basket in Media detail page

Page number missing on basket in media detail page because using old feature(portal:issue-number), now added featureFallback to the new feature (censhare:module.oc.portal.first-page)

Fix ProductModel wrong sorting of product items (true)

• Symptom: When iterating over the productItems property of the ProductModel, the items don't follow the order as displayed in the client.
• Cause: Sorting attribute on product item relation is not used for sorting.
• Solution: Sort product items by sorting attribute on product item relation.

Opt SAML: support post binding (true)

support post binding in auth requests (defaults to redirect binding)

New Explicit Reindex & skip rebuild on config changes (true)

added functionality to disable the automatic rebuild on configuration change. (Attribute skip-rebuild-on-feature-config-change="true" on element "features"). Using a Server-Action supplied in 2018.1 indeces (features) can be specificly reindexed without rebuilding the whole CDB.

New Skip rendering of following components if output is already aquired

in order to save cpu time you can skip the rendering of components after the output is already aquired. a new compatibility flag is introduced, and for new installations enabled by default: skip-component-rendering-if-response-is-acquired="true"

Fix RenderContext - performance logging - illegal state

• Symptom: Caused by: java.lang.IllegalStateException: This stopwatch is already stopped
• Cause: current RenderContext was only used, to create a child RenderContext (e.g. with a different Output), and the logging was on level "debug"for com.censhare.oc.system.component.rendering.impl.RenderContextImpl
• Solution: check state of Stopwatch before stopping it.

New Bouncer: Added CORS Headers to support censhare5 preview url requests (true / true)

CORS Headers were added to the Bouncer Page in case the PreviewRequestDelegate would have been responsible for this request, to support the AJAX-Requests from censhare Web

New property for feature censhare:modules.oc.use-master-storage (true)

property added image model, returning a boolean if the master storage item should be used for this image

Bug support XsDateTime of Type DATE (true / true)

• Symptom: std-portal birthdate shown wrong depends on customers timezone
• Cause: birthday date is localized to customers timezone
• Solution: set and retrieve date as timezone independent (base impl in oc)

Task storage item request delegate requires modified data at storage item (true)

• Symptom: java.lang.NullPointerException: com.censhare.oc.system.component.impl.StorageItemRequestDelegate
• Cause: storage item request delegate required modified date at storage item but modified date is not enforced by asset management
• Solution: set last change date header only if such information is present

Bug Regression introduced by "Http Header X-Content-Type-Options: nosniff" (true / true)

• Symptom: java.lang.NoClassDefFoundError: com/censhare/oc/system/site/impl/OCSiteImpl$SiteCompatibilty
• Cause: SiteCompatibility not exported by OSGi bundle
• Solution: move SiteCompatibility to package com.censhare.oc.system.site

Chg configure number of trusted x-forwarded-for steps (true / true)

make it possible possible to configure the number of steps in X-Forwarded-For header to the left is allowed. Defaults to Integer.MAX_VALUE, template for new configurations is set to 1. Change was necessary as some Loadbalancers / Proxies do not replace the Header but append to it, and so the wrong ip could be used or injected from the outside. Please update your configuration accordingly.

Opt disable automatic index creation (true / true)

It is now possible to invert the current behavior to automatically add a index per each defined feature. This is useful if you have a lot of features which are not queried in the CDB. They can still be accessed via the asset xml.

Opt Extended com.censhare.oc.system MANIFEST / API (true)

OSGi bundle com.censhare.oc.system now exports package freemarker.cache. Package freemarker.cache is also added to the api jar library.

Bug Condensed resources: refresh not triggered (true)

• Symptom: condensed resource not recalculated, even if asset is touched
• Cause: if a condensend resource used sub imports like with less.js @import asset dependencies were not correctly tracked, if this resource was already in the lookup cache.
• Solution: always add asset depencies

Opt CommunitySessionManager: http-only for session attributes cookie (true)

Added configuration option to set http-only flag for session attributes cookie. if not explicitly set defaults to false. Config templates are updated with the new option.

Chg truncating IP addresses during logging (true)

to comply with eu legislation the logged ip's are now truncated to 24 bits (IPv4) and 40 bits (IPv6), thous these should ne be considered personal information anymore. This behavior is the now default, and will change the log output of existing installations. It can be reverted in the webserver configuration.

Opt SAML-Authentication (true)

Added support for name-id-format "unspecified"

Fix Ignore CDB duplicate key errors on delete for OC (true / true)

• Symptom: OC CDB update fails with java.lang.IllegalArgumentException: unabled to remove
• Cause: Key handling in CDBTree treated duplicate key removal as an error.
• Solution: Ignore duplicate removes.

Opt Http Header X-Content-Type-Options: nosniff (true)

Added Support to add "X-Content-Type-Options: nosniff" to each response. Compatibility switch to enable behavior: enable-no-sniff-header="true". (disabled by default).

Fix condensed resources not compiling on windows satellites (true)

Opt OC: SDK/API includes statistics service

OC: added statistics service to OC-SDK jar

New Multiple content fulltext indices with filtering and scaling

New fulltext parameter: scale (used to multiply all relevances). Multiple indices can be marked as content (isContentFulltext="true"), default index is now marked by separate attribute. Content fulltext index can have filtering xpath specified, in which case it will contain only subset of XML file (typically: titles, labels, etc) and no content from other ones. These indexes can be then combined in single virtual fulltext index; when the filtered ones have higher scale, it effectively serves as boost, this effectively implements search boost for specific parts of structured document.

The content/default split is backwards compatible: if there is no fulltext index marked as default, one content fulltext is automatically chosen as default.