Build History of Oxygen Content Fusion Releases
Build ID: 2023022015
Fri, 10 March 2023 10:00:00 GMT
Security/Component Update:
- This build addresses a vulnerability that could lead to information disclosure.
- Updated the Spring Boot Dependencies library to version 2.7.7 to avoid CVE-2022-41881.
- Updated the Netty library to version 4.1.86.Final to avoid CVE-2022-41881.
- Updated the JSON Web Token library (jsonwebtoken) to version 9.0 to avoid CVE-2022-23540.
Editing:
- Fixed an issue where files larger than 1MB could not be saved.
Content Fusion:
- Fixed an issue where the new file creation form could not be submitted using the Enter key.
Build ID: 2022121305
Tue, 20 December 2022 10:00:00 GMT
Authentication:
- Fixed an issue where logging in with Google or GitHub did not work in some scenarios.
Security/Component Update:
- Updated the Apache shiro-web library to version 1.10.1.
- Updated the spring-boot-dependencies library to version 2.7.6 for security reasons, and spring-security-core was updated to version 5.7.5 to avoid CVE-2022-31692.
- Updated the Socket.IO library to version 4.5.3 to avoid vulnerability CVE-2022-2421.
- Updated the SnakeYAML library to version 1.33 to avoid vulnerability CVE-2022-25857.
- Updated the Jackson Databind (jackson-databind) library to version 2.13.4.2 to avoid CVE-2022-42003.
- Updated the Jackson Databind (jackson-databind) library to version 2.13.4.2 to eliminate the vulnerability CVE-2022-42004.
- Updated the spring-boot-dependencies library to version 2.7.6 for security reasons, and spring-security-core was updated to version 5.7.5 to avoid CVE-2022-31690.
- Updated Apache Tomcat to version 9.0.69 for security reasons.
- Updated the Engine.IO library to version 6.2.1 to avoid CVE-2022-41940.
- Updated the body-parser and express libraries, which update the qs library to version 6.11.0 to avoid CVE-2022-24999.
- Content Fusion now comes with the latest release of Oxygen XML Web Author, along with all of its various improvements and bug fixes.
VMWare:
- Fixed an issue where the recommended amount of RAM was lower than needed.
Full Text Search:
- Fixed an issue where the Full Text Search feature would no longer work for old tasks after restoring from a backup.
Build ID: 2022092005
Tue, 27 September 2022 10:00:00 GMT
Authentication:
- Fixed an issue where logging in with Google or GitHub did not work in some scenarios.
Security/Component Update:
- Updated the PostgreSQL JDBC driver to version 42.4.1.
- Removed the gosu utility from the Docker PostgreSQL image to eliminate the CVE-2022-29162 vulnerability.
- Updated the JSON In Java (org.json:json) library to version 20220320 to avoid the SONATYPE-2022-3061 security vulnerability.
- Updated the Apache Shiro library to version 1.9.1 to remove the CVE-2022-32532 vulnerability.
- Updated RESTEasy to version 4.7.6 to avoid the CVE-2020-1695 vulnerability.
- Updated the Spring Security library to version 5.7.2 to avoid CVE-2022-22978.
E-mail notifications:
- Fixed an issue where email notifications were not sent to collaborators when a file was edited.
Search:
- Fixed an issue where clicking on a search result sometimes did not open the correct URL.