Build History of Oxygen Content Fusion Releases

Build ID: 2023022015

Fri, 10 March 2023 10:00:00 GMT

Security/Component Update:

  • This build addresses a vulnerability that could lead to information disclosure.
  • Updated the Spring Boot Dependencies library to version 2.7.7 to avoid CVE-2022-41881.
  • Updated the Netty library to version 4.1.86.Final to avoid CVE-2022-41881.
  • Updated the JSON Web Token library (jsonwebtoken) to version 9.0 to avoid CVE-2022-23540.

Editing:

  • Fixed an issue where files larger than 1MB could not be saved.

Content Fusion:

  • Fixed an issue where the new file creation form could not be submitted using the Enter key.

Build ID: 2022121305

Tue, 20 December 2022 10:00:00 GMT

Authentication:

  • Fixed an issue where logging in with Google or GitHub did not work in some scenarios.

Security/Component Update:

  • Updated the Apache shiro-web library to version 1.10.1.
  • Updated the spring-boot-dependencies library to version 2.7.6 for security reasons, and spring-security-core was updated to version 5.7.5 to avoid CVE-2022-31692.
  • Updated the Socket.IO library to version 4.5.3 to avoid vulnerability CVE-2022-2421.
  • Updated the SnakeYAML library to version 1.33 to avoid vulnerability CVE-2022-25857.
  • Updated the Jackson Databind (jackson-databind) library to version 2.13.4.2 to avoid CVE-2022-42003.
  • Updated the Jackson Databind (jackson-databind) library to version 2.13.4.2 to eliminate the vulnerability CVE-2022-42004.
  • Updated the spring-boot-dependencies library to version 2.7.6 for security reasons, and spring-security-core was updated to version 5.7.5 to avoid CVE-2022-31690.
  • Updated Apache Tomcat to version 9.0.69 for security reasons.
  • Updated the Engine.IO library to version 6.2.1 to avoid CVE-2022-41940.
  • Updated the body-parser and express libraries, which update the qs library to version 6.11.0 to avoid CVE-2022-24999.
  • Content Fusion now comes with the latest release of Oxygen XML Web Author, along with all of its various improvements and bug fixes.

VMWare:

  • Fixed an issue where the recommended amount of RAM was lower than needed.

Full Text Search:

  • Fixed an issue where the Full Text Search feature would no longer work for old tasks after restoring from a backup.

Build ID: 2022092005

Tue, 27 September 2022 10:00:00 GMT

Authentication:

  • Fixed an issue where logging in with Google or GitHub did not work in some scenarios.

Security/Component Update:

  • Updated the PostgreSQL JDBC driver to version 42.4.1.
  • Removed the gosu utility from the Docker PostgreSQL image to eliminate the CVE-2022-29162 vulnerability.
  • Updated the JSON In Java (org.json:json) library to version 20220320 to avoid the SONATYPE-2022-3061 security vulnerability.
  • Updated the Apache Shiro library to version 1.9.1 to remove the CVE-2022-32532 vulnerability.
  • Updated RESTEasy to version 4.7.6 to avoid the CVE-2020-1695 vulnerability.
  • Updated the Spring Security library to version 5.7.2 to avoid CVE-2022-22978.

E-mail notifications:

  • Fixed an issue where email notifications were not sent to collaborators when a file was edited.

Search:

  • Fixed an issue where clicking on a search result sometimes did not open the correct URL.