Skip to content

Latest commit

 

History

History
484 lines (465 loc) · 30 KB

CHANGELOG.md

File metadata and controls

484 lines (465 loc) · 30 KB

6.3.0

New Features

6.2.0

New Features

  • Custom Transforms and Renditions

    Alfresco Content Services (ACS) provides a number of content transforms, but also allows custom transforms to be added.

    It is now possible to create custom transforms that run in separate processes known as T-Engines (short for Transformer Engines). The same engines may be used in Community and Enterprise Editions. They may be directly connected to the ACS repository as Local Transforms, but in the Enterprise edition there is the option to include them as part of the Transform Service which provides more balanced throughput and better administration capabilities.

    For more information see Custom Transforms and Renditions

Removed features

  • DB2 support was removed.

Documentation

  • [MNT-20385] - Discrepancy between the compatible versions list for Outlook Integration on the Supported Platforms doc and the knowledgebase article#000014970

Service Pack Request

  • [MNT-16673] - Setting minimum password length for Share has no effect
  • [MNT-17551] - Long rule name without spaces causes the text to overlaps on Folder Rules page and as well when you edit the rule
  • [MNT-18112] - Ampersand in Wiki page name breaks search link
  • [MNT-18557] - Location Of alfresco.log is Ultimately Incorrect
  • [MNT-18730] - XML content encoded with UTF-16 can't be downloaded from Share's proxy
  • [MNT-19103] - Share Admin Tools: Link to Repository Administration Console is not always valid
  • [MNT-19397] - Create Folder Allows double click on Save Button resulting in Error 500
  • [MNT-19593] - Copy/Move dialog hidden views works on Document-Library page but not on Faceted Search Result page
  • [MNT-20196] - JMX Password redaction inconsistent
  • [MNT-20199] - Improper Output Neutralization for Logs CWE ID 117
  • [MNT-20200] - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE ID 80
  • [MNT-20208] - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute CWE ID 614
  • [MNT-20234] - Javascript debugger causing errors when enabled
  • [MNT-20296] - Notification Email when 'following' a user displays incorrectly in Japanese
  • [MNT-20305] - Oracle schema validation check failure with ojdbc7.jar version 12.1.0.2
  • [MNT-20314] - Untranslated strings: Title of Actions column of Table View in Document Library
  • [MNT-20325] - Documents with % and spaces version download issue.
  • [MNT-20337] - [Security] CVE-2018-16858 - LibreOffice directory traversal vulnerability
  • [MNT-20339] - Enterprise Admin Console - JMX Settings tool: "Revert" button only revert the last set of JMX properties
  • [MNT-20371] - Support for IDS 1.1 in ACS 6.1
  • [MNT-20379] - [Security] New batch of jackson-databind vulnerabilities
  • [MNT-20513] - [Security] Multiple xmlrpc vulnerabilities
  • [MNT-20515] - [Security] CVE-2017-18197 jgraphx XXE vulnerability
  • [MNT-20516] - [Security] CVE-2016-2510 bsh deserialization vulnerability
  • [MNT-20517] - [Security] Multiple spring-core vulnerabilities
  • [MNT-20518] - [Security] CVE-2018-1000632 dom4j XML injection vulnerability
  • [MNT-20520] - [Security] Multiple cxf-core vulnerabilities
  • [MNT-20521] - [Security] CVE-2018-17187 proton-j MitM vulnerability
  • [MNT-20522] - [Security] CVE-2015-6748 jsoup XSS vulnerability
  • [MNT-20524] - [Security] CVE-2018-10237 guava DoS vulnerability
  • [MNT-20525] - [Security] Multiple tika-parsers vulnerabilities
  • [MNT-20529] - [Security] Multiple Bouncy Castle vulnerabilities
  • [MNT-20530] - [Security] CVE-2016-6814 groovy deserialization vulnerability
  • [MNT-20531] - [Security] CVE-2018-10936 postgresql-jdbc MitM vulnerability
  • [MNT-20533] - [Security] CVE-2018-11775 activemq-client MitM vulnerability
  • [MNT-20534] - [Security] Multiple camel-core vulnerabilities
  • [MNT-20535] - [Security] Multiple commons-compress vulnerabilities
  • [MNT-20549] - spring surf libraries are inconsistent versions between repo and share wars
  • [MNT-20595] - Update Hazelcast version to at least 3.11 for OpenJDK
  • [MNT-20670] - Renaming parent category hides its children
  • [MNT-20723] - Admin cannot deauthorize user - Authorization status columns missing from admin console
  • [MNT-20747] - [Security] CVE-2016-10750 - Hazelcast deserialization vulnerability
  • [MNT-20748] - [Security] CVE-2019-12086 - Jackson Databind polymorphic typing vulnerability
  • [MNT-20749] - [Security] Multiple dcharts-widget vulnerabilities in contained jQuery lib
  • [MNT-20751] - [Security] Multiple camel-jackson vulnerabilities
  • [MNT-20755] - Error accessing Admin Console on ACS 6.1 with External Auth configured
  • [MNT-20770] - Share non responsive during direct download from S3 if content store selector is also configured
  • [MNT-20779] - Prop cleaner job creates DB dangling references when running within close time proximity to the sync job, preventing ACS from further syncing and prop cleaning
  • [MNT-20821] - Wrong translation in site-profile.get_fr.properties for Site Manager(s)
  • [MNT-20833] - ScriptNode method createAssociation can be used where users only have consumer role
  • [MNT-20840] - [Security] - Persistent Cross Site Scripting
  • [MNT-20850] - [Security] Content can be read by malicious user, bypassing permissions
  • [MNT-20938] - [Security] CVE-2019-16335 - Jackson Databind polymorphic typing vulnerability

Hot Fix Request

  • [MNT-20507] - Some documents with special characters cannot be indexed by solr6
  • [MNT-20593] - [Security] Full repository access for all unauthenticated users
  • [MNT-20714] - [HotFix] /nodes/{nodeId}/content REST API fails for content created by a deleted user
  • [MNT-20734] - 0kb file when using REST API nodes/{nodeID}/content in a clustered ACS
  • [MNT-20859] - ACS Admin Console does not display all Shards when using mTLS config between SOLR & Repo
  • [MNT-20965] - [HotFix ]CLONE-0kb file when using REST API nodes/{nodeID}/content in a clustered ACS
  • [MNT-21086] - CLONE - Some documents with special characters cannot be indexed by solr6

Bug

  • [MNT-18461] - CWE113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
  • [MNT-20308] - POST /authentication/versions/1/tickets incorrectly returns 403 when repository is in read-only
  • [MNT-20344] - No Alfresco-supplied docker image should run as root
  • [MNT-20407] - Rest-Api Workflow processes and task tests are failing on ACS 6.0.1.1
  • [MNT-20587] - Prometheus metrics are exposed without authentication
  • [MNT-20634] - Long rule description without spaces causes the text to overlap on when you edit the rule
  • [MNT-20977] - [Security] CVE-2019-12402- Commons compress vulnerability
  • [MNT-20978] - 6.1.1: Share Webscripts page showing interpolations instead of the values

Improvement

  • [MNT-19696] - REST API add order by parameter option to GET favorites
  • [MNT-20911] - upload tool is rounding file size when limit is set on the repository

6.1.0

New Features

  • Alfresco Identity Service (SSO):

    SSO using the Alfresco Identity Service is supported by the ACS V1 REST APIs.

    Other components in ACS, such as Share and protocol access, do not (yet) support the Alfresco Identity Service.

  • ActiveMQ:

    Alfresco ActiveMQ Docker images: GitHub Repo DockerHub Repo

  • Transform Service:

    The Transform Service performs transformations for Alfresco Content Services remotely in scalable containers. By default it is disabled for the zip distribution but enabled for docker-compose and helm deployments.

  • AWS Deployment:

    ACS can now be deployed on AWS EKS using helm charts.

    This can be done using the ACS on AWS deployment project.

  • Alfresco Benchmark Framework:

    The benchmark framework project provides a way to run highly scalable, easy-to-run Java-based load and benchmark tests on an Alfresco instance.

    It comprises the following: Alfresco BM Manager and Alfresco BM Drivers.

    The currently provided drivers are:

  • Java 11 support

    ACS is now runnable with OpenJDK 11.0.1. It still remains compatible with JDK 1.8.

  • Jave Profiling with YourKit

    Integrated YourKit agent in the ACS docker image.

    Documented instructions on how to activate and connect with the YourKit profiller to the JVM inside the container will follow soon.

Removed features

  • NTLM v1 was removed. "Passthru" authentication subsystem type is no longer available.
  • CIFS was removed.

Deprecations

  • TransformService and RenditionService: All Java APIs related to TransformService and RenditionService have been deprecated; the ability to perform arbitrary transformations will be phased out as the new DBP Transform Service takes effect. Renditions can be triggered using the existing repository REST API but will be processed asynchronously using the new services.

Service Pack Request

  • [MNT-15977] - 'Create document (folder) from template' does not sort nor is scrollable
  • [MNT-16608] - Manage Aspects does not work on Advanced Search Results page (folders)
  • [MNT-16713] - “Link to file” in faceted search doesn’t work
  • [MNT-18099] - Clicking on Date Picker for Date Property Cause Browser Window to Scroll Up
  • [MNT-18324] - datetime property cannot be set using 'set property' action in rule
  • [MNT-18453] - Error message appears on People finder page when subscription service disabled
  • [MNT-18514] - Multiple XSS vulnerabilities
  • [MNT-18816] - Date Picker via Document Properties resets the folder hierarchy in Alfresco Share.
  • [MNT-19173] - Data-list title not readable because of high contrast in CSS theme.
  • [MNT-19236] - Node Browser - Select Store button not working in IE 11
  • [MNT-19306] - Dragging and dropping content in the breadcrumb path in the document library not working in 5.2.2
  • [MNT-19374] - Different UI versioning behaviour
  • [MNT-19449] - Web Preview from Filmstrip View option returns double slash in URL
  • [MNT-19519] - Deleting a file with its link asset in the same folder return wrong message
  • [MNT-19740] - WebDav login throws NullPointerException/HTTP 500 error when Kerberos SSO is used
  • [MNT-19762] - [Security] PDFBox Vulnerabilities
  • [MNT-19791] - [Security] Share error page shows stack trace in page source - information leakage
  • [MNT-19854] - Unable to open document's workflow from document details screen
  • [MNT-19859] - Possible to Create User called 'System'
  • [MNT-19906] - Commons-lang version for Share 6.0 went backwards from 2.6 to 2.1
  • [MNT-19923] - External Authentication fails after ticket expiration
  • [MNT-19980] - Aspect.cm_attachable Displayed when Editing a Meeting Agenda Datalist
  • [MNT-20042] - Official Alfresco Docker Image Missing vti-bin war file
  • [MNT-20097] - taggingStartupTrigger and downloadCleanerSchedulerAccessor jobs are misconfigured
  • [MNT-20120] - Alfresco JS-API fails to return URL with SSO mode on
  • [MNT-20126] - Activiti: No workflow images generated in Java 11
  • [MNT-20162] - The “Shared Files” Button Label for the Spanish (es) Locale Doesn’t Display Correctly
  • [MNT-20222] - French Encoding Problem of Move to and Copy to on Search Page

Bug

  • [MNT-14338] - Server exception should be handled better in document details page and document library page
  • [MNT-15932] - Update message from delete user dialog
  • [MNT-19615] - Stored XSS through File Sharing and Improper Access Control in Workflows
  • [MNT-19634] - briefSummary contains sensitive details about deauthorized user
  • [MNT-19937] - Update documentation for Tomcat 8.5's new SSL configurations to fix AOS for ACS 6.0/6.1
  • [MNT-19981] - Node fails to bootstrap in large cluster
  • [MNT-19986] - Concurrency problem: First cluster startup can leave repository in a broken state
  • [MNT-20170] - Wrong label in faceted search title, slash is missed in Spanish translation
  • [MNT-20176] - Delete site fails with 403 for users from SITE_ADMINISTRATORS group
  • [MNT-20221] - Security: postgresql-42.2.1 (CVE-2018-10936)

6.0.0

New Feature

  • [MNT-16433] - Alfresco FTP server and Passive Mode clients

Service Pack Request

  • [MNT-14319] - FTSQueryParser parenthesis evaluation with negation
  • [MNT-14859] - Products that reuse the alfresco-core artifact get an unwanted alfresco.log
  • [MNT-15498] - No way to track "Cancelled Workflow"
  • [MNT-15731] - d:date values do not save correctly when the year is below 1900
  • [MNT-17162] - Transaction marking for the thumbnail.get.desc.xml descriptor throws error on delete
  • [MNT-17919] - Slow query during ACL tracking
  • [MNT-17976] - Hazelcast errors CONCURRENT_MAP_PUT and REDO_MAP_OVER_CAPACITY causing outages
  • [MNT-18275] - Bulk import of .ai and .eps not detecting mimetypes
  • [MNT-18420] - SVN 5.2.1 Enterprise mirror not available, request GIT Enterprise Mirror(s)
  • [MNT-18666] - Node cleanup job can fail on Referential Integrity errors
  • [MNT-18685] - [Security] Multiple Tomcat 7.0.x vulnerabilities
  • [MNT-18840] - [Security] Stored XSS vulnerability in Admin Console Directory Management
  • [MNT-18902] - [Security] CVE-2017-7525 - Jackson libraries deserialization vulnerability
  • [MNT-19035] - [Security] - Site Membership Information leakage
  • [MNT-19357] - Kerberos SSO Does Not Work for Share in Alfresco 5.1.4.1
  • [MNT-19472] - PDFBox 1.8.10 Returns Corrupt Stream Errors On Some Files During ExtractText Operations
  • [MNT-19474] - Activiti tables cause repo nodes in cluster to fail when started at the same time

Hot Fix Request

  • [MNT-19570] - Multi-threaded check-in and check-out throwing exception using CMIS API

Bug

  • [MNT-15095] - JobLockServiceTest testGetLockWithCallbackLocked fails on MS SQL
  • [MNT-15097] - RepoAdminServiceImplTest testSimpleDynamicModelViaRepoAdminService fails on DB2
  • [MNT-15425] - JobLockServiceTest testGetLockWithCallbackNormal fails on MS SQL DB build
  • [MNT-16169] - OpenCmisQueryTest.testSimpleConjunction() failing on MariaDB, MySQL, MS SQLServer
  • [MNT-17546] - sXSS in ContentGet v0 web script
  • [MNT-18480] - Unused strings for workflow
  • [MNT-18765] - Content Model admin security bypass
  • [MNT-18929] - [Security] - CVE-2017-9801 - commons-email vulnerability
  • [MNT-18982] - Remove dependency to commons-beanutils from spring-webscripts
  • [MNT-19000] - [Security] - cloud Embedded XSS
  • [MNT-19095] - Copyright info not correct Alfresco Software, Inc. © 2005-2017 needs to be replaced by Alfresco Software, Inc. © 2005-2018
  • [MNT-19124] - Alfresco admin console has copyright year 2017
  • [MNT-19127] - Security issues logged on Google's issue tracker for Pdfium
  • [MNT-19412] - [Security] CVE-2017-17485: incomplete fix for the CVE-2017-7525 deserialization flaw
  • [MNT-19431] - Security: CVE-2016-1000031: commons-fileupload-1.3.2.jar
  • [MNT-19514] - REST API: Deauthorized users 500
  • [MNT-19770] - [Security] LibreOffice SSRF (Forced HTTP GET)
  • [MNT-19956] - ACS HELM Deployment: Unprotected access to all resources

Improvement

  • [MNT-13786] - Need support for newer Hazelcast 2.6 or 3.x libraries
  • [MNT-14586] - Support for Amazon Linux Operating System
  • [MNT-17644] - support for outer join in Alfresco CMIS
  • [MNT-17937] - Please update support to PostgreSQL 10
  • [MNT-18333] - Support for Tomcat 8 on Alfresco 5.1/5.2 requested
  • [MNT-19123] - Provide buildable source code for ACS 5.2.2
  • [MNT-19513] - Stack review for Office and Windows versions
  • [MNT-19768] - FTR & HTTPS
  • [MNT-19769] - DojoDependencyHandler - cached generated resources use significant amount of heap memory
  • [MNT-19771] - Tomcat 7 classloader serializes authentication ticket retrieval
  • [REPO-3934] - Renditions: Switches for TransformServer and Local Transforms