XperienCentral R46

Release date: December 2, 2024

Check Configuration Files

See Check Configuration Files.

jQuery Has Been Removed

In XperienCentral version R45 the Interactive Forms JavaScript files have been modified to remove the dependency on jQuery. This has a direct impact on any custom JavaScript implementations you have developed that listen for thrown events. There are two paths that you can take to rewrite your frontend code: either remove jQuery altogether from your own implementation (recommended!) or rewrite your custom code to still use jQuery. The following events are thrown by Interactive Forms which you have the ability to listen to in your own frontend code:

• IAF_ShowFormFragment

• IAF_HideFormFragment

• IAF_ShowError

• IAF_HideError

• IAF_SubmitForm

• IAF_AfterSubmit

• IAF_AjaxShowFormStep

• IAF_FormLoaded

• IAF_ClientSideFrameworkLoaded

For the following events, no changes have to be made if you keep using jQuery:

• IAF_ShowFormFragment

• IAF_HideFormFragment

• IAF_SubmitForm

• IAF_FormLoaded

• IAF_ClientSideFrameworkLoaded

If you do want to rewrite your custom JavaScript to not include jQuery, rewrite your code as follows:

Old situation:

$(document).on('IAF_ShowFormFragment, '.formfragment', function(e) { ... });

New situation without jQuery:

document.addEventListener('IAF_ShowFormFragment', (e) => {
   const fragment = e.target;
   ...
});

The same applies for the other events.

For the following events changes have to be made regardless of whether you keep using jQuery or not:

• IAF_ShowError

• IAF_HideError

• IAF_AfterSubmit

• IAF_AjaxShowFormStep

In the old case these jQuery events had specific data which was added to them, but the way you have to retrieve this data has changed.

• IAF_ShowError: passes on error div ID and the errors

• IAF_HideError: passes on error div ID

• IAF_AfterSubmit: passes on data returned by XC

• IAF_AjaxShowFormStep: passes on form step data returned by XC

For these events you can apply the following changes to your code:

IAF_ShowError

Old situation:

$(document).on('IAF_ShowError', '.wmpform div', function(e, errorDivId, errors) { ... });

New situation with jQuery:

$(document).on('IAF_ShowError', '.wmpform div', function(e) {
   const errorDivId = e.detail.id;
   const errors = e.detail.errors;
   ...
});

New situation without jQuery:

document.addEventListener('IAF_ShowError', (e) => {
   const fragment = e.target;
   const errorDivId = e.detail.id;
   const errors = e.detail.errors;
   ...
});

IAF_HideError

Old situation:

$(document).on('IAF_HideError', '.wmpform div', function(e, errorDivId) { ... });

New situation with jQuery:

$(document).on('IAF_HideError', '.wmpform div', function(e) {
   const errorDivId = e.detail.id;
   ...
});

New situation without jQuery:

document.addEventListener('IAF_HideError', (e) => {
   const fragment = e.target;
   const errorDivId = e.detail.id;
   ...
});

IAF_AfterSubmit

Old situation:

$(document).on('IAF_AfterSubmit', '.wmpform', function(e, data) { ... });

New situation with jQuery:

$(document).on('IAF_AfterSubmit', '.wmpform', function(e) {
   const data = e.detail;
   ...
});

New situation without jQuery:

document.addEventListener('IAF_AfterSubmit', (e) => {
   const form = e.target;
   const data = e.detail;
   ...
});

IAF_AjaxShowFormStep

Old situation:

$(document).on('IAF_AjaxShowFormStep', '.wmpform', function(e, formStep) { ... });

New situation with jQuery:

$(document).on('IAF_AjaxShowFormStep', '.wmpform', function(e) {
   const formStep = e.detail;
   ...
});

New situation without jQuery:

document.addEventListener('IAF_AjaxShowFormStep', (e) => {
   const form = e.target;
   const formStep = e.detail;
   ...
});

Summary

• For IAF_ShowError, the e.detail is an object where e.detail.id is the error div id and e.detail.errors contains the errors

• For IAF_HideError, the e.detail is the same object as above, where only e.detail.id should be relevant, as e.detail.errors will be empty

• For IAF_AfterSubmit, e.detail is the response data object from the Form POST (same data as the old argument)

• For IAF_AjaxShowFormStep, e.detail is the identifier of the form step (same data as the old argument)

XperienCentral R45

Release date: September 10, 2024

Check Configuration Files

See Check Configuration Files.

Check Custom Media Item Code

If you implement a custom media item, you will most likely need to modify your custom media item controller. Usually, BeanUtils.copyProperties is used to copy properties from the media item version to your form backing object in YourCustomMediaItemController#formBackingObject and vice versa in YourCustomMediaItemController#onSubmit. However, since a media item itself doesn't have a presentation, the setPresentation and setPresentationVariant on MediaItemArticleVersionImpl now throws an UnsupportedOperationException. In XperienCentral versions R44 and lower, that method didn't do anything. To prevent this runtime exception from being thrown, you must explicitly omit these properties when you use BeanUtils to copy its properties.

For example, change;

BeanUtils.copyProperties(mediaItemVersion, myFormBackingObject);

to

BeanUtils.copyProperties(mediaItemVersion, myFormBackingObject, new String[ {"presentation", "presentationVariant"});

and change

BeanUtils.copyProperties(myFormBackingObject, mediaItemVersion);

to

BeanUtils.copyProperties(myFormBackingObject, mediaItemVersion, new String[]{"presentation", "presentationVariant"});

Audit Trail Database Modifications

In some cases, the Audit Trail panel can cause the XperienCentral environment to freeze up. This is caused by the out of control growth of some database tables related to the audit information that is collected and stored. To solve this problem, the application manager or a developer must execute two queries on the database used to store the Audit Trail history. These queries create two new indices. Creating the indices is optional but GX Software recommends that you do so. You can upgrade XperienCentral to version R45 without the new indices.

Execute the following two queries on the database containing the Audit Trail:

CREATE INDEX parentContentIdIndex ON wmHistory (parentContentId);
CREATE INDEX webIdActionContenttypeIndex ON wmHistory (webId, action, contenttype);

Deprecated Components

In XperienCentral version R45, a number of deprecated components have been removed. If you have custom code that makes use of any of these components, you must modify it. The following components have been deprecated/removed:

• All references to page models
• Deprecated/unused filters in web.xml:
  • XslFoFilter
  • XSLFoTransformer
  • MobileESPFilter
  • DeviceAtlasFilter
  • DeviceRedirectFilter
• The Mobile Toolkit module

XperienCentral R44

Release date: June 17, 2024

Check Configuration Files

See Check Configuration Files.

Image Maps

In XperienCentral R44 support for image maps has been removed. Any image maps that are still present when upgrading to R44 (or later) will be removed automatically.

Solr Index Replication

In XperienCentral versions R44 and higher, replication of the Solr index over multiple nodes in a cluster can now be done via the database. This improves index consistency and performance. When you enable Solr replication on a clustered environment selecting wmasolrsearch.replication_enabled in the General tab of the Setup Tool, you should also perform the following actions:

• The masterUrl property in the solrconfig.xml points by default to 127.0.0.1. Make sure that in your hosts file the IP address 127.0.0.1 is mapped to the actual hostname of the environment or you can update the solrconfig.xml manually to point to the local machine on every node.
• If you use a custom solrconfig.xml, do a diff on your custom version and the R44 version of solrconfig.xml before upgrading, note the changes and be sure to migrate them into your custom version.

Setenv Modifications

Regardless of whether or not you will use the new Solr index replication functionality described above, you need to modify your setenv.sh or setenv.bat by adding the following Java options:

-Dsolr.disable.shardsWhitelist=true
-Dsolr.disable.allowUrls=true

GraphQL Logging

By default, the GraphQL Java dependency is logging too much information. For this reason GX Software strongly recommends that you change the log level of this logger. Follow these steps:

Tomcat

Add the following line to the logging.properties file:

notprivacysafe.graphql.level=SEVERE

JBoss

Add the following lines to standalone.xml:

<logger category="notprivacysafe.graphql">
   <level name="SEVERE"/>
</logger>

Restart Tomcat/JBoss.

Includes in Presentations

The presentation include functionality has been removed in XperienCentral R44. If you use the <include> tag in your presentation's XML files, you must remove them.

Dependencies

XperienCentral R43

Release date: March 4, 2023

Check Configuration Files

See Check Configuration Files.

WebManagerAPI.getWrapper() Method Modification

In XperienCentral versions R42 and earlier, calling WebManagerAPI.getWrapper(ID, MediaTerm.class) returned a valid MediaTerm object if the given ID did not exist.  The only way to determine whether the requested MediaTerm actually existed was to do a null check on the name of the returned object. In XperienCentral versions R43 and later, a null object is returned by the method call itself, which may lead to NullPointerExceptions. Because this method is used by the wm:object tag, you need to modify any JSPs that call the getWrapper() method. For example:

<wm:object var="tag" objectId="XXX" objectType="nl.gx.webmanager.cms.mediarepository.MediaTerm" />
<c:if test="${empty tag.name}">
    ...
</c:if> 

should be changed to

<wm:object var="tag" objectId="XXX" objectType="nl.gx.webmanager.cms.mediarepository.MediaTerm" />
<c:if test="${empty tag}">
...
</c:if>  

Delete the formupload Directory

After upgrading to R43, delete all files from the form upload directory. The form upload directory is specified by the setting form_upload_directory in the General tab of the Setup Tool.

Add New Location for Presentation JSPs

In XperienCentral R43, the XperienCentral XSL stylesheets were combined into 1 new file. In the General tab of the Setup Tool, you need to add the new location /WEB-INF/project/nl.gx.product.wmpbasepresentation to the setting presentation_jsps_url in the section backend_system_settings. If your project does yet not contain /WEB-INF/project/ in the presentation_jsps_url, add /WEB-INF/project/nl.gx.product.wmpbasepresentation.

Remove Deprecated Plugins

After upgrading, remove the following plugins manually in the Plugins Management Console:

• Console plug-in
• Console ssh plugin support plug-in
• Apache Mina SSHD :: Core

XperienCentral R42

Release date: December 4, 2023

Check Configuration Files

See Check Configuration Files.

GraphQL API

The Jackson-core and Jackson-databind XML libraries used for XML serialization are now shipped and exposed by default using springmvc-servlet.xml. If any of your plugins uses one of these libraries, you can set the scope to provide and omit the version.

Spring MVC Upgrade

Spring MVC was upgraded from 3.2.18 to 5.3.30 in this release. If any of the controllers in your project directly or indirectly extend from nl.gx.webmanager.springmvc.controller.BaseWebmanagerController.java, you need to make a few adjustments to your code. Replace all instances of BindException with BindingResult in your controllers. The easiest way to do this is using search/replace in your IDE (case sensitive). Your import statements should still be valid because the package itself has not changed. It is also possible to do a global search/replace because BindException shouldn't be used outside of a Spring MVC controller.

For example:

@Override
public void onSubmit(HttpServletRequest request, HttpServletResponse response, Object command,
BindException errors, ModelAndView modelAndView) throws Exception
{ // your code here }

should be changed to

@Override
public void onSubmit(HttpServletRequest request, HttpServletResponse response, Object command,
BindingResult errors, ModelAndView modelAndView) throws Exception
{ // your code here }

addValidators

If your project has controllers that directly or indirectly extend from BaseWemanagerController, and this controller registers a validator through binder.addValidator(new ...Validator), change this to addValidator(new ...Validator). This method is present on BaseWebmanagerController.java. 

If you experience any compilation errors or other problems, please don't hesitate to contact your GX Software consultant.

Notes for Reusables

If your project uses reusables, those might need to be upgraded as well. For each reusable that your project uses, check whether it contains any controllers that directly or indirectly extend from BaseWebmanagerController and also whether they contain any instances of BindException. If they do, check whether there already exists an XperienCentral R42 or higher compliant version for this reusable at /wiki/spaces/GX/pages/25436300 (login required). If your controllers do not extend from BaseWebmanagerController, simply replace all instances of BindException with BindingResult as explained in the first paragraph above. After doing so and verifying that your reusable still works in your environment, release a new version of the reusable and refer to it at /wiki/spaces/GX/pages/25436300 (login required). Please don't remove the old version, instead specify that the old version is specifically intended for XperienCentral versions R41 and lower and that the new version is intended for XperienCentral R42 and higher.

Updated Dependencies

The javax.servlet dependency has been updated to version 4.0.1. You need to update your reusables to use this version of the javax.servlet dependency. In versions R42 and higher, XperienCentral no longer supports Tomcat 8.x because it contains javax.servlet 3.1.

Removed Dependency

The dependency org.apache.commons.lang has been removed. Use org.apache.commons-lang3 instead.

Moved Dependencies

The Maven dependency org.apache.httpcomponents.httpclient has been moved to org.apache.httpcomponents.client5. Use your IDE or check Github (https://github.com/apache/httpcomponents-client/tree/master/httpclient5/src/main/java/org/apache/hc/client5/http and https://github.com/apache/httpcomponents-core/tree/master/httpcore5/src/main/java/org/apache/hc/core5 ) to find the current position of each class. See also the migration guide for more details at https://hc.apache.org/httpcomponents-client-5.2.x/migration-guide/index.html.

Apache Solr

When using a custom solrconfig.xml, update the Lucene Match version to 9.8.0: 

<luceneMatchVersion>9.8.0</luceneMatchVersion>

XperienCentral R42 has been updated to Apache Solr version 9. After upgrading XperienCentral, manually rebuild both the backend and frontend indexes.

Highlighting

hl.method=unified is the new highlighting default in Solr versions 9.0.0 and higher. Use hl.method=original to switch back if needed.

Custom Indexable JCR Properties

When using custom indexable JCR properties when calling the JcrIndexPropertyService.addIndexedProperty method, you could experience issues when the values used in these properties exceed the limit of 256 characters. After upgrading, remove the custom property using the JcrIndexPropertyService.removeIndexedProperty method and re-add it to make sure the contents can be longer than 256 characters.

wmpformpresentation Plugin

The following files in the form presentation plugin have been minified and renamed. If you refer to these static files in your code, you will need to update these references accordingly:

• /static/wmpformpresentation/js/plugin/jquery.form-4.3.0.patched.js --> /static/wmpformpresentation/js/plugin/jquery.form-4.3.0.patched.min.js
• /static/wmpformpresentation/js/formutil.js --> /static/wmpformpresentation/js/formutil.min.js
• /static/wmpformpresentation/js/formvalidation.js --> /static/wmpformpresentation/js/formvalidation.min.js
• /static/wmpformpresentation/js/formvalidationbindings.js --> /static/wmpformpresentation/js/formvalidationbindings.min.js

XperienCentral R41

Release date: September 20, 2023

Check Configuration Files

See Check Configuration Files.

Rebuild the Content Index

Due to a change in the Search functionality, you must rebuild the content index. To do so, manually remove the <webmanager-root>/work/contentindex directory after the upgrade and allow it to be regenerated after restarting XperienCentral. Selecting contentindex_queue_empty_reindex in the Setup Tool is not sufficient.

YourKit Java Profiler

The YourKit Java Profiler has been removed from XperienCentral in version R41. If your deployment uses a custom implementation of YourKit, search for references in your deploy<x>.xml, settings<x>.xml and pom.xml files and remove them. 

Apache Derby

Apache Derby has been removed from XperienCentral in version R41. If your deployment uses a custom implementation of Derby, you must remove all references to it from your project.

jQuery

In this version of XperienCentral, jQuery has been reverted to version 3.5.1. 

XperienCentral R40

Release date: July 20, 2023

Check Configuration Files

See Check Configuration Files.

Best Practices for Strict Content Security Policy (CSP) Configurations

It is recommended that you no longer use event attributes like onclick and onsubmit in your HTML. This applies to both the front- and backend of XperienCentral. The reason is that a strict CSP will block these methods from executing. For example, code like this:

<input onclick="doSomething()" />

should be replaced by something similar to this:

<input id="myInput" />

<!-- this can either be in a separate file or inline, as we add a CSP secure nonce to inline scripts -->

<script>

document.getElementById('myInput').addEventListener('click', function() {
    doSomething();
})

</script>

This recommendation also goes for the wmedit tags like select and button. Sometimes attributes like onclick or onkeypress are added to the include of these tags and will be rendered on the input. This strategy will also no longer work with a strict CSP policy. In some cases, the onClick is located on a table row like in the example below. For situations like this, the fix is slightly different:

<c:forEach var="tableRow" items="${tableRow}">
...
   <tr onclick="doSomething(${someParameter})">
       ....
   </tr>
...
</c:forEach>

<c:forEach var="tableRow" items="${tableRow}"> 
   ...
   <tr class="tableRow" data-some-parameter="${someParameter}">
      ...
   </tr> 
   ... 
</c:forEach> 
<script type="text/javascript">
   const tableRows = document.getElementsByClassName('tableRow');

   for (let tableRow of tableRows) {
      let someParameter = tableRow.dataset.someParameter;
      tableRow.addEventListener('click', function () {
         doSomething(someParameter);
      });
   }
</script>

Guava is Replaced by Caffeine

In R40, the Guava Java-based library has been replaced by the Google Caffeine caching library. If your deployment makes use of Guava in custom code, you must modify it to use Caffeine.

XperienCentral Online Help Component

The Online Help component has been removed from XperienCentral in version R40. You must therefore modify any custom plugins that have a dependency on this component.

solrconfig.xml

The luceneMatchVersion in any custom solrconfig.xml files should be updated to version 8.11.2.

XperienCentral R37.1

Release date: July 10, 2023

Check Configuration Files

See Check Configuration Files.

Best Practices for Strict Content Security Policy (CSP) Configurations

It is recommended that you no longer use event attributes like onclick and onsubmit in your HTML. This applies to both the front- and backend of XperienCentral. The reason is that a strict CSP will block these methods from executing. For example, code like this:

<input onclick="doSomething()" />

should be replaced by something similar to this:

<input id="myInput" />

<!-- this can either be in a separate file or inline, as we add a CSP secure nonce to inline scripts -->

<script>

document.getElementById('myInput').addEventListener('click', function() {
    doSomething();
})

</script>

This recommendation also goes for the wmedit tags like select and button. Sometimes attributes like onclick or onkeypress are added to the include of these tags and will be rendered on the input. This strategy will also no longer work with a strict CSP policy. In some cases the onClick is located on a table row like in the example below. For situations like this, the fix is slightly different:

<c:forEach var="tableRow" items="${tableRow}">
...
   <tr onclick="doSomething(${someParameter})">
       ....
   </tr>
...
</c:forEach>

<c:forEach var="tableRow" items="${tableRow}"> 
   ...
   <tr class="tableRow" data-some-parameter="${someParameter}">
      ...
   </tr> 
   ... 
</c:forEach> 
<script type="text/javascript">
   const tableRows = document.getElementsByClassName('tableRow');

   for (let tableRow of tableRows) {
      let someParameter = tableRow.dataset.someParameter;
      tableRow.addEventListener('click', function () {
         doSomething(someParameter);
      });
   }
</script>

Angular and CSS Styling

Beginning in XperienCentral R39.0, GX Software recommends that you prevent Angular panels from rendering inline CSS styling. You should configure your Content Security Policy to block this. In Angular version 12, the so called "critical CSS" is rendered inline by default. This can be changed easily by setting the inlineCritical option in your build to false. For more information see [https://0xdbe.github.io/AngularSecurity-DisableInlineCriticalCSS/].

Password Requirements

The password strength requirements have been modified in XperienCentral R39. A password must now contain 12 or more characters. While existing passwords will still work after upgrading to R39, GX Software recommends that you encourage your users to change their password after upgrading.

XperienCentral Online Help Component

The Online Help component has been removed from XperienCentral in version R37.1. You must therefore modify any custom plugins that have a dependency on this component.

XperienCentral R39

Release date: April 6, 2023

Check Configuration Files

See Check Configuration Files.

Filename Changes

The following files have been modified in this version of XperienCentral. If you have custom code that references the following files by name, you must modify your code to pick up these changes.

<xperiencentral-root>/webmanager-wcbs/webmanager-interactive-forms/wmpformpresentation/src/main/resources/presentationtype/static/wmpformpresentation/js/plugin/:

• jquery-ui-1.13.1.min.css is now jquery-ui-1.13.2.min.css
• jquery-ui-1.12.1.min.js is now jquery-ui-1.13.2.min.js
• jquery-form-4.2.0.js is now jquery.form-4.3.0.patched.js

<xperiencentral-root>/webmanager/webmanager-webapps/webmanager-backend-webapp/src/main/webapp/js/library/jquery/:

• jquery.form.js is now jquery.form-4.3.0.patched.js
• jquery-3.5.1.min.js is now jquery-3.6.1.min.js
• jquery-ui-1.13.1.min.js is now jquery-ui-1.13.2.min.js

Angular and CSS Styling

Beginning in XperienCentral R39.0, GX Software recommends that you prevent Angular panels from rendering inline CSS styling. You should configure your Content Security Policy to block this. In Angular version 12, the so called "critical CSS" is rendered inline by default. This can be changed easily by setting the inlineCritical option in your build to false. For more information see [https://0xdbe.github.io/AngularSecurity-DisableInlineCriticalCSS/].

Java Min/Max Version

In XperienCentral R39, Java 17 is the minimum and maximum supported version.

Password Requirements

The password strength requirements have been modified in XperienCentral R39. A password must now contain 12 or more characters. While existing passwords will still work after upgrading to R39, GX Software recommends that you encourage your users to change their password after upgrading.

Remove the XML Parser Plugin

After upgrading to XperienCentral R39, you should manually remove the "GX WebManager - XML Parser" plugin to avoid errors in the log. See Plugins Management Console.

The wmedit: button tag

The wmedit:button tag in JSPs now has a required id attribute. Any custom functionality that uses this tag should be updated to provide a unique ID value.

Content Security Policy configuration

A Content Security Policy is used to let the user's browser know from which location resources like Javascript or CSS can be loaded. XperienCentral now supports the configuration of a CSP within XperienCentral itself. Configuration takes places via the Content Security Configuration panel, found in the main menu under Application Tools.

Disabling the Content Security Policy Filter

The filter that adds both the CSP header and the nonces (if applicable) can be bypassed when starting XperienCentral. This can be used if the CSP is configured on Apache HTTPD for example or when you are accidentally locked out of XperienCentral due to a CSP misconfiguration.

For more information on Content Security Policy configuration see https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Changes in xslStyleSheet

In R39, an extra XSL template for wm-hostname-prefix has been added added in xslStyleSheet.jspf. If you use a custom implementation of this file, make sure to add this extra template to the stylesheet.

<xsl:template match="wm-hostname-prefix" name="wm-hostname-prefix">
   <xsl:choose>
      <xsl:when test="count(/root/system/headers/header[name = 'x-forwarded-prefix']) &gt; 0">
         <xsl:value-of disable-output-escaping="yes" select="/root/system/headers/header[name = 'x-forwarded-prefix']/value" />
      </xsl:when>
      <xsl:when test="count(/root/system/headers/header[name = 'X-Forwarded-Prefix']) &gt; 0">
         <xsl:value-of disable-output-escaping="yes" select="/root/system/headers/header[name = 'X-Forwarded-Prefix']/value" />
      </xsl:when>
   </xsl:choose>
</xsl:template>

XperienCentral R38

Release date: October 28, 2022

Check Configuration Files

See Check Configuration Files.

Interactive Forms File Name Changes

• The file static/wmpformpresentation/js/jquery.form.js was renamed to static/wmpformpresentation/js/plugin/jquery-form-4.2.0.js.
• The file static/wmpformpresentation/css/plugin/jquery-ui.min.css was renamed to static/wmpformpresentation/css/plugin/jquery-ui-1.13.1.min.css.

If you have custom code that uses these files, you need to modify your code to pick up these name changes. These name changes are only relevant for projects that do not use the default formsHeadTag.jsp.

Shared languages

In XperienCentral version R38, language labels are no longer implicitly shared between channels. When you want to keep sharing the labels of a specific language between 2 channels, perform the following steps before upgrading to R38:

1. Open the JCR Browser and navigate in the "JCR Tree" tab to the /wm:webmanager/wm:websites/wo:webinitiatif[{_}n{_}]/wo:wm_registry node where wo:webinitiatif[{_}n{_}] represents the channel that will receive the shared language labels.

2. Click [Edit] by the wo:language property and remove the language you want to share. In order to find out which of the shown UUIDs represents that language, execute the following query in the JCR Browser:
   
   

   //element(*)[@jcr:uuid='<the uuid of a language>'] 

3. Share the language between the 2 channels by following the steps on https://gxsoftware.atlassian.net/wiki/display/PD/Multiple+Channels#MultipleChannels-sharing_contentSharingContent.

Upgrading to R38 has no impact when a language was already shared in the way described above.

XperienCentral R37

Release date: August 24, 2022

Check Configuration Files

See Check Configuration Files.

Interactive Forms Form Fragment API

The API for form fragments was changed in R37. The getValue method, which retrieves the value of the form fragment itself, used to return an unescaped and therefore unsafe value of a form fragment. In R37, this method has been updated to always return a safe value. To retrieve the unescaped value of a form fragment, the new method getRawValue can now be used.

Interactive Forms form.tag file

The file form.tag has been changed in R37. If you use a custom version of form.tag in your XperienCentral deployment, you need to add the following line between the <form> tags:

<input type="hidden" name="pageid" value="${presentationcontext.page.id}" />

Search & Retrieve API

The setting contentindex_index_readonly_nodes has been added to the application_settings section of the General tab of the Setup Tool. If the Search & Retrieve API is used on a clustered environment, this setting should be enabled, otherwise the API will not return any results. When this setting is enabled the content index should also be rebuilt.

XperienCentral R36

Release date: June 15, 2022

Check Configuration Files

See Check Configuration Files.

SEO Updates

In R35 and earlier, the application_settings.friendly_url_extension setting was used to determine whether a URL is friendly. In R36 and higher, it's possible to leave the friendly URL extension empty which calculates friendly URLs without extensions. This means that the way that a URL is checked for being friendly has been changed. A new setting has been introduced in the startup_settings section of the General tab of the Setup Tool: seo_path. The value in this field is used to determine if a URL is friendly or not. For example, assume that Apache is not configured to remove /web/ from a URL. In that case a friendly URL in versions R35 or earlier would be /web/home.htm. In versions R36 and higher, it would be /web/seo/myweb.htm.

To make sure this works as intended check the following settings in the Setup tool:

website_settings.friendly_url_prefix

In R35, the default value was /${startup_settings.context}. When Apache is not used to remove the /web/ prefix, this setting should be updated to

/${startup_settings.context}/${startup_settings.seo_path}

If Apache is used, this field is usually empty and can be left as is.

startup_settings.seo_path

The value of this field should be set to seo by default. If this field is not present in the startup_settings.xml check with your hosting provider if a different startup_config.xml is used than the one shipped with the deploy of XperienCentral. In that case, the following line should be added:

<entry name="seo_path" value=$(webmanager seopath)" />

Please also make sure that all changes in settings.xml have been applied.

context_static

The setting application_settings.context_static has been removed in XperienCentral R36. You must modify any custom code that uses this setting to use application_settings.static_files_url instead.

Changes to Apache

A minor change needs to be done to the vhost configuration in Apache to make sure XperienCentral keeps working. Most installations should have something along these lines to redirect requests from Apache to XperienCentral:

RewriteCond %{REQUEST_URI} !^/web/
RewriteCond %{REQUEST_URI} !^/admin/
RewriteRule ^/(.*)\.htm$ /web/$1.htm [PT,L]

The last line should be updated to

RewriteRule ^/(.*)\.htm$ /web/seo/$1.htm [PT,L]

This applies to both the back- and frontend vhost configurations.

In order to run XperienCentral without extensions at all, see Running XperienCentral without a Friendly URL Extension.

Friendly URL Extension Setting

The setting frontend_settings.friendly_url_extension was removed in R36.

URL Transformations

When transforming a URL from a URL without a context path to one with a context path in custom code, you should now also add the SEO path to the updated URL. This kind of logic is often used in custom implementations of the MetaDataProvider interface.

Update your Solr Configuration

In R36, the Solr version has been upgraded to version 8.11.1, therefore you must make the following changes:

In solrconfig.xml, change the declaration:

<luceneMatchVersion>6.6.6</luceneMatchVersion>

to

<luceneMatchVersion>8.11.1</luceneMatchVersion>

The eDismax query parser parameter lowercaseOperators now defaults to false if the luceneMatchVersion in solrconfig.xml is 7.0.0 or above, therefore you must set the lowercaseOperators parameter explicitly to true:

<bool name="lowercaseOperators">true</bool>

The following spatial-related fields have been removed:

• LatLonType
• GeoHashField
• SpatialVectorFieldType
• SpatialTermQueryPrefixTreeFieldType

Choose one of these field types instead:

• LatLonPointSpatialField
• SpatialRecursivePrefixTreeField
• RptWithGeometrySpatialField

Extra Steps

1. Stop Tomcat if it is running.
2. Remove the directory <webmanager-root>/work/searchengine.
3. If you have a custom solrconfig.xml, you need to modify it — open it in a text editor.
4. Save your custom solrconfig.xml.
5. Start Tomcat.
6. Log in to XperienCentral.

Real-time indexing

If you use real-time indexing (the XperienCentral Realtime Indexing reusable):

1. Navigate to Configuration > Realtime Indexing.
2. Select the "Indexing" tab.
3. Select all the websites that you want to index in the top part of the panel.
4. Click [Index selected items].

No real-time indexing

If you do not use real-time indexing (the XperienCentral Realtime Indexing reusable):

1. Open the Setup Tool.
2. Select the Search Tools tab.
3. Click [Index] in the "INDEX URL" section.

Custom Solr Queries

Check the changes that have been made between Solr versions 6.6.6 and 8.11.1 in order to determine whether you need to modify your custom Solr queries. See https://solr.apache.org/guide/8_11/major-changes-in-solr-8.html.

Deprecated Functionalities

Some query functionalities have been deprecated and/or removed, so it might be necessary to rewrite custom queries. See Solr upgrade (R36/Solr 8.11.1) for specific use cases that GX Software has encountered (login required).

Rebuild the Content Index

Due to a change in the Search functionality, you must rebuild the content index. To do so, manually remove the <webmanager-root>/work/contentindex directory after the upgrade and allow it to be regenerated after restarting XperienCentral. Selecting contentindex_queue_empty_reindex in the General tab of the Setup Tool is not sufficient to trigger the regeneration of the content index.

XperienCentral R35

Release date: February 7, 2022

Check Configuration Files

See Check Configuration Files.

SSI URLs

New security measures were introduced in this version that prevent the manipulation of URLs that contain SSI object IDs and/or presentation IDs. In general the cache will still be filled with files that contain pre-upgrade SSI URLs after an upgrade, which will lead to SSIs not being loaded and to the following message being logged in the Catalina logs:

nl.gx.webmanager.servlet.ControllerServlet.checkSsiObjectIdUrlSignature Block ssiObjectId request XXXXXXX because it is not allowed in this context 

This can be prevented by either clearing the frontend cache during the upgrade or, if that is not an option, by disabling the check_url_signature option in the application_settings section of the General tab in the Setup Tool. Be sure to re-enable this option after the cache has been regenerated. This setting will be shown in Setup Tool as turned off by default. However, it's actually turned on. So in order to get the state right, toggle the option in the Setup Tool to make sure it reflects the proper state.

fragment.tag and fragmentLabel.tag

The files fragment.tag and fragmentLabel.tag have been extensively modified in this version of XperienCentral. If you have custom code that makes use of modified versions of these files, perform a diff on the XperienCentral version of these files with your own modified versions in order to see what the differences are in order to pick up the new modifications. As is the case with all upgrades, do not overwrite your versions of these files if they have been customized for your XperienCentral deployment.

Changes to fragment.tag

This file has been updated to always render the HTML for the fragment label in the IAF Panel. Additionally, an ID is added to the <div class="wm-field-helptext"> whenever it appears in the IAF Panel.

Changes to fragmentLabel.tag

If you select "Required field" for a form fragment, you see that change immediately in the Interactive Forms panel. In earlier versions, this was not the case. In order to make this possible, the HTML is now always rendered in the Interactive Forms panel.

XperienCentral R34

Release date: November 18, 2021

Check Configuration Files

See Check Configuration Files.

Deprecated Media Repository Method Removed

The following method which was deprecated in 2009 has been removed from nl.gx.webmanager.cms.mediarepository.MediaRepository:

int copyMediaItem(MediaItemVersion mediaItem);

JBoss upgrade

From R34 onwards, JBoss 7.2 EAP is the supported JBoss version. JBoss 7.2 EAP and higher incorporates JDK 11 support. In order to upgrade, download the JBoss 7.2.0 EAP application server from https://developers.redhat.com/products/eap/download. See https://access.redhat.com/articles/2026253 for the supported configurations. In order to run XC on the JBoss application platform, use the standalone.xml and standalone.conf delivered with the XC SDK. For more information, see the updated JBoss information on the Linux Server Installation page.

MySQL Connector Upgrade

• In R34, the version of the MySQL connector has been upgraded from version 5.1.23 to 8.0.26. In version 8.0.23, changes were made to the way that MySQL handles time zones and dates. The method getObject(columnindex) now returns a local date/time rather than a string for any date/time columns, therefore any custom code that implements this method should be checked and modified if necessary.
• A second change in the connector is the way time zone conversions are handled. In order to keep these settings the same as they were before the changes in version 8.0.23, the following parameter should be added to the
  connection URL in the connectionTimeZone=<server> parameter in the Tomcat server.xml . For example:
  
  Before:
  
  jdbc:mysql://localhost:3306/webmanager9?autoReconnect=true
  
  After:
  
  jdbc:mysql://localhost:3306/webmanager9?autoReconnect=true&amp:connectionTimeZone=<server>
  
  In the second example above, note that &amp: is used instead of &.

XperienCentral R33.1

Release date: September 27, 2021

Check Configuration Files

See Check Configuration Files.

CSRF Approved URL Setting

A new CSRF setting has been added that allows you to approve URLs and bypass the CSRF checks. See the setting csrf_ignore_url_paths_regex in the application_settings section of the General tab of the Setup Tool.

Minimum Java Version

Beginning in R33.1, the minimum Java version required to run XperienCentral is Java 11. The maximum Java version supported is Java 13. This is also required for the XperienCentral add-ons:

• Content API
• Monitoring Framework
• Headless Integration
• Modular Content

Add New Java Option

As a result of the minimum Java version being raised to Java 11, you must modify your Tomcat setenv.sh file. Add the following options:

For JAVA_OPTS:

-Djava.locale.providers=COMPAT,CLDR

For Catalina add:

--illegal-access=warn --add-opens java.base/java.net=ALL-UNNAMED

See also https://gxsoftware.atlassian.net/wiki/display/PD/Linux+Server+Installation#LinuxServerInstallation-TheApplicationServer(TomcatorJBoss).

XperienCentral R33

Release date: July 30, 2021

Check Configuration Files

See Check Configuration Files.

Google Sitemap Automatic Upload

In XperienCentral R33, a new setting for controlling whether XperienCentral automatically uploads generated sitemaps to Google has been introduced. The setting google_sitemap_automatic_upload can be found in the application_settings section of the General tab of the Setup Tool. When enabled, if a Google sitemap is generated, it is automatically uploaded according to the schedule configured in the setting google_sitemap_generator_schedule. When disabled, the latest generated sitemap is not uploaded.

Because it is disabled by default, when upgrading from R32, the option must be enabled manually if XperienCentral should continue to automatically submit the sitemap to Google.

New Channel for the Interactive Forms Panel

Beginning in XperienCentral version R33, the Interactive Forms panel uses the "iafpanel" channel to render forms. This mechanism makes it possible to decouple the IAF visual representations from the website presentation. New presentations should use it for all standard fragment types unless the representation inside the IAF panel must resemble the website's presentation. When upgrading, there are 3 possible options for handling this situation:

1. Add "iafpanel" (without quotes) to the channels_using_fallback setting in the application_settings section of the General tab of the Setup Tool. This will make all presentations without an explicit "iafpanel" channel declaration behave as described in option 3 below. This is the quickest fix. The notes in option 3 below also apply to this option.

2. Add the "iafpanel" channel to all custom formStep, FormSectionVersion and form fragment presentation descriptors. This will deliver the best Edit side presentation and will prevent the custom presentations from being cluttered with Edit-side logic. For a text input fragment, the channel declaration looks like this:
   
   

   <channel>
      <name>iafpanel</name>
      <presentation>FormFragmentTextInput</presentation> <!-- Name of IAF's own presentation -->
   </channel>

   
   As a result, any code in the presentation JSPs that is specific to the preview mode can be removed.
   
   

3. Add the "iafpanel" channel to all custom formStep, FormSectionVersion and form fragment presentation descriptors and have it refer to itself. The Interactive Forms panel will then continue to use the custom presentations, making it possible to have the same HTML output in the panel as on the website.
   
   

   Notes

   • Option 1 has the same effect as Option 3 but it is easier to implement. The disadvantage of using Option 1 is that it might not be obvious that an "iafpanel" channel that you want to point to the IAF's own presentation (Option 2) is missing from a presentation descriptor.
   • The IAF panel presentation(s) may look different than the pre-R33 version(s) because of changes to the CSS.
   • Option 2 or 3 can be used separately for each presentation.

fragmentDiv tag

When the fragmentDiv tag is overruled in a custom presentation plugin, the data-jcr-uuid attribute must now be added in Edit mode by the custom fragmentDiv tag.

An example how this can be implemented can be found in the standard IAF fragmentDiv tag inside the wmformelement plugin.

CSRF Settings

To better protect websites hosted by XperienCentral against CSRF attacks, a new mechanism has been introduced that uses a CSRF token that is stored in a cookie, and an SHA-256 hash of this token plus a random 16 character long nonce, postfixed with the used nonce, must be included in all non-GET requests to the server as a header or form field. This change could affect custom functionality in the following ways:

• If a custom version of the Interactive Form file formvalidationbindings.js is used, it must be updated with the anti-CSRF changes which can be found by searching for "csrf" in the upgraded formvalidationbindings.js.
• If the Interactive Form formsHeadTag presentation is not called from a custom presentation plugin, then the page presentations of this plugin must include the /<context path>/js/form/csrfprotection.js script.
• If XHR form posts are performed in custom panels, elements or widgets, the X-CSRF-Token header must be added to these posts.
• The secure_rest_against_csrf configuration setting and the mandatory use of the X-Session-Verify header when it is enabled are now only relevant for GET requests to XperienCentral's REST API. All other types of requests to the REST API are now always checked, irrespective of the secure_rest_against_csrf configuration setting, and they must contain the X-CSRF-Token header. See the application_settings section of the General tab of the Setup Tool for complete information on the secure_rest_against_csrf setting.
• If custom voting presentations are used, the X-CSRF-Token must be added to the form posts they execute. See voting.jspf in the Community Edition presentation for an example.
• External requests to /services/oembed must add a X-CSRF-Token header to the request. It can be retrieved from the X-CSRF-Token response header when the steps on /wiki/spaces/PD/pages/24718337 have been followed.
• It is not possible to submit forms to XperienCentral from other domains, even when that domain is another channel of the same XperienCentral installation, because browsers do not allow reading cookies from another domain.

See also /wiki/spaces/PD/pages/24718337 for more information.

formvalidationbindings.js

The following changes have been made to the formvalidationbindngs.js file:

• A new initCSFW function has been added that is called in the $(document).ready for all forms and from the IAF_FormLoaded event listener.
• initCSFW calls the new loadScript function which adds a script tag to load the client-side framework.
• The IAF_ShowFormFragment and IAF_HideFormFragment event listeners have been updated to prevent event propagation.
• The IAF_SubmitForm event listener has been updated to add the anti-CSRF header when submitting the form using Ajax and to support form fields that have "submit" as their identifier.
• The IAF_AjaxShowFormStep event listener now checks whether the response contains the X-CSRF-Token header. If it does, then it creates a hidden input with its value. This is done to support IAF forms on external domains.
• The formObj.submit function defined in the init function has been updated to add the anti-CSRF input field when submitting the form.
• A new showGeneralErrorMessage function has been defined that shows a general error message at the top of a form when a communication error occurs.

Interactive Forms Upload Element

The Upload element in Interactive Forms has been modified to allow multiple file uploads. You can also set a minimum and maximum number of allowed files in an Upload element. See Creating Forms for complete information.

Modular Content Tag Property change (v2.0.13)

Properties of type tag are now referenced using an ID instead of by name. For example, suppose you have the following tag property:

TemplateProperty tagProperty = modularVersion.getModularTemplateInstance().getPropertyByIdentifier("mypropertyoftypetag");

Previously, the tag name would be retrieved using tagProperty.getStringValue(). Now the (Siteworks) ID of the property must first be retrieved using getIntegerValue() and, given that, the correspronding MediaTerm can be retrieved using getWrapper. For example:

Previously in Java

TemplateProperty property = modularVersion.getModularTemplateInstance().getPropertyByIdentifier("mypropertyoftypetag");
String tagName = property.getStringValue();

Now in Java

TemplateProperty property = modularVersion.getModularTemplateInstance().getPropertyByIdentifier("mypropertyoftypetag");
Long tagId = property.getIntegerValue();
Session session = getSessionManager().getActiveSession();
MediaTerm categoryTag = (MediaTerm) session.getWrapper(tagId.intValue(), MediaTerm.class);
String tagName = categoryTag.getName();

Previously in JSP Code

<c:set var="mediaItem" value="${presentationcontext.mediaItem}" />
<c:set var="currentMV" value="${mediaItem.current}" />
<c:if test="${wmfn:instanceOf(currentMV, 'nl.gx.product.wmamodularcontent.api.ModularMediaItemArticleVersion')}">
   <c:set var="mti" value="${current.modularTemplateInstance}" />
   <c:set var="supportedContenttype" value="${mti.type.identifier eq 'examplecontenttype'}" />
</c:if>
<c:choose>
   <c:when test="${supportedContenttype && not empty mti.getPropertyByIdentifier('mypropertyoftypetag').getStringValue()}">
      <c:set var="tagName" value="${mti.getPropertyByIdentifier('mypropertyoftypetag').getStringValue()}" />
   </c:when>
   ....
</c:choose>

Now in JSP Code

<c:set var="mediaItem" value="${presentationcontext.mediaItem}" />
<c:set var="currentMV" value="${mediaItem.current}" />
<c:if test="${wmfn:instanceOf(currentMV, 'nl.gx.product.wmamodularcontent.api.ModularMediaItemArticleVersion')}">
   <c:set var="mti" value="${current.modularTemplateInstance}" />
   <c:set var="supportedContenttype" value="${mti.type.identifier eq 'examplecontenttype'}" />
</c:if>
<c:choose>
   <c:when test="${supportedContenttype && not empty mti.getPropertyByIdentifier('mypropertyoftypetag').getIntegerValue()}">
      <c:set var="tagId" value="${mti.getPropertyByIdentifier('mypropertyoftypetag').getIntegerValue()}" />
      <wm:object var="tagObject" objectId="${tagId}" objectType="nl.gx.webmanager.cms.mediarepository.MediaTerm" hideError="true" />
      <c:set var="tagName" value="${tagObject.name}" />
   </c:when>
   ....
</c:choose>

Interactive Forms Deprecated Methods

In XperienCentral versions R33 and higher, the following form methods have been deprecated.

FormScope

The following method has been deprecated:

void setUploadFragmentValue(String fragment, UploadedFile file);

use the following method instead:

void setUploadFragmentValues(String fragment, List<UploadedFile> files);

FormValuesMap

The following method has been deprecated:

public UploadedFile getUploadedFile(String key)

use the following method instead:

public List<UploadedFile> getUploadedFiles(String key)

UploadFragmentScope

All methods have been deprecated. Use the following method instead:

List<Object> files = scope.getValues();
if (files != null) {
   for (Object fileObj : files) {
      if (fileObj instanceof UploadedFile) {
         UploadedFile file = (UploadedFile) fileObj;
      
         // Now read the attributes
         File file = file.getFile();
         long size = file.getSize();
         String contentType = file.getContentType();
         ...
      }
   }
}   

XperienCentral R32

Release date: May 12, 2021

Check Configuration Files

See Check Configuration Files.

Rebuild the Content Index

Due to a change in the Search functionality, you must rebuild the content index. To do so, manually remove the <webmanager-root>/work/contentindex directory after the upgrade and allow it to be regenerated after restarting XperienCentral. Selecting contentindex_queue_empty_reindex in the Setup Tool is not sufficient.

Check Google Sitemap Generator Schedule

In R32, XperienCentral generates and uploads a Google Sitemap by default once per day. If you do not want to generate a sitemap, clear the field google_sitemap_generator_schedule in the application_settings section on the General tab of the Setup Tool in each environment where you want to disable this functionality. You can also change the schedule to something else if desired.

Changes to the XperienCentral API

Removed Methods

The following deprecated methods have been removed in R32:

• MediaRepository#updateMediaItem
• PageManagementService#addLeadText(PageVersion pageversion)
• PageManagementService#addLeadText(PageModel pageModel)

Added Methods

The methods PageVersion#getLead() and PageVersion#setLead, which were deprecated in XperienCentral version 10.13.0, have been undeprecated in R32. In version R32, page versions and media item versions now have both a Lead Text (#getLead) and a Meta Description (#getMetaDescription) which can be used separately. The purpose of the Meta Description field is to fill the head field in the HTML used by search engines. For example

<meta name="description" content="value of the meta description field" />

The purpose of the Lead field is to provide a short summary of the content item's content and can be used, for example, as a summary in a search function or in a Content Overview. One important difference is that, as designed, the Meta Description field is not meant to be visible to end users while the Lead Text is.

The following methods have been moved from MediaItemVersion to ContentItemVersion in order to make lead text and lead images also available to pages in the API:

• String getLead();
• void setLead(String leadText);
• Image getLeadImage();
• Image getLeadImageThumbnail();
• Image getAttachedLeadImage();
• void setAttachedLeadImage(FileResource leadImage);
• MediaItem getLeadImageMediaItem();
• void setLeadImageMediaItem(final MediaItem mediaItem);

Furthermore, the following methods have been added to ContentItemVersion

• boolean getHasLead();
• void removeAttachedLeadImage();
• void setAttachedLeadImageFocusPoint(int x, int y);

XperienCentral R31

Release date: March 4, 2021

Check Configuration Files

See Check Configuration Files.

Default Content Language

• A change has been made to how the default content language is determined. Beginning in XperienCentral R31, the default language is the language that has the rank of "1" in the list of supported languages in the Language Labels panel.
• In XperienCentral versions R31 and higher, the default content language is set to Dutch in a clean installation.
• After upgrading to XperienCentral R31, ensure that the default content language for your channel(s) in the edit environment is correct. See Setting the Default Content Language for XperienCentral.
• In some cases, the new default language setting can have an effect on the default language of the home page on the website frontend. After upgrading, check the language used by your home page on the frontend by default.
• Due to issue GXWM-37982,  it might not be possible to set the default content language in the Language Labels panel in a multi-channel (multi-website) installation. If you run into this problem, the order can be changed using the JCR Browser. Follow these steps:
  
  1. Look up the channel node using "//element(*)[@wm:id='26098']". Change "26098" to the ID of the channel for which you want to modify the default content language.
  2. Click the wo_wmregistry child node in the results.
  3. Edit the wo:language property.
  4. Reorder the UUIDs as desired and then click [Update].

New WYSIWYG Editor in Interactive Forms

In XperienCentral R31, a new WYSIWYG editor has been introduced in Interactive Forms. It generates HTML in a slightly different way than the old editor. The changes introduced by the new WYSIWYG editor are:

• Heading tags (<h1>-<h6>) and <p> tags are no longer wrapped in a <div>.
• <b> tags are replaced by <strong> tags.
• <i> tags are replaced by <em> tags.
• Indendation in lists is now rendered using nested lists instead of <blockquote/> elements.

After ugrading to XperienCentral R31, HTML already stored in existing form elements remains unchanged. All new HTML produced after the upgrade will be generated in the new way. If you edit an existing WYSIWYG form element, it will be upgraded after saving. In some cases, extra whitespace may be introduced between elements.

GX Software recommends that you check new or modified WYSIWYG form elements after upgrading to R31 in order to determine whether you need to tweak your CSS to accommodate the behavior of the new WYSIWYG editor.

Connector Definition for AJP/1.3 Connections

In Tomcat versions 8.5.51, 9.0.31 and later, the connector definition in the server.xml file must contain the attribute secretRequired="false" for AJP/1.3 connections. Please check your server.xml file and ensure that the connector definition contains this attribute. For example:

<Connector port="8009" enableLookups="false" redirectPort="8443" debug="1" protocol="AJP/1.3" secretRequired="false" URIEncoding="UTF-8" connectionTimeout="600000" />

getPersonalizationXMLData

The getPersonalizationXMLData method in the PersonalizationXMLDataProvider API has been changed from

String getPersonalizationXMLData(HttpServletRequest request);

to

String getPersonalizationXMLData(HttpServletRequest request, HttpServletResponse response);

If you use this method, you must refactor your code to cope with the modification.

getMediaItemVersions

In version R31 of XperienCentral, the tag getMediaItemVersions has been added and the tag getMediaItems has been deprecated. getMediaItemVersions was added to support media item language versions. If you currently use the getMediaItems tag in your code, you need to refactor it to use getMediaItemVersions. Proceed as follows:

Replace all instances of the getMediaItems tag:

<wm:getmediaitems var="mediaItems"/>

<c:forEach var="mediaItem" items="${mediaItems}">  
   <c:set var="mediaItemVersion" value="${mediaItem}"/>
   <c:if test="${not empty mediaItemVersion}">
      //attributes
   </c:if>
</c:forEach>

to getMediaItemVersions. For example:

<wm:getmediaitemversions var="mediaItemVersions"/>

<c:forEach var="mediaItemVersion" items="${mediaItemVersions}"> 
   //attributes
</c:forEach>

See getMediaItemVersions and the Javadoc for getMediaItemVersions for more information.

Delete Cache Before to Logging in to an XperienCentral R31 Installation Running Locally

Due to a change to internal JavaScript files in this release, GX Software strongly recommends that you delete your browser cache if you run a local installation of XperienCentral R31 after upgrading but before logging in for the first time. This does not apply to XperienCentral running on an Apache web server.

GX WebManager JUnit Wrapper Bundle

Beginning in XperienCentral version R31, the JUnit wrapper bundle is no longer deployed to XperienCentral by default. It is possible that plugins (including any reusables) built against older versions of XperienCentral still have an indirect dependency on this plugin which results in those dependent plugins not starting when XperienCentral is started.

There are two ways to fix this issue:

• Rebuild custom plugin(s) against XperienCentral version R31
• For resuables for which no R31 version or later version is available, you can manually deploy the webmanager-junit-bundle which can be found in the SDK under /maven2-repository/nl/gx/webmanager/testbundles/webmanager-junit-bundle.

XperienCentral R30.1

Release date: December 10, 2020

Check Configuration Files

See Check Configuration Files.

XSS Features

• In XperienCentral R29.3, extended protections against XSS vulnerabilities have been introduced. A number of input fields in XperienCentral are now more rigorously validated against known XSS attacks. If the value of an input field is forbidden, the old value of the input field will remain unchanged and the upgrade is ignored. You can of course still allow this sort of input by adding it to a trusted list, however GX Software strongly recommends against doing so.
• When input fields contain unsafe input before the upgrade, the content of these fields remains unchanged after the upgrade. If the content of one of these input fields is subsequently changed to other content considered unsafe, the updated content is ignored and the old (unsafe) content will remain.

External Application Support

• The External Applications module has been removed from XperienCentral in version R29.3. Because that also removes the xslStyleSheetApplicationInclude.xml presentation, all references to this presentation should be manually removed from your project. For example, in the XperienCentral Community Edition plugin's xslStyleSheet.jspf file, the following line is removed:
  
   <wm:render presentationName="xslStyleSheetApplicationInclude" />

Uploaded File Handling

• A new Apache rule should be added when upgrading to R30.1 in order to prevent uploaded files from being be opened inside the browser. Add the following rule to one of the configuration files included in the Apache httpd.conf file: 

         <Location ~ "(/upload|/upload_mm)">
        Header set Content-Disposition "attachment"
     </Location>

See also Linux Server Installation.

xss_allowlist_siteworks_expressions

The setting xss_allowlist_siteworks_expressions was added in this version in the application_settings section of the General tab of the Setup Tool. To avoid generating WARNING messages in the log, change the value of this setting to "wm_language_search.help" (without the quotes).

XperienCentral R29.3

Release date: December 2, 2020

Check Configuration Files

See Check Configuration Files.

XSS Features

• In XperienCentral R29.3, extended protections against XSS vulnerabilities have been introduced. A number of input fields in XperienCentral are now more rigorously validated against known XSS attacks. If the value of an input field is forbidden, the old value of the input field will remain unchanged and the upgrade is ignored. You can of course still allow this sort of input by adding it to a trusted list, however GX Software strongly recommends against doing so.
• When input fields contain unsafe input before the upgrade, the content of these fields remains unchanged after the upgrade. If the content of one of these input fields is subsequently changed to other content considered unsafe, the updated content is ignored and the old (unsafe) content will remain.

External Application Support

• The External Applications module has been removed from XperienCentral in version R29.3. Because that also removes the xslStyleSheetApplicationInclude.xml presentation, all references to this presentation should be manually removed from your project. For example, in the XperienCentral Community Edition plugin's xslStyleSheet.jspf file, the following line is removed:
  
   <wm:render presentationName="xslStyleSheetApplicationInclude" />

Uploaded File Handling

• A new Apache rule should be added when upgrading to R29.3 in order to prevent uploaded files from being be opened inside the browser. Add the following rule to one of the configuration files included in the Apache httpd.conf file: 

         <Location ~ "(/upload|/upload_mm)">
        Header set Content-Disposition "attachment"
     </Location>

See also Linux Server Installation.

xss_allowlist_siteworks_expressions

The setting xss_allowlist_siteworks_expressions was added in this version in the application_settings section of the General tab of the Setup Tool. To avoid generating WARNING messages in the log, add these two values to this setting:

personalization_expression.value

and

wm_language_search.help

XperienCentral R30

Release date: October 28, 2020

Check Configuration Files

See Check Configuration Files.

XperienCentral R29.2

Release date: October 8, 2020

Check Configuration Files

See Check Configuration Files.

XperienCentral R29.1

Release date: September 7, 2020

Check Configuration Files

See Check Configuration Files.

Changes to the Interactive Forms Date Validator

The date validator in Interactive Forms now only accepts the yyyy-mm-dd date format instead of dd-mm-yyyy. As a result, the formFragmentDateInput presentation in wmpformpresentation now generates a yyyy-mm-dd formatted date for the backend instead of dd-mm-yyyy. If you have a custom implementation of formFragmentDateInput that returns dates in the dd-mm-yyyy format, you need to modify it to return yyyy-mm-dd instead.

Additionally, you need to check any post-processing code that further handles dates submitted in an Interactive Form. For example, if the date submitted in the form is used in an email handler or stored in a database, you need to evaluate how this change affects any further processing you do on data received in forms.

XperienCentral R29

Release date: July 21, 2020

Check Configuration Files

See Check Configuration Files.

New Method for Retrieving Media Items in Content Overviews

In this release, the Dynamic Content Overview now supports an explicit fallback language selection. For this implementation, the API of MediaCollectionElement (inherited by MediaCollectionOverviewElement) has been extended with the new method getMediaItemVersions() which replaces the method getMediaItems().

getMediaItemVersions() returns the correct media item version depending on the fallback language selected in the Dynamic Content Overview tab. In order to render the correct media item versions in the mediaCollectionElement on the frontend, the presentation JSP of the mediaCollectionElement must now use the new API method getMediaItemVersions().

For example, in webmanager-wcbs/webmanager-cestyle-wcb/src/main/resources/presentationtype/jsp/element/mediaCollectionElement.jspf, the code

<c:forEach var="mediaItem" items="${mediaCollectionElement.mediaItems}">
<c:set var="mediaItemVersion" value="${mediaItem.current}" />

must be replaced by:

<c:forEach var="mediaItemVersion" items="${mediaCollectionElement.mediaItemVersions}">
<c:set var="mediaItem" value="${mediaItemVersion.contentItem}" />

New Mechanism for Generating Download Links

Beginning in version R29, SEO URLs are now available for downloads. If download elements are linked to downloads in the Content Repository, a small change is required to use these new SEO URLs. The change must be applied to each presentation of a download element (any presentation with scope DownloadElement).

Beginning in R29, use the wm:link tag for downloads just as you would for any other media item in the Content Repository. For example:

<%-- Generate the link using th wm:link tag --%>
<wm:link var="downloadLink" reference="${mediaItemVersion.targetPage}" contentid="${mediaItem.id}" linkText="${mediaItemVersion.title}" /> 

<%-- HTML escape and render the link --%>
<h2 class="normal"><a href="${wmfn:escapeToHTMLAttribute(downloadLink.url)}">${wmfn:escapeToHTML(downloadElement.title)}</a></h2> 

New Security Protocol Setting for Frontend Servers

In XperienCentral R29, a new preview functionality was introduced. Among other things, this feature enables visitors who do not have permission to log in to the XperienCentral backend to nevertheless preview unpublished content. For this reason, the new setting frontend_use_https has been introduced. This setting can be configured for each website individually. frontend_use_https is disabled by default which means that preview links will be generated using the HTTP protocol if you do not enable it.

XperienCentral R28

Release date: May 13, 2020

Check Configuration Files

See Check Configuration Files.

Performance Dashboard is Removed

The Performance Dashboard has been removed from XperienCentral in R28. Use the Monitoring Dashboard to view statistics and metrics related to your XperienCentral deployment. See also Administrative Pages.

While the upgrade scripts for XperienCentral should in principle remove all components related to the Performance Dashboard, in some circumstances it may not, therefore you need to manually remove any remnants. Follow these steps:

1. Navigate to Configuration > Plugins.
2. Locate "GX WebManager - Performance Dashboard" in the list and select it.
3. Click [Uninstall].
4. Click [Yes] when you are prompted to remove all data related to this plugin (purge).
5. Repeat the steps above for the "GX WebManager - SystemHealthIndicator tracker" plugin.

See also Plugins Management Console.

Code Changes

The nestedPath attribute has been removed from fragmentValue.tag in the wmpformelement plugin. It has been replaced by the attribute formFragment. The value of this attribute contains an object with a nestedPath property. Wherever you use the <forms:fragmentValue> tag, you have to replace the nestedPath property. For example:

<forms:fragmentValue nestedPath="${formFragment.nestedPath}" />

must be changed to:

<forms:fragmentValue formFragment="${formFragment}" />

JCR Index

Beginning in R28, XperienCentral uses an XperienCentral-optimized indexing solution to support queries on frontend nodes instead of the Apache Jackrabbit JCR. This solution generally improves performance and drastically reduces the amount of time it takes to bring a new frontend node online in cloud deployments when traffic demands increase. The new indexing solution will always be used in XperienCentral even if the old JCR index is not disabled. The old JCR index should be disabled on production environments if possible.

See also the new JCR Index Settings that have been added to the Setup Tool.

JCR Query Replacement

If you use custom JCR queries in your deployment, they should be replaced in order to use the new API. The following shows a typical query replacement:

Queries similar to this:

With the JCR index

should be changed to something like this:

 
Without the JCR index

Disabling the Built-in Apache Jackrabbit JCR Index

To disable the old Apache Jackrabbit JCR index, follow these steps:

1. Remove both occurrences of: <SearchIndex>...</SearchIndex> in <wm-root>/work/jcr/repository.xml.
2. Remove the directory <wm-root>/work/jcr/repository.

Content API User Credentials

In the Connector API, there are two locations in Configuration > Import/Export Configuration where user credentials define which user account executes import/export jobs: one on the Configuration tab and one on the Job tab. The Job tab previously contained the fields "Username", "Password" and "Use application key". The Cofiguration tab contained the same fields with an additional "Website" field. These fields have been replaced by a single "User" drop-down list. In R28 a new System user option has been introduced in the User Authorization panel. Only user accounts designated as system users can be authorized to execute automated export/import jobs.

Re-add Users as System Users

After upgrading to R28, the existing username(s) will still be used by the Connector API. As soon as you open either of the panels, however, the user(s) might not be selectable anymore and if you re-save the configuration, the jobs might stop running. This is the intended behavior. The solution is to navigate to the Authorization panel, designate new system users and then designate them as the user accounts that run jobs on the Configuration and Job tabs in Import/Export Configuration.

XperienCentral R27

Release date: March 26, 2020

Check Configuration Files

See Check Configuration Files.

Language Version Support for Media Items

Beginning in XperienCentral 10.27.0, each version of a media item has a specific language defined for it. During the upgrade R27 or higher, each media item is assigned the default editing language of the home page. A consequence of this is that media items might not be shown any longer if its language differs from that of the page on which it should be shown. This is also the case for (lead) images stored in the Content Repository. This can be solved in many cases by defining a fallback language for the languages on your channel. If the fallback language for Dutch is set to English, for example, and there is no Dutch media item to be shown on a Dutch page, then the English version will be shown. This is the case for all kinds of media items, images as well as articles, for example.

Check the following to ensure that media items in your channel(s) are handled appropriately:

• The "Language" setting (default editing language) for the home page: Properties widget > General > Other > Language.
• Enable/disable fallback language(s) setting: Channel Configuration > General > Options > "Use another language if language is not available".
• The fallback language to use for a language: Language Labels.

Modify your Solr Configuration

In this version of XperienCentral, the Lucene version has been upgraded to version 6.6.6, therefore you must make the following changes to solrconfig.xml:

Change the declaration

<luceneMatchVersion>5.4.1</luceneMatchVersion>

to

<luceneMatchVersion>6.6.61</luceneMatchVersion>



and add the following declaration to the <config></config> section:

<schemaFactory class="ManagedIndexSchemaFactory">
   <bool name="mutable">false</bool>
</schemaFactory>

Deprecated Method

The following method has been deprecated in the XperienCentral API in this release:

• MediaRepositoryManagementService.createMediaItemVersion (MediaItem,MediaItemVersion) — Use createMediaItemVersion(MediaItemVersion) instead.

Removed Methods/Interfaces

The following methods and interfaces have been removed from the XperienCentral API in this release:

• MediaRepository.createContent — Use MediaRepositoryManagementService.createMediaItem(Website, String) instead.
• MediaItemDownloadVersion.getPersonalization() — Use getPersonalizationItem() instead.
• PageVersion.getPersonalization() — Use getPersonalizationItem() instead.
• Element.getPersonalization() — Use getPersonalizationItem() instead.
• Element.setPersonalization() — Use setPersonalizationItem() instead.
• MediaItemDownloadVersion.setPersonalization() — Use setPersonalizationItem() instead.
• Website.getPersonalizations() — Use getPersonalizationItems() instead.
• Utilities.checkPersonalizations() — Use checkPersonalizationItems() instead.
• DirectoryElement
• FileNode

• PollElement

• PollItem

• WhoIsWhoElement

Update your Presentation JSPs

You need to update your presentation JSPs if they use the following methods:

• PageVersion.getPersonalization()
• Element.getPersonalization()
• MediaItemDownloadVersion.getPersonalization()

Perform a global search in your presentation JSPs for the string ".personalization" to ensure that you catch all instances.

XperienCentral R26.1

Release date: January 21, 2020

Check Configuration Files

See Check Configuration Files.

Solr Search

The search functionality has been upgraded to Solr 6 in this version of XperienCentral. After upgrading, perform the following steps in order to prepare your deployment for Solr 6:

1. Stop Tomcat if it is running.
2. Remove the directory <webmanager-root>/work/searchengine.
3. If you have a custom solrconfig.xml, you need to modify it — open it in a text editor.
4. Remove the following declaration:
   
   <requestHandler name="/admin/" class="org.apache.solr.handler.admin.AdminHandlers" />
   
   
5. Save your custom solrconfig.xml.
6. Start Tomcat.
7. Log in to XperienCentral.

Realtime indexing

If you use real-time indexing (the XperienCentral Realtime Indexing reusable):

1. Navigate to Configuration > Realtime Indexing.
2. Select the "Indexing" tab.
3. Select all the websites that you want to index in the top part of the panel.
4. Click [Index selected items].

No realtime indexing

1. Open the Setup Tool.
2. Select the Search Tools tab.
3. Click [Index] in the "INDEX URL" section.

XperienCentral R26

Release date: December 11, 2019

• The behavior of the setting http_use_proxy has changed. Beginning in XperienCentral R26, proxy system properties set outside of XperienCentral are no longer overwritten when this setting is clear (false). See the "application_settings" section of the General tab in the Setup Tool.
• Support for Flash films has been removed from XperienCentral in R26. All Flash content elements in your content items will be removed when you upgrade to this version of XperienCentral. The Flash files themselves will still be present in the Content Repository but they cannot be accessed.

XperienCentral R24.2

Release date: November 19, 2019

Support for Flash films has been removed from XperienCentral in R24.2. All Flash content elements in your content items will be removed when you upgrade to this version of XperienCentral. The Flash files themselves will still be present in the Content Repository but they cannot be accessed.

XperienCentral R25

Release date: October 9, 2019

Several changes/additions have been made to XperienCentral API interfaces. If you extend any of these interfaces and have developed your own implementations for them, you may experience failing project builds with XperienCentral R25. Some modifications may have to be implemented for newly added methods. If your custom code extends any of the interfaces listed below, you will have to add new methods to your implementations. See the XperienCentral Javadoc for complete information. The modified interfaces are:

• Presentable
• TableElement
• DownloadElement
• ImageElement
• MediaCollectionOverviewElement
• ListElement
• PageCollectionElement
• QueryElement
• RssFeedElement
• SearchElement
• RichTextElement

XperienCentral R24.1

Release date: July 2, 2019

Startup performance has been significantly improved. Bundles are now updated only if they have been modified. In XperienCentral R24.0 and earlier, all bundles were updated at startup, regardless of whether they had been modified. Beginning in XperienCentral R24.1, bundles are only updated if:

• The version is newer than the one installed.
• The last modified date of the bundle's Bnd-LastModified header in the META-INF/MANIFEST.MF (if present) is more recent than the last modified date of the installed bundle.
• The Bundle-Date in the META-INF/MANIFEST.MF is more recent than the last modified date of the installed bundle.

This means that if you update anything in the bundle but not these two properties, the bundle will not be updated. This applies to updating bundles in the WAR file, bundles copied to the work/deploy directory and to bundles manually uploaded from the Plugins panel.

XperienCentral R24

Release date: June 5, 2019

Access to the Administrative Pages is no longer restricted to users who have the basic HTTP credentials for a page. When a user has the permission "Access debugging tools" in the category "System utilities" and the user is logged in, they no longer need to provide additional credentials in order to access the Administrative Pages. As a consequence however, the credentials dialog no longer appears automatically when access is requested. If the user is not logged in, they will need to first navigate to:

<xperiencentral-server>/web/admin/login

where <xperiencentral-server> is the name of the server on which XperienCentral is running,

Modular Content Plugin

• Uninstall the Plugin "Add-on - Modular Content" from the Plugins panel before installing the updated deploy. After installing the updated deploy, install the bundle "wmamodularcontent-1.1.0.jar" from the Plugins panel. This plugin can be found in the edition-bundles directory of the XperienCentral SDK.

Monitoring Framework Plugin

• After every change in a schedule of one or more indicator sets, the "Add-on - XC Monitoring Framework API" plugin has to be restarted via the Plugins panel to ensure the updated schedule is taken into account.

XperienCentral R23

Release date: March 8, 2019

• Beginning with this XperienCentral release, the version number is no longer prefixed with "10." XperienCentral releases are now designated using "R" together with the major/minor version number (R23, R24, R24.1, and so forth).
• In this release XperienCentral has been split into two modes: the original XperienCentral is named XperienCentral Traditional and a new mode named XperienCentral Headless. When upgrading to this release or newer, a new license is required. The new license has a new XperienceCentral version node to determine which version of XperienCentral has to be loaded and it makes some changes in the licensed components.
• The Community Edition plugin is licensed beginning in XperienCentral R23. Customers that depend on presentations from this bundle should do one of the following:
  • Add the presentations from the CE plugin that are depended on to their own presentation plugin;
  • Request that the CE style presentation plugin be added to their configuration license file (configuration.xml).

XperienCentral 10.22.1

Release date: January 9, 2019

• In XperienCentral 10.22.1 the jQuery library has been upgraded to version 1.12.4. Where JQuery code is used in a widget, design templates or other custom code, the new version might cause compatibility problems. Please check for compatibility problems in your jQuery code when upgrading to XperienCentral 10.22.1 or higher.

• Support for Tomcat 8.5.35 has been added. To use this version, you require a different database driver when using MSSQL as your database, See the XperienCentral Installation Guides for more information. Changes to the server.xml and the database drivers in the Tomcat lib directory are required.
• The bundles "GX Webmanager - DatasourceProvider (MS-SQL JDBC 1.1)" and "GX Webmanager - DatasourceProvider (jTDS 1.2.3)" are no longer supported and should be removed after upgrading.
• Support for Apache Maven 3.6.0 has been added.

 XperienCentral 10.22.0

See also the XperienCentral 10.22 Changelog for information on the issues that have been fixed and other product improvements.

DependencyManager

In XperienCentral 10.22.0, the DependencyManager implementation has been changed. This has an impact for plugins that use the DependencyManager object in their Activator class with package name org.apache.felix.dependencymanager. In XperienCentral versions prior to 10.22.0, the library DependencyManager version 3.0.0 and DependencyManager Compat 3.0.0 were available. In XperienCentral 10.22 and higher, the Compat library has been removed.

If the Compat library class org.apache.felix.dependencymanager.DependencyManager was present, it was used as a compatibility version for the DependencyManger 3.0.0 (non Compat). All DependencyManager object implementations in plugin Activators where the version of Compat is used will no longer work in XperienCentral versions 10.22.0 and later. In the locations where this variant is used, you must refactor to the DependencyManager 3.0.0/4.4.1 (org.apache.felix.dm.DependencyManager) (non Compat) variant. 

For project plugins the refactoring should be straightforward when upgrading to XperienCentral 10.22 or higher. For plugins that must be deployed on all XperienCentral versions (reusables), a fix is available and implemented in the reusable Utility Services (version 1.6.2).

You must refactor your plugins or reusables in the following cases:

Project Plugins 

If your Activator uses the DependencyManager object with package name org.apache.felix.dependencymanager, change this to org.apache.felix.dm and replace the createService() method with createComponent(). The Service class is no longer available. If your Activator overrides the init() method, refactor this to override the start method and retrieve the DependencyManager object from the ComponentBundleActivatorBase class.

Reusable Plugins 

The same situation applies as above, except you need to add an extra subclass in the Activator class in order to be compatible with XperienCentral versions 10.22.0 higher. If the reusable already uses the Utility Services dependency, you can use the com.gxwebmanager.solutions.wmsutilityservices.osgi.CompatibleActivatorBase in your Activator class. If not, you can add the dependency or copy the class to your own plugin, however, this is not recommended. Also add the  org.apache.felix.dm.*;version="[3.0,5.0)" import package to your pom.xml maven-bundle-plugin. This will ensure that the old 3.0.0 and new 4.4.1 DependencyManager version can be used by your reusable.

If your Activator class uses the createServiceDependency() method to add a Service to the DependencyManager (in REST cases for example), you must refactor this implementation to use the addServiceDependency() method from the CompatibleActivatorBase class in reusable Utility Services.

If your Activator class does not use a DependencyManager object and the Activator class extends from the XperienCentral ComponentBundleActivatorBase class, no refactoring is required. You may need to build your plugin against the XperienCentral 10.22 or newer version.

When refactoring is finished and XperienCentral has been upgraded to this version or higher, the DependencyManager Compat 3.0.0 bundle can be unstalled.

Custom Facets

Two facets for the keywords field have been added in this release. In order to be able to uniquely identify a facet, changes have been made that affect custom made facet components. The following changes must be made in your project code:

• In the interface SearchFacetComponentDefinition, the method getIdentifier() has been added. Every class implementing this interface must therefore add this method. The identifier should be a unique string identifying the facet.
• The constructor of the class SimpleSearchFacetComponentDefinition has been changed. It now includes a parameter for the unique identifier. The new signature is:
  
  SimpleSearchFacetComponentDefinition(String identifier, String widgetId, Class<?> valuesType, List<String> path, int priority, Map<Locale, String> titles, int position, Map<String, String> properties
  
  All references to this constructor should be changed.

• For projects or reusables that use custom Dojo facet search code (those that extend \wmpgui\widgets\advancedsearch\facet\FacetWidget.js) there are some more API changes that you must be aware of:
  
  • FacetWidget now has an extra member for the facet identifier. This is accessible in widgets via the FacetWidget method called getFacetIdentifier(). Also, the constructor for it has been changed to:
    
    FacetWidget(fieldIdentifier, facetTitle, facetProperties, facetIdentifier)
    
    
  • If you define a FacetQuery in your custom facet widget, the constructor for this object is extended with a parameter for the facet identifier. The constructor is now:
    
    FacetQuery(fieldIdentifier, facetIdentifier, facetParameters, valueCountQueries, valuesFilter, valuesLimit)


  • If you define FacetDefinition objects in your custom widget code, the constructor has been changed to:
    
    FacetDefinition(fieldIdentifier, name, properties, facetIdentifier, FacetWidget)

It will depend on your specific use case how your code should be changed. It may be the case, for example, that your custom code uses a FacetQuery just for showing a result set without having to do any filtering. In this case, an empty string can be used for the facet identifier field in your FacetQuery constructor. In other cases where your FacetQuery is indeed bound to a certain facet, you need to use the facet identifier for that facet.

Other Changes

• The formvalidation.js file in the wmpformpresentation plugin has been changed and needs to be updated when overruled in a custom presentation.
• The Is Used In widget can now recognize custom media items. You do need to make some modifications to your code, however. See Custom Media Items and the Is Used In Widget.

XperienCentral 10.21.1

A problem has been fixed that caused deleted elements to not be completely removed which resulted in excessive space being taken up in the database. After upgrading and starting up XperienCentral for the first time, a task is executed that removes these deleted elements — in some environments, this could take some time to complete.

XperienCentral 10.18.0

• After upgrading to XperienCentral 10.18, a list can only have one personalization applied to it — individual items in a list cannot be separately personalized. If a list has more than one personalization applied to it before the upgrade, the first one encountered is applied to the whole list and the others are removed. In an upgrade situation, a list personalization is applied only after the first time the content item on which it appears is edited and saved. This applies to the frontend as well. This is done in order to make personalizations work consistently.
• Logging has been added for several authentication and other sensitive events (logging in, changing a user's persmissions, etc.). To store this logging in a separate logging file on the server, some additions must be added to the logging.properties file. Be sure to shut down the server before applying these changes.
  
  The first line defines the so-called logging handlers that are used. This should be extended with a new handler. The new line must be:
  
  handlers=1catalina.org.apache.juli.FileHandler,2localhost.org.apache.juli.FileHandler,3manager.org.apache.juli.FileHandler,4host-manager.org.apache.juli.FileHandler, 5gxsecuritylogging.org.apache.juli.FileHandler,java.util.logging.ConsoleHandler
  
  where 5gxsecuritylogging.org.apache.juli.FileHandler is the new handler. Do not add the handler to the line ".handlers". Note that all sensitive events are logged at the INFO level.
  
  Add the definition for the new handler at the bottom of the file as follows:
  
  5gxsecuritylogging.org.apache.juli.FileHandler.level=INFO5gxsecuritylogging.org.apache.juli.FileHandler.directory=${catalina.base}/logs 5gxsecuritylogging.org.apache.juli.FileHandler.prefix=audit.nl.gx.webmanager.services.securitylogging.level=INFO nl.gx.webmanager.services.securitylogging.handlers=5gxsecuritylogging.org.apache.juli.FileHandler
  
  After these changes are applied, restart the server. A clean log file is initialized in the Tomcat "logs" directory, prefixed with "audit".  For other application servers, please consult their documentation for information on how to configure a separate log file.
  
  
• A problem has been fixed that caused added database references to be incorrectly stored in XperienCentral. The fix will only ensure that future references are correct, not existing ones. If you refer to database items within media items, you must manually remove the <webmanager-root>/work/contentindex directory after the upgrade and allow it to be regenerated (selecting contentindex_queue_empty_reindex in the Setup Tool is not sufficient).