Security/Component Update:

• This build addresses a vulnerability that could lead to information disclosure.
• Updated the Spring Boot Dependencies library to version 2.7.7 to avoid CVE-2022-41881.
• Updated the Netty library to version 4.1.86.Final to avoid CVE-2022-41881.
• Updated the JSON Web Token library (jsonwebtoken) to version 9.0 to avoid CVE-2022-23540.

Editing:

• Fixed an issue where files larger than 1MB could not be saved.

Content Fusion:

• Fixed an issue where the new file creation form could not be submitted using the Enter key.

Authentication:

• Fixed an issue where logging in with Google or GitHub did not work in some scenarios.

Security/Component Update:

• Updated the Apache shiro-web library to version 1.10.1.
• Updated the spring-boot-dependencies library to version 2.7.6 for security reasons, and spring-security-core was updated to version 5.7.5 to avoid CVE-2022-31692.
• Updated the Socket.IO library to version 4.5.3 to avoid vulnerability CVE-2022-2421.
• Updated the SnakeYAML library to version 1.33 to avoid vulnerability CVE-2022-25857.
• Updated the Jackson Databind (jackson-databind) library to version 2.13.4.2 to avoid CVE-2022-42003.
• Updated the Jackson Databind (jackson-databind) library to version 2.13.4.2 to eliminate the vulnerability CVE-2022-42004.
• Updated the spring-boot-dependencies library to version 2.7.6 for security reasons, and spring-security-core was updated to version 5.7.5 to avoid CVE-2022-31690.
• Updated Apache Tomcat to version 9.0.69 for security reasons.
• Updated the Engine.IO library to version 6.2.1 to avoid CVE-2022-41940.
• Updated the body-parser and express libraries, which update the qs library to version 6.11.0 to avoid CVE-2022-24999.
• Content Fusion now comes with the latest release of Oxygen XML Web Author, along with all of its various improvements and bug fixes.

VMWare:

• Fixed an issue where the recommended amount of RAM was lower than needed.

Full Text Search:

• Fixed an issue where the Full Text Search feature would no longer work for old tasks after restoring from a backup.

Authentication:

• Fixed an issue where logging in with Google or GitHub did not work in some scenarios.

Security/Component Update:

• Updated the PostgreSQL JDBC driver to version 42.4.1.
• Removed the gosu utility from the Docker PostgreSQL image to eliminate the CVE-2022-29162 vulnerability.
• Updated the JSON In Java (org.json:json) library to version 20220320 to avoid the SONATYPE-2022-3061 security vulnerability.
• Updated the Apache Shiro library to version 1.9.1 to remove the CVE-2022-32532 vulnerability.
• Updated RESTEasy to version 4.7.6 to avoid the CVE-2020-1695 vulnerability.
• Updated the Spring Security library to version 5.7.2 to avoid CVE-2022-22978.

E-mail notifications:

• Fixed an issue where email notifications were not sent to collaborators when a file was edited.

Search:

• Fixed an issue where clicking on a search result sometimes did not open the correct URL.