Bloomreach Experience Manager V13.4.8 Release Notes

March 3, 2020

The new maintenance release 13.4.8 is available for general use for our customers and partners. This release includes bug fixes and improvements in core, enterprise and plugin artifacts.

The new versions of these module artifacts have been made available earlier and are now bundled up in this maintenance release. If your project uses such newer artifact versions via project pom overrides, please remove them before starting the upgrade procedure.

We encourage all projects to remain on the regular maintenance release. Using a tagged artifact that is not yet part of a maintenance release should only be done if there is a specific reason and only after testing in your specific project setup.

Update considerations

The following 3rd party dependencies have changed since the previous maintenance release. If your project directly uses any of these libraries, please validate compatability. For more information on changes in these libraries please see information from the invidual vendors.

Module 13.4.7 13.4.8
com.fasterxml.jackson.core/jackson-databind 2.10.5
org.apache.jackrabbit/jackrabbit-jcr-commons 2.18.5-h2 2.20.2-h1
org.apache.jackrabbit/jackrabbit-spi-commons 2.18.5-h2 2.20.2-h1
org.apache.jackrabbit/jackrabbit-spi 2.18.5-h2 2.20.2-h1 27.0-jre 30.1-jre 1.0 1.0.1
org.checkerframework/checker-qual 2.5.2 3.5.0 2.2.0 2.3.4 1.1 1.3
org.apache.jackrabbit/jackrabbit-api 2.18.5-h2 2.20.2-h1
org.jetbrains/annotations 16.0.3 18.0.0
org.apache.jackrabbit/jackrabbit-jcr-rmi 2.18.5-h2 2.20.2-h1
org.codehaus.groovy/groovy-xml 2.5.8 2.4.21
org.codehaus.groovy/groovy-json 2.5.8 2.4.21
org.eclipse.jetty/jetty-server 9.4.27.v20200227 9.4.35.v20201120
org.eclipse.jetty/jetty-util 9.4.27.v20200227 9.4.35.v20201120
org.eclipse.jetty/jetty-io 9.4.27.v20200227 9.4.35.v20201120
org.eclipse.jetty/jetty-security 9.4.27.v20200227 9.4.35.v20201120
org.eclipse.jetty/jetty-continuation 9.4.27.v20200227 9.4.35.v20201120
org.eclipse.jetty/jetty-http 9.4.27.v20200227 9.4.35.v20201120
org.apache.pdfbox/pdfbox 2.0.19 2.0.21
org.apache.pdfbox/fontbox 2.0.19 2.0.21
org.apache.pdfbox/pdfbox-tools 2.0.19 2.0.21
org.apache.tika/tika-core 1.24.1 1.25
org.apache.tika/tika-parsers 1.24.1 1.25
org.glassfish.jaxb/jaxb-runtime 2.3.2 2.3.3
org.glassfish.jaxb/txw2 2.3.2 2.3.3
com.sun.istack/istack-commons-runtime 3.0.8 3.0.11
org.bouncycastle/bcmail-jdk15on 1.65 1.67
org.bouncycastle/bcpkix-jdk15on 1.65 1.67
org.bouncycastle/bcprov-jdk15on 1.65 1.67
org.apache.jackrabbit/jackrabbit-core 2.18.5-h2 2.20.2-h1
org.apache.jackrabbit/jackrabbit-data 2.18.5-h2 2.20.2-h1
org.apache.httpcomponents/httpclient 4.5.6 4.5.12
org.elasticsearch.client/elasticsearch-rest-client 7.10.0 7.10.2
org.apache.jackrabbit/jackrabbit-jcr-server 2.18.5-h2 2.20.2-h1
org.apache.jackrabbit/jackrabbit-webdav 2.18.5-h2 2.20.2-h1

Removed org.codehaus.mojo/animal-sniffer-annotations 1.17
Removed org.jvnet.staxex/stax-ex 1.8.1
Removed com.sun.xml.fastinfoset/FastInfoset 1.2.16
Added org.apache.jackrabbit/oak-jackrabbit-api 1.34.0
Added com.googlecode.plist/dd-plist 1.23
Added org.apache.pdfbox/xmpbox 2.0.21
Added jakarta.xml.bind/jakarta.xml.bind-api 2.3.3
Added net.jcip/jcip-annotations 1.0
Added org.apache.httpcomponents/httpcore 4.4.13

Overview of JIRA issues closed in Bloomreach Experience 13.4.8

New Feature

  • CMS-14283 ] - [services-validation, cms, translations] Add URL validator


  • CMS-14333 ] - [site-toolkit] CDN Akamai does not work correctly which HST ESI
  • CMS-14207 ] - [13 modules] Upgrade to jackrabbit 2.20.2


  • ENT-2214 ] - [targeting] Targeting: REST client fails with 400 error when used in combination with ALB setup
  • ENT-1674 ] - [eforms] File upload should use relative unique name instead of name for error messages
  • CMS-14401 ] - [cms] Dynamic bean generation issue with default documenttype editor values
  • CMS-14397 ] - [cms] Folders Translation dialog renders image HTML instead of image
  • CMS-14290 ] - [repository] Duplicate index issue when importing content
  • CMS-14278 ] - [cms, translations] It is possible to perform a XSS attack by an uploaded svg image file


  • CMS-14465 ] - [project, cms] Bump Jetty Server to 9.4.35.v20201120 in all supported releases
  • CMS-14417 ] - [project] Update Node & NPM build to the latest supported releases
  • CMS-14396 ] - [cms, project] Add jackson-databind dependency to project pom dependencyManagement
  • CMS-14377 ] - [9 modules] Bump guava from 27.0-jre to 30.1-jre
  • CMS-14372 ] - [project] Bump CXF version from 3.3.8 to 3.3.9 for v14.5 and update jackson-databind from 2.10.5 to for all supported releases
  • CMS-13483 ] - [cms, translations] Use lowercase 'r' for Bloomreach on the login screen + change the year to 2021


Totals for issues in this release

  • New Features 1
  • Improvements 2
  • Bugs 6
  • Tasks 6
Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?

    We rely on cookies

    to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

    Manage cookies
    Accept & close

    Cookies preferences

    Accept & close