Bloomreach Experience Manager V13.4.19 Release Notes

Sept 21, 2022

The new maintenance release of 13.4.19 is available for general use for our customers and partners. This release includes improvements in community and enterprise artifacts.

We encourage all projects to update to the most recent regular releases. Using a tagged artifact that is not yet part of a release should only be done if there is a specific reason and only after testing in your specific project setup.

Update considerations

The following 3rd party dependencies have changed since the previous maintenance release. If your project directly uses any of these libraries, please validate compatibility. For more information on changes in these libraries please see information from the invidual vendors.

Note 2 special cases:

  1. ehcache was replaced with a custom package containing the same artifacts as version 2.10.6, but excluding the "shaded" transitive dependencies. Those transitive dependencies were unused by our product, but they were generating false positive security warnings in automated vulnerability scans.
  2. h2 was removed as a normal dependency of the product. This in-memory database was already deprecated for use on servers, where it is vulnerable to several security exploits. It is now used only for local development and testing. Please check your projects for any other usage of h2 that may be vulnerable.

 

Module 13.4.18 13.4.19
com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider 2.13.3 2.13.4
com.fasterxml.jackson.jaxrs/jackson-jaxrs-base 2.13.3 2.13.4
com.fasterxml.jackson.core/jackson-core 2.1.3 2.13.4
com.fasterxml.jackson.core/jackson-databind 2.13.3 2.13.4
com.fasterxml.jackson.module/jackson-module-jaxb-annotations 2.13.3 2.13.4
com.fasterxml.jackson.core/jackson-annotations 2.13.3 2.13.4
org.springframework/spring-context 5.3.20 5.3.22
org.springframework/spring-aop 5.3.20 5.3.22
org.springframework/spring-beans 5.3.20 5.3.22
org.springframework/spring-core 5.3.20 5.3.22
org.springframework/spring-jcl 5.3.20 5.3.22
org.springframework/spring-expression 5.3.20 5.3.22
org.apache.tika/tika-core 1.28.3 1.28.4
org.apache.tika/tika-parsers 1.28.3 1.28.4
org.freemarker/freemarker 2.3.28 2.3.30
org.springframework/spring-context-support 5.3.20 5.3.22
org.springframework/spring-web 5.3.20 5.3.22
com.fasterxml.jackson.datatype/jackson-datatype-json-org 2.13.3 2.13.4
com.google.apis/google-api-services-analytics v3-rev116-1.20.0 v3-rev20190807-2.0.0
com.google.api-client/google-api-client 1.20.0 2.0.0
com.google.oauth-client/google-oauth-client 1.20.0 1.34.1
com.google.http-client/google-http-client 1.20.0 1.42.1
org.springframework/spring-webmvc 5.3.20 5.3.22
com.fasterxml.jackson.dataformat/jackson-dataformat-yaml 2.13.3 2.13.4
org.yaml/snakeyaml 1.30 1.31
org.springframework/spring-oxm 5.3.20 5.3.22
org.springframework.security/spring-security-core 5.6.5 5.6.7
org.springframework.security/spring-security-crypto 5.6.5 5.6.7
org.springframework.security/spring-security-web 5.6.5 5.6.7
org.springframework.security/spring-security-config 5.6.5 5.6.7
org.jsoup/jsoup 1.14.2 1.15.3
org.apache.maven/maven-artifact 3.8.1 3.8.2
org.apache.maven/maven-core 3.8.1 3.8.2
org.apache.maven/maven-model 3.8.1 3.8.2
org.apache.maven/maven-settings 3.8.1 3.8.2
org.apache.maven/maven-settings-builder 3.8.1 3.8.2
org.apache.maven/maven-builder-support 3.8.1 3.8.2
org.apache.maven/maven-repository-metadata 3.8.1 3.8.2
org.apache.maven/maven-model-builder 3.8.1 3.8.2
org.apache.maven/maven-resolver-provider 3.8.1 3.8.2
org.apache.maven.resolver/maven-resolver-impl 1.6.2 1.6.3
org.apache.maven.resolver/maven-resolver-api 1.6.2 1.6.3
org.apache.maven.resolver/maven-resolver-spi 1.6.2 1.6.3
org.apache.maven.resolver/maven-resolver-util 1.6.2 1.6.3
org.apache.maven.shared/maven-shared-utils 3.2.1 3.3.4
com.google.inject/guice 4.2.1 4.2.2
org.apache.maven/maven-plugin-api 3.8.1 3.8.2
org.webjars/swagger-ui 3.26.0 4.2.1
org.springframework/spring-tx 5.3.20 5.3.22
org.springframework/spring-jdbc 5.3.20 5.3.22

Removed com.h2database/h2 1.4.193
Removed net.sf.ehcache/ehcache 2.10.6
Removed com.google.http-client/google-http-client-jackson2 1.20.0
Removed com.google.code.findbugs/jsr305 1.3.9
Added com.google.http-client/google-http-client-gson 1.42.1
Added com.google.code.gson/gson 2.9.0
Added com.google.http-client/google-http-client-apache-v2 1.42.1
Added org.apache.httpcomponents/httpcore 4.4.15
Added io.opencensus/opencensus-api 0.31.1
Added io.grpc/grpc-context 1.27.2
Added io.opencensus/opencensus-contrib-http-util 0.31.1

Overview of JIRA issues closed in Bloomreach Experience 13.4.19

Improvement

  • ENT-5795 ] - [site-toolkit, caching]  Replace ehcache with repackaged version
  • CMS-15144 ] - [cms]  When redirecting for single-sign on between cms and delivery validate the host to redirect to

Bug

  • ENT-5253 ] - [targeting]  [Backport 13.4] Limit ES memory
  • CMS-15147 ] - [5 modules] Moment vulnerability
  • CMS-14859 ] - [site-toolkit] Warning logs from DynamicBeanDefinitionService

Task

  • CMS-15166 ] - [repository] Update eclipse jetty dependency
  • CMS-15164 ] - [16 modules] Remove h2 runtime dependency
  • CMS-15162 ] - [project] Udate jackson dependencies to the latest version
  • CMS-15160 ] - [11 modules] Bump library versions
  • CMS-15157 ] - [project] Update freemarker to the latest version

 

Totals for issues in this release

  • Improvements 2
  • Bugs 3
  • Tasks 5
Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?

    We rely on cookies

    to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

    Manage cookies
    Accept & close

    Cookies preferences

    Accept & close
    Back