Bloomreach Experience Manager V15.1.1 Release Notes

Sept 21, 2022

The new maintenance release of 15.1.1 is available for general use for our customers and partners. This release includes improvements in community and enterprise artifacts.

We encourage all projects to update to the most recent regular releases. Using a tagged artifact that is not yet part of a release should only be done if there is a specific reason and only after testing in your specific project setup.

Update considerations

The following 3rd party dependencies have changed since the previous maintenance release. If your project directly uses any of these libraries, please validate compatibility. For more information on changes in these libraries please see information from the invidual vendors.

Note 2 special cases:

  1. ehcache was replaced with a custom package containing the same artifacts as version 2.10.6, but excluding the "shaded" transitive dependencies. Those transitive dependencies were unused by our product, but they were generating false positive security warnings in automated vulnerability scans.
  2. h2 was removed as a normal dependency of the product. This in-memory database was already deprecated for use on servers, where it is vulnerable to several security exploits. It is now used only for local development and testing. Please check your projects for any other usage of h2 that may be vulnerable.

 

Module 15.1.0 15.1.1
com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider 2.13.3 2.13.4
com.fasterxml.jackson.jaxrs/jackson-jaxrs-base 2.13.3 2.13.4
com.fasterxml.jackson.core/jackson-core 2.11.3 2.13.4
com.fasterxml.jackson.core/jackson-databind 2.13.3 2.13.4
com.fasterxml.jackson.module/jackson-module-jaxb-annotations 2.13.3 2.13.4
com.fasterxml.jackson.core/jackson-annotations 2.13.3 2.13.4
org.springframework/spring-context 5.3.20 5.3.22
org.springframework/spring-aop 5.3.20 5.3.22
org.springframework/spring-beans 5.3.20 5.3.22
org.springframework/spring-core 5.3.20 5.3.22
org.springframework/spring-jcl 5.3.20 5.3.22
org.springframework/spring-expression 5.3.20 5.3.22
org.eclipse.jetty/jetty-server 9.4.43.v20210629 9.4.47.v20220610
org.eclipse.jetty/jetty-util 9.4.43.v20210629 9.4.47.v20220610
org.eclipse.jetty/jetty-io 9.4.43.v20210629 9.4.47.v20220610
org.eclipse.jetty/jetty-security 9.4.43.v20210629 9.4.47.v20220610
org.eclipse.jetty/jetty-continuation 9.4.43.v20210629 9.4.47.v20220610
org.eclipse.jetty/jetty-http 9.4.43.v20210629 9.4.47.v20220610
org.apache.tika/tika-core 1.28.3 1.28.4
org.apache.tika/tika-parsers 1.28.3 1.28.4
org.freemarker/freemarker 2.3.28 2.3.30
org.springframework/spring-context-support 5.3.20 5.3.22
org.springframework/spring-web 5.3.20 5.3.22
com.fasterxml.jackson.dataformat/jackson-dataformat-yaml 2.13.3 2.13.4
org.yaml/snakeyaml 1.28 1.29
org.springframework/spring-webmvc 5.3.20 5.3.22
com.fasterxml.jackson.datatype/jackson-datatype-json-org 2.13.3 2.13.4
com.google.apis/google-api-services-analytics v3-rev20190807-1.31.0 v3-rev20190807-2.0.0
com.google.api-client/google-api-client 1.31.1 2.0.0
com.google.oauth-client/google-oauth-client 1.31.2 1.34.1
com.google.http-client/google-http-client 1.38.0 1.42.1
io.opencensus/opencensus-api 0.24.0 0.31.1
io.grpc/grpc-context 1.22.1 1.27.2
io.opencensus/opencensus-contrib-http-util 0.24.0 0.31.1
com.google.http-client/google-http-client-apache-v2 1.38.0 1.42.1
org.springframework.boot/spring-boot 2.5.14 2.6.10
org.springframework.boot/spring-boot-starter-jdbc 2.5.14 2.6.10
org.springframework.boot/spring-boot-starter 2.5.14 2.6.10
org.springframework.boot/spring-boot-autoconfigure 2.5.14 2.6.10
org.springframework/spring-jdbc 5.3.20 5.3.22
org.springframework/spring-tx 5.3.20 5.3.22
org.springframework.security/spring-security-config 5.6.5 5.6.7
org.springframework.security/spring-security-core 5.6.5 5.6.7
org.springframework.security/spring-security-crypto 5.6.5 5.6.7
org.springframework.boot/spring-boot-starter-web 2.5.14 2.6.10
org.springframework.boot/spring-boot-starter-json 2.5.14 2.6.10
com.fasterxml.jackson.datatype/jackson-datatype-jdk8 2.12.6 2.13.3
com.fasterxml.jackson.datatype/jackson-datatype-jsr310 2.12.6 2.13.3
com.fasterxml.jackson.module/jackson-module-parameter-names 2.12.6 2.13.3
org.springframework/spring-oxm 5.3.20 5.3.22
org.springframework.security/spring-security-web 5.6.5 5.6.7
org.springframework.security/spring-security-oauth2-client 5.6.5 5.6.7
org.springframework.security/spring-security-oauth2-core 5.6.5 5.6.7
org.jsoup/jsoup 1.14.2 1.15.3
org.apache.maven/maven-core 3.8.1 3.8.2
org.apache.maven/maven-settings 3.8.1 3.8.2
org.apache.maven/maven-settings-builder 3.8.1 3.8.2
org.apache.maven/maven-builder-support 3.8.1 3.8.2
org.apache.maven/maven-repository-metadata 3.8.1 3.8.2
org.apache.maven/maven-plugin-api 3.8.1 3.8.2
org.apache.maven/maven-model-builder 3.8.1 3.8.2
org.apache.maven/maven-resolver-provider 3.8.1 3.8.2
org.apache.maven.resolver/maven-resolver-impl 1.6.2 1.6.3
org.apache.maven.resolver/maven-resolver-api 1.6.2 1.6.3
org.apache.maven.resolver/maven-resolver-spi 1.6.2 1.6.3
org.apache.maven.resolver/maven-resolver-util 1.6.2 1.6.3
org.apache.maven.shared/maven-shared-utils 3.2.1 3.3.4
com.google.inject/guice 4.2.1 4.2.2
org.apache.maven/maven-artifact 3.8.1 3.8.2
org.apache.maven/maven-model 3.8.1 3.8.2
org.webjars/swagger-ui 3.26.0 4.2.1
org.springframework.integration/spring-integration-ftp 5.5.12 5.5.14
org.springframework.integration/spring-integration-file 5.5.12 5.5.14
org.springframework.integration/spring-integration-core 5.5.12 5.5.14
org.springframework/spring-messaging 5.3.20 5.3.22
io.projectreactor/reactor-core 3.4.16 3.4.21
org.reactivestreams/reactive-streams 1.0.3 1.0.4
org.springframework.integration/spring-integration-sftp 5.5.12 5.5.14

Removed com.h2database/h2 1.4.200
Removed net.sf.ehcache/ehcache 2.10.6
Removed com.google.http-client/google-http-client-jackson2 1.38.0
Removed org.sonatype.plexus/plexus-cipher 1.4
Added com.google.http-client/google-http-client-gson 1.42.1
Added com.google.code.gson/gson 2.9.0
Added org.apache.httpcomponents/httpcore 4.4.15

Overview of JIRA issues closed in Bloomreach Experience 15.1.1

Improvement

  • ENT-5795 ] - [site-toolkit]  Replace ehcache with repackaged version
  • CMS-15148 ] - [repository] Tackle Performance problems associated with the instantiation of new sessions
  • CMS-15071 ] - [cms] (Backport 15) Make links configurable in help menu / hide help menu

Bug

  • ENT-5248 ] - [targeting, hap]  Limit ES memory
  • CMS-15151 ] - [navigation-application] [PaaS backport] The bloomreach logo is out of proportion in the navapp
  • CMS-15147 ] - [5 modules] Moment vulnerability
  • CMS-15135 ] - [translations] Corrections in German translation
  • CMS-15131 ] - [channel-manager] Link picker is broken in Create content panel in Experience manager
  • CMS-15123 ] - [cms] [Backport v15] [CSP] Allow inline base64 images

Task

  • CMS-15166 ] - [repository] Update eclipse jetty dependency
  • CMS-15164 ] - [13 modules] Remove h2 runtime dependency
  • CMS-15162 ] - [project] Udate jackson dependencies to the latest version
  • CMS-15160 ] - [21 modules] Bump library versions
  • CMS-15157 ] - [project] Update freemarker to the latest version
  • CMS-15133 ] - [navigation-application, translations] [Backport] Add navigation menu item for "Setup -> Usage"
  • CMS-14965 ] - [project, hap] Change the HAP and pom file after changes in SPA SDK

 

Totals for issues in this release

  • Improvements 3
  • Bugs 6
  • Tasks 7
Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?

    We rely on cookies

    to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

    Manage cookies
    Accept & close

    Cookies preferences

    Accept & close
    Back