CM1-5.3-SR1 February-2018 Patch

Patch ID - 5315_20180125

This is a cumulative patch for CM1 5.3 SR1 that includes a blend of customer driven enhancements and defect corrections. This patch includes an Uninstall option to support rollback in the event the Patch introduces a problem or issue. The patch may be downloaded from the Support portal.  For instructions on Installing or Uninstalling the Patch, please review the Patch Readme file.  An updated list of Known Issues can be found at the bottom of this page. 

This is a culmulative patch that includes all of the improvements delivered in previous patches for the 5.3 SR1 version.  For details on what was included in previous Patch updates, please see the release notes for prior patches.  Links to prior patch Release Notes are provided below:

Improvements in this Patch

Patch Installation / Uninstallation

An important part of the patching process is that the Patch Installation and Uninstallation works cleanly without error.  The following defects were fixed in the Patch Install / Uninstall process as part of this Patch.

  • [CMS-3561] - Patch Uninstall breaks startup and leaves mismatched Package Versions of certain Widgets & Gadgets
  • [CMS-3576] - Unable to uninstall Patch from Stand-Alone Staging or Standalone Production DTS
  • [CMS-3504] - uninstall.sh script removes the executable permissions of TomcatStartup.sh/TomcatShutdown.sh
  • [CMS-3415] - Version.properties is not getting updated on patch install for Stand-Alone DTS
  • [CMS-3534] - Siteimprove Gadget is incorrectly uninstalled on when previous patch is uninstalled
  • [CMS-3562] - phantomJS being made non-executable on patch install on Linux

Security

[CMS-3376] - Security: Add a robots.txt into the root of the CM1 and DTS web apps

A robots.txt file has been added to the root web applications for CM1 and the DTS server to disallow Robots and Seach Engines from attempting to crawl the CMS to account for scenarios when the CMS is deployed on a public Internet facing environment.

[CMS-3400] - Security: DTS Metadata get API max results and start results parameter are not sanitized and are passed back in json response

An XSS vulnerability was reported and resolved in the DTS Metadata service to prevent the DTS from returning injected JavaScript in error mesages returned by the service. 

Performance

Several performance improvements were made in this patch designed to improve the overall performance of the system for implementations with large numbers of workflow and roles combined with deep and wide Navigation trees, several defects in Session management that could result in a Session related memory leak were also corrected.

  • [CMS-3509] - Performance - Create singleton of PSRelationshipDbProcessor,PSRelationshipProcessor and PSServerFolderProcess to use request on thread local
  • [CMS-3510] - Performance - PSPropertyWrapper synchronized on read blocking threads
  • [CMS-3511] - Performance - Fix Threading blocking on PSItemSummaryCache
  • [CMS-3512] - Performance - Remove very slow getFileIconPaths method not used but run in CM1
  • [CMS-3513] - Performance - Location Scheme Map blocking threads on read
  • [CMS-3514] - Performance - No need to synchronize on Notification queue with concurrent hashmap
  • [CMS-3522] - Performance - NullPointerException on Auto Checkin on session expiry
  • [CMS-3572] - Performance - UserSessions increasing while only one user logged into the system

Widget Improvements

Various updates were made to widgets to correct defects or to address ADA / WCAG compliance concerns.  A significant update has been made to the Role based customization and configuration options available in the TinyMCE text editor when it is used in the Rich Text Widget, Simple Text Widget, Blog Post, and Custom Widgets.  More information on the new Role based configuration / customization options can be found here.

Custom Widgets

CMS-3550] - Finding categories with "/Categories" prefix is failing

A regression was corrected in the Category Velocity/JEXL API method $rx.pageutils.getCategoryByPath, that caused issues for Custom Widgets that relied on the existing API behavior in order to function after applying the previous patch.  Categories will now be queryable with or without the /Categories prefix, and with or without a leading / as in prior versions. 

[CMS-3549] - Categories sometimes being filtered by selectable value

The $rx.pageutils.getCategoryByPath API was updated to not exclude categories that were not checked as selectable.

Simple Text Widget

[CMS-2467] - Simple Text Widget is using the Rich Text Editor full configuration

A regression was corrected in the Simple text widget that had incorrectly enabled the full rich text editor menus and toolbar options for the Simple Text widget.   After applying the Patch, the Simple text widget will revert to the correct minimal editor configuration.  For customer's that accidentally used the Simple Text widget on their templates instead of the Rich Text Widget, existing Images and managed links inserted into Simple Text fields will continue to be processed correctly after applying the patch. 

The Simple Text widget has also been updated to take advantage of the new customization options for the TinyMCE editor also included in this patch.  This allows the system administrator to configure the Simple text widget with any menus, toolbars, or plugins that they desire or require, and for that configuration to survive upgrade.  For more information see the Customizing the Rich Text Editor page on the help site. 

Rich Text Widget

The Rich text Widget has recieved several updates in this patch.  The Full Screen functionality has been improved, the version of the TinyMCE editor has been updated, and several Accessibility updates.  Note:  In order for end-users to pick up the new changes to the User Interface they may need to clear their browser cache while viewing the CM1 user interface. 

[CMS-3543] - Update to TinyMCE Version 4.5.8

The TinyMCE editor has been updated to version 4.5.8.  This is the last version of the TinyMCE editor that will support the Internet Explorer 8-10 browsers.   The 5.4 release of CM1 will follow this trend and drop support for the Internet Explorer versions 8-10 so that we can keep up to date with Editor enhancements and release stream.  

[CMS-3476] - Missing broken link icon after installing patch

When in the Page Editor, Rich Text Editor or Preview mode, the Broken Link icon was not being displayed for inline links that are linking to content that was deleted or archived from the site.  This created confusion for Content Maintainers because they could not tell when a given Managed Link was broken until it was published and dead linked.  The link logic has been updated and a new Warning icon has also been added for links to Assets or Pages that haven't been published yet.   The new behavior should apear in the Page Editor, Rich Text Editor, and Preview views of the website. 

  Screenshot of Warning and Error alters on broken links in the Rich Text Editor

After the Patch any broken links will be displayed with the Red Exclamation point icon to indicate that the link is broken.  On publishing, broken managed links will continue to be removed automatically and turned into deadlinks.

[CMS-150] - Rich Text widget fullscreen function does not work correctly

The Full Screen function has been improved to allow the editor to fill the available editor dialog.  A new button has been added to the editor dialog to allow for resizing of the Window prior to selecting Full Screen.

Screenshot of the new Rich Text Full Screen Button

[CMS-3539] - Update the system to automatically detect old customized Alt and Title tags on Image assets in Rich Text Widgets and set them as Overrides by default

This is an update to new feature introduced in a prior patch that corrected the Rich Text widget to always pull Alt and Title text for images from the underlying Image Asset.  This was to allow for a shared Image Asset to be updated once with Alt and Title text, and have the Alt and Title text updated on any Page that referenced the Image Asset.  As part of that update existing Overrides of Alt and Title text were ignored.  This surposed some customer's who were relying on the Overrides in the Rich text editor exclusively for Image alt and / or title text.  Based on customer feedback, this feature has been change to detect if Alt or Title text has been overriden prior to applying the patch, and will now use the existing Override text if it is avilable.  

[CMS-3474] - Accessibility: Add an option to support Decorative Images with empty Alt Text in the Rich Text Editor

A new Decorative Image checkbox has been added to the Edit Image dialog.  According to WCAG specifications, Decorative Images, e.g. Images that are used purely for decoration and do not communicate information or functionality, should have an empty Alt text.  When checked, an empty alt attribute will be written when the Image is rendered to indicate that the image is decorative.  The Image Description (Alt Text) is still required for all other types of Image. 

Screenshot of the new Decorative Image Checkbox

[CMS-2190] - PercRichTextCustomStyles.properties is overridden on upgrade

The new TinyMCE configuration options change the way that Custom Styles are configured in the Rich Text Editor.   Customer's that are using Custom Styles should define them using the new configuration format specified under the rx_resources/tinymce directory.  The configuration files in the directory will never be overwritten on future upgrades. 

Navigation Widget

The Skip Link feature of the Navigation widget was updated for an Accessibility improvement.

[CMS-3521] - Accessibility - Skip link tabindex needs to be a layout option

Screenshot of the Navigation Widget Layout Properties with new TabIndex Property highlighted

A new layout property was added to the Navigation widget to allow for the tabindex to be configured for the Skip Link.  This is to facilitate hiding or showing the Skip Link. 

File Widget

[CMS-3565] - Accessibility: File Assets referenced in Inline Images inserted in Rich text fields fail to process links due to missing alttext property

File Assets now support an Alt Text field to account for cases where the File Asset is used to manage an Image instead of a standard file.  Examples of this may be SVG images that have been uploaded as File Assets to the system.  The system will use the new Alt text value if a File asset is manually used as the src for an image tag and later converted to a managed image or managed link.  

[CMS-3478] - File Asset Analytics ID is only allowing 2 parameters

The Analytics ID feature incorrectly allowed only 2 query parameters.  This feature has been updated to allow for any number of parameters to support full click tragging and tagging of File Asset links. 

Page Autolist

The Page Autolist widget was updated to correct two defects. 

[CMS-3495] - Page Auto List Hide Historical Results Breaks on 11/20 Patch

A regression was introduced in the 11/20/2017 patch where the Hide Historical results feature no longer worked after installing the patch.  This has been corrected in this patch. 

[CMS-3508] - Page Auto List Pagination JavaScript Missing from Patch

A defect was corrected where the previous patch did not include the JavaScript to support the Paging feature in the Page Autolist widget.  This has been corrected in this patch. 

Forms Widget

The Forms Widget was updated to correct ADA / WCAG compliance issues issues with the markup generated by some form fields. 

  • [CMS-3527] - Accessibility - ADA Compliance Errors on CM1 Form Checkbox/Radio Button Fields
  • [CMS-3475] - Accessibility -  CM1 Form 'Label For' Descriptor Does Not Match the Field
  • [CMS-3485] - Drop-down Field on CM1 Forms Does Not Have a 'name' Attribute Available.

Publishing

[CMS-69] - Shared assets being used by a template don't switch from pending to live state after approval of both the asset and the page. The asset will publish to live page, though

Shared Assets that were associated with Templates (not Pages) were not being Workflowed to a Live state when they were published creating confusion as to what the actual Status was of the Shared content.  The Publishing Workflow Task has been updated to Approve published Assets regardless if they are linked via the Page or the Pages Template. 

[CMS-3533] - Web Resources FTP Publishing fails when copy-resources.xml stops transfers when a single file errors out - should skip file and copy the rest

Customer's with Sites configured to publish using FTP as the protocol could miss updates to web_resources content if any resource had an errror during publishing.  After this update, the web resources task will copy all resources skipping any resources that error out (such as for a permissions error on a file intentionally maked read-only on the remote FTP server).

Siteimprove Plugin

[CMS-3498] - Siteimprove Plugin Not Available When Editing a Template

The Siteimprove plugin is now available when editing a Template in addition to when a user is editing a Page. 

Summary List of Issues Included in this Patch

  • [CMS-69] - Shared assets being used by a template don't switch from pending to live state after approval of both the asset and the page. The asset will publish to live page, though.
  • [CMS-150] - Rich Text widget fullscreen function does not work correctly
  • [CMS-1068] - Resize of rich text widget does not work correctly
  • [CMS-2190] - PercRichTextCustomStyles.properties is overridden on upgrade
  • [CMS-2467] - Simple Text Widget is using the Rich Text Editor
  • [CMS-3343] - Table factory export appending extra bytes to exported binary files
  • [CMS-3376] - Security -  Get a robots.txt into the root of the CM1 and DTS web apps
  • [CMS-3400] - Security -  DTS max results and start results parameter are not sanitized and are passed back in json response
  • [CMS-3415] - Version.properties is not getting updated on patch install for Stand-Alone DTS
  • [CMS-3475] - Accessibility -  CM1 Form 'Label For' Descriptor Does Not Match the Field
  • [CMS-3476] - Missing broken link icon after installing patch
  • [CMS-3478] - File Asset Analytics ID is only allowing 2 parameters
  • [CMS-3485] - Drop-down Field on CM1 Forms Does Not Have a 'name' Attribute Available.
  • [CMS-3495] - Page Auto List Hide Historical Results Breaks on 11/20 Patch
  • [CMS-3498] - Siteimprove Plugin Not Available When Editing a Template
  • [CMS-3504] - uninstall.sh script removes the executable permissions of TomcatStartup.sh/TomcatShutdown.sh
  • [CMS-3508] - Page Auto List Pagination JavaScript Missing from Patch
  • [CMS-3509] - Performance - Create singleton of PSRelationshipDbProcessor,PSRelationshipProcessor and PSServerFolderProcess to use request on thread local
  • [CMS-3510] - Performance - PSPropertyWrapper synchronized on read blocking threads
  • [CMS-3511] - Performance - Fix Threading blocking on PSItemSummaryCache
  • [CMS-3512] - Performance - Remove very slow getFileIconPaths method not used but run in CM1
  • [CMS-3513] - Performance - Location Scheme Map blocking threads on read
  • [CMS-3514] - Performance - No need to synchronize on Notification queue with concurrent hashmap
  • [CMS-3522] - Performance - NullPointerException on Auto Checkin on session expiry
  • [CMS-3527] - Accessibility - ADA Compliance Errors on CM1 Form Checkbox/Radio Button Fields
  • [CMS-3533] - Web Resources FTP Publishing fails when copy-resources.xml stops transfers when a single file errors out - should skip file and copy the rest
  • [CMS-3534] - Siteimprove Gadget is Uninstalled on Latest Patch
  • [CMS-3538] - Accessibility - Rich Text Editor Doesn't Display Correct Alt/Title Attributes For Images
  • [CMS-3550] - finding categories with "/Categories" prefix is failing
  • [CMS-3561] - Patch Uninstall breaks startup and leaves mismatched Package Versions of certain Widgets & Gadgets
  • [CMS-3562] - phantomJS being made non-executable on patch install on Linux
  • [CMS-3565] - File Assets referenced in Inline Images fail to process links due to missing alttext property
  • [CMS-3572] - Performance - UserSessions increasing while only one user logged into the system
  • [CMS-3576] - Unable to uninstall Patch from Stand-Alone Staging or Standalone Production DTS
  • [CMS-2986] - Upgrade TinyMCE configurations to allow for end user customization without overwrite on upgrade
  • [CMS-3379] - Remove the not allowed in SaaS flag from the Import LDAP users feature
  • [CMS-3543] - Update to TinyMCE Version 4.5.8
  • [CMS-3548] - A user trying to open an item without permission when the item had been auto checked in throws error to log
  • [CMS-3549] - Categories sometimes being filtered by selectable value.
  • [CMS-3474] - Accesibility - Add an option to support Decorative Images with no Alt Text in the Rich Text Editor
  • [CMS-3521] - Skip link tabindex needs to be a layout option
  • [CMS-3539] - Update the system to automatically detect old customized Alt and Title tags on Image assets in Rich Text Widgets and set them as Overrides by default

Known Issue List

  • CMS-3614 - After applying the Patch end users may need to Clear their browser cache in the CM1 user interface in order to see the new changes to the Rich text Editor and plugins, ideally this should be automated. 
  • CMS-3613 - After applying the patch HTML elements with empty attributes are incorrectly being cleared by the Rich Text Editor.  For customer's using elements like the Foundation Slider. which rely on empty html attributes, we recommend waiting until an updated patch has been relesed. 
  • CMS-3389 - Customer using the secure sections feature will have problems starting the DTS after applying the patch.  They should contact technical support for a work around prior to attempting to patch their instance. 
  • CMS-3257 Customers using the MySQL database server as the backing database for the DTS, will lose the MySQL Connector jar if it was previously placed into the <InstallDir>/Deployment/Server/perc-lib directory.  To correct this problem the MySQL Connector for Java may be installed or symlinked into the <InstallDir>/Deployment/Server/lib directory.  Percussion does not include this connector as part of our installation due to license incompatibility issues.
  • CMS-3490 - Customers Patching the DTS on Windows Servers will need to reinstall the DTS Windows service by using the "<InstallDir>\Deployment\Server\bin\service.bat remove" and  "<InstallDir>\Deployment\Server\bin\service.bat install" commands.  Once the service has been successfully re-installed, the Percussion DTS Windows Service will correctly start. 
  • CMS-3280 -Customer's running the DTS on a server that also has native APR libraries installed, may run into problems starting the DTS HTTPS connector.   The HTTPS connector may fail to start with an invalid Keystore configuration.  To resolve this issue, remove or comment out the following line in the <InstallDir>/Deployment/Server/conf/server.xml file:

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>

e.g. 

<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/> -->.  Restarting the DTS after this change will resolve the APR related errors.