CM1 5.3 SR1 -November 2017 Patch

Patch ID - 5315_20171120

This is a cumulative patch for CM1 5.3 SR1 that includes a blend of customer driven enhancements and defect corrections. This patch includes an Uninstall option to support rollback in the event the Patch introduces a problem or issue. The patch may be downloaded from the Support portal.  For instructions on Installing or Uninstalling the Patch, please review the Patch Readme file.  An updated list of Known Issues can be found at the bottom of this page. 

New Features & Improvements in this Patch

This patch includes several new capabilities related to Categories as well as Accessibility updates for a number of stock Widgets.

Multi-Site Categories

The Category feature has been updated with the ability to restrict Categories to one or more sites.  This is useful for multi-site deployments that are using categories to group and segment content with different sets of Categories between sites. 

Widget Improvements

For many of the Accessibility improvements new content & layout properties have been added to the updated Widgets with sane defaults. We recommend that designers review the new Layout and Content properties on their templates after applying the patch to fine tune the accessibility settings for their page templates, and update related CSS accordingly.

RSS Widget

The RSS widget has been updated to include improved W3C Aria markup and title attributes on links in the RSS feed for improved 508/ADA compliance.

Page Autolist Widget

The Page Autolist widget has been updated to include improved W3C Aria markup for improved 508/ADA compliance.  Added support for filtering categories by site for the Multi-site Category feature were added to the Page Auto List.

Blog List Widget

The Blog ist widget has been updated to include improved W3C Aria markup for improved 508/ADA compliance.

File List Widget

The File List widget has been updated to include improved W3C Aria markup for improved 508/ADA compliance.

Image List Widget

The Image List widget has been updated to include improved W3C Aria markup for improved 508/ADA compliance.

File Widget

The File widget will now support files with the SVG file extension.  Note that existing SVG files will need re-uploaded after applying the patch.  If you have a large number of existing SVG file assets that need their mime-types corrected, please contact technical support for assistance, they have a tool to bulk update the mime/type. 

Calendar Widget

The Calendar widget will no longer select all events by default, it will now selected events for the selected day.  This can improve performance of calendar Pages from seconds to milliseconds on sites with a large number of events. 

Alt & Title Text in Rich Text Widgets

A significant improvement was made to the way that Alt & Title text are handled in Rich Text widgets.  In previous versions, the Alt and Title text was added to content at the time an Asset was linked in the Rich Text editor.  Contributors could override the default text by typing in alternative title and alt text in the Insert Image or Link dialog.  Future edits to an Asset's Alt or Title text would not be reflected in any existing Rich Text widgets until the Asset was manually re-added to the existing content.  This behavior created a lot of work for content contributors updating their sites for Accessibility.  As part of this patch, the Rich Text widget will always pull the alt and title text from the Approved source Asset version, and only use the override text if it was specifically provided by a content contributor. 

Existing Alt & Title text overrides will be discarded after applying the patch.  New overrides may be created on a go forward basis.  To help ensure that new content is created in an accessible fashion, the Alt & Title properties are now Required for Asset links in the Rich Text editor. This is another improvement targeting Accessibility and Usability.

Security Updates

  • Prevent reverse tab jacking on links with _blank targets.  After the patch, external links with the _blank target will have the rel="noopener noreferrer" attribute added to the link to prevent this vulnerability.  The attribute will not be added for internal links. See this link for more details.

Notable Bug Fixes

  • The Siteimprove gadget was not registering the publishing extension upon installation of the patch.  This prevented the system from notifying Siteimprove when pages are published making the gadget unusable.  This has been corrected in this patch. 
  • The publishing task that copies web resources to the web server was not replacing files that already existed.  In some cases this would prevent updated resources from being published to the web server target. This has been corrected in this patch.
  • All Page templates were publishing with an X-UA-Compatible setting of IE=10.  This is required for drag and drop in the Page and Template Editor but is not required on the Published website where the expected setting would be IE=Edge.  This has been corrected in the Patch. Customer's experiencing "two heads" due to custom Document Type declarations to set the IE=Edge tag are recommend to update their templates to use the stock HTML5 document type and removing any X-UA-Compatible references in the Additional Head content for their templates after applying the patch. 

Complete List of Issues Addressed in the Patch

  • [CMS-123] - Meta-Data-Section adding Tags/Categories to a page, its CSS width for the menu is too small for Customers to find long Stringed items
  • [CMS-1301] - Add support for the SVG file extension to the File Widget
  • [CMS-1717] - Page Autolist with Categories allows you to select "folder" items which will cause 0 results
  • [CMS-1807] - Category Editor not working with UTF-8 characters
  • [CMS-1824] - Categories Tab Issue
  • [CMS-3330] - Calendar Loads All Calendar Pages -- Needs to Pull Selected Date Only
  • [CMS-3231] - alt and title tags are never updated with in inlineimages with the value in the Asset
  • [CMS-3283] - Allow for category filtering per site
  • [CMS-3199] - Expand on the Accessibility features of the Page AutoList
  • [CMS-3290] - DTS Feeds Service does not handle proxies correctly
  • [CMS-3315] - Unexpected end of input on file perc-common-ui.js
  • [CMS-3334] - site name does not get added to url when creating new page
  • [CMS-3360] - perc.CategoryDropDownControl.xsl cannot filter by site.
  • [CMS-3362] - Throw exceptions when category error instead of log and continue
  • [CMS-3363] - Old "Add Top Level Categories" node not properly removed if it previously existed
  • [CMS-3364] - Not selectable category nodes should not be filtered out of nodes to be rendered.
  • [CMS-3365] - Adding node manually to category xml throws error and breaks category editing
  • [CMS-3380] - Expand on the Accessibility features of the File AutoList
  • [CMS-3381] - Expand on the Accessibility features of the Image AutoList
  • [CMS-3395] - Expand on the Accessibility features of the Blog List
  • [CMS-3396] - The RSS widget does not include title on links
  • [CMS-2399] - Users are not able to use "children" or "child" as category name.
  • [CMS-3265] - The copy task for web resources during publish does not overwrite, leaving old files at destination
  • [CMS-3271] - PSSiteimprove Extension does not get added during patch install
  • [CMS-3273] - DTS Patch replaces service.bat with the default tomcat one; thus preventing the DTS service from being installed.
  • [CMS-3284] - Category tree not showing in read only
  • [CMS-3285] - Server does not start with cryptic error message when annotated parameter number does not match method parameter number
  • [CMS-3286] - Full stack trace not returned to log when package fails to deploy
  • [CMS-3403] - Page Templates referencing old IE tag: <meta http-equiv="X-UA-Compatible" content="IE=10"/>
  • [CMS-3471] - Prevent reverse tab jacking on links with _blank targets

Known Issue List

  • Customer using the secure sections feature will have problems starting the DTS after applying the patch.  They should contact technical support for a work around prior to attempting to patch their instance. 
  • Customers with certain hotfixed widgets (Calendar, Forms) may run into a startup problem after installing the patch.  To work around this issue customers can either contact Technical Support for assistance, or edit the <InstallDir>/rxconfig/Installer/InstallPackages.xml file and change the FAILED text for the affected widget to "INSTALLED", save the file and restart Percussion. The service will start cleanly.
  • Customers using the MySQL database server as the backing database for the DTS, will lose the MySQL Connector jar if it was previously placed into the <InstallDir>/Deployment/Server/perc-lib directory.  To correct this problem the MySQL Connector for Java may be installed or symlinked into the <InstallDir>/Deployment/Server/lib directory.  Percussion does not include this connector as part of our installation due to license incompatibility issues.
  • Customers Patching the DTS on Windows Servers will need to reinstall the DTS Windows service by using the "<InstallDir>\Deployment\Server\bin\service.bat remove" and  "<InstallDir>\Deployment\Server\bin\service.bat install" commands.  Once the service has been successfully re-installed, the Percussion DTS Windows Service will correctly start. 
  • Customer's running the DTS on a server that also has native APR libraries installed, may run into problems starting the DTS HTTPS connector.   The HTTPS connector may fail to start with an invalid Keystore configuration.  To resolve this issue, remove or comment out the following line in the <InstallDir>/Deployment/Server/conf/server.xml file:

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>

e.g. 

<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/> -->.  Restarting the DTS after this change will resolve the APR related errors.

Additional Configurations:

### CMS-3406 ###
1. The default percussion theme css has been modified to eliminate accessibility errors. This file is located at: {installation directory}\web_resources\themes\percussion\perc_theme.css. The base version of the file is updatated by the patch in the following location: {installation directory}\rx_resources\default_theme\theme.css. Some customers may have modified the perc_theme.css or have used these styles as a base for their own themes so we recommend making the following updates to avoid compliance issues.


The individual changes can be made to {installation directory}\web_resources\themes\percussion\perc_theme.css

change: (To increase color contrast for accessibility)

.perc-page-auto-list-calicon {
margin-right: 15px;
text-align: center;
padding: 3px;
text-transform: uppercase;
float: left;
display: inline-block;
background-color: #666;
color: #FFF;
}

to:

.perc-page-auto-list-calicon {
margin-right: 15px;
text-align: center;
padding: 3px;
text-transform: uppercase;
float: left;
display: inline-block;
background-color: #585858;
color: #FFF;
}

change: (To increase color contrast for accessibility)

.perc-page-auto-list-calicon-day {
background-color: #FFF;
color:#666;
width: 100%;
display: block;
font-size: 25px;
padding: 5px 0px;
}

to:

.perc-page-auto-list-calicon-day {
background-color: #FFF;
color:#585858;
width: 100%;
display: block;
font-size: 25px;
padding: 5px 0px;
}

change: (To increase color contrast for accessibility)

.perc-blog-list-calicon {
margin-right: 15px;
text-align: center;
padding: 3px;
text-transform: uppercase;
float: left;
display: inline-block;
background-color: #666;
color: #FFF;
}

to:

.perc-blog-list-calicon {
margin-right: 15px;
text-align: center;
padding: 3px;
text-transform: uppercase;
float: left;
display: inline-block;
background-color: #585858;
color: #FFF;
}

change: (To increase color contrast for accessibility)

.perc-blog-list-calicon-day {
background-color: #FFF;
color:#666;
width: 100%;
display: block;
font-size: 25px;
padding: 5px 0px;
}

to:

.perc-blog-list-calicon-day {
background-color: #FFF;
color:#585858;
width: 100%;
display: block;
font-size: 25px;
padding: 5px 0px;
}

change: (To visibly see when rss icon is tab selected for accessibility)

.perc-rss-icon
{
float:right;
display:block;
width:22px;
height:22px;
background:url(images/rss_logo.png);
text-indent:-10000px;
cursor:pointer;
outline:none;
background-repeat:no-repeat;
}

to:

.perc-rss-icon
{
float:right;
display:block;
width:22px;
height:22px;
background:url(images/rss_logo.png);
text-indent:-10000px;
cursor:pointer;
/*outline:none;*/
background-repeat:no-repeat;
}