CM1 5.3 Release Notes

New: Updated Kit Available 4/7/2016

The 5.3 release was updated on April 4th and released  on April 6th.  The refreshed kit resolves 17 defects discovered post release.  To determine if you have the latest release, check your About dialog in CM1.  If it reports "Version 5.3.0 Build 201604R04" you have the most current 5.3 release. Click here, for a list of changes. 

CM1 version 5.3 is now available to all customers. Please see the Percussion Support Portal page for access to this release, as well as reviewing the upgrade instructions prior to updating your system.  This release includes the following: 

April 2016 Security Update

If you previously implemented the Security Updates from April 2016 and are upgrading, you will need to review these procedures again, as the upgrade will overwrite them.

What's New in 5.3

5.3 includes a number of improvements, bug fixes, and new features.  These Release Notes were created and published by CM1 5.3.  

WCAG 2.0 Accessibility and HTML5 Improvements

The new release contains several improvements in HTML5 support and Accessibility. 

HTML5 Doc Type

The default HTML5 Doc Type on CM1 Templates has been updated to a form that validates with the W3C Validator.  We encourage customers that are using the XHTML Doc Type or a Custom Doc Type to try out the new HTML5 Doc Type on their Templates and to update any existing Custom Doc Type's that were based on prior versions of CM1.

An example of the new Doc Type is included below.

<!DOCTYPE html> <html xmlns="" prefix="dc: dcterms: perc: og: fb:" >

The updated form includes support for Dublin Core, RDFa 1.1, Percussion metadata, Open Graph, and Facebook namespaces.

Percussion Proprietary Attributes

Non validating Percussion proprietary attributes have been removed from Templates, Rich Text Editor, Blog List, Auto List, Category, Tag, and Rich Text Editor Widgets.

In most cases, these attributes have been replaced with HTML5 valid data-* attributes.

Some additional steps are required to take advantage of these changes for existing content.

  • In order for markup to be cleaned up in existing Templates, each Page Template should be edited and saved after upgrade.  This will remove the noAutoResize attribute and cleanup the Region class attribute.
  • Content in the Rich Text or Blog Assets needs to be edited and saved in order to remove the Microsoft Office namespace directives as well as the imgtype and constrain attributes.

There are a few remaining limitations.  Managed Link and Inline Link attributes will still be generated in Preview mode when viewing content.  The impact of this is that when Validating pages at Preview time, the Percussion attributes are still in the mark-up.  To validate pages without this markup, the Published page must be validated.  Additional work will be performed in this area in future releases.

Whitespace Generation

Whitespace output in all Base Templates and in most system Widgets has been reduced, resulting in more compact HTML output. 

WCAG 2.0 - 2.4.1 Bypass Blocks

The Bypass Blocks requirement of WCAG 2.0 is intended to provide a mechanism for web site visitors using Assistive technologies, like screen readers, to bypass repeated blocks of content such as common Navigation elements and "jump" to the main content area of a given page.  These are most commonly called "Skip Links".  The Navigation Widget has been updated to include an optional Skip Link feature that will generate a Skip Link that is activated on the first "TAB" key press to the page.  The default Percussion theme has been updated with CSS classes to allow the Skip Link to be styled as part of the site theme.  This Accessibility requirement is addressed by the Navigation widget's Skip Link feature.

WCAG 2.0 - 4.1.1 Parsing

The Parsing requirement of WCAG 2.0 is intended to ensure that Assistive technologies such as screen readers can successfully parse and read a given web site.  With the changes and content updates to Templates and Rich Text widgets described above, Percussion published web sites will meet this requirement.   We encourage customers to report any W3C Validation issues discovered in any out-of-the box Widget or base Templates produced by the system to with a link to the Page and/or HTML source, and a copy of the W3C Validation report if possible.  Parsing bugs will be prioritized for correction.

WCAG 2.0 - 4.1.2 Name, Role, Value

The Name, Role, Value requirement of WCAG 2.0 is intended to ensure that Assistive technologies can make sense of the various components that make up a web page to provide a more intelligible and usable user experience for Web Site Visitors using those tools. 

The following Widgets have been updated with improved Aria Role and Label support.
  • Page Autolist
  • Navigation Widget
  • Breadcrumb Widget
  • Blog List Widget

If you are using a Percussion Widget and find missed opportunities for Aria labels or Roles, please create a support ticket and we will evaluate / prioritize the Widget for improvement.

Rich Text Editor Tag Support

The Rich Text editor has been updated to allow any HTML tags. This will prevent tags like aria-label or i from being stripped from the content in the editor.  The limitation in Percussion is that non empty tags must contain content, such as a non breaking space or a comment.

A Note About Font Awesome

Font Awesome is a popular CSS based icon font.  We use it in the current CM1 UI.  Their default examples include an <i class="fa fa-somecoolicon"></i> and many Designers / Developers will use that markup. While we have updated the Rich Text Editor to not strip Font Awesome <i> tags,  unfortunately most accessibility testing tools and HTML validators will flag the use of the old HTML italics tag as being an error.  For this reason, we recommend that customers use the span tag instead.  For example:

<span class="fa fa-somecoolicon"><!-- --><span>

Community Widgets

With the release of the CM1 SDK tools in CM1 5.3 we have reactivated the Community section of the CM1 Widget tray with a couple of starter Community widgets.  We encourage Developers interested in creating Widgets that can be re-used by others in the Percussion community to get engaged with the CM1 SDK and Advanced Widget development tools, and to post their creations on the Community. 

Community Widgets

The Community Widgets included with 5.3 are:

  • Evergage Beacon Widget - Simplifies the addition of Evergage to Page templates.
  • Default Language Widget - Enables generation of <link rel="alternate" hreflang="" /> tags for multi national sites seeking to optimize and simplify SEO.

This is the first in a long line of updates intended to expand the optional Widget, Theme, and Feature capabilities of the product. 

CM1 SDK - Advanced Developer Tools

The CM1 SDK is a separate Installation from CM1 and is intended to be installed on a Developer's laptop or workstation.  The 5.3 installation kit is Linux or Windows only in this release, however documentation is provided for deployment on Mac environments. 

  • Workbench - The Workbench tool can be used to edit key files on the remote Percussion server, to develop custom Content Types to back CM1 Assets or Widgets, or to retrieve data from external Databases or DataSources and provide that data in Drop Down lists in the Percussion Content Editor.
  • Package Builder - The Package Builder can be used to Package a Widget, Theme, or Feature from a remote Percussion Server into a versionable, configurable, and distributable package file that can be installed on any version compatible Percussion server using the Package installer tool.
  • Package Installer - The Package Installer can be used to install a Percussion package on a remote Percussion server.


Categories are useful for organizing, displaying, and formatting content in different areas of the Web Site.

Category Editor

The new Category Editor allows for the creation and management of Categories through the user interface. 

Category Editor

Category Drop Down Control

Provides Advanced Widget Developers the ability to add cascading hierarchical drop down lists based on Categories managed through the editor to their widgets.

Filter Page Auto List by Category

The Page Auto List widget has been updated to add Categories as a filter for the list.  

Auto List Category Filtering

Auto List Calendar Icon

The auto list has been enhanced to generate styleable and themable lists of Calender Icons.

Calendar Icon Screenshot

Category Classes

Category Classes were added to the Blog List and the Page Autolist widgets.  This feature adds the Categories that a Page has been tagged with to list css classes so that those classes can be used to style a list differently by category.


Various markup and content cleanup features improve on Percussion's SEO capabilities. 

SOLR Integration

We've added support for publishing to Apache SOLR for customers with SOLR in their infrastructure or looking for an alternative to Google Custom Search/GSA. 

Click here for more information on integrating Apache SOLR

Widget Builder

Fields are not required by default

The "all fields required" limitation of the Widget Builder has been removed.  For Developers that were relying on the Widget Builder field variables to never be blank or unset in their templates, Custom Widget Display templates should updated to check field values.  For example:

#if("$!{myfield}" = "")##
    #set($myfield = "")##

The !${ syntax can also be used to prevent variable names from being rendered as HTML in the Velocity Display Template of a Widget.  If a variable is empty, the name of the variable will be rendered.  If the variable is #set equal to "" or is referenced as $!{variableName}, the variable will not be published if the Widget is empty. 

Default File Extension

CM1 has always provided customers the ability to use extension-less urls, and provided the capability for Page Authors to change the extension of Pages to any extension that they wanted, such as .html, .shtml, .aspx, .php, .jsp, or .cfm.  What was lacking was the ability to add a Default File Extension for Pages.  Starting with the 5.3 version, the default file extension for Pages created in new sites will be html.  

The file extension is not required, but as a Best Practice we recommend using a standard default extension for better compatibility with Web Server and Search technologies.  Many web tools use the extension of a resource on the Web to determine the type of content that the resource contains.  Using a standard html file extension will simplify web server configuration and remove any concerns that a Search Engine won't know how to read your content.    

The default file extension is configured on the Site Properties on the Top level node in the Navigation Editor. 

Default file extension

Rich Text Editor Update

The TinyMCE Rich Text Editor has been updated fixing a large number of issues in the editor.  

  • Full Screen support has been improved (but not perfected)
  • Improved Table editing support
  • Improved Link handling.
  • A complete list of changes to the Editor can be found here.

As it is such an important part of the content creating process, we will be updating the Editor with each release.  As part of our long standing partnership with Ephox,  we have also worked to enable TinyMCE Enterprise as an add-on option for Percussion customers.  Contact for more details on the TinyMCE Enterprise option.  

Known Issues

Windows Server 2012 - Compatibility Mode.  When installing CM1 on Windows Server 2012 the installer must be run in Compatibility Mode and as an Administrator. 

Copy Site. This release corrects several issues with the Copy Site function.  We recommend that all customers that have used the Copy Site function in the past, to upgrade to version 5.3 at their earliest convenience. An issue has been discovered in previous versions of the product that can cause local content in the source site to be deleted when a copied Page in the Site Copy is deleted.  

5.3 corrects this deletion bug, but there is a manual data update that needs to be performed by the Support team until we have a formal patch for this.  Please contact if you have a Site that was involved in a Site copy and are concerned that you may be affected by this.

CM1 configuration for DTS.  If your DTS service is installed on the same server as Percussion CM1, you may need to check your Delivery Server configuration file to avoid an issue with where your published pages will look for your DTS service.

Check your delivery-servers.xml file, located in <CM1_Root>\rxconfig\DeliveryServer. If your <connect-url> is set to localhost:


You need to change 'localhost:9980' to the URL (or main URL) of your web site.  For example, our setting for is


If you have multiple sites in your CM1, you can use any of the main URls for your site.  You can check step 4 for any of the 3 recommended web server configurations, or contact Support for assistance.

If you need to make changes to this file, you will need to restart the CM1 service and run a full publish for these changes to take effect.

Browser Cache and CM1. Some new features of CM1 may require you clear your browser's cache.

Blog List Sort settings. If your Blog Lists no longer display links in the same order, the new Blog List widget has options to choose how to sort your list.  Previous versions sorted by "Post Date," but the 5.3 upgrade defaults to sort by "Link Text."

Issues connecting to DTS following upgrade.

1) After upgrading, some users have had an issue with DTS where port 8443 - used by CM1 to communicate with DTS during publishing - does not start correctly, causing publishing jobs to show as "Completed with Failures." 

To resolve this, find this file on your DTS installation:


You can edit this file (first make a backup, just in case) and comment out line 22, which looks like this:

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>

and change it to this:

<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/> -->

After this change, stop the DTS service, wait about a minute, then start the service again.

NOTE: You do not need to restart the CM1 service. After DTS starts up again, try publishing and see if it completes without failures.

Fixed Security Vulnerabilities 

  • [CMS-1639] - Apache commons-collections: Remote code execution during deserialisation (CVE 2015-7501) Update to Commons Collections 3.2.2
  • [CMS-1723] - OWASP-IG-004 Fingerprinting vulnerability - remove meta name="generator"

Complete List of Fixed Issues

  • [CMS-134] - Lowercase drive letter in web.xml file causes custom widget deployment to fail
  • [CMS-142] - TinyMCE: Rich Text Widget internal/external link management
  • [CMS-233] - Windows: Installing CM1 and entering install path with wrong case can break Custom Widget deployment
  • [CMS-571] - In Blog list widget non breaking space stemming from “more link” element
  • [CMS-1010] - Package Builder not treating "cm" as a System Application
  • [CMS-1018] - System displays stack trace in the UI if two people login with the same user name at the same time
  • [CMS-1114] - Sites with 100+ section causes Blog List Gadget to hang
  • [CMS-1367] - Snapshot isolation is not set to ON after out of the box install
  • [CMS-1394] - Rich Text Editor removes links on save if they are broken, should just indicate that they are broken
  • [CMS-1643] - Bug in unreleased Solr configuration mismatch with "ServerType" and server-type
  • [CMS-1405] - Scheduling publish date on item that has already published causes links to item to be removed until republished
  • [CMS-1412] - SaaS: Docker writing over database when starting up after ip address change (e.g. restore)
  • [CMS-1470] - Running overwrote default server.xml for staging AND prod
  • [CMS-1490] - 5.2.5 upgrade issue - deleting a site causes error with Publishing
  • [CMS-1505] - 5.2.1 Upgrade issues with DTS Tomcat users and Secure Membership
  • [CMS-1514] - 5.2.5 DTS Upgrade issue for Windows - 8443 does not start
  • [CMS-1529] - Page Auto List does not display page list with the selected categories.
  • [CMS-1530] - Bug with dynatree - will not reload tree if there is only one child.
  • [CMS-1537] - On upgrade rx_resources/categories/default.xml is not updated
  • [CMS-1551] - Build installs failing due to missing json.jar in classpath
  • [CMS-1554] - SaaS Logs Flooded with Invalid Nagios User Agent Warning Twice Every Second
  • [CMS-1609] - Binding based metadata not handling list values
  • [CMS-1610] - Added PageUtils Jexl methods to support metadata and categories
  • [CMS-1630] - After Upgrade if the Category.xml is missing Assembly Fails
  • [CMS-1633] - Server Log Flooded with Connection Failures Every Second When DTS is Down
  • [CMS-1635] - Remove Social Promotions Gadget From the User Interface
  • [CMS-1638] - Metadata failing on Google Custom Search Box after Upgrade
  • [CMS-1639] - Apache commons-collections: Remote code execution during deserialisation (CVE 2015-7501) Update to Commons Collections 3.2.2
  • [CMS-1644] - Blog List Widget Does not Allow For Localization of Date Format and other Fields
  • [CMS-1645] - Google Analytics Integration Failing To Load new Google key format
  • [CMS-1650] - Cache when locked expiration Errors in L2 cache
  • [CMS-1651] - Typo preventing manual year edit in calendar control
  • [CMS-1667] - Occasional null pointer exception thrown to client when reordering category
  • [CMS-1686] - double slash added to paths for sftp client that breaks publishing on non linux based sftp server
  • [CMS-1687] - new page utils firstAncestorWidgetContents method not working across templates
  • [CMS-1688] - SolrDeliveryHandler throwing null pointer exception on staging publish when solr not configured
  • [CMS-1689] - Design Menu Pulls Template For All Sites
  • [CMS-1692] - Font Awesome HTML tags being stripped from source code of RTW
  • [CMS-1694] - Issues updating publishing status.
  • [CMS-1696] - Global variables always append a space to the end of the variable
  • [CMS-1706] - Archive and Results widget pulls last day of month at 00:00:00 instead of 23:59:59
  • [CMS-1712] - FTP does not publish with UTF-8
  • [CMS-1715] - PSMetadataExtractor not added to server-beans.xml on upgrade
  • [CMS-1723] - OWASP-IG-004 Fingerprinting vulnerability - remove meta name="generator"
  • [CMS-1728] - Modify navigation to exclude non public landing page items
  • [CMS-1730] - Thread locking in commit blocking delivery handler thread and timing out parallel publishes
  • [CMS-1732] - Fix XML Server tab on CM1 Workbench
  • [CMS-1733] - Fix Resources folder on CM1 Workbench
  • [CMS-1739] - Page Summary begin injected into the end of the cal-icon div
  • [CMS-1740] - Rich Text widget strips our Aria-label and aria-labelledby HTML element tags
  • [CMS-1746] - TinyMCE imgtype and border invalid html
  • [CMS-1747] - Region editor noAutoResize in region generates invalid markup
  • [CMS-1748] - Default Page template - invalid datatype attributes
  • [CMS-1749] - Default Page template - duplicate and late utf-8 charset
  • [CMS-1750] - Spurious spaces in Region class attribute
  • [CMS-1751] - Blog Post dcterms:author is not a valid Dublin Core term add dcterms:creator
  • [CMS-1752] - Default HTML5 doctype fails W3C validation
  • [CMS-1753] - Blog Post widget includes invalid data attribute
  • [CMS-1754] - Tiny MCE Strips aria-label from markup
  • [CMS-1755] - Rich Text Editor adding Microsoft Office XML Namespaces on Save - fails W3C Validation
  • [CMS-1756] - HTML Validation fails with empty target attribute on Navigation Widget
  • [CMS-1763] - Multiple Nav Widgets on Page fail HTML5 Validation with duplicate id
  • [CMS-1768] - page utils widgetContents gets forces load of lazy loaded properties including file binary
  • [CMS-1892] - Upgrade to TinyMce 4.38
  • [CMS-1679] - Update CM1, DTS, Workbench installers to ship Java 1.7 Update 80

Issues Corrected in the 4/7/16 Refresh

  • [CMS-1786] - Widget resource not showing up in System/CMS Files of workbench
  • [CMS-1790] - Content Editor not loading with null pointer exception
  • [CMS-1791] - Workbench Xml Editor not working
  • [CMS-1793] - Re-enable Extensions under XML Server Tab of workbench to allow drag and drop of extensions
  • [CMS-1799] - Html markup being removed from dcterms:abstract / summary metadata
  • [CMS-1804] - Cannot create new production publishing server in CM1
  • [CMS-1812] - Infinate Loop In unsynchronized Hashmap in PSBaseDeliveryHandler.JobData object
  • [CMS-1891] - Upgrade to 5.3 removes pre-selected categories from Page Auto Lists, Categories lists, etc.
  • [CMS-1893] - Multiple tinymce fields in widget causes content to be removed on save.
  • [CMS-1894] - Skip delivering feeds without valid data-query attribute
  • [CMS-1895] - Need to Map Blog template ids on site copy
  • [CMS-1896] - Fixes for perc widgets to validate with data- attributes
  • [CMS-1897] - Null pointer exception on item unpublish
  • [CMS-1898] - Skip items from publish queue for unknown jobs e.g. if server restarted
  • [CMS-1899] - Fix Unclosed statements in PSFixNextNumber and $rx.db.get
  • [CMS-1900] - PSPurgableTempFile not deleted properly on publish.
  • [CMS-1901] - Turn down any-23 metadata parser logging