CM1 5.3 SR1 20180816 Patch

Patch ID - 5315_20180816

This is a cumulative/rollup patch for CM1 5.3 SR1 that includes defect corrections & enhancements. This patch includes an uninstall option to support rollback in the event the patch introduces a problem or issue. The patch can be downloaded from the Support portal. For instructions on installing or uninstalling the patch, please review the Readme file provided in the patch folder.  

An updated list of Known Issues can be found at the bottom of this page.

For details on bug fixes and improvements in previous patch updates, please see the release notes for prior patches.  Links to prior patch release notes are provided below:

Improvements in this patch:

[CMS-4205] - Page Speed: Update system widgets that include inline javaScript scripts to defer execution until the Page is loaded

All Percussion widgets that generate inline JavaScript have been updated to defer execution until the Page has been loaded.  This is to improve on the Page Speed of pages using these widgets. We recommend that customers review their Custom Widgets, Pages, and Templates for opportunities to defer inline scripts using the same technique.

Percussion Widgets with inline Scripts are deferred using the DOMContentLoaded event handler:

<script> window.addEventListener('DOMContentLoaded', function() { ... }); </script>


[CMS-4287] - Directory Widget: Add an option to display the full directory by default instead of only 1st letter

The Directory widget has been enhanced with a new Layout property to Show All directory entries by default, or to just display the first letter of directory members.  This is useful for directories when a small number of contacts appear in the Directory list when the first letter option is enabled.

Screenshot of the Layout properties of the Directory Widget with the new 'Display full directory' highlighted 

[CMS-3835] - Add a command line option --skipVersion to the patch install.bat / install.sh that will bypass the version check

A new --skipVersion command line option has been added to the patch installer to support situations where an error occurs and the patch needs to be re-installed over the same version.

Defects Corrected in this Patch

[CMS-773] - Unable to delete/save/approve/publish page because the revision 'x' does not specify the current revision

A long standing error case has been resolved related to multiple users editing Pages that would result in revision 'x' error messages.  Preventing an affected Page from being workflowed or Edited.

[CMS-1181] - Thread locking in PSUserService creates performance issues when looking up users

A performance issue was corrected that could cause delays in login, workflow transitions, or user related operations.

[CMS-3303] - Security: Upgrade the Commons-Codec jar from 1.3 to 1.11

A security update was made to the Commons Codec library.

[CMS-3791] - Enabling phantoms on an instance with a large amount of content - crashes with Out of Heap Space error after saving template

On an instance that previously had Thumbnailing disabled, enabling Thumbnailing would cause the system to crash with out of memory errors shortly after startup.  This issue has been resolved in this patch.

[CMS-3883] - CM1 Patch is installing the DTS to Deployment/Server even if DTS was not previously installed

An issue was corrected in the Patch installer to stop the patch from deploying the DTS to CM1 installation directories if the DTS was not already installed there.  Customers that run with their DTS deployed on other servers, and know that they don't use a DTS in the CM1 installation directory, can safely remove the <InstallDir>/Deployment folder prior to installing this Patch.

[CMS-3938] - Assets and Pages in deleted folders are unpublished but are never removed from the unpublishing "queue"

An issue was corrected where Assets and Pages that existed in Folders that have been deleted would be stuck in the unpublishing queue forever.  After applying this patch stuck items will be removed after the first Full Publish.

[CMS-4012] - Named widgets on a page cannot be deleted After Template Change

A defect was corrected where when a Template or Page had a named widget on them, and the Page was changed to use a new Template.  Existing Local or Shared Assets in that Page could no longer be removed. This problem is resolved by this patch.

[CMS-4127] - Orphaned folders cause relationship cache to not start up.

A serious performance issue was discovered where if orphaned folders (Folders that are in the database but don't show up in the Finder) were in the database, the relationship cache would fail to start.  This cache is used to cache all links and relationships between Pages, Folders, Assets, and Templates. This problem has been resolved in this patch.

[CMS-4184] - Security - CWE-693 - Add X-Frame-Options to HTTP response headers

Merged from a recent Rhythmyx update. See the Configuring Secure Headers page for more information on this issue.

[CMS-4185] - Security - CWE-693 - Add Strict-Transport-Security to HTTP response headers

Merged from a recent Rhythmyx update. See the Configuring Secure Headers page for more information on this issue.

[CMS-4186] - Security - CWE-693 - Incomplete or No Cache-control and Pragma HTTP Header Set

Merged from a recent Rhythmyx update. See the Configuring Secure Headers page for more information on this issue.

[CMS-4187] - Security - CWE-693 - Add X-Content-Type-Options to HTTP response headers

Merged from a recent Rhythmyx update. See the Configuring Secure Headers page for more information on this issue.

[CMS-4188] - Security - CWE-693 - Add Content Security Policy to HTTP response headers

Merged from a recent Rhythmyx update. See the Configuring Secure Headers page for more information on this issue.

[CMS-4189] - Security - CWE-693 - Add X-XSS-Protection to HTTP response headers

Merged from a recent Rhythmyx update. See the Configuring Secure Headers page for more information on this issue.

[CMS-4233] - Next Number rxfix does not correct the ROLES table

An issue was discovered where the next available unique identifier for Roles were not auto corrected as expected at server startup.  This could cause an issue in scenarios where the Percussion service was not gracefully shutdown (such as in a power loss, database crash, task killed, network outage, etc.) and new Roles were then created with overlapping identifiers creating unexpected behaviors in both Workflows and the user interface.  This has been corrected as part of this patch.

[CMS-3937] - RX Fix needed to remove stale deleted items from the underlying Content Type and Content Status History

An issue was discovered where certain content was not 100% removed from the backend database after the deletion of items from the Content Repository.  The data would just take up space in the database causing storage space issues on larger implementations with alot of content creation and deletion. The issue has been resolved and this data will be removed from the backend database at server startup.

[CMS-4274] - Template and Page Thumbnails Not Being Generated on Windows OS

Customers running Percussion on the Windows operating system reported that thumbnails for Pages and Templates were no longer showing up on the Home screen or Design screen.  The issue was isolated to an update made to the tool responsible for taking thumbnail screenshots in a previous patch. After applying this patch thumbnails should start to reappear on affected instances as Pages and Templates are edited.

[CMS-4321] - Form Widget Allows Submission Even With Empty Required Fields

A defect was uncovered as part of the Page Speed work with Percussion widgets that was introduced by an accessibility update to the Form widget delivered in a previous patch, where the Form widget was incorrectly allowing the Form to be submitted when all required fields weren't populated.  This has been corrected in this patch.

[CMS-4343] - If data-query missing for 1st Most Read widget, other Most Read Widgets are not processed.

A defect was uncovered as part of the Page Speed work with Percussion widgets where if there were multiple Most Read Widgets on a Page, and one of them was missing it's data-query attribute, the remaining Most Read widget's would not be updated with the latest posts. This has been corrected in this patch.

[CMS-4352] - Error publishing to S3 if the bucket is in an AWS region that supports only V4 authentication

Customer's publishing to S3 web servers in AWS Regions defined after 2016 reported that S3 publishing failed with Authentication errors.  The S3 publishing integration has been updated to support both V2 and V4 authentication to allow publishing to S3 buckets created in newer AWS regions.

 

Known Issue List

  • CMS-3614 - After applying the patch end users may need to clear their browser cache in the CM1 user interface in order to see the new changes to the Rich text Editor and plugins.
  • CMS-3389 - Customer using the secure sections feature will have problems starting the DTS after applying the patch.  They should contact technical support for a work around prior to attempting to patch their instance.
  • CMS-3257 - Customers using the MySQL database server as the backing database for the DTS, will lose the MySQL Connector jar if it was previously placed into the <InstallDir>/Deployment/Server/perc-lib directory.  To correct this problem the MySQL Connector for Java may be installed or symlinked into the <InstallDir>/Deployment/Server/lib directory. Percussion does not include this connector as part of our installation due to license incompatibility issues.
  • CMS-3490 - Customers patching the DTS on Windows Servers will need to reinstall the DTS Windows service by using the "<InstallDir>\Deployment\Server\bin\service.bat remove" and  "<InstallDir>\Deployment\Server\bin\service.bat install" commands. Once the service has been successfully re-installed, the Percussion DTS Windows Service will start.
  • CMS-3280 - Customer's running the DTS on a server that also has native APR libraries installed, may run into problems starting the DTS HTTPS connector.   The HTTPS connector may fail to start with an invalid Keystore configuration. To resolve this issue, remove or comment out the following line in the <InstallDir>/Deployment/Server/conf/server.xml file.  Restarting the DTS after this change will resolve the APR related errors.

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>

e.g.

<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/> -->.  

Navigation Skip Link - ADA/508 Validation Warnings

Some customers have reported Skip Link warnings after applying the patch.  This may be because the Navigation widget now generates the Skip Link by default with a tabindex of -1 to hide the Skip Link until website theme css has been updated.  If you encounter this warning, update the Layout properties of your Navigation widget and set the tabindex of the Skip Link to 1. Then in your Design->web_resources\themename\theme.css make sure that you have styled the Skip Link.

For example, this is the CSS used on the help.percussion.com theme:

a.perc-navigation-skiplink {

left:-999px;

position:absolute;

top:auto;

width:1px;

height:1px;

overflow:hidden;

z-index:-999;

}

a.perc-navigation-skiplink:focus, a.perc-navigation-skiplink:active {

color: #fff;

background-color:#133c55;

left: 0;

top: 0;

width: 30%;

height: auto;

overflow:auto;

margin: 10px 35%;

padding:5px;

border-radius: 15px;

border:4px solid #ee5336;

text-align:center;

font-size:1.2em;

z-index:999;

}