Page History

XperienCentral 10.12.1

• Users can now be granted rights to access XperienCentral in specific ways. Whereas a user could always use password-based login and/or container-based (if enabled), each login method now has to be enabled for each user. By default, all users will be allowed all relevant access methods. We advise you to review the list of ways that each user may log in after the upgrade and adjust them accordingly.
• String interpolation in Interactive Forms has changed slightly. In previous versions of XperienCentral, a JavaScript syntax error would cause the original string value to be returned.  This error is now logged and other expressions (if any) will be evaluated. This may result in partially interpolated strings being returned instead of the input string.
• When upgrading to XperienCentral 10.12.1 or newer, the index directories contentindex and searchengine are removed automatically. However, in a clustered environment, this is only done on the master node. To upgrade successfully, the aforementioned index directories should be removed manually from all the slave nodes.
• JBoss/Wildfly application server users should deactivate the "as-default" profile and activate the Maven "as-jboss" profile by uncommenting the profiles in the profiles section in the settings.xml or by passing the profiles as Maven profile using the Maven command line -P <profiles> option.

XperienCentral 10.12.0

• SOLR has been upgraded to version 5.5.1, therefore it is necessary to fully rebuild the backend and frontend search indices. The former is built automatically after the upgrade. Please note that this may take some time to complete and could cause high server load. The frontend search index rebuild should be triggered manually via the Setup Tool.
• The files conf/core0/conf/schema.xml and conf/core0/conf/solrconfig.xml have been updated. If you have made custom changes to one or both of these files, it is necessary to merge the new files with the custom ones. If no custom changes have been made, the new versions of the files can simply be used instead of the old ones.
• The secure form signer used to protect forms against tampering has been changed. All dumped pages which contain interactive forms or advanced forms will need to be regenerated or flushed from the cache. Any old pre-upgrade forms submitted by browsers to the website after the upgrade will be rejected by the secure forms checking filter.
• Form sessions can now be completed if a different form version becomes active. If the default showFormElementSsi.jspf, formFragmentOverview.jspf and form.tag are overruled in a custom presentation, please synchronize these files.

XperienCentral 10.11.0

• An extra input field has been added to the IAF csfw fields. If a custom form.tag is used in the presentation, please add the following hidden input:
  
  <input type="hidden" name="csfw_requestedChannel" value="${wmfn:escapeToHtml(presentationcontext.channel)}"/>
  
  
• The E-Cards, Poll and Who-is-Who functionalities have been removed and all their persisted content will be automatically removed during the upgrade process.
• The system presentation JSP elementAnchor.jspf with scope ElementAnchor was changed and should be copied to/synchronized with the project specific presentation.
• In Interactive Forms, an error on the form scope previously did not stop execution of any components in a conditional block. If your project depends on this behavior, you will have to change the relevant conditions in Interactive Forms.
• One line of text used by the Search element is garbled when shown on a Dutch page. To correct this by hand, log into XperienCentral, navigate to the Configuration menu at the top of the page, select Language Labels and ensure that "Dutch" is selected, Open the "wm_language_search" part of the dialog and update the "all_pages" entry to "Alle categorieën".

XperienCentral 10.10.1

Links are now filtered by scheme. Schemes that are not allowed result in removal of the illegal link. Allowed link schemes can be configured using the Setup Tool, property valid_link_schemes in the website settings. The following schemes are accepted by default: http, https, mailto. In addition to these we accept relative URLs and anchors by default. We advise you to customize which schemes are accepted such that only the bare minimum is accepted.

XperienCentral 10.10.0

• Because of security reasons it is recommended to disable the following permissions for the Main Editor role when being used: "Maintain design templates", "Maintain application servers", "Maintain application proxy servers", "Maintain application proxy servers", "Maintain application replacements", "Maintain Layouts", "Maintain XSLT expressions", "Maintain language labels", "Maintain users", "Maintain roles" and "Import users".
• For security reasons, it is no longer permitted to use the Interactive Forms "Copy File Handler" to copy files to any arbitrary location. The only directories (and its subdirectories) to which the copy file handler is allowed to copy files are those specified in the configuration (the property "website_settings.file_upload_valid_directories" in the Setup Tool). By default, no directories are specified, which means that by default attempting to copy files will fail. When upgrading, please configure the allowed directories in the Setup Tool. It is recommended that you only use directories that are not part of GX Webmanager 10 XperienCentral itself. The new setting should also be used in custom code where files can be uploaded to a user-defined location.
• And also the following functionalities have been removed because of security considerations: Design Templates (panel), Design Template Folders (tab).  Similar functionality is provided by the System Utilities - File Browser which should be used instead.
• The configuration of Maintainable Folders has been moved to the Setup Tool.
• Error messages from Spring Framework Validators are now escaped. This means HTML markup can not be used in these error message any more. Typically you need to remove styling like <font color="red"> from your message files. CSS styling is possible using the "span.error" selector.
• Labels for the wmedit:radioButton, wmedit:select and wmedit:selectItem JSPtags will now be escaped to HTML by default. In case HTML is used in such labels, this needs to be replaced.

More robust HTML escaping JSP functions are introduced as a replacement for fn:escapeXml. These are wmfn:escapeToHTML for generic use in HTML and wmfn:escapeToHTMLAttribute for escaping HTML attributes. Unlike fn:escapeXml, these functions do not escape L CODE tags that are used for links and personalization tags. It is recommended that you replace all instances of fn:escapeXml in frontend presentations with these functions. In specific cases this is required for L CODE tags and personalization to work correctly.