AuthorCommitMessageCommit dateIssues
Marc JohnenMarc Johnen
3592228ec2ccleanup
Marc JohnenMarc Johnen
5d850295835revert paralellizing
Marc JohnenMarc Johnen
cb75a630fa9improve stability
Marc JohnenMarc Johnen
e4677733cefcheckstyle
Marc JohnenMarc Johnen
df2a0ccc629introduce concurrency in crucial startup methods
Federico GrilliFederico Grilli
2fb3015ef60[maven-release-plugin] prepare release magnolia-6.2.12
Maxime MichelMaxime Michel
07c60250b14Use PPOM 42
Maxime MichelMaxime Michel
87af873ba48Use boms 6.2.12
Federico GrilliFederico Grilli
3dfdd703d9b~MGNLIMG-209 QA Add MIME type for webp
Federico GrilliFederico Grilli
06f8faa461dMPull request #973: BUILD-541 Unit test to ensure ClassLoader cannot be obtained in freemarker templatesMerge in PLATFORM/main from BUILD-541 to master * commit '074560bb287de2a64b5e983116d2faebc3e63d57': BUILD-541 Unit test to ensure ClassLoader cannot be obtained in freemarker templatesBUILD-541
Federico GrilliFederico Grilli
074560bb287BUILD-541 Unit test to ensure ClassLoader cannot be obtained in freemarker templatesBUILD-541
Jaroslav SimakJaroslav Simak
282a5115382MPull request #970: MAGNOLIA-8185 Extracted and updated implementation of path locks into a global componentMerge in PLATFORM/main from ~JSIMAK/main:MAGNOLIA-8185-extract-path-lock-mechanism-from-publishing-modules-into-core to master * commit 'a8de55fc791de9f476265b714dd7cbeb4a9309ea': MAGNOLIA-8185 Extracted and updated implementation of path locks into a global componentMAGNOLIA-8185
Jaroslav SimakJaroslav Simak
3ad1b8afc7dMPull request #968: MAGNOLIA-8180 Order cors filter after uriSecurity on installMerge in PLATFORM/main from ~JSIMAK/main:bugfix/MAGNOLIA-8180-clone-cors-headers-not-added-for-unauthorized-401-requests to master * commit '6a4877eb9fd43cdc43ad6dae2997129b1c5d0f31': MAGNOLIA-8180 Order cors filter before uriSecurity on installMAGNOLIA-8180
Jaroslav SimakJaroslav Simak
a8de55fc791MAGNOLIA-8185 Extracted and updated implementation of path locks into a global component* AreaElement now utilizes path locksMAGNOLIA-8185
Jaroslav SimakJaroslav Simak
6a4877eb9fdMAGNOLIA-8180 Order cors filter before uriSecurity on installMAGNOLIA-8180
Sang Ngo HuuSang Ngo Huu
485c4207883MPull request #963: PAGES-333 Update the deleted template nameMerge in PLATFORM/main from VNPD/main:PAGES-333 to master * commit '686e9a7bb726dad0472815f60ef596458d167291': PAGES-333 Align deleted template constant, mark all deleted template related code as deprecatedPAGES-333
Sang Ngo HuuSang Ngo Huu
686e9a7bb72PAGES-333 Align deleted template constant, mark all deleted template related code as deprecatedPAGES-333
Michael DuerigMichael Duerig
52991722f38MPull request #962: MAGNOLIA-8154 bypass CSRF token check for Vaadin heartbeat and UIDLMerge in PLATFORM/main from ~MDUERIG/main:MAGNOLIA-8154 to master * commit '058897450e57ac2d5d948c83a51ef0e1429f5fdf': MAGNOLIA-8154 bypass CSRF token check for Vaadin heartbeat and UIDLMAGNOLIA-8154
Michael DuerigMichael Duerig
058897450e5MAGNOLIA-8154 bypass CSRF token check for Vaadin heartbeat and UIDLMAGNOLIA-8154
Federico GrilliFederico Grilli
d1ab0f70710~BUILD-413 Update BOM to latest snapshot
Federico GrilliFederico Grilli
a23b9abc072MAGNOLIA-8142 Use URI.toASCIIString instead of URLEncoder* URLEncoder, despite its name, doesn't actually do URL encoding. It does HTML form encoding, which isn't what you want in a URL (except maybe as part of a query string, after a question mark). A key difference is that forward slash is encoded as "%2F" instead of being left alone. For actual URL encoding, you want URI.toASCIIString, which follows RFC 2396.*MAGNOLIA-8142
Federico GrilliFederico Grilli
ba7a01653d3MAGNOLIA-8142 Fix test by returning a value for request.getServletPath()MAGNOLIA-8142
Federico GrilliFederico Grilli
d28b533ef36MAGNOLIA-8142 Use encoded servlet path for cookie path, since request uri may contain extra path info with invalid semicolon character* Turns out that in some cases unearthed by integration tests ';jsessionid' is appended to the URL. HttpServletRequest#getRequestURI() contains the invalid semicolon character which makes Tomcat's cookie processor fail validationMAGNOLIA-8142
Federico GrilliFederico Grilli
9640d25df27MAGNOLIA-8142 request URI already contains context pathMAGNOLIA-8142
Federico GrilliFederico Grilli
afea24a16f4MPull request #960: MAGNOLIA-8142 Use encoded requestURI when UTF-8 is enabled for Cookie's path.Merge in PLATFORM/main from MAGNOLIA-8142 to master * commit '0f47873790d8195cb1051f8bd69fb074d818e753': MAGNOLIA-8142 Use encoded requestURI when UTF-8 is enabled for Cookie's path.2 Jira issues
Federico GrilliFederico Grilli
0f47873790dMAGNOLIA-8142 Use encoded requestURI when UTF-8 is enabled for Cookie's path.* This way non ASCII characters won't be used according to RFC6265 * Extract method for Cookie generation * Unit test2 Jira issues
Federico GrilliFederico Grilli
29f799c0a21[maven-release-plugin] prepare for next development iteration
Federico GrilliFederico Grilli
f58fe08c979[maven-release-plugin] prepare release magnolia-6.2.11
Federico GrilliFederico Grilli
60009df694aPrepare 6.2.11 release
Canh NguyenCanh Nguyen
32a8b2103f9MPull request #955: MAGNOLIA-8134 Vulnerability: jdom2-2.0.6Merge in PLATFORM/main from bugfix/MAGNOLIA-8134 to master * commit '38f2367f0edfd1f80881acc6b31059772d8cdeb1': MAGNOLIA-8134 migrate from jdom1 to jdom2MAGNOLIA-8134
Canh NguyenCanh Nguyen
38f2367f0edMAGNOLIA-8134 migrate from jdom1 to jdom2MAGNOLIA-8134
Federico GrilliFederico Grilli
13c54608ab7MPull request #950: MAGNOLIA-8125 bubble up activation status for any non mgnl:content nodesMerge in PLATFORM/main from ~RKOVARIK/main:MGNLUI-6575 to master * commit '65f8579c73458cf93fcefe4ee1829ffe2341c3cd': MAGNOLIA-8125 adjust observation tests MAGNOLIA-8125 bubble up activation status for any non mgnl:content nodes2 Jira issues
Jorge FrancoRoman KovaříkJorge Franco
65f8579c734MAGNOLIA-8125 adjust observation testsMAGNOLIA-8125
Roman KovaříkRoman Kovařík
5a077440b54MAGNOLIA-8125 bubble up activation status for any non mgnl:content nodes- instead of hardcoding the behavior to pages, assets and usersMAGNOLIA-8125
Milan DivilekMilan Divilek
561f367f12fMPull request #954: MAGNOLIA-8128 Add admin and system users permisions to edit their homeScreen propertyMerge in PLATFORM/main from ~MDIVILEK/main:MAGNOLIA-8128 to master * commit '13e89b45f3bf5bc3d69bc53c36f3b2e036417af0': MAGNOLIA-8128 Add admin users permisions to edit their homeScreen propertyMAGNOLIA-8128
Milan DivilekMilan Divilek
13e89b45f3bMAGNOLIA-8128 Add admin users permisions to edit their homeScreen propertyMAGNOLIA-8128
Federico GrilliFederico Grilli
e722ca9b4ff[maven-release-plugin] prepare for next development iteration
Federico GrilliFederico Grilli
e25ae1af817[maven-release-plugin] prepare release magnolia-6.2.10
Federico GrilliFederico Grilli
f8589872d9eMAGNOLIA-8115 Bypass CSRF filter for rest and activation handlerMAGNOLIA-8115
Michael DuerigMichael Duerig
7c27c2c6c4dMPull request #941: MAGNOLIA-8115 CSRF token check skipped for GET requests and admincentralMerge in PLATFORM/main from ~MDUERIG/main:MAGNOLIA-8115 to master * commit '5923485ad797ba7b9245a8c0a1af11bd83658dc5': MAGNOLIA-8115 bypass authenticated users in admincentral as Vaadin's csrf protection mechanisms kicks in at this point MAGNOLIA-8115 only enable form login for methods allowed by configuration MAGNOLIA-8115 include servlet context in CSRF cookie path MAGNOLIA-8115 prev...MAGNOLIA-8115
Michael DuerigMichael Duerig
5923485ad79MAGNOLIA-8115 bypass authenticated users in admincentral as Vaadin's csrf protection mechanisms kicks in at this pointMAGNOLIA-8115
Michael DuerigMichael Duerig
6b93fd8ee50MAGNOLIA-8115 only enable form login for methods allowed by configurationMAGNOLIA-8115
Michael DuerigMichael Duerig
2785048e8cfMAGNOLIA-8115 include servlet context in CSRF cookie pathMAGNOLIA-8115
Michael DuerigMichael Duerig
398c6b48ce8MAGNOLIA-8115 prevent NPE when request has no cookiesMAGNOLIA-8115
Federico GrilliFederico Grilli
ea3dbbd6ed0MPull request #940: MAGNOLIA-8112 Internal location to redirect to can be a relative pathMerge in PLATFORM/main from MAGNOLIA-8112 to master * commit 'f3dc2b23bf4d979117c260b13a9cdbe24e31bcce': QA Test renaming QA Use try with resources + rename method param MAGNOLIA-8112 Internal location to redirect to can be a relative pathMAGNOLIA-8112
Federico GrilliFederico Grilli
f3dc2b23bf4QA Test renaming
Federico GrilliFederico Grilli
c83907a55e5QA Use try with resources + rename method param
Federico GrilliFederico Grilli
008feab91caMAGNOLIA-8112 Internal location to redirect to can be a relative path* LoginFilter#getRedirectLocation redirects to absolute URL in case of the self redirect (to the browser URL user accessed before login and which was forwarded to login page), which might be http behind proxy although the browser uses https.MAGNOLIA-8112
Federico GrilliFederico Grilli
ff63177815fMPull request #936: MAGNOLIA-6442 Check NPE for injector before checking explicit binding keyMerge in PLATFORM/main from MAGNOLIA-6442 to master * commit '3bd760ed9ceb8dee91565134926abb00400dea92': MAGNOLIA-6442 Improve log error when loading module by catching all throwable MAGNOLIA-6442 Check NPE for injector before checking explicit binding keyMAGNOLIA-6442
Federico GrilliFederico Grilli
8fc8f88bd88MPull request #939: MAGNOLIA-8108 Prevent NPE for none version node when restoring previous versionMerge in PLATFORM/main from MAGNOLIA-8108 to master * commit '09eef60fe699ffdd4ecd2034ea1b04dc284e0c17': MAGNOLIA-8108 Prevent NPE for none version node when restoring previous versionMAGNOLIA-8108