Release Notes
Contents
XP7 Update 14
SDK
-
When a new XP sandbox is created using Enonic CLI 2.8 (or newer) and a template is chosen, the applications bundled with the chosen template are automatically installed during the sandbox’s initial launch. This significantly streamlines the setup process, enabling developers to bypass the usual time-consuming application installation and dive straight into their work.
-
Welcome page (available at http://localhost:8080/ in SDK version) displays the list of configuration files with an option to quickly copy their paths to the clipboard, enabling developers to quickly open the configuration files for modification in the Terminal.
XP7 Update 13
Earlier versions of Content Studio (before 5.0) are not compatible with Enonic XP 7.13.0 (and newer), so make sure to upgrade to Content Studio 5.0.0 or newer. |
GraalVM for JDK 17
-
XP is now powered by GraalVM for JDK 17 - latest LTS version
Management API
-
webapps
,projects
andidproviders
have been added to the Management Endpoint.
Statistics API
-
A new healthcheck (
health
) and readiness (ready
) endpoint has been added to the Statistics Endpoint.
Task API
-
A new
taskId
parameter has been added to the Task Controller. -
Added ability to set custom task
name
when Submitting a task. -
Task info returned by get and list now includes
node
- XP node name where the task runs.
SDK
-
Welcome page of the Enonic SDK has been greatly improved to show the main XP endpoints, a new section with installed applications and allow browsing existing content projects, sites and webapps. Admin section allows logging in as a guest, unless admin user has been created. You can open admin tools and webapps with one click, directly from this page. Content Projects and Sites can be open with one click in Content Studio, if it’s installed.
-
Login page in SDK has been slightly improved to emphasise the "Log in as Guest" action until an admin user is created.
Other Changes
-
Widget Descriptor now supports localization of widget title and description.
-
Vacuum, Dump, Load, AuditLog-Cleanup and Reindex tasks can only run single instance at a time within a cluster.
-
Introduced Node Repo cache to improve performance of Node API. Can be configured in Repo config.
-
Robustness of scheduled jobs has been improved.
-
Various improvements to the TypeScript types.
-
Various bug fixes and performance improvements.
XP7 Update 12
Dashboard Widgets
New widget interface admin.dashboard
can be used to create widgets for the Admin Dashboard. Read more about implementation details here.
Content Variants
-
Content Duplicate API was extended to support Content Variants, useful for A/B testing
-
Added
name
andparent
toduplicate
low level Java API -
Added
duplicate
method to the JS lib-content and lib-node APIs
Site mapping for services
Site Mappings can now be used to customize the behavior of Image, Attachment and Component services Services.
Add apps to projects
Previously, custom content types required you to create a site, and link your app to the site before you could create them. Project Applications enable you to add apps directly to the project instead, and thus create custom content directly on the project root.
Also, controller mappings will now work on project level, which means you may also write custom previews without using sites.
Pages, fragments and page templates still require to be in the context of a site. |
Other changes
-
Draft branch access was previously restricted through the use of virtual hosts solely. Direct access now requires an authorized user. Role-based access can be configured via
draftBranchAllowedFor
setting in the Portal configuration settings. -
Support of arm64 (aarch64) used in Apple M1/M2 chips for instance, is no longer experimental. You may see a message
WARN org.elasticsearch.bootstrap - JNA not found. native methods will be disabled.
It does not affect XP operations and can be safely ignored. -
Added
modifyMedia
method to the JS lib-content API -
Content API audit-log no longer logs
system.content.update
events by default. This can be changed back by settingauditlog.filter = *
in content config -
Added possibility to delete indices before Restore by using
force
option -
The standard 403 error page now has a handy Logout button
-
Various improvements to the TypeScript types
XP7 Update 11
TypeScript Core libraries
All JavaScript XP core libraries have been rewritten to TypeScript. TypeScript definitions are published on NPM
Learn how to include references to TS definitions in your project here.
Special thanks to Tom Arild Jakobsen at Item Consulting for his contribution to TypeScript support in XP. |
Virtual Applications and No-code Schema
This feature is experimental. It’s still under development design but is available for users to test and provide feedback. |
-
Virtual Applications can be used as an alternative to installed (real) ones. They are code-less and can only contribute to schema definitions.
Virtual application behavior can be configured in application config
Other improvements
-
Support content links with query parameters in HtmlArea
-
Various Vacuum performance and stability improvements
-
Migrate to OSGi Compendium 8
-
Query parameters are now supported for content URLs in HtmlArea
-
Content API verifies checksum for attachments and skips update if attachment is not changed
-
Support setting Workflow status on Media update
XP7 Update 10
Shared Map
Shared Map framework is now part of XP. Shared Map сan be used to share transient data between nodes in cluster and/or applications. Both JavaScript and low level Java APIs are available.
Other improvements
-
XP distro is now bundled with GraalVM Community Edition based JDK (v.22.1). JavaScript Engine is still Nashorn.
-
Introduced experimental support of arm64 (aarch64) based CPUs. (For instance, Apple M1 CPU)
-
Content related descriptors expose
modifiedTime
field to check for content schema changes.
XP7 Update 9
Applications and Security Audit Log
Audit Log now logs Principals and ID providers modifications and global Application actions.
Content-Security-Policy
Default Content-Security-Policy (CSP) header is now applied for page preview. It improves Content Studio security but may introduce issues for pages which use inline scripts: inline scripts cannot be easily distinguished from XSS attacks and must be avoided. If you are experiencing problems with CSP header you can configure or disable it in Admin config. Controllers can provide their own CSP, if needed.
Attachment and Image Services now have a strict Content-Security-Policy header to mitigate possible XSS vulnerabilities. It can be configured in Portal config.
Default security headers
All http responses now have the following headers set:
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
As before, they can be customized in header filter config or turned off completely. Controllers can override them, if needed.
Other improvements
-
Portal lib API can now construct websocket URIs with
serviceUrl
andurl
methods. -
Testing API
com.enonic.xp:testing
now supportsassertThrows
method.
XP7 Update 8
Versions of Content Studio before 4.0.0 will not run on XP 7.8.0 or later. |
Libraries
-
Javascript API for creating and importing is now available as a new library called
lib-export
. -
Content API has been extended with new constants and functions for archive and restore
-
Authentication API now allows verifying credentials without actual login
-
Context API now allows passing custom attributes in the Context object
-
Portal API now supports imageSizes parameter in
processHtml
function
Custom content validators
It’s now possible to implement custom content validators via Content Validators low level Java API. Custom error messages can be i18n-localised and will be displayed in Content Studio.
Other improvements
-
Service mapping and request matching in Vhosts has been greatly improved
-
Now possible to map controller or filter to the site itself.
-
Exports folder location is now configurable
-
Localization service now officially supports Java MessageFormat.
XP7 Update 7
Scheduler
Periodical (cron-like) and one-time Job Scheduler is now available.
-
Two jobs for periodical vacuum and audit-log cleanup were added. Preconfigured in Scheduler config.
-
New scheduler core library allows controlling jobs programmatically.
-
Management Endpoint was extended to be able to list currently scheduled jobs.
Audit-log cleanup
-
Management port was extended to be able to clean up audit-log records.
SameSite cookies
-
Added support for SameSite attribute for cookies.
-
Session cookie sets SameSite=Lax by default.
Content-type filtering
-
allow-child-content-type
in Content Type descriptor
Other improvements
-
New and improved aggregations.
-
getCommit
in Node JS API. -
srcset
support in processHtml.
XP7 Update 6
Content Layers
Content Layers enable automatic replication of content across dependant repositories. This feature can be used to implement multi language sites. JavaScript API is also available.
VHost API
VHost API is now made public. Enumerate VHosts configured for your XP instances to customize URL handling.
Management API for applications
-
Management Port got extended to be able to start, stop and uninstall an application.
-
The new SSE endpoint allows listing installed applications and listening to application status changes.
-
Application installation can now be verified with SHA512 checksum.
Distributable tasks
-
All Named Tasks are now cluster-aware and run on any XP node that can do it, not only where it was submitted.
-
Application allow/deny lists feature helps to fine-tune new High Availability behaviour.
Websocket API extensions
-
Websocket API is extended to get access to authentication info inside websocket handlers.
-
getGroupSize
method counts number of participants in a specific websocket group.
Other improvements
-
Serviced support
-
Improved 404 default page
-
Improved server log messages
-
New icon for
media:content
-
System translated to Dutch
XP7 Update 5
Snapshot Restore latest
option
latest
option simplifies day-to-day snapshot/restore routines.
Meta-data in contentLib query results
_sort
and _score
calculated meta fields are exposed in contentLib query results. Now it is possible to know how content items were sorted.
Calculated distance in geoDistance aggregation
Another use of _sort
calculated field is a geoDistance value. It calculates distance from provided coordinates to a geoPoint set in the content item.
Other improvements
-
New simpler default error page in production mode.
-
network.publish.host
configuration value now does not have a strict default value and falls back to Elasticsearch/Hazelcast preference (usuallynetwork.host
value). -
Snapshot-restore and system dump stability improvements.
XP7 Update 4
This version of Enonic XP is rather different from most others. There is no large feature set of noticeable changes, but rather a very important architectural change:
We have added Hazelcast to do events, tasks and sessions in the cluster. ElasticSearch is still there, but by using Hazelcast for these features, the cluster is more stable, and we now support Distributed Sessions.
Please read the upgrade notes in relation to backward compatibility. |
Other improvements
In addition to the cluster freatures, AlwaysPreTouch
has been enabled to avoid extra GC pauses on large installations.
XP7 Update 3
Please read the upgrade notes in relation to backward compatibility. |
Content projects
XP now supports creating and working with content projects. Each project will create a separate repository, where content is isolated from the other projects. The repositories are named com.enonic.cms.<projectname>
. Projects also introduce a simplified model in relation to permissions management and other default settings:
-
Set a default language for the project
-
Set default access mode (public, private or custom)
-
Give access to project via pre-defined roles (Owner, Editor, Author and Contributor)
-
Default content permissions are set via the pre-defined roles and access model
-
Projects can also be programmatically managed via the new project API.
To take advantage of projects, you must also upgrade to Content Studio v3.
For full backward compatibility, the default content repository (Default project) remains unchanged. |
Compressed dump and load
Dumps can now be streamed directly to a compressed archive to use less disk space, and speed up the process. Loads can similarly load data directly from a compressed archive. We now recommend always using compression when performing dump and load.
For backward compatibility, using compression requres a setting a flag when using Enonic CLI. |
Login without sessions
The updated auth API now supports request scoped logins, without having to manually modify the request context.
This is in particulary useful for handling modern stateful clients (i.e. using JSON Web Tokens), meaning that a server session is no longer created when logging in. Getting rid of sessions provide more scalability and reliability from a server side perspective.
Details are available in the auth API documentation.
Selected improvements
The following improvements are also part of this release:
-
Color highlighting in console logs
-
Content API - Get content by version ID
-
Page template resolution is now faster - especially relevant for sites with many page templates
-
The default threshold to compress http content changed from 16 to 23 bytes
-
New Jetty http.threadpool configuration options are now available
-
Improved logging now include details that were previously missing
-
Improved peformance and stability for web sockets
-
Improved handling of StackOverflowError
XP7 Update 2
v7.2 is fully backward compatible with previous v7.x versions. |
Audit Log
Any application can now store audit logs in a new common repository: "system.auditlog".
A core JS library Audit Library has been added to help you store and retrieve these audit logs
Content API - Audit Log
All successful state-changing operations, through the Content API, will create an audit log entry. In other words, all create/edit/publish/… in Content Studio or by using the content library will create an audit log entry This feature can be disabled by modifying the configuration file com.enonic.xp.content.cfg.
Node library - Get node by version
You can now retrieve an old version of a node by using the RepoConnection::get method.
Custom part icons
Part component now supports a custom icon which will be used instead of the default one in Content Studio - in the Page Component tree and dropdowns with part descriptors. Just place an icon (in either PNG or SVG format) with the same name as the descriptor schema into the same folder. For example, if part/folder is called mypart then part descriptor is called mypart.xml and the icon file should be called either mypart.svg or mypart.png.
Header filter
It is now possible to specify default headers set for every HTTP response via header filter. Default headers can be configured in com.enonic.xp.web.header.cfg
configuration file via headerConfig
property. If no value is specified set X-Frame-Options: DENY,set X-XSS-Protection: 1; mode=block,set X-Content-Type-Options: nosniff
is used. Empty value disables Header filter.
headerConfig = set X-Frame-Options: SAMEORIGIN,set X-XSS-Protection: 1; mode=block,set X-Content-Type-Options: nosniff
XP7 Update 1
v7.1 is fully backward compatible with v7.0 and was released in parallel with Content Studio v2.1. |
This update introduces new features and improvements as well as 28 bugfixes. The complete list of changes is available on Github.
Query highlighting
The storage and CMS API now provide out-of-the-box highlighting functionality.
By submitting a highlighter definition together with your query, you will in return get text fragments where relevant search strings are highlighted. This is especially useful when presenting search results to end users.
{
query: "fulltext('description', 'house garden big')",
highlight: {
properties: {
"description": {
fragmentSize: 15,
numberOfFragments: 2
}
}
}
}
{
...
"highlight": {
"c4bb11f1-c6e2-4849-a665-28f612213984": {
"description": [
" <em>house</em> with <em>big</em>",
" maintained <em>garden</em>."
]
}
}
}
Content Workflow
The Content API now introduces support for basic workflow capabilities. When creating or modifying content, workflow status may be specified. Currently the following statuses are available: IN_PROGRESS, READY,
The API will now prevent publishing of content unless it is in the workflow state READY
.
For backward compatibility, if workflow state is not specified, it is equivalent to READY
. Also, modifying content will keep the item’s existing workflow state.
Check out the content api for usage details
Customizable display name label
For an improved editorial experience, developers may now override the default <Display Name> text on a per content type basis. This helps make the content form more intuitive.
By adding the following line to your content type definition:
<display-name-label>Some cool text here</display-name-label>
Editors will see the following in content studio.
Visit the Content Types documentation for more detail
Publishing message
The content API’s publish function now supports adding a message. This message is added to the "commit" entry that was added to the function with the release of XP7.
The publish message is builds on the commit functionality of the Node API.
Content studio enables you to see the publishing message from the version history widget.
Selected improvements
Some of the improvements included in this release are:
-
New exists() function for both node and content API provides faster existence checks over using get()
-
Assets with .es extension are now served with the javascript MIME type
-
File names are now sanitised during upload to prevent use of illegal characters
XP7
Breaking changes XP 7 contains breaking changes. Follow the upgrade instructions carefully to secure a successful upgrade. |
Enonic XP 7 takes a major leap in simplifying application development and making the platform leaner and more flexible.
The biggest highlights of XP 7 is not the core platform, but all the changes around it:
-
New documentation - The documentation you are reading was created from scratch for XP 7
-
Developer portal - All XP related developer resources and docs in one place
-
Enonic CLI - For managing XP development project, also replaces the toolbox shell script
-
Native distributions. The JVM runtime is now bundled with XP
-
Content Studio - Is now available as an app to download from Enonic Market.
Developer portal
In order for developers to better and more easily navigate the XP ecosystem, we created a dedicated portal. The portal contains
-
XP docs: The XP core platform documentation (which you are reading now)
-
Reference docs: For all XP related apps, starters, libraries and more that are built by Enonic.
-
Hands on guides: Practical how-to guides an tutorials, including the getting started page
Built with XP
The portal is naturally an XP app itself. The geeky fact is that all docs and most guides are written in Asciidoctor together with the actual product code.
When we commit, changes to the docs are automatically checked out, compiled and imported to XP as content. This optimize how developers produce content, while taking advantage of everything XP offers at the same time.
We plan to release the core elements of the doc portal on the market in the future.
Enonic CLI
The brand new Enonic Command Line Interface - "Enonic CLI" was also released at the same time as XP 7. It is versioned independently for more frequent updates. The CLI not only replaces the old toolbox script, it also introduces new and flexible ways of installing XP and managing projects and development environments.
Installing CLI, Enonic XP, building and deploying your first app can now be done with a few simple commands, as described in the getting started section of the developer portal
The CLI is available for Mac, Linux and Windows. For more information, check out the full documentation.
Native distributions
The biggest conceptual change to XP is that the JVM is no longer required in order to run XP. XP 7 ships with JVM 11 embedded. As such, we now release native distributions of XP for the three major platforms, Mac, Windows and Linux. Expect future versions of XP to make more use of server native capabilities beyond the JVM. As always, you will never have to worry about portability when writing XP apps.
There are several reasons for this move:
-
Developers no longer need to install or juggle with different versions of the JVM
-
Installation of XP is faster and sleeker than ever
-
We can take advantage of OS native functionality when required
With this change, XP is now available in SDK and Server version. The SDK includes the full JDK, whereas the server edition uses a slimmed down version of the JVM, and may be further optimized for production use.
Content Studio is an app
Content Studio, the CMS editorial interface has been moved out of the XP core. It is now available as a separate application on Enonic Market
Content Studio can now be released more frequently than the XP core. Expect new versions of Content Studio to be released along with new features in the XP core.
For Content Studio release notes, check out the new documentation.
CMS
Even if Content Studio can be installed as a separate application, The XP core still ships with the content API and site engine that applications depend on.
Image styles
XP 7 introduces a new feature in the rich text editor called "Image styles". Image styles consist of both client side styling (css), and image service rendering specifications.
The rich text editor was previously limited to pre-defined and hard-coded styles, such as cinema (21:9)
or square(1:1)
. Now, application developers may define custom styles that control both server side rendering aspect ratio, and specify classes to annotate the specific image.
Projects prepared
Customers with many sites have requested better support for isolation of sites, and specific access rights to each. Our solution to create sites in different "projects", each project will be using its own repo. XP 7 (and Content Studio) does not yet fully implement this features, but prepares the foundation for supporting it.
You will notice this through the following change:
-
The default CMS repo is renamed from "cms-repo" to "com.enonic.cms.default".
-
New projects will be using the extension as project name, i.e. project "myproject" will use repo "com.enonic.cms.myproject"
-
The site engine URLs now contain project name - i.e.
/site/<project>/<branch>/<content-path>
Editor references
References to images or other content in the rich text editor are now stored explicitly in the underlying node API. The publishing wizard will now identify and include these dependencies like all other references - no more missed items during publishing.
Stemmed content
Content flagged with a language is now automatically stemmed during indexing (trimming words to their root form for better hits). This is done using the standard Elasticsearch stemmer. This is achieved by adding a stemmed version of the _allText
property, combined with a new query function.
Better page indexing
Pages, and their components are now indexed differently. Rather than just looking for text within a page, developers may now search for any configuration property, or metadata within a page.
As an example, one may now search the use of a specific part within a site.
XP Storage
The XP storage has been refactored for improved performance and disk usage.
Blobstore improvements
XP persists all data in so-called blobstore segments, one segment for each type of data to persist. XP 7 introduces new segments for indexconfig and permissions, enabling re-use of these across nodes, and node versions.
This reduces the use of disk space significantly.
Additionally, each repository now has it’s own root entry in the blobstore. This makes it possible to directly manage blobs associated with a single repository.
Version commits
XP automatically creates new versions for each modification of a node. Where XP 6 would persist all versions forever, XP 7 by default treats all versions as transient. This means that all versions that are not currently in a branch, may be garbage collected at any time in the future.
To prevent versions from being removed, one may also commit.
For the Content API specifically, publishing an item will automatically create a commit, effectively placing a stamp on the specific versions being published. Commits have id, committer, and optionally a commit message as meta data.
XP 7 does not yet implement the garbage collector that removes uncommitted versions, this will be part of an upcoming release. |