Release 7.58.0 Build 1930 was released in March 2025. This release includes:

[Update] Due to a bug in the handling of preflight requests (OPTIONS requests) in cross-origin situations, this release should not be installed if frontend forms using "Cross Origin" are used on the website.

(Cross Origin in this context means: The website runs under one domain, but the REST proxy is accessed via a different domain.)

We are working on a fix, which will be provided in release 7.58.1.

  • Password Quality Formal Check

  • (blauer Stern) Backoffice login considers Entry Type

  • New Job Type: Verify email addresses

  • Service Desk 4.6.2

  • (blauer Stern) Email reception: POP3 support discontinued

  • Update of various components

  • (Info) Support for Tomcat versions 7, 8, and 9 will be discontinued starting from UM 7.59

  • (Info) Support for Java 11 will be discontinued starting from UM 7.59

Backoffice

Login

Previously, the Backoffice login against the internal entry database checked the following criteria:

Since version 7.58.0, it also checks that the entry has the expected entry type (entrytype attribute). By default, Backoffice login is only allowed for entries of the admin entry type. However, this can be overridden via the global configuration variable cmsbs.gui.login.entrytypes, for example:

cmsbs-conf/cmsbs.properties

# Allow Backoffice login for "admin" and "user":
cmsbs.gui.login.entrytypes = "admin user"

If the internal user management is used for Backoffice login and entry types are also in use, but the entry type for Backoffice users is not admin, the above configuration adjustment must be made. Otherwise, login will no longer be possible after the update.

Password quality formal check

Since version 7.49.0, password quality in UM can be ensured based on length and entropy.

With this release, additional formal criteria can now be checked:

This results in the following configuration options for setting up a password policy:

cmsbs-conf/additional.attributes

# Seit 7.49.0:
password.minimumLength = 10
password.minimumEntropy = 32

# Neu seit 7.58.0:
password.requireUpperCase = true
password.requireLowerCase = true
password.requireDigit = true
password.requireSpecialChar = true
password.specialChars = "+?=!$€%&*@/|_.,:;()-"

The four new options are disabled by default.

Log-Datei

A bug in the filtering of the log file display under Tools / Log File has been fixed. Additionally, the automatic reloading of new log entries can now be paused and resumed via a button.

Jobs

New job type: Verify email addresses

Jobs of the type Verify email addresses can now verify the email addresses of all entries or all entries within a segment.

A DNS lookup is performed for the domain part of the address. If the domain name is not found or if no MX record exists for the domain, the email address is considered invalid. The entry is placed on a selected list for further processing.

Start Double Opt-In

The job type Start Double Opt-In has been expanded: Instead of specifying a list of recipients, a segment can now be specified, and its entries will be prompted for DOI.

E-Mail-Empfang

Email reception via POP3 is no longer supported starting with this release.

Monitoring

This release includes all requirements for using the Monitoring Plugin version 1.4.0 and newer.

UM Front-End Forms

A bug in the new CSP-compatible loader snippets has been fixed. If the loader snippet was the first or only script tag in the HTML, the form was not loaded correctly.

Service Desk 4.6.2

The bundled version of the Service Desk App has been updated to version 4.6.2.

Discontinuation of support for Tomcat 7, 8, and 9 starting from UM 7.59

Starting with release 7.59, the installation of UM in Apache Tomcat versions < 10 will no longer be supported.

The reason for this decision is Apache Tomcat's shift from Java EE to Jakarta EE.

Discontinuation of support for Java 11 starting from 7.59

Starting with release 7.59, Java 17 will be required for the operation of UM. Java 11 will no longer be supported.

Update of various components