What's New in LTS 2021.1 / LTS 2021-HF01

Nuxeo Server

Core Repository

Record, Retention and Hold Low-Level Implementation dev user

The notion of a document being a record is added. The notion of retention date and legal hold is added to records. Once a document is a record, this is forever. Copies of records (including versions) are not initially records. When a record has a legal hold or has a retention date in the future, modification or deletion of the main blob (file:content) is prevented, even indirectly through removal of the document or of an ancestor, even for Administrators.

The following APIs are added:

CoreSession.makeRecord(doc)
Only for users with permission MakeRecord.
A record can never be set back to non-record (there is no unmakeRecord() API).
When a document is turned into a record, the document blob manager will take care of unsharing the blob and moving it to the record blob provider.
CoreSession.isRecord(doc)
CoreSession.setRetainUntil(doc, datetime)
Only for users with permission SetRetention.
A special CoreSession.RETAIN_UNTIL_INDETERMINATE value is also available.
The retention date can only be increased, except if it was indeterminate, in which case it can be set to an actual date.
CoreSession.getRetainUntil(doc)
CoreSession.setLegalHold(doc, boolean)
Only for users with permission ManageLegalHold.
If a hold is removed and the retention has expired, a "retention expired" event will be sent (after which the document may be deleted, along with its blob, depending on high-level policies).
CoreSession.hasLegalHold(doc)
CoreSession.isUnderRetentionOrLegalHold(doc)
Convenience method doing hasLegalHold() OR getRetainUntil() > currentDate()

And for convenience some getters are added:

DocumentModel.isRecord()
DocumentModel.getRetainUntil()
DocumentModel.hasLegalHold()
DocumentModel.isUnderRetentionOrLegalHold()

The following APIs, that have never been used, are deprecated:

CoreSession.setRetentionActive(doc, boolean)
CoreSession.isRetentionActive(doc)

NXQL has the following new special properties:

ecm:isRecord
ecm:retainUntil
ecm:hasLegalHold

Note that NXQL does not have ecm:isUnderRetentionOrLegalHold, instead one should use ecm:retainUntil > NOW() OR ecm:hasLegalHold = 1.

At the storage level, VCS has 3 additional columns in the table hierarchy:

isrecord
retainuntil
haslegalhold

Some specific blob providers implementations can now be in "record mode":

BlobProvider.isRecordMode()

When in record mode the blob providers behave differently:

They are transactional (blobs aren't actually written/deleted in the underlying storage until the transaction commits, and transaction rollback is possible).
They don't do de-duplication, each blob is stored individually.
They store only one blob per document (the main blob, file:content).
They can replace or delete a document's blob.
They have hooks to store additional metadata alongside the blob (for diagnostics/recovery).

Support Flagging Repositories as Headless dev

A new "headless" attribute has been added to the repository descriptor to allow flagging repositories as headless:

<extension target="org.nuxeo.ecm.core.storage.sql.RepositoryService"
    point="repository">
    <repository name="second" label="label.second.repository" headless="true">
      ...
    </repository>
</extension>

By default repositories are not headless.
For 10.10, all repositories, except for the "default" one are headless unless explicitly set otherwise.

Configure Transient Store Cache dev

Four new configuration properties were introduced to control transient store first and second level cache:

nuxeo.transientstore.ttl=120
nuxeo.transientstore.ttl2=10

and for S3:

nuxeo.s3storage.transient.ttl=120
nuxeo.s3storage.transient.ttl2=10

Allow to Bypass Allowed Subtype Check in FileManager dev

A new flag is exposed to bypass the subtype check when creating a document with FileManager.

The allowed subtype check done by the FileManager can be bypassed using:

FileImporterContext.builder(coreSession, blob, parentpath)
        .bypassAllowedSubtypeCheck(true)
        .build();

Added:

FileImporterContext#bypassAllowedSubtypeCheck
FileImporterContext#isBypassAllowedSubtypeCheck()
FileImporterContext#Builder#bypassAllowedSubtypeCheck
FileImporterContext#Builder#bypassAllowedSubtypeCheck(boolean bypassAllowedSubtypeCheck)
AbstractFileImporter#checkSecurity(CoreSession session, String path)
AbstractFileImporter#checkAllowedSubtypes(CoreSession session, String path, String typeName)

Deprecated:

AbstractFileImporter#doSecurityCheck(CoreSession documentManager, String path, String typeName)
AbstractFileImporter#doSecurityCheck(CoreSession documentManager, String path, String typeName, TypeManager typeService)

Support Double Format for Long Properties Values in Document Model dev

(also available in 10.10)

Number values can now be written to both Long and Double properties.

Core Storage

Compatibility with MongoDB 4.X dev admin

Nuxeo DBS MongoDB implementation is now compatible and continuously tested with MongoDB 4.x.

MongoDB Java Driver has been upgraded from 3.x to 4.1 which brings breaking changes, you may need to re-compile your code if you were using the driver directly. See MongoDB related documentation.

PostgreSQL 13.x dev admin

PostgreSQL 13.x is the recommended PostgreSQL Server version for Nuxeo Platform LTS 2021 (PostgreSQL 11 and 12 are also supported).

Allow Optimized MongoDB Ids With Shorter Size dev admin

(also available in 10.10)

We can now use 8 bytes MongoDB ids (instead of 36 bytes) to reduce database and index sizes.

To use optimized ids, provide the following XML configuration (or adapt it): <require>default-repository-config</require> <extension target="org.nuxeo.ecm.core.storage.mongodb.MongoDBRepositoryService" point="repository"> <repository name="default"> <idType>sequenceHexRandomized</idType> <nativeId>true</nativeId> </repository> </extension>

Allow Configuration of MongoDB Query Max Execution Time dev admin

Query max execution time can be configured using: <extension target="org.nuxeo.runtime.mongodb.MongoDBComponent" point="connection"> <connection id="default"> <maxTime>10 m</maxTime> </connection> </extension>

The default is 1h.

Allow Full Configuration of MongoDB Connection dev

All MongoDB options can now be configured using a Nuxeo contribution.

To contribute options to MongoDB one can now use the following syntax: <extension target="org.nuxeo.runtime.mongodb.MongoDBComponent" point="connection"> <connection id="default"> <property name="requiredReplicaSetName">myreplicaset</property> <property name="readPreference">primary</property> <property name="readConcern">majority</property> <property name="writeConcern">majority</property> </connection> </extension>

The properties that can be used are those of the MongoClientOptions.Builder class.

Blob Provider Improvements dev

(also available in 10.10)

A new blob provider implementation has been added to provide more flexibility and more options:

making them transactional,
adding a caching layer,
allowing direct deletion,
changing the digest computation for keys into something based on doc or blob info,
passing down more information to the storage layer (as filename, mime type, username,...),
avoid temporary files when streaming decrypted binaries (TL-318).

This new blob provider can be enabled using a property in nuxeo.config

When using this new provider, blobs stored in S3 now have the following informative metadata automatically set:

Content-Type: MIME type
Content-Disposition: attachment; filename=...

In addition, if the metadata.addusername part of the S3 connector XML configuration (or framework property nuxeo.s3storage.metadata.addusername) is set, the following Nuxeo-specific header is also set:

x-amz-meta-username: username

These headers are NOT modified for subsequent changes to the document, they are only set the first time a given blob is written to S3.

Better Management of Temporary Files for the Encrypted (AES) Blob Provider dev

(also available in 10.10)

A new implementation of the AESBinaryManager has been added to improve temporary files management.

DefaultBlobDispatcher Supports Full Regexp-Based Match dev

(also available in 10.10)

Full regexp-based match has been added to DefaultBlobDispatcher.

Add `ecm:path` Variable to the Default Blob Dispatcher dev

(also available in 10.10)

ecm:path variable is added to the default blob dispatcher.

Allow Avoiding Use of the HTTP Proxy for S3 Connections if the S3 Endpoint Is Internal dev

(also available in 10.10)

In some situations, the S3BinaryManager needs to connect to a local S3-compatible endpoint that must not go through the global nuxeo.http.proxy.host defined.

New Implementation `S3BlobProvider` dev admin

A new blob provider org.nuxeo.ecm.blob.s3.S3BlobProvider is available. It has the same configuration properties as the old org.nuxeo.ecm.core.storage.sql.S3BinaryManager but in addition:

it allows configuration in record or transactional mode (see NXP-28276)
it allows additional metadata in S3 (see NXP-25712)
it allows interaction with Glacier storage (see NXP-28417)
it allows direct configuration of CloudFront (without using CloudFrontBinaryManager).

The CloudFront properties are:

cloudfront.enabled: must be true to activate CloudFront
cloudfront.privKey: the path to the private key
cloudfront.privKeyId: the id of the private key
cloudfront.distribDomain: the distribution domain
cloudfront.protocol: the protocol (http or https)

Allow Simple S3 Blob Provider Implementation Override, and Use Proper Require dev

To switch to the new S3 blob provider implementation from NXP-28460 add in nuxeo.conf:

nuxeo.core.binarymanager=org.nuxeo.ecm.blob.s3.S3BlobProvider

This assumes of course that the s3binaries template is used (which is automatically done when installing the Amazon S3 Online Storage package).

Blob Properties Should Expose Final URL If Possible dev

If a document's blob provider is configured for direct download, it's now possible to get direct links to the final download URL (to S3 or CloudFront typically) returned in the JSON document output.

To activate this feature, the following must be configured:

<require>org.nuxeo.ecm.core.io.download.DownloadService</require>
  <extension target="org.nuxeo.runtime.ConfigurationService" point="configuration">
    <property name="org.nuxeo.download.url.follow.redirect">true</property>
  </extension>

Make `S3BinaryManager.abortOldUploads` Async and Optional dev

The startup process that cleans up old (> 1 day) S3 multipart uploads can be disabled by defining:

<extension target="org.nuxeo.ecm.core.blob.BlobManager" point="configuration">
    <blobprovider name="default">
      ...
      <property name="multipart.cleanup.disabled">true</property>
    </blobprovider>
  </extension>

Or for backward compatibility when XML configuration is not possible by setting the nuxeo.conf property:

nuxeo.s3storage.multipart.cleanup.disabled=true

Use AWS TransferManager in S3DirectBatchHandler dev

AWS TransferManager is now used for copy by S3DirectBatchHandler.

S3 Direct Upload for Little Files (SSE-KMS) dev

S3 Direct upload now works with SSE-KMS enabled.

It introduces a new configuration property to setup SSE/KMS on the transient bucket (for direct upload):

nuxeo.s3storage.transient.crypt.kms.key=<sse-kms-key-id>

Allow Using Arbitrary File Keys in S3 dev

Objects can now be stored in S3 with an arbitrary file key instead of the MD5 digest.

To be able to use arbitrary file keys generated either by the provider or by a trusted upload client, the new S3BlobProvider should be used and the key strategy should be set to managed (default key strategy is digest):

nuxeo.core.binarymanager=org.nuxeo.ecm.blob.s3.S3BlobProvider
nuxeo.core.blobstore.keyStrategy=managed

Allow Blob Provider to Do Optimized Byte Range Requests dev

The internal API BlobProvider.getStream(blobKey, byteRange) can now be used by code that needs to access a byte range of a blob without fetching the full blob. This assumes that the blob provider implementation is compatible with this, and that BlobProvider.allowByteRange() returns true (which is the case when the blob provider has been registered with <property name="allowByteRange">true</property>). This is implemented for the S3BlobProvider.

Allow Blob Provider to Access Document When Reading Blob dev

The new API BlobProvider.readBlob(BlobInfoContext) should be implemented by blob providers that wish to get information about the Document or the blob's XPath while reading the blob.

This is mostly useful for blob providers that implement "virtual" blobs whose information is derived from properties of the document itself.

Add `BlobProvider.supportsSync()` to Avoid Relying on Binarymanager for Sync Tests dev

New API: BlobProvider.supportsSync()
Sync refers to the fact that a blob from this provider may be synced with a remote system (like Nuxeo Drive) or with a process that updates things in the blob (like Binary Metadata or WOPI).

Allow Avoiding Use of the HTTP Proxy for S3 Connections If the S3 Endpoint Is Internal dev

To disable usage of the proxy environment variables (nuxeo.http.proxy.*) for the connection to the S3 endpoint, defined the nuxeo.conf property:

nuxeo.s3.proxy.disabled=true

More flexibility in the Blob Providers Infrastructure dev

New implementation of BlobProvider:

org.nuxeo.ecm.core.blob.LocalBlobProvider

They have the same configuration properties as the old ones, with additions. The XML configuration can now also include:

<property name="record">true</property>: to activate Record mode (see NXP-27435). This mode is also transactional.
<property name="transactional">true</property>: to activate transactional mode independently of the record mode (useful for other features like Glacier).

Add Full Regexp-Based Match to DefaultBlobDispatcher dev

The default blob dispatcher now has a new operator ^ to match based on a full regexp (in addition to the already-existing glob-based match using ~).

For instance the following will match any document somewhere under a folder named images:

<property name="ecm:path^.*/images/.*">test</property>

Add `ecm:path` Variable to the Default Blob Dispatcher dev

The default blob dispatcher now has a pseudo-property ecm:path representing the document path.

For example the following will match any JPG document somewhere under a folder named images:

<property name="ecm:path~*/images/*">test</property>

Allow Configurable Digest with the S3BinaryManager dev

The digest algorithm to use to compute a unique key when storing blobs in S3 can now be configured, using:

nuxeo.s3storage.digest=SHA-256

Or if a full XML configuration is used (necessary if there are several different S3 blob providers):

<extension target="org.nuxeo.ecm.core.blob.BlobManager" point="configuration">
  <blobprovider name="default">
    <class>org.nuxeo.ecm.core.storage.sql.S3BinaryManager</class>
    ...
    <property name="digest">SHA-256</property>
    ...
  </blobprovider>
</extension>

The default is MD5. The valid digest algorithms are those available to the Java runtime, the standard ones are listed here for Java 8 and here for Java 11.

This feature is not compatible with S3 Direct Upload.

Support of S3 Transfer Acceleration dev

The S3 connector now has new nuxeo.conf parameters to configure S3 accelerate mode:

nuxeo.s3storage.accelerateMode (default false)
nuxeo.s3storage.transient.accelerateMode (default false) (for direct upload)

For example:

nuxeo.s3storage.accelerateMode=true
nuxeo.s3storage.transient.accelerateMode=true

Note that accelerate mode is incompatible with path-style access (NXP-27805, see S3 documentation.

Enforce the Server Side Encryption Header in S3 Client Request dev admin

S3 copy (used during direct upload in particular) now correctly takes into account the server-side encryption configuration for the destination bucket. For direct upload, this requires setting the property:

nuxeo.s3storage.transient.crypt.serverside=true

Allow S3 Multipart Part Size configuration dev

There is a new configuration property nuxeo.s3.multipart.copy.part.size to change the S3 multipart copy part size. The default is 5242880 (5MB).

It can be changed with:

<extension target="org.nuxeo.runtime.ConfigurationService" point="configuration">
    <property name="nuxeo.s3.multipart.copy.part.size">5242880</property>
</extension>

Note that the maximum allowed by S3 is 5368709120 (5GB).

Allow Storing Extracted Fulltext in Blobs dev

Fulltext extracted from binaries can be stored in a blob provider instead of metadata in the repository by defining:

nuxeo.vcs.fulltext.storedInBlob=true

(Note that despite the vcs in the name, which is here for regularity with other properties, it also applies to DBS/MongoDB.)

When doing so, by default a BlobProvider named fulltext will be used to store these blobs. When using a custom blob provider configuration instead of the default local filesystem storage, this fulltext blob provider must be defined accordingly. Usage of this specific blob provider is configured through a blob dispatcher in the default configuration, which may be overridden if needed.

When defining additional repositories, fulltext blob storage will need to be enabled with XML in the repository contribution:

<fulltext ... storedInBlob="true" ... />

and a custom blob dispatcher configuration will be needed to take into account this repository. Note that when fulltext blob storage is enabled, repository-based fulltext search is automatically disabled (equivalent to nuxeo.vcs.fulltext.search.disabled=true or <fulltext ... searchDisabled="true" ... />).

New Implementation for the Encrypted (AES) Blob Provider dev

A new blob provider org.nuxeo.ecm.core.blob.AESBlobProvider is available.

It has the same configuration properties as the old one:

org.nuxeo.ecm.core.blob.binary.AESBinaryManager

To encrypt a binary, an AES key is needed. This key can be retrieved from a keystore, or generated from a password using PBKDF2 (in which case each stored file contains a different salt for security reasons).

The blob provider configuration holds the keystore information to retrieve the AES key, or the password that is used to generate a per-file key using PBKDF2.

For keystore use, the following properties are available:

keyStoreType: the keystore type, for instance JCEKS
keyStoreFile: the path to the keystore, if applicable
keyStorePassword: the keystore password
keyAlias: the alias (name) of the key in the keystore
keyPassword: the key password

And for PBKDF2 use:

password: the password

In addition, the following property may be specified to define where the encrypted blobs are stored:

path: the filesystem path for the storage (if relative, under nxserver/data). The default is binaries.

For backward compatibility, the encryption properties can also be included in the <property name="key">prop1=value1,prop2=value2,...</property> of the blob provider configuration.

S3DirectBatchHandler Must Work With the New S3BlobProvider dev

A new S3 permission (action) is necessary to use DirectUpload with the new S3BlobProvider: s3:GetBucketVersioning

Define `nuxeo.binarystores.root` for the Root of All Binaries Store dev

A new property nuxeo.binarystores.root is now available, and its use is recommended over the now-deprecated repository.binary.store.

The old repository.binary.store is equivalent to ${nuxeo.binarystores.root}/binaries

Better Management of Authentication Parameters for Google Storage dev

(also available in 10.10)

We can now reference a file with the JSON content rather than the JSON value itself as a framework property.

S3 Cache and Connection Parameters Configurable Through `nuxeo.conf` dev

Instead of editing the template defining the S3 blob provider, we can now set the S3 cache and the connection parameters in nuxeo.conf

Configure S3 Multipart Part Size dev

(also available in 10.10)

It is now possible to configure the chunk size of multipart part size (from 5MB to 5GB).

Document Deletion With Bulk Action Framework on DBS dev

We now use the Bulk Action Framework to delete massively documents. This is supported for DBS only.

MongoDB New Indexes dev

To improve performances, new indexes have been added on the metadata rend:sourceId and rend:sourceVersionableId that are used for standard queries on Nuxeo Server.

Improved Concurrent Updates Removing Elements From Lists on MongoDB dev

The way elements are removed from lists on MongoDB is improved during concurrent updates, to prevent any update loss.

Workflow

Support Task Variables on Nuxeo-Dropzone dev

Nuxeo-dropzone has been improved to be usable on workflow tasks layouts for uploading blobs to variables.

Task Endpoint Paginable dev

(also available in 10.10)

The Task endpoint is now paginable.

`workflowInstanceId` Alias for `Workflow.GetOpenTasks` Operation

The processId parameter of the Workflow.GetOpenTasks operation now has a workflowInstanceId alias.
This allows to run this operation within a chain called from a workflow (transition, escalation rule, ...) without passing any parameters, as the nodeId and processId (= workflowInstanceId) parameters will be automatically bound to the operation context variables named the same way.

Nuxeo Streams

Kafka 2.6.x dev admin

The Nuxeo Platform now relies on Kafka 2.6.x (2.5.x is also supported).

Report Stream lag and latency from Nuxeo dev admin

Previously, the stream processing lag and latency could be monitored by using Nuxeo stream.sh.

Stream lag and latency are now directly delivered by Nuxeo Server.

Expose Nuxeo Stream latency metrics to Datadog dev admin

(also available in 10.10)

Similarly to what has been done for Graphite (cf. NXP-26248), we can now expose Nuxeo Stream lag and latency in Datadog.

Nuxeo Stream probe in the default health check dev

The default Nuxeo health check that is used by the runningstatus REST endpoint now includes a probe to check Nuxeo Stream Processors.

Nuxeo Stream Expose Latency to Prometheus dev

Nuxeo deployments with Nuxeo Stream/Kafka on Kubernetes/OpenShift now expose latency to Prometheus, the metrics and monitoring engine commonly bundled with Kubernetes/OpenShift.

Enable to Register a Processor Without Running It dev

There are cases where a processor needs to be defined but not start/stop by the StreamService. For instance, an import processor can be registered and start/stop using a REST API. Another case is when having different processors that work together, we may want to initialize all the streams first and then control the order the processors are started.

Recovery Procedure for Systematic Failure in a Stream Processor dev

There is a new option to recover from systematic stream processor failure.
First, add nuxeo.stream.recovery.skipFirstFailures=1 to a single Nuxeo node, Processors will skip the first record in failure instead of terminating. Second, once the problematic record is skipped remove the option from the nuxeo.conf and perform a rolling restart of other Nuxeo nodes to restore all processor threads.

Expose Stream Processor Failures as Metrics dev

A new counter metric has been added when the processing enters in termination due to an error. Also, even if the probe is disabled, it will be nice to have the stream processor probe output to list which processing is failing.

Stream Processor Probe in The `runningstatus` dev

You can now activate a health check probe to check the status of stream processors. The option to activate in nuxeo.conf is:nuxeo.stream.healthCheck.enabled=true

If a stream processor fails after retries and its failover policy is to stop on error the runningstatus will be in error.
When this happens the Nuxeo node needs to be restarted to continue the processing.
Note that, by default, the health check probe is not activated.

Allow to Disable Stream Processing dev

An option is now available to disable Stream Processing on a given node.

All Stream Processors can be disabled on a Nuxeo node using:

nuxeo.stream.processing.enabled=false

All WorkManager processing can be disabled on a Nuxeo node using:

nuxeo.work.processing.enabled=false

New Rest API Endpoint to Expose the Stream Introspection dev

You can now introspect the Nuxeo Stream configuration and state for an entire cluster.

First configure your Nuxeo with:

metrics.enabled=true
metrics.streams.enabled=true

A JSON representation is available at the following endpoint:

curl -u Administrator:Administrator http://nuxeo.docker.localhost/nuxeo/api/v1/management/stream

It is also available as a PUML representation:

curl -u Administrator:Administrator http://nuxeo.docker.localhost/nuxeo/api/v1/management/stream/puml/ > /tmp/streams.puml

An SVG chart can be generated using plantuml.jar:

java  -DPLANTUML_LIMIT_SIZE=16384  -jar ~/Downloads/plantuml.jar /tmp/streams.puml -tsvg

WorkManager

Trigger an Action after Completion of a Group of Works dev

(also available in 10.10)

The StreamWorkManager provides the capability to trigger an action once all tasks of a group of Works are completed. For instance, it is now possible to fire a document rendition done Event once all the renderings for a document are completed.

New Metrics for Works DLQ Usage dev

(also available in 10.10)

Introduce a new metric nuxeo.works.dlq.count that counts the Works in failure that has been put in the dead letter queue (DLQ) stream since the instance is up.

Store Work in Failure in DLQ for Repair Purpose dev

(also available in 10.10)

After retries, Works in failure are stored in a dead letter queue (DLQ) stream named dlq-work. This DLQ is activated by default on both WorkManager implementations (default and StreamWorkManager).

Works in this DLQ can be re-executed for repair purpose using an automation operation. Note that in cluster mode when NOT using Kafka you need to run this automation operation on each Nuxeo node.

WorkManager Processing Disabling dev

You can now use nuxeo.work.processing.disable=true to disable WorkManager processing

Get Work Main Properties of the Default WorkManager Queue dev

There is now a way to get statistics (Work class, category, name) on the type of Works that are processed in the default WorkManager queue:

 ./bin/stream.sh workCat --chronicle /var/lib/nuxeo/stream/ -l work/default -n 10 --codec avro
...
pos,class,fullname,category,name
work-default-01:+79907866542080,ListenerWork,org.nuxeo.ecm.core.event.impl.AsyncEventExecutor.ListenerWork,pictureViewsGenerationListener,ListenerWork(Listener...

Scheduler

Scheduler Services to Support Multiple Nuxeo Nodes Startup dev admin

(also available in 10.10)

The scheduler services handle the startup with multiple Nuxeo nodes.

Configure SchedulerService Initialization Timeout dev

In cluster mode, the scheduler service is initialized non-concurrently in a cluster-wide critical section.

When a cluster node attempts to initialize the scheduler service and another node is already doing the same thing, it will wait for 1 min for the cluster-wide lock to be released and do its own initialization. If this timeout expires, then initialization fails with an exception.
The following nuxeo.conf property can be used to change this timeout:

org.nuxeo.scheduler.cluster.start.duration=1m

In case where there's a startup crash while a lock is held, it may be necessary to manually clean up the key/value store of its locks. The key corresponding to the lock is:

nuxeo:cluster:start-scheduler

For a MongoDB key/value store, the key is stored in the collection kv.cluster

Audit

Export Audit in CSV Files user

(also available in 10.10)

Audit is now exportable as a CSV file.

Query

NOW Expression in NXQL dev user

(also available in 10.10)

NXQL can now use a NOW() function.

NOW() returns the current date/time.

NOW(period) returns the current date/time plus the given period. The period is a string expressed in ISO-8601 period format, PnYnMnDTnHnMnS. A leading minus sign, and negative values for the units, are allowed.

So for instance:

NOW('P1D'): in one day
NOW('-P1D'): one day ago
NOW('PT1H'): in one hour
NOW('P-1DT1H'): one days less one hour ago (usually 23 hours ago, except when DST changes)
NOW('P1Y2M3DT4H5M6S'): in one year, two months, three days, four hours, five minutes and six seconds.

Fix Permission Check on a NXQL Query With SQL Server When a User Belongs to Many Groups dev admin

On SQL Server it's now possible to configure VCS to use an increased size to store the Read ACLs optimization tables, which may be necessary if users belong to many groups (total size of group names + the user name + "Everyone" > 4000 characters).

nuxeo.vcs.optimizations.acl.maxsize=999999

Any value > 4000 will make SQL Server use NVARCHAR(MAX) instead of NVARCHAR(4000) for its internal data structures.

On PostgreSQL this feature already existed (default to 4096) but was not easily configurable, the same configuration property can be used to increase the value. The specific value requested will be used (there is no notion of MAX).

Note that, the use of a new value will only happen when the optimization tables are created, which can be done on a stopped server by running:

DROP TABLE aclr;
DROP TABLE aclr_user;
-- on SQL Server:
EXEC nx_rebuild_read_acls;
-- on PostgreSQL:
SELECT nx_rebuild_read_acls();

Rendition

Ability to Disable the Rendition Computations dev admin

Previously, the renditions were automatically and systematically computed/re-computed when adding or updating a file content. It is now possible to configure Nuxeo Server to disable this behavior.

Bulk Action Framework for `Picture.RecomputeViews` Operation dev

Picture.RecomputeViews operation has been re-implemented to use the Bulk Action Framework.

Thumbnail Recomputation with Bulk Action Framework dev

(also available in 10.10)

Thumbnail recomputation is now done using the Bulk Action Framework.

Improved ZIP Preview dev user

The ZIP preview doesn't require anymore to unzip the file.

Elasticsearch

Elasticsearch 7.9 dev admin

Elasticsearch 7.9 is the recommended version with Nuxeo Platform LTS 2021 (7.7 or 7.8 are also supported).

Elasticsearch `nested` Operator dev

(also available in 10.10)

Nuxeo Server now supports the Elasticsearch "nested" operator.

Multiple Nuxeo With Embedded Elasticsearch dev admin

(also available in 10.10)

Multiple Nuxeo with embedded Elasticsearch can run on the same server.

Elasticsearch Reindexing Optimization When a Document Is Checked In dev

(also available in 10.10)

The number of versions reindexed at document check-in has been optimized.

Bulk Service (Aka "Bulk Action Framework")

Bulk Service Processor Can Be Contributed by Configuration dev

Previously, the Bulk Service Processor (the scroller and status computations) required development to handle the dynamic parts (the action source stream) and to control the initialization.

The Bulk Service Processor can now be created by using configuration only for:
Register a processor
Initialize its streams
Mark streams as external (defined in another processor)

Bulk Service Handles Elasticsearch Scroller dev

(also available in 10.10)

Elasticsearch scroller is usable with the Bulk Service.

Monitoring

Improvements in Error Messages dev admin

We improved some error messages to help analysis and diagnosis.

`javax.mail` Messages in Nuxeo Logs dev

(also available in 10.10)

javax.mail messages are now redirected to Nuxeo logs.

`nuxeoctl` Now Starts Nuxeo Platform in Strict Mode dev admin

Previously, it was possible to start a Nuxeo instance with an undeployed component. This can be risky, especially in cluster mode.

By default, nuxeoctl start is now in strict mode which prevents this to happen.

Datadog and Metrics Improvements dev admin

A lot of improvements have been made to improve metrics scope, visibility and usability:

Improve Datadog metrics using tagging,
Reduce the default number of metrics published by Graphite and Datadog, using a contribution (see common-base/nxserver/config/metrics-config.xml for the default configuration.),
Report Stream lag and latency from Nuxeo,
Expose stream processor failures as metrics,
Refactor MetricsService to support more reporters,
Enable to publish Datadog metrics in UDP,

It is now possible to easily build Datadog dashboards in the same way as for Grafana/Graphite.

Publish Datadog Metrics in UDP Instead of HTTP dev

It is now possible to report Datadog metrics to a local agent using UDP.

The following options need to be used:

metrics.datadog.udp=true
metrics.datadog.host
metrics.datadog.port

You don't have to configure the API_KEY.

Usage:

import org.coursera.metrics.datadog.DatadogReporter
import org.coursera.metrics.datadog.DatadogReporter.Expansion._
import org.coursera.metrics.datadog.transport.Transport
import org.coursera.metrics.datadog.transport.HttpTransport
import org.coursera.metrics.datadog.transport.UdpTransport
import scala.concurrent.duration.SECONDS

...
val expansions = EnumSet.of(COUNT, RATE_1_MINUTE, RATE_15_MINUTE, MEDIAN, P95, P99)
val httpTransport = new HttpTransport.Builder().withApiKey(apiKey).build()
val reporter = DatadogReporter.forRegistry(registry)
  .withEC2Host()
  .withTransport(httpTransport)
  .withExpansions(expansions)
  .build()

reporter.start(10, SECONDS)
Example of using UDP transport:
...
val udpTransport = new UdpTransport.Builder().build()
val reporter =
    ...
    .withTransport(udpTransport)
    ...

Authentication, User Management and Permissions

`postAuthenticationProcessChecks` added to `SAMLAuthenticationProvider` dev

Post Authentication Process Checks has been added to SAMLAuthenticationProvider.

User and Group Events/Categories Added to the Platform Audit Directories admin user

User and group events/categories have been added to the Audit directories.

Allow ACLs on Versions dev user

A new configuration property allows to set permissions on versions.

The new configuration property org.nuxeo.version.acl.disabled controls whether ACLs on versions are disabled. The default value in LTS 2021 is false. Setting it to true disables all use of ACLs on versions for permission checks. The value legacy is also possible, to disable for direct access but enable for queries.

  <require>org.nuxeo.ecm.core.versioning.config</require>
  <extension target="org.nuxeo.runtime.ConfigurationService" point="configuration">
    <property name="org.nuxeo.version.acl.disabled">false</property>
  </extension>

Make Version Read Permission Depend on Live Doc ReadVersion dev

A property is exposed to make the Read permission on a version depend on the ReadVersion permission on the live document.

The new configuration property org.nuxeo.version.readversion.disabled controls whether the ReadVersion permission is disabled. The default value is false. Setting it to true disables special behavior for the ReadVersion permission.

  <require>org.nuxeo.ecm.core.versioning.config</require>
  <extension target="org.nuxeo.runtime.ConfigurationService" point="configuration">
    <property name="org.nuxeo.version.readversion.disabled">false</property>
  </extension>

UserProfile Enricher Can Write All Schemas dev

UserProfile enricher can now writes all schemas (and not only userprofile schema).

Comment Service

Rework Comments Storage/Architecture dev

(also available in 10.10)

The comments storage has been refactored to improve several aspects:
Permissions management
Storage
Versioning
Copy
export/import
...

Add Parent Post Content in 'New Comment' Notification dev user

If a comment is a reply to another comment, the parent comment is now quoted in the comment notification mail.

Comments Indexed on Linked Document Full-Text Field dev user

Comments are now indexed on linked document full-text field.

Automatically Send Notifications to the Users Who Participate in a Conversation dev user

(also available in 10.10)

Automatic notifications are sent to users who participate in Comment conversation.

Download Service

Digest and Last-Modified Negotiation for Download Service dev

(also available in 10.10)

Digest and Last-Modified negotiation are added to the download service to manage the following request/response headers:

Want-Digest / Digest
If-Modified-Since / Last-Modified

`Downloadservice.Downloadblob` to Use Builder Pattern dev

(also available in 10.10)

Previously, the API DownloadService.downloadBlob had lots of different overloaded versions with different numbers of arguments.

We now use a builder pattern itself, to pass a download context object with all the required information.

New API: DownloadService.downloadBlob(DownloadContext). A DownloadContext can be constructed through DownloadContext.builder(request, response)...<setters>...build(). The other DownloadService.downloadBlob methods with lots of arguments are now deprecated.

Make DocumentModelJsonWriter Expose Schemas dev

(also available in 10.10)

Documents exported through JSON now have an additional schemas field (similar to facets):

[ {"name": "SCHEMA1", "prefix": "PREFIX1"}, {"name": SCHEMA2", "prefix": "PREFIX2"}, ... ],

Make Download Service Deal With Head Efficiently dev

(also available in 10.10)

The download service responds to a HEAD request with a better efficiency.

CMIS

Use the Nuxeo Downloadservice Framework for CMIS Downloads dev

(also available in 10.10)

We now use the Nuxeo DownloadService framework for CMIS downloads, instead of the native OpenCMIS library code. This allows us to better deal with buffering, transactions, and take into account potential CDN redirects.

REST API

Facet API on `SimpleDocumentModel` dev

(also available in 10.10)

The facet API has been implemented on SimpleDocumentModel.

Offset Support to PaginableObject dev

The PaginableObject.java now supports the ability to specify an offset instead of a page index when it comes to fetching a page provider result set.

New Parameter to the `Document.Copy` Operation to Reset the Document Lifecycle dev

There is a listener linked to the copy event and which looks at a context variable to reset the lifecycle or not.

The new parameter "reset lifecycle" allows to set or not this context variable.

Improve ConfigurationService API dev

APIs below were added on ConfigurationService, signature are key or key/defaultValue:

Optional<String> getString(String)
String getString(String, String)
Optional<Integer> getInteger(String)
int getInteger(String, int)
Optional<Long> getLong(String)
long getLong(String, long)
Optional<Duration> getDuration(String)
Duration getDuration(String, Duration)
Optional<Boolean> getBoolean(String)
boolean isBooleanTrue(String)
boolean isBooleanFalse(String)

Fallback on default value occurs when property doesn't exist or is blank. isBooleanTrue and isBooleanFalse return true if and only if property value is true and respectively false.

New API to Refresh AWS Tokens in the Batch Handler dev

The new API BatchHandler.refreshToken(batchId) can be used to get new credentials. This is particularly interesting for big uploads to prevent hitting token timeout errors. It is implemented for S3DirectBatchHandler.

New REST API Endpoint to Get Server Version Information dev

The endpoint GET /api/v1/capabilities has been added to Nuxeo in order to retrieve the server capabilities, see below its response format:

{
  "entity-type": "capabilities",
  "server": {
    "distributionName": "server",
    "distributionVersion": "2021.1",
    "distributionServer": "tomcat",
    "hotfixVersion": 1
  },
  "cluster": {
    "enabled": true,
    "nodeId": "foobar"
  }
}

This endpoint leverages the new CapabilitiesService which exposes the APIs below:

void registerCapabilities(String name, Map<String, Object> map):
register a static server capability and expose it under name in the JSON response
void registerCapabilities(String name, Supplier<Map<String, Object>> supplier):
register a dynamic server capability and expose it under name in the JSON response
Capabilities getCapabilities():
compute the server capabilities and return them as an immutable object

Registering capabilities might be done during the Component start step.

By default, two capabilities are registered into the application:

the server capability registered by the CapabilitiesService
the cluster capability registered by the ClusterService

AWS Service

Multiple Configurations for AWSConfigurationService dev

(also available in 10.10)

Multiple AWS configurations are now supported.

AWS configuration can now specify an id with:

<extension target="org.nuxeo.runtime.aws.AWSConfigurationService" point="configuration">
    <configuration id="myconfig">
      <accessKeyId>MY_ACCESS_KEY_ID</accessKeyId>
      <secretKey>MY_SECRET_KEY</secretKey>
      <region>MY_REGION</region>
    </configuration>
</extension>

If the id is not specified, default is used.

To get to this configuration, one can then use:

new NuxeoAWSCredentialsProvider(id)
new NuxeoAWSRegionProvider(id).getRegion()

Note that if the configuration is not found, the providers will still fall back on the default AWS SDK behavior to look in the OS environment, Java system properties, AWS profile or EC2 container credentials (which don't take into account any configuration id).

CSV Export Service

Elasticsearch Scroll for CSV Export Bulk Action dev

The CSV Export now uses Elasticsearch scroll. This allows to improve resilience and ensure that an export from the UI (search result from Elasticsearch) matches the export.

Scroll Service dev

(also available in 10.10)

We added a new service dedicated to retrieve a long list of identifiers representing a result set.

This service allows to globalize the existing scrolling API to get a document list ids or Elasticsearch resultset.

It also allows to have other document scrollers:

a list of ids (so we don't have to query the repository or elastic)
a file in transient store containing a list of ids
Or to scroll on non-documents identifier:
audit entry ids
user ids
dictionary ids
a stream

Customization

Allow Global Disabling of Schemas, Like Files dev admin

(also available in 10.10)

We can now disable an existing schema (make it so that it's ignored whenever a doctype references it, or when the list of all schemas is returned). For instance, some use cases require that no attachments are created in the platform. With this feature, this becomes possible by simply disabling the file schema.

To disable a schema, for instance files, use a contribution like:

<require>org.nuxeo.ecm.core.CoreExtensions</require>
  <extension target="org.nuxeo.ecm.core.schema.TypeService" point="schema">
    <schema name="files" enabled="false" />
  </extension>

Of course the <require> line must reflect the actual component that declares the schema that one wants to disable.

Allow Map and List in Nuxeo Platform List Template Parameters dev

It is now possible to contribute a complex structure as templateParam.

Improve OpenID Provider Descriptor to Handle User Info Request Authentication per Bearer dev

(also available in 10.10)

We improved OpenID provider to be able to choose between authentication through query parameters or Authentication header.

Packaging / Distribution / Installation

Tomcat 9.0.41 dev admin

The Nuxeo Platform now relies on Tomcat 9.0.41.

Other Upgrades

Other upgrades are listed in the following JIRA ticket: NXP-28537

Add the Notion of Profile in Nuxeo dev admin

We introduce the notion of profile in Nuxeo. These profiles are meant to be used to configure Nuxeo. Currently, they act as templates with some differences.

Profiles are configured through NUXEO_PROFILES environment variable, whereas templates are configured through nuxeo.conf.

As said, profiles are currently Nuxeo templates, and they are deployed after templates defined in nuxeo.conf.

For example, if we have nuxeo.templates=mongodb,mongodb-audit in nuxeo.conf and we define a NUXEO_PROFILES=perf, we get:

$ NUXEO_PROFILES=perf bash nuxeoctl console
Nuxeo home:          /opt/nuxeo-server-tomcat
Nuxeo configuration: /opt/nuxeo-server-tomcat/bin/nuxeo.conf
Nuxeo profiles:      perf
Include template: /opt/nuxeo-server-tomcat/templates/common-base
Include template: /opt/nuxeo-server-tomcat/templates/common
Include template: /opt/nuxeo-server-tomcat/templates/default
Include template: /opt/nuxeo-server-tomcat/templates/mongodb
Include template: /opt/nuxeo-server-tomcat/templates/mongodb-audit
Include template: /opt/nuxeo-server-tomcat/templates/perf

We can see that the perf profile is deployed after the template parameter value.

Allow Concurrent Startup of Nuxeo Instances dev

In cluster mode, the document repository and the directories are initialized non-concurrently in a cluster-wide critical section.

When a cluster node attempts to initialize its repository (or a directory) and another node is already doing the same thing, it will wait for 1 min for the cluster-wide lock to be released and do its own initialization. If this timeout expires, then initialization fails with an exception.

The following two nuxeo.conf properties can be used to change this timeout:

org.nuxeo.repository.cluster.start.duration=1m
org.nuxeo.directory.cluster.start.duration=1m

In case where there's a startup crash while a lock is held, it may be necessary to manually clean up the key/value store of its locks. The keys corresponding to the locks are visible when using Redis with KEYS nuxeo:cluster:* for instance nuxeo:cluster:start-repository-default or nuxeo:cluster:start-directories.

For a MongoDB key/value store, the keys are stored in the collection kv.cluster

Allow to Pass Connect URL When Running the Nuxeo Server Docker Image dev

It is now possible to override the Connect URL when starting a Nuxeo Docker image through the environment variable NUXEO_CONNECT_URL.

For instance, to run a container with another Connect URL than the default one:

docker run -it -p 8080:8080 -e NUXEO_CONNECT_URL=<NUXEO_CONNECT_URL> nuxeo/slim:latest

Kafka Availability Checking at Nuxeo Startup dev

Nuxeo startup is now checking Kafka availability.

Elasticsearch Availability Checking at Nuxeo Startup dev

Nuxeo startup is now checking ElasticSearch availability.

Redis

Redis 6.0.x dev

Redis 6.0.x is the recommended version for Nuxeo Platform LTS 2021.

Miscellaneous

The login page UI has been redesigned with Inter font and updated styling.

Remove Post-commit Listeners dev

Post-commit listeners have been converted to asynchronous listeners.

Allow Event.Fire to Use Properties dev

It is now possible to use properties into asynchronous events.

Clusterservice to Hold Cluster Node Info dev

A new service has been added to hold info about whether clustering is enabled and the cluster node id. This replaces ad-hoc uses of the framework properties repository.clustering.enabled and repository.clustering.id and multiple different random generations of ids when there is no node id specified. Current direct users of the properties are:

MigrationServiceImpl
StreamPubSubProvider
CacheServiceImpl

Reduce Response Size of the ACL Enricher dev

(also available in 10.10)

The User object representation is now returned to the client without its groups.

`ecm:isProxy` A Valid Field for Aggregates dev

(also available in 10.10)

The field ecm:isProxy is now part of the valid fields for Elasticsearch aggregates.

Improve LogFeature to Be Able to Annotate Test Methods dev

New test annotations are available on classes and methods:

@ConsoleLogLevelThreshold
@LoggerLevel

Allow Underscore Character in LDAP Queries

The UserManager.searchUsers(pattern) and UserManager.searchGroups(pattern) APIs now interpret the pattern as a generic string with arbitrary characters that will be matched exactly (depending on the directory substring match style).

If compatibility with previous versions is needed, to use a pattern where % and _ are interpreted as LIKE escapes, the following must be set:

<extension target="org.nuxeo.runtime.ConfigurationService" point="configuration">
  <property name="nuxeo.usermanager.search.escape.compat">true</property>
</extension>

Add Default Referrer-Policy Header dev

A new Nuxeo property nuxeo.referrer.policy is available to control the value of the Referrer-Policy HTTP header.

The default is:

nuxeo.referrer.policy=strict-origin-when-cross-origin

The header Referrer-Policy and its possible values are described here.

Clean up

This release also comes with hundreds of bugs fixed and also code clean up, making Nuxeo Server more solid than ever.

Addons

S3 Direct Upload - Support S3-like Storage dev

We now allow using the accelerate mode of S3, more details on S3 documentation.

S3 direct upload has new nuxeo.conf parameters to configure a custom S3 endpoint and activate path-style access:

nuxeo.s3storage.transient.endpoint (default empty)
nuxeo.s3storage.transient.pathstyleaccess (default false)

For example:

nuxeo.s3storage.transient.endpoint=https://s3.us-east-1.amazonaws.com
nuxeo.s3storage.transient.pathstyleaccess=true

Note that path-style access is incompatible with accelerate mode (NXP-27657), see S3 documentation.

S3 Direct Upload - Importing the Same File at the Same Time Fails dev

A universally unique identifier is now used as key identifier for files.

Web UI

For more information on Web UI latest release:

JSF

Improve JSF Admin NOS Registration Page in Offline Case admin

JSF Admin NOS page displays registration information in offline mode.

Fix JSF EL Evaluation of a Condition Using a Multi-Valued Property in a Filter Used by a Picture Conversion dev

The function nx:arrayContains is added to evaluate JSF EL condition on multi-valued properties.

Added new functions in the EL context to work with arrays:

nx:arrayContains: returns true if the given array contains the given element. ${nx:arrayContains(array, 'foo')}
nx:arrayContainsAll: returns true if the given array contains all the given elements. ${nx:arrayContainsAll(array, 'bar', 'foo')}
nx:arrayContainsAny: returns true if the given array contains one of the given elements. ${nx:nx:arrayContainsAny(array, 'bar', 'foo')}
nx:arrayContainsNone: returns true if the given array contains none of the given elements. ${nx:arrayContainsNone(array, 'barfoo', 'foobar')}

For instance, those functions can be used in filters to filter picture conversions:

<extension target="org.nuxeo.ecm.platform.picture.ImagingComponent"
  point="pictureConversions">
  <pictureConversion id="subjectFilteredConversion" maxSize="200">
    <filters>
      <filter-id>subjectFilter</filter-id>
    </filters>
  </pictureConversion>
</extension>

<extension target="org.nuxeo.ecm.platform.actions.ActionService"
  point="filters">
  <filter id="subjectFilter">
    <rule grant="true">
      <condition>#{nx:arrayContains(currentDocument.dc.subjects, "art/paint")}</condition>
    </rule>
  </filter>
</extension>

Deprecation

Nuxeo JSF UI dev user

The Nuxeo JSF UI addon is deprecated.

Maria DB dev

The usage of Maria DB database is now deprecated.

MySQL dev admin

The usage of MySQL database is now deprecated.

MS SQL Server dev admin

The usage of MS SQL Server database is now deprecated.

Farewell

Nuxeo Wizard dev user

The Nuxeo Wizard has been removed.

Nuxeo Windows installer (.exe) dev admin

The Nuxeo Windows installer (.exe) has been removed.

Nuxeo Homebrew installer dev admin

The Nuxeo Homebrew installer has been removed.

Nuxeo Static WAR dev admin

The nuxeoctl pack command used to generate a static WAR has been removed as well as the nuxeo-distribution/nuxeo-war-tests module testing it.

Nuxeo SDK Distribution dev admin

The Nuxeo Server Tomcat SDK build has been removed. The Maven profile sdk does not exist anymore.

Nuxeo Shell dev admin

The Nuxeo Shell nuxeo-shell addon has been removed.

Apache Derby dev

The support of the Apache Derby embedded database has been removed. H2 is now the only option to handle in-memory data sources.

JAAS dev

JAAS has been removed (the use of LoginContext, security domains, LoginModules, etc.) and replaced per a direct call to NuxeoAuthenticationPlugins.

New methods:

Framework.loginSystem()
Framework.loginSystem(originatingUser)
Framework.loginUser(username)
NuxeoPrincipal.getCurrent()
NuxeoPrincipal.isCurrentAdministrator()

The above loginSystem and loginUser methods now return a NuxeoLoginContext that is AutoCloseable and can therefore be used in a try-with-resources.

Deprecated methods:

Framework.login()
-> Framework.loginSystem()
Framework.loginAs(originatingUser)
-> Framework.loginSystem(originatingUser)
Framework.loginAsUser(username)
-> Framework.loginUser(username)
Framework.login(username, password)
-> Framework.loginUser(username)
ClientLoginModule.clearThreadLocalLogin()
-> LoginComponent.clearPrincipalStack() (INTERNAL)
ClientLoginModule.getThreadLocalLogin()
-> LoginComponent (INTERNAL)
ClientLoginModule.getCurrentLogin()
-> LoginComponent.getCurrentPrincipal()
ClientLoginModule.getCurrentPrincipal()
-> NuxeoPrincipal.getCurrent()
ClientLoginModule.isCurrentAdministrator()
-> NuxeoPrincipal.isCurrentAdministrator()
LoginStack

These extension points or part of their contributions are removed:

<loginModulePlugin> in the element <authenticationPlugin> of extension point authenticators of org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService
the extension point domains of org.nuxeo.runtime.LoginComponent (which included registration of LoginModule classes)
the extension point plugin of org.nuxeo.ecm.platform.login.LoginPluginRegistry (which included registration of LoginPlugin classes)

Behavior change:

NuxeoAuthenticationPlugin.handleRetrieveIdentity should now contain all the authentication code, and return a UserIdentificationInfo with credentialsChecked = true (using the 1-arg constructor) if the credentials have already been checked by the auth plugin itself. Otherwise the method may return a UserIdentificationInfo that includes a username and password, to let the generic filter check the password against the UserManager.

NXCore Class dev

Usage of NXCore is deprecated and its usage is removed from the platform.

Post-commit Listeners dev

Post-commit listeners have been converted to asynchronous listeners.

The post-commit event listeners can now be made either asynchronous or synchronous. We strongly recommend to do the same thing with any custom event listener.

Later on, we will deprecate the post-commit event listener execution mechanism relying on PostCommitEventExecutor, see NXP-27986.

For this purpose, a warning is logged when running a post-commit event listener to inform that its execution will soon be deprecated and advising to update the listener contributions to make them asynchronous with <listener async=\"true\"...>.

The warning can be disabled with the following logger in NUXEO_SERVER/lib/log4j2.xml:

<Logger name="org.nuxeo.ecm.core.event.impl.PostCommitEventExecutor" level="warn">
  <RegexFilter regex="Running post commit event listeners.*" onMatch="DENY" onMismatch="NEUTRAL" />
</Logger>

GWT Modules dev

All GWT related modules have been removed from nuxeo-jsf-ui repository:

nuxeo-annot-api
nuxeo-annot-contrib
nuxeo-annot-core
nuxeo-annot-http
nuxeo-annot-repo
nuxeo-platform-imaging-tiling
nuxeo-platform-imaging-tiling-preview

The PictureTilesRestlets restlet related to the nuxeo-platform-imaging-tiling has also been removed: the endpoint /nuxeo/restAPI/getTiles/ does not exist anymore.

All GWT artifacts in the Nuxeo root pom dependencyManagement have also been removed. If you depend on those ones, you must update your project pom to add them.

The related nuxeo.old.jsf.preview (introduced with NXP-25110) and nuxeo.text.annotations configuration properties that were used to activate the old preview and the GWT text annotations have been removed: setting them has no impact.

Nuxeo DAM Dependency admin user

The Nuxeo DAM Package and Nuxeo DAM JSF UI Package have been removed for Nuxeo Server. All the features (Picture, Video, ...) installed through those packages are now integrated by default in a Nuxeo Server. You do not need to depend on nuxeo-dam package anymore on your Nuxeo package, for instance:

<dependencies>
    <package>nuxeo-web-ui</package>
    <package>nuxeo-dam</package>
</dependencies>

MarkLogic Connector dev admin

The MarkLogic connector has been removed.

Nuxeo Connect Report Tools dev admin

The Nuxeo Connect Report Tools nuxeo-connect-tools has been removed.

Template Rendering Samples admin user

The Template Rendering Samples has been removed.

Nuxeo Agenda admin user

The Nuxeo Agenda nuxeo-agenda addon has been removed.

Others Packages admin user

The following deprecated and unused packages have been removed:

nuxeo-activity
nuxeo-business-days-management
nuxeo-core-binarymanager-sql
nuxeo-http-client
nuxeo-javaagent
nuxeo-logs-viewer
nuxeo-rating
nuxeo-resources-compat
nuxeo-review-workflows-dashboards
nuxeo-session-inspector

Learn more

More information about released changes and fixed bugs is available in our bug tracking tool:

LTS 2021.1 / LTS 2021-HF01

What's New in LTS 2021.1 / LTS 2021-HF01

Nuxeo Server

Core Repository

Record, Retention and Hold Low-Level Implementation dev user

Support Flagging Repositories as Headless dev

Configure Transient Store Cache dev

Allow to Bypass Allowed Subtype Check in FileManager dev

Support Double Format for Long Properties Values in Document Model dev

Core Storage

Compatibility with MongoDB 4.X dev admin

PostgreSQL 13.x dev admin

Allow Optimized MongoDB Ids With Shorter Size dev admin

Allow Configuration of MongoDB Query Max Execution Time dev admin

Allow Full Configuration of MongoDB Connection dev

Blob Provider Improvements dev

Better Management of Temporary Files for the Encrypted (AES) Blob Provider dev

DefaultBlobDispatcher Supports Full Regexp-Based Match dev

Add ecm:path Variable to the Default Blob Dispatcher dev

Allow Avoiding Use of the HTTP Proxy for S3 Connections if the S3 Endpoint Is Internal dev

New Implementation S3BlobProvider dev admin

Allow Simple S3 Blob Provider Implementation Override, and Use Proper Require dev

Blob Properties Should Expose Final URL If Possible dev

Make S3BinaryManager.abortOldUploads Async and Optional dev

Use AWS TransferManager in S3DirectBatchHandler dev

S3 Direct Upload for Little Files (SSE-KMS) dev

Allow Using Arbitrary File Keys in S3 dev

Allow Blob Provider to Do Optimized Byte Range Requests dev

Allow Blob Provider to Access Document When Reading Blob dev

Add BlobProvider.supportsSync() to Avoid Relying on Binarymanager for Sync Tests dev

Allow Avoiding Use of the HTTP Proxy for S3 Connections If the S3 Endpoint Is Internal dev

More flexibility in the Blob Providers Infrastructure dev

Add Full Regexp-Based Match to DefaultBlobDispatcher dev

Add ecm:path Variable to the Default Blob Dispatcher dev

Allow Configurable Digest with the S3BinaryManager dev

Support of S3 Transfer Acceleration dev

Enforce the Server Side Encryption Header in S3 Client Request dev admin

Allow S3 Multipart Part Size configuration dev

Allow Storing Extracted Fulltext in Blobs dev

New Implementation for the Encrypted (AES) Blob Provider dev

S3DirectBatchHandler Must Work With the New S3BlobProvider dev

Define nuxeo.binarystores.root for the Root of All Binaries Store dev

Better Management of Authentication Parameters for Google Storage dev

S3 Cache and Connection Parameters Configurable Through nuxeo.conf dev

Configure S3 Multipart Part Size dev

Document Deletion With Bulk Action Framework on DBS dev

MongoDB New Indexes dev

Improved Concurrent Updates Removing Elements From Lists on MongoDB dev

Directory

Allow Directory Initialization to Just Add Missing Entries dev

Workflow

Support Task Variables on Nuxeo-Dropzone dev

Task Endpoint Paginable dev

workflowInstanceId Alias for Workflow.GetOpenTasks Operation

Delete the Related Workflow Instances When a Document Is Deleted dev

Nuxeo Streams

Kafka 2.6.x dev admin

Report Stream lag and latency from Nuxeo dev admin

Expose Nuxeo Stream latency metrics to Datadog dev admin

Nuxeo Stream probe in the default health check dev

Nuxeo Stream Expose Latency to Prometheus dev

Enable to Register a Processor Without Running It dev

Recovery Procedure for Systematic Failure in a Stream Processor dev

Expose Stream Processor Failures as Metrics dev

Stream Processor Probe in The runningstatus dev

Allow to Disable Stream Processing dev

New Rest API Endpoint to Expose the Stream Introspection dev

WorkManager

Trigger an Action after Completion of a Group of Works dev

New Metrics for Works DLQ Usage dev

Store Work in Failure in DLQ for Repair Purpose dev

WorkManager Processing Disabling dev

Get Work Main Properties of the Default WorkManager Queue dev

Scheduler

Scheduler Services to Support Multiple Nuxeo Nodes Startup dev admin

Configure SchedulerService Initialization Timeout dev

Audit

Export Audit in CSV Files user

Query

NOW Expression in NXQL dev user

Add `ecm:path` Variable to the Default Blob Dispatcher dev

New Implementation `S3BlobProvider` dev admin

Make `S3BinaryManager.abortOldUploads` Async and Optional dev

Add `BlobProvider.supportsSync()` to Avoid Relying on Binarymanager for Sync Tests dev

Add `ecm:path` Variable to the Default Blob Dispatcher dev

Define `nuxeo.binarystores.root` for the Root of All Binaries Store dev

S3 Cache and Connection Parameters Configurable Through `nuxeo.conf` dev

`workflowInstanceId` Alias for `Workflow.GetOpenTasks` Operation

Stream Processor Probe in The `runningstatus` dev

Bulk Action Framework for `Picture.RecomputeViews` Operation dev

Elasticsearch `nested` Operator dev

`javax.mail` Messages in Nuxeo Logs dev

`nuxeoctl` Now Starts Nuxeo Platform in Strict Mode dev admin

`postAuthenticationProcessChecks` added to `SAMLAuthenticationProvider` dev

`Downloadservice.Downloadblob` to Use Builder Pattern dev

Facet API on `SimpleDocumentModel` dev

New Parameter to the `Document.Copy` Operation to Reset the Document Lifecycle dev