LTS 2021.2 / LTS 2021-HF02

What's New in LTS 2021.2 / LTS 2021-HF02

Nuxeo Server

Core Storage

Asynchronous Blob Digest Calculation dev admin

Some files are uploaded to Nuxeo using external components as "direct upload" and therefore their content is never seen by Nuxeo, which makes it impossible to synchronously compute their digest and use this digest as the blob key.

Having the blob key be a digest is useful for:

deduplication,
compliance with customer rules that require keys to be digests.

To fix this, we have introduced a process to asynchronously compute the digest of each new blob (after downloading it) and "renaming" the blob key. This renaming involves to move the blob in the blob provider, and to find all documents that have this blob key (thanks to NXP-29516) to change them to use the new key.

To enable this feature, we added a new property to compute the blob digest asynchronously when Nuxeo doesn't see the blob content at upload time:

nuxeo.core.blobstore.digestAsync=true

Allow Logging S3 Downloads dev admin

Additional logs are now produced to specifically track S3 downloads.

It can be enabled by adding to lib/log4j2.xml:

<Logger name="S3_Download" level="debug" />

Elasticsearch

New Parameter to Enable Index Aliases

It is now possible to easily activate the Elasticsearch alias usage using a property:

elasticsearch.manageAlias.enabled=true

Note that when switching an existing instance to use Elasticsearch alias you first have to drop the existing elastic index for the repository (named nuxeo by default) then reindex your repository.

Elasticsearch Passthrough

Elasticsearch passthrough is now configurable with certificates from private certificate authorities.

Bulk Service (Aka "Bulk Action Framework")

Bulk Scroller Completes Command in Error When Query Times Out dev

The Bulk scroller now completes the command in error when a query times out.

Packaging / Distribution / Installation

Allow Adding New Templates Without Overriding the Whole `nuxeo.templates` Property

In the previous versions of Nuxeo Platform, there was no other way than overriding the whole nuxeo.templates property in nuxeo.conf if we wanted to add new templates to be deployed in a given environment: that means we had to know the exact list of templates configured by default and all the installed packages.

You can now use nuxeo.append.templates.* properties in nuxeo.conf. All those properties will be sorted alphabetically (for determinism and reproducibility), and all the values will be added after the ones from the nuxeo.templates property when passing everything to the ConfigurationGenerator.

For instance, we could have:

nuxeo.templates=default
...
nuxeo.append.templates.infra=mongodb,redis,kafka
nuxeo.append.templates.cloud=cloud-cloudfront, cloud-directupload

The effective list will be: default,cloud-cloudfront,cloud-directupload, mongodb,redis,kafka.

This could then be used in our default Nuxeo Helm chart:

...
{{- if or .Values.mongodb.deploy .Values.tags.mongodb }}
    nuxeo.append.templates.mongo=mongodb
    nuxeo.mongodb.server=mongodb://{{ .Release.Name }}-mongodb:27017
    nuxeo.mongodb.dbname={{ .Values.nuxeo.mongodb.dbname }}
{{- end }}
{{- if or .Values.postgresql.deploy .Values.tags.postgresql }}
    nuxeo.append.templates.postgres=postgresql
    nuxeo.db.name={{ .Values.nuxeo.postgresql.dbname }}
    nuxeo.db.user={{ .Values.nuxeo.postgresql.username }}
    nuxeo.db.password={{ .Values.nuxeo.postgresql.password }}
    nuxeo.db.host={{ .Release.Name }}-postgresql
    nuxeo.db.port=5432
{{- end }}
{{- if or .Values.redis.deploy .Values.tags.redis }}
    nuxeo.append.templates.redis=redis
{{- end }}
...

Tomcat 9.0.45 dev admin

The Nuxeo Platform now relies on Tomcat 9.0.45.

Addons

WOPI - File Version Uses User Change Token dev

The document user change token is now used as WOPI item version.

Major Bug Fixes

Support of the Carriage Return Characters Into the CSV Export

Carriage return characters are now escaped in the CSV export.

Fix How Enricher Priority Is Taken Into Account

Enricher priority is now taken into account when overriding an enricher.

Fix Algorithm to Unpublish a Document

Unpublishing a source document now loads only the published documents. This is improving the flow by avoiding searching all the published documents of the section and loading them into the memory.

When Exiftool Fails, `file:content` Gets Deleted

Previously, File content was deleted in case of ExifTool failure.

File content is now unchanged after an ExifTool failure.

Timeout on CommandLine Executor Fails for Windows

CommandLine timeout is now disabled on Windows as it is not supported.

Fix Inheritance of Local Configuration’s Allowed Subtypes in Subfolders of Configured Workspace

The local configuration for subtypes is now inherited to subfolders.

Allow Configuration of Signature Algorithm for SAML

We can now configure the digest algorithm used for the signature with SAML.

To configure a signature algorithm for SAML, add a SignatureAlgorithm entry to the plugin , for instance:

<parameter name="SignatureAlgorithm">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</parameter>

The signature algorithms are defined by the various SAML and XML specs, in particular RFC 6931. If an algorithm unknown to the current library has to be used, the following more verbose syntax that includes the explicit JCA/JCE key algorithm specifier (RSA in this example) may be used:

<parameter name="SignatureAlgorithm.RSA">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</parameter>

In the same way it's possible to define a digest algorithm with the DigestAlgorithm parameter:

<parameter name="DigestAlgorithm">http://www.w3.org/2001/04/xmlenc#sha256</parameter>

Consult the normative documents like W3C XML Encryption for the algorithms.

Fix CAS Authentication Anonymous Client

CAS authentication redirects with an HTTP 302 when anonymous is enabled.

Remove Picture Migration at Startup

Picture migration (required for the upgrades to 8.10 and 9.10) is not needed anymore. So, it has been removed from startup.

Increase Bulk Status TTL on Completion With Error

The bulk status is now kept for 24h in case of error.

Operations `RenderDocument` and `RenderDocumentFeed` Not Working With REST

The operations RenderDocument and RenderDocumentFeed are now usable with REST.

Prevent Creation of Empty Thumbnail on Audio File

We had previously some error cases where the thumbnail generated on audio files were empty.

The thumbnail is now correctly generated for Audio documents.

LibreOffice 5.3.6.1 Hangs on Some HTML to PDF Conversion

The Nuxeo Platform docker images now use LibreOffice 7.1.1 which fix the issue.

Nuxeo Enhanced Viewer - Security Policy to Filter Annotations Is Not Working

Security policies are now taken into account by Annotations in Nuxeo Enhanced Viewer, so that you can now filter the annotations displayed on NEV based on the security policy definition.

Live Connect - Fix Upload of a Google Drive Shared File

Files shared among Google Drive accounts are correctly uploaded with LiveConnect.

Learn More

More information about released changes and fixed bugs is available in our bug tracking tool.