Advanced Content Organization (ACO) - Critical Security Fix (#3296)
Apart from the new frontend user interface, this new feature also introduced multiple new GraphQL queries and mutations on the backend GraphQL API. Unfortunately, prior to release, these operations were unintentionally left accessible and open to non-authenticated users.
This is no longer the case. From this release, all ACO-related GraphQL queries and mutations are inaccessible to non-authenticated users.
Because having the mentioned GraphQL operations open to non-authenticated users might pose a data security risk to your organization, we strongly advise everybody to upgrade to 5.35.1 as soon as possible.
Editing Template Variables in Page Editor Now Works as Expected (#3286)
Previously, when creating a page from a page template, editing values of template variables in the page editor would not work as expected. This has now been addressed.
Inconsistent Template Content in Template Editor (#3286)
Because of an issue in the related backend GraphQL API query, after doing a full page refresh, Page Builder’s template layout editor would intermittently fail to show the latest template content.
This has now been addressed.
Compare File Extensions in a Case Insensitive Manner (#3278)
When uploading files, Webiny checks if the content type matches the extension in the file name, and if not, appends a proper extension, using a mime type catalog. There was a bug with extension checks, where upper case extensions were not matched properly, which resulted in extension duplication. This is now fixed, and extension checks work correctly.
Lock User Project Dependencies (#3301)
From now on, all dependencies in user’s project will be locked to a fixed version, which corresponds to a version that we tested in our CI. This will reduce the risk of some 3rd party dependency affecting the entire project, and breaking the build. There’s still a possibility of a transient dependency affecting the project, but that’s completely outside our control. We also considered shipping the entire
yarn.lock file, but that’s a very challenging approach, so to have at least a basic safety net, for now, we’re locking the dependencies.
onKeyDownCallback Dependencies (#3302)
There was a bug with the Input component which would run the outdated callback on
onEnter. This only manifested itself in the Headless CMS UI, when using multiple text inputs. Hitting
Enter would cause weird value updates to happen. This is now fixed.
Website's Lambda@Edge Function Is No Longer Destroyed Automatically (#3278)
When Webiny’s multi-tenancy feature is enabled, as part of the Website project application, Webiny deploys an additional Lambda@Edge function, which is used for additional multi-tenancy-related routing purposes.
This is because of an AWS limitation, which does not allow the immediate deletion of Lambda@Edge functions. Trying to immediately delete the function will result in an error, which is why Webiny does not attempt to delete it automatically.
Note that Lambda@Edge functions are always deployed into
us-east-1 region. Make sure it is selected in the AWS
Console, or via the AWS CLI, before proceeding with the deletion.
Check the Deleting Lambda@Edge functions and replicas article for more information on how to delete Lambda@Edge functions.
The Page Builder Theming section of articles has been completely refreshed and now contains up-to-date information on how to create and use custom themes with websites created with Webiny’s Page Builder application.