10.2.1 release notes - BloomReach Experience - Open Source CMS

10.2.1 release notes

May 27, 2016

The new maintenance release 10.2.1 is available for general use. This release includes bug fixes and improvements in core, enterprise and plugins. This release also includes security fix for CSRF vulnerability in CMS application, to upgrade please read the details. For Hippo Enterprise Customers and Partners new Upgrade Verifiers from version 7.9.13 to 10.2.1 and 10.1.3 to 10.2.1 are available.
Please upgrade your project to this latest maintenance release, see the minor upgrade instructions for more information.

New projects can be bootstrapped using new essentials version, to start follow trails page.

The new versions of these module artifacts have been made available earlier and are now bundled up in this maintenance release. If the project uses such newer artifact versions via project pom override remove them before starting the upgrade procedure.

We encourage all projects to remain on the regular maintenance release. Using a tagged artifact that is not yet part of a maintenance release should only be done if there is a specific reason and only after testing in your specific project setup.



Addon HST Config Editor 2.2.0
Addon Channel Manager 3.2.1*
Addon Search Service 2.2.0
Commons 2.2.0
CMS 3.2.1*
Hippo Frontend theme 2.2.0
Hippo Frontend plugins 2.2.0
HST 3.2.1*
Packages 3.2.0
Repository 3.2.3*
Services 2.2.0
Services Auto Reload 2.2.0
Services Content Type 2.2.0
Services Event Bus 2.2.0
Services Web Files 2.2.1*


Project 27.5


Content Blocks 2.2.2
Content Tagging 5.2.1
Dashboard Document Wizard 2.2.0
Gallerypicker 2.2.0
Poll 2.2.0
Relateddocs 3.2.0
Resource bundle 2.2.0
Robotstxt 2.2.0
Selection 3.2.0
SEO Support 2.2.0
Sitemap 2.2.0
Taxonomy 2.2.2


Addon Advanced Search 2.2.1
Addon Edition Indicator 2.2.0
Addon Eforms 2.2.1*
Addon Replication 3.2.0
Addon Synchronization 3.2.0
Addon Reporting 2.2.0
Addon Targeting 3.2.1*
Addon Two Face Authentication 2.2.0
Addon LDAP 2.2.0


Jackrabbit 2.10.1

(*) - New artifact versions



  • [CMS-9880] - Cropping is not very user-friendly when working with larger resolution images
  • [CMS-9923] - [Backport 3.2.1] Improve cross origin requests detection


  • [HSTTWO-3593] - [Backport 3.2.1] Support nodeId atttribute in hst:link tag


  • [REPO-1481] - [backport-3.2] Set default password encryption to SHA-256

Enterprise Forms

  • [EFORMS-377] - [Hippo 10.2] In mail form data behavior, no longer support the Sender address but add option to select Reply-to address


  • [BT-1446] - backport [3.2.x] Use _meta mapping field to record targeting versions
  • [BT-1469] - Backport [3.2.x] Bump jest.version to 1.0.1

New Feature


  • [REPO-1468] - [Backport 10.2.x] Expose repository statistics jmx mbeans

Enterprise Forms

  • [EFORMS-366] - [Backport to 10.2] - In mail form data behavior, support the Sender address and add option to select From address (with feature branch)



  • [CMS-9929] - [Backport 3.2.1] Login dialog fails after updating to apache tomcat 8.0.30 or 7.0.67
  • [CMS-9997] - Backport 9955 to 10.2 - Image upload functionality is completely broken & can't upload any new image in cms


  • [REPO-1431] - [Backport 3.2.1] When a new nodetype gets added, the authorization query does not account for this, resulting in already logged in sessions not finding the new nodetype with a search
  • [REPO-1447] - [10.2] Downstream item of multiple upstream items fails
  • [REPO-1458] - [Forward port 3.2.2] Indexing performance degradation of images (and other binaries)

Channel Manager




  • [CMS-9966] - Backport: Add .npmrc and npm-shrinkwrap to cms/api


  • [BT-1435] - [backport 3.2.x] GroupsCollector needs public constructor
  • [BT-1478] - Backport BT 1454 to 10.2 - Fix targeting collectors
Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?