For Administrators

Redirect Downloads to a Content Delivery Network

The S3 Binary Manager has evolved so that it is possible to let the user download blobs directly from S3 without having the blob go through the Nuxeo Platform server. The security has been taken care of thanks to signed URLs mechanism. With the same approach it is possible to extend the default binary manager and plug to any CDN (CloudFront, Akamai, ...). To enable, use:

nuxeo.s3storage.downloadfroms3=true

To configure the expiration (in seconds) for the redirect URLs, use:

nuxeo.s3storage.downloadfroms3.expire=3600

You should also configure S3.

nuxeoctl --strict start

nuxeoctl --strict start will abort with an error code when a component cannot be activated or when a server is already running. This allows you to ensure that the server was started correctly. For instance when elasticsearch.enabled is set to true, the server start will abort if Elasticsearch is not available.

nuxeo.conf Password Encryption

Sensitive configuration data can be encrypted to avoid clear data in the configuration files, especially nuxeo.conf. New commands usage:

nuxeoctl encrypt [--encrypt <algorithm>] [<clearValue>..] [-d [<categories>]|-q]
    Output encrypted value for <clearValue>.
    If <clearValue> is not provided, it is read from stdin.

nuxeoctl decrypt '<cryptedValue>'.. [-d [<categories>]|-q]
    Output decrypted value for <cryptedValue>.
    The secret key is read from stdin.

nuxeoctl config [--encrypt [<algorithm>]] [--set [<template>]] [<key> <value>].. <key> [<value>] [-d [<categories>]|-q]
    Set template or global parameters.
    If <value> is not provided and the --set 'option' is used, then the value is read from stdin.

nuxeoctl config [--get] <key>.. [-d [<categories>]|-q]
    Get value for the given key(s).

nuxeoctl config [--get-regexp] <regexp>.. [-d [<categories>]|-q]
    Get value for the keys matching the given regular expression(s).

See nuxeoctl help and online documentation .

Workflow Optimizations

Several queries that list tasks and workflow models in user's views have been optimized, leading to a quicker display when a lot of tasks are in the repository and a reduced load for the database.

Live Connect Configuration Improvements

Cloud Services providers' file pickers no longer open if not properly configured in the Admin Center and a proper error message in the UI is now displayed.

File widget no longer displays an upload button for Cloud Services providers that are not enabled.

Groups Defined Both on SQL Locally and in LDAP Directory

For directories that are only read, it's sometimes useful to have a reference field that has several definitions to external directories. For instance the "groups" information of the user directory could come from two different ways of defining groups. This is something that works only for read though, because on write we wouldn't be able to know to which reference the write should be done. So with this feature a directory field can have several references:

New Marketplace Packages

nuxeo Diff Pictures: This package requires Nuxeo Dam, installs Nuxeo Diff (if not already installed), and uses ImageMagick.
Template Rendering Samples: This package provides a set of new samples to let you discover the best of what you can do with Nuxeo Platform Rendering.
Nuxeo for Salesforce: This Nuxeo Platform and Salesforce integration enables to drag'n drop documents from the Salesforce UI into the Nuxeo Platform, with automated information linking (customer name, opportunity ID...).
Nuxeo Review Workflows Dashboards: This package provides dashboards that show information about the workflows like average execution length, top assignees, etc.

Annotations Make Use of VCS Relation Graph

Relations are now stored by default as core relation objects with document type AnnotationRelation. It is possible to switch back to Jena storage, see detailed Upgrade Notes.

Redis Implementation of Cluster Invalidation Logic

ClusterInvalidator implementation based on Redis is replacing the SQL one. To use it edit the repository contrib and add:

<clusterInvalidatorClass>org.nuxeo.ecm.core.redis.contribs.RedisClusterInvalidator</clusterInvalidatorClass>

Invalidations are sent and received using the Redis pubsub messaging on the channel: nuxeo:inval:default:channel (default being the name of the repository). There is a Redis HSET created for each Nuxeo node with the following key: nuxeo:inval:default:nodes: nodeId

Redis-Based Implementation of the UIDSequencer

A Redis implementation of the UID Sequencer is available. In this implementation, the counter for key FOO is stored under nuxeo:counters:FOO. Such a sequencer can be contributed with the following extension:

Redis Queue Optimisation

The Redis queue implementation generates less requests to Redis and improves performance by prioritizing local worker with potentially warm cache. Also Redis commands are now pipelined reducing the number of Redis roundtrip.

Support of LibreOffice 5

LibreOffice 5 support has been added for conversions by adding detection of path for that version.

Default SAML Binding

The new configuration property 'nuxeo.saml2.loginBindings' allows configuring available SAML login bindings. Default is 'HTTP-Redirect,HTTP-POST'. First binding will be flagged as default in the metadata export.