Natalie_Manusov
Crownpeak employee
Crownpeak employee

FirstSpirit 2024.3 (5.2.240312) is the latest release of FirstSpirit and contains bugfixes as well as new functionality.

The release notes are attached to this post and available via https://docs.crownpeak.com/
To learn more about our release management in general please see our Release Management FAQ.

The new FirstSpirit version is available for download

You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Read more
0 0 1,135
TimoKlattenhoff
Crownpeak employee
Crownpeak employee

Dates, agenda and registration

Read more
0 4 1,437
honecker
Crownpeak employee
Crownpeak employee

The release notes for this build are available online at

EN Release Notes

and

DE Release Notes

Read more
0 0 394
Natalie_Manusov
Crownpeak employee
Crownpeak employee

FirstSpirit 2024.2 (5.2.240208) is the latest release of FirstSpirit and contains bugfixes as well as new functionality.

The release notes are attached to this post and available via https://docs.e-spirit.com/ .
To learn more about our release management in general please see our Release Management FAQ.

The new FirstSpirit version is available for download

You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Read more
0 0 1,052
hartwich
Crownpeak employee
Crownpeak employee

The release notes for this build are available online at

EN Release Notes

and

DE Release Notes

Read more
0 0 358
marro
Crownpeak employee
Crownpeak employee

The release notes for this build are available online at

EN Release Notes

and

DE Release Notes

Read more
0 0 504
Schulz
Crownpeak employee
Crownpeak employee
0 0 378
Natalie_Manusov
Crownpeak employee
Crownpeak employee

Due to a caching issue in the URL registry, a hotfix build  5.2.240111 was created.

The new FirstSpirit version is available for download

You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Read more
0 0 846
Natalie_Manusov
Crownpeak employee
Crownpeak employee

Happy New Year all, wishing you all health & happiness in 2024!

We start with the first release this year. 

FirstSpirit 2024.1 (5.2.240110) is the latest release of FirstSpirit and contains bugfixes as well as new functionality.

The release notes are attached to this post and available via https://docs.e-spirit.com/ .
To learn more about our release management in general please see our Release Management FAQ.

The new FirstSpirit version is available for download

You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Read more
0 0 1,219
hartwich
Crownpeak employee
Crownpeak employee

The release notes for this build are available online at

EN Release Notes

and

DE Release Notes

Read more
0 0 499
hartwich
Crownpeak employee
Crownpeak employee

The release notes for this build are available online at

EN Release Notes

and

DE Release Notes

Read more
0 0 530
TimoKlattenhoff
Crownpeak employee
Crownpeak employee

Watch the recordings of the Product Office Hours here

Read more
0 0 490
Natalie_Manusov
Crownpeak employee
Crownpeak employee

FirstSpirit 2023.13 is the latest release of FirstSpirit and contains bugfixes as well as new functionality.

The release notes are attached to this post and available via https://docs.e-spirit.com/ .
To learn more about our release management in general please see our Release Management FAQ.

The new FirstSpirit version is available for download

You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Read more
0 0 1,109
korte
Crownpeak Employee
Crownpeak Employee

The release notes for this build are available online at

EN Release Notes

and

DE Release Notes

Read more
0 0 449
TimoKlattenhoff
Crownpeak employee
Crownpeak employee

The next FirstSpirit Product Office Hours are coming up – find details here

Read more
0 0 505
Natalie_Manusov
Crownpeak employee
Crownpeak employee

FirstSpirit 2023.12 is the latest release of FirstSpirit and contains bugfixes as well as new functionality.

The release notes are attached to this post and available via https://docs.e-spirit.com/ .
To learn more about our release management in general please see our Release Management FAQ.

The new FirstSpirit version is available for download

You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Read more
0 0 1,098
Natalie_Manusov
Crownpeak employee
Crownpeak employee

FirstSpirit 2023.11 is the latest release of FirstSpirit and contains bugfixes as well as new functionality.

The release notes are attached to this post and available via https://docs.e-spirit.com/ .
To learn more about our release management in general please see our Release Management FAQ.

The new FirstSpirit version is available for download

You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Read more
0 0 1,165
TimoKlattenhoff
Crownpeak employee
Crownpeak employee

Watch the recordings of the AI Webinar for FirstSpirit here

Read more
0 0 719
TimoKlattenhoff
Crownpeak employee
Crownpeak employee

Download the documentation for FirstSpirit's DQM Connect functionality and see the intro video here

Read more
0 0 855
Natalie_Manusov
Crownpeak employee
Crownpeak employee

FirstSpirit Hotfix-Builds 5.2.230817 (Non-Jakarta) and 5.2.231010 (Jakarta) contain a further security fix for CVE-2023-4863 (Heap Buffer Overflow in WebP):

  • JxBrowser update to the version 7.35.1 (is used in the integrated preview in the SiteArchitect)

The vulnerability is classified as critical. Crownpeak therefore recommends a prompt update to a secured FirstSpirit version.

A “heap buffer overflow” in WebP allowed a remote attacker to perform an out-of-bounds memory-write, and thus possibly inject malicious code. A manipulated WebP image can therefor lead to code injection.

FirstSpirit versions since 2019.11 are affected.

How can the vulnerability be exploited?

  • An editor adds a manipulated WebP image to a project.
  • An editor opens an (external) website containing a manipulated WebP in the integrated preview.

What do you have to do?

  • (Server) Update to 5.2.230817 / 5.2.231010
  • (Client) Update the local browsers

Mitigation without FS Update

New FirstSpirit versions are available for download

You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Read more
0 3 1,260
TimoKlattenhoff
Crownpeak employee
Crownpeak employee

Current link to the FirstSpirit User Management

Read more
0 0 1,081
TimoKlattenhoff
Crownpeak employee
Crownpeak employee

Upcoming webinars on AI Functionality in FirstSpirit – register here

Read more
0 0 613
Natalie_Manusov
Crownpeak employee
Crownpeak employee

FirstSpirit 2023.10 is the latest release of FirstSpirit and contains bugfixes as well as new functionality.

Important note regarding CVE-2023-4863 (Heap Buffer Overflow in WebP)

The vulnerability is classified as critical. Crownpeak therefore recommends a prompt update to a secured FirstSpirit version:

Due to CVE-2023-4863, the WebP library used by FirstSpirit has been updated. 

Important note regarding migration to Jakarta EE 6.0

In contrast to the phased rollout for cloud customers, on-premises customers are able to test and migrate the FirstSpirit servers once version 2023.9 or 2023.10 has been released.

However, we strongly recommend to wait with the update of productive servers at least until release 2023.11 since we aim to guarantee the compatibility for modules provided by Crownpeak with that release.

 

The release notes are attached to this post and available via https://docs.e-spirit.com/ .

To learn more about our release management in general please see our Release Management FAQ.

The new FirstSpirit version is available for download

You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Read more
0 2 2,153
Natalie_Manusov
Crownpeak employee
Crownpeak employee

The FirstSpirit Hotfix-Build 5.2.230813 contains a security fix for CVE-2023-4863 (Heap Buffer Overflow in WebP).

The vulnerability is classified as critical. Crownpeak therefore recommends a prompt update to a secured FirstSpirit version.

Due to CVE-2023-4863, the WebP library used by FirstSpirit has been updated to a version based on libwebp version 1.3.2. 

A “heap buffer overflow” in WebP allowed a remote attacker to perform an out-of-bounds memory-write, and thus possibly inject malicious code. A manipulated WebP image can therefor lead to code injection.

FirstSpirit versions since 2019.11 are affected.

How can the vulnerability be exploited?

  • An editor adds a manipulated WebP image to a project.

What do you have to do?

  • (Server) Update to 5.2.230813
  • (Client) Disable the integrated preview in SA (JxBrowser)
  • (Client) Update the local browsers

Mitigation without FS Update

  • (Server) Prevent uploading of WebP (set appropriate restrictions in the project) or
  • (Server) Configure WebP as media type file
  • (Client) Disable the integrated preview in SA (JxBrowser)
  • (Client) Update the local browsers

The new FirstSpirit version is available for download

You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Read more
0 0 763