Sign In   Register
  2. Home
  3. Manager
  4. 26.04

We are pleased to announce our latest 26.04 release of Journey Manager is ready for you to download! It includes new and enhanced features, security improvements, updated libraries, and bug fixes. Read on to find out more.

Version Date Released New Features Improvements Fixes Security CVE
26.04.0 24 April 2026 Changelog New Changelog Improved Changelog Fixes Changelog Security 3rd Party Libraries

Highlights

Journey Manager 26.04 includes some exciting new features and enhancements. For a full list of new features and improvements, see the changelog below.

This release's highlights include:

Service Connection Encryption

TJM now stores service connection details as encrypted values providing a more secure model that aligns with how we store important data. Details are stored using our existing configurable data storage services. 

OTP authentication

TJM now supports login to select spaces via OTP. This functionality can be configured to use a number of cloud service integrations for OTP generation and verification. 

Cayenne Upgrade 4.2.3

The Apache Cayenne ORM framework has been upgraded to version 4.2.3, delivering performance improvements and compatibility with the latest platform dependencies.

WildFly 39 Upgrade

Journey Manager has been upgraded to WildFly 39, bringing improved Jakarta EE support, performance enhancements, and the latest security patches.

AWS SDK V2 Migration

The AWS SDK has been migrated from V1 to V2, providing improved performance, non-blocking I/O, and better support for modern AWS services including KMS access via AWS profiles.

XSRF Response Headers

XSRF tokens are now included in response headers to be handled by the client side, improving cross-site request forgery protection.

Applicants Space WAR

The applicants space has been split out into its own WAR file, improving modularity and deployment flexibility.

DB Integrity Checker Performance

The Database Integrity Checker has been significantly improved for performance, enabling faster validation of database consistency.

Change log

The change log is a list of all new features, enhancements, and fixes for this release.

Changelog New New Features

The following new features are introduced in this release.

Manager
  • Fluent HTML injector service
  • Custom URLs for pages in spaces
  • OTP authentication feature

Changelog Improved  Improvements

The following improvements are included in this release.

Manager
  • Allow Fluent VOs to be accessed in Job controller definitions
  • Code Libraries Enhancements: 
    • Support code libs in maven imports folder
    • Work independently of Groovy Data Isolation setting
    • Allow Code Library services to be recreated from template
  • Add default service and current version filter options to service search pages
  • Enhance Log Query to return log time and filter via log time
  • Added useCurrentSubmissionXmlForOpenedTasks flag in collaboration jobs
  • Folding now available in Form XML Data
Workspaces API
  • Support Internal-External Comments functionality
  • Allow workspaces to reclassify comments or delete
SDK
  • Scheduled Job Import
  • Reference Data preserve existing on import
  • Configurable timeout for Ant SDK app-deploy
  • Compare code libraries feature

Changelog Fixed Fixes

This release fixes the following known issues.

Manager
  • Production Groovy Debug Logging bug causing excessive log output
  • Fixed issue causing user enrollment page not functioning correctly
  • Password incorrectly required for non-local users
  • IllegalStateException during Outbox Processing
  • Null Service connection in JobEventService
  • Attachment issue caused by service connection encryption Cayenne cache loading
  • Duplicate job processing after manually setting a task to completed
  • org.json.JSONObject replaced with ObjectMapper to avoid cyclic dependency issue
  • Access issues to Exchange and Insights modules
  • Error messages too long for database field, now shortened and trimmed
  • Purge Orphaned Records fix and dbupdater release version correction
  • Maestro Require Client Key in portal causing duplicated client key parameters
  • Using portal property Require Client Key unable to resume saved Transact function form
  • Fixed issue with form promotion functionality
  • Duplication of spaces on new user creation dropdown list

Code Libraries
  • Multiple imports issue resolved
  • Code library service with same package class in different org
  • Code library service with different tag names
  • Import covering global and non-global libraries
  • Inactive code library fix
  • Fix warning message for code libraries import through app package

Changelog Security Security

This release addresses the following security issues.

Manager
  • Ensure System GUID is stored encrypted within the System Info table
  • Store service connection details more securely with encryption type, UI, and generic encryption/decryption methods
  • AWS Profile for KMS access
  • Groovy console disabled by default for added security
  • Improper Client-Side Validation Property Type security fix

3rd Party Libraries 3rd Party Libraries

The following third-party libraries have been upgraded to meet CVE requirements.

CVE Library Version

Spring Framework & Security

 Latest

CVE-2025-41234 (High)

Spring Web

6.2.7+

CVE-2025-41254 (Medium) 

Spring WebSocket

6.2.11+

WildFly

39.0.0.Final

AWS SDK

V2

Apache Cayenne

4.2.3

Netty

4.1.127 

Commons FileUpload

1.6.0 (Jakarta)

Commons BeanUtils

1.11.0

CVE-2025-48924 

Commons Lang3

Latest

Apache Tika 

3.2.2

Kafka Client 

3.9.1

Nimbus JOSE JWT 

Latest

Gson

Latest

Angus Mail

2.0.4 

JLine

3.25.0 

CVE-2025-12183, CVE-2025-66566

lz4

Latest 

CVE-2025-68161 (Medium)

log4j-core

2.23.1+ 

CVE-2025-59250 (High)

mssql-jdbc

12.10.1+

CVE-2024-47855

json-lib

Latest

CVE-2025-4949 

org.eclipse.jgit

Latest

Release Notes

Ideas

Got a good idea for improvement?

Submit your Idea

Quick Links