Hannon Hill released Cascade CMS 8.23 in late August 2023. It is a minor release on paper, but three of its changes are worth recording because they affected how institutions operate Cascade alongside the rest of their compliance and analytics stack. This post is a reference for institutions evaluating an upgrade or auditing what changed in their Cascade environment between 8.22 and 8.23.
Google Analytics 4 Connector
The headline change in 8.23 was a built-in connector for Google Analytics 4. Universal Analytics had been deprecated by Google effective July 1, 2023, and any institution still on UA at the time of the Cascade 8.23 release was already losing data.
The 8.23 connector lets administrators view GA4 metrics directly in Cascade Reports at the folder and asset level, including engagement rate and per-page traffic. The practical value is in giving content owners visibility into how individual pages are performing without needing GA4 access of their own. For institutions with dozens of named editors, this dramatically reduces the friction of getting content performance data in front of the people who can act on it.
The earlier UA report integration continued to function but was deprecated. Institutions still on UA in late 2023 needed to migrate to GA4 before the connector dropped support entirely.
NIST 800-53 Aligned Password Policy
Cascade 8.23 enforced stronger password requirements for users authenticating against the native Cascade password store. The new policy aligned with NIST 800-53 password guidance: length thresholds, complexity rules, and rejection of commonly compromised passwords.
For institutions that authenticate Cascade users through SAML or LDAP against a campus identity provider, this change had no effect because passwords are managed upstream. For institutions still using native Cascade authentication, this introduced a one-time password reset cycle for affected users.
The policy change was part of the broader compliance signal. Cascade was beginning to make alignment with federal security frameworks (NIST, FedRAMP) a baseline expectation, which mattered for institutions whose security review processes include password policy as an explicit control.
Publish Reliability Improvements
Cascade 8.23 included internal improvements to publish operations under network instability. Multi-operation publish jobs and asset copies became more resilient to transient connectivity failures between Cascade and the production web server. Working copies were no longer orphaned when a workflow failed to start.
For institutions running large Publish All operations during template changes or periodic full-site refreshes, this was the most operationally significant change in the release. Publish failure recovery shifted from "manual cleanup of orphaned working copies" to "the job retries and continues." For a Cascade Website Hosting environment under load during enrollment cycles, that reliability difference is the kind of change that prevents 2 a.m. incident calls.
Smaller but Useful Improvements
8.23 also tightened a few editorial-experience details:
- The audits table sorts by Time by default, which made historical asset auditing materially faster
- Asset naming rules became more flexible, supporting characters previously rejected
- Comments rendered correctly in additional asset types
- Admin area columns rendered consistently for Data Definitions, Publish Sets, and Shared Fields
None of these are headline changes individually. Together they were quality-of-life improvements that mattered to administrators using Cascade daily.
What 8.23 Did Not Change
8.23 was not an architectural release. It did not change Cascade's publish model, its templating languages, its API surface, or its hosting requirements. Institutions running on the supported platform matrix did not need infrastructure changes to upgrade.
The LDAP Configuration Orphaned User Behavior Delete option began phasing out in this release, partly to prevent accidental mass deletions during LDAP sync. Institutions relying on that behavior had to reconfigure their LDAP integration.
Frequently Asked Questions
What was the most operationally significant change in Cascade 8.23?
The publish reliability improvements. For institutions running Cascade at scale, the change to recovery behavior on transient publish failures reduced incident load and the manual cleanup overhead of orphaned working copies.
Did Cascade 8.23 require a hosting change?
No. The supported platform matrix did not change. Institutions running compatible Cascade Website Hosting environments could upgrade without changing the production hosting tier.
Did 8.23 force every Cascade user to reset their password?
Only users authenticating against the native Cascade password store. Users authenticating through SAML or LDAP against a campus identity provider were not affected, because the campus identity provider remained the source of truth for credentials.
Was the 8.23 GA4 connector a replacement for direct GA4 access?
No. The connector surfaces GA4 metrics in Cascade Reports for content owners. Marketing and analytics teams typically continued to use GA4 directly for deeper analysis. The connector was a convenience layer for editors, not an analytics platform.