Changelog

Hotfix (December 19, 2024)

version 30.0.1

Fixed issues

  • Admin UI customization – The configurable content hub listing feature introduced in version 30.0.0 caused display issues for custom or extended listing pages that add multiple columns under an identical name (as specified via AddColumn(name)). After applying the hotfix, listings again support multiple columns registered under the same name. If the Content hub listing page is extended using this approach, the columns are grouped together and cannot be reordered.

  • Languages – It was incorrectly possible to create a language with a code name matching an existing top-level page URL slug.

  • Role management – The Content hub application could be incorrectly disabled in the page permissions tab if the page was reloaded while assigning permissions to a role for the Content hub.

  • Website content – Cloning of pages with names close to the maximum length (100) led to an unexpected error.

  • Workspaces

    • Creating a workspace with a code name identical to a code name previously used by a different workspace resulted in an error. This was caused by name collisions on content folders (including the root content folder) that didn’t properly reflect workspace code name changes.
    • Workspaces are now listed alphabetically in all workspace selectors.

Refresh (December 12, 2024)

version 30.0.0

.NET 9 support

Xperience by Kentico supports application development using .NET 9, the latest major .NET framework release. For more information on .NET 9, see Microsoft’s official announcement.

The support also includes Kentico’s SaaS solution, which supports the deployment of projects based on .NET 9.

Known issues

The MapStaticAssets feature is currently not supported. Adding the middleware to your application pipeline prevents Page Builder and Form Builder from working. As a workaround, use the existing UseStaticFiles middleware.

New features

Workspaces
The Content hub application is now scoped under workspaces. Workspaces allow you to organize your content into multiple distinct manageable units, making content easier to manage and maintain. You can assign roles with permissions to these units to restrict or grant access to specific content based on user roles or responsibilities, enhancing collaboration by allowing teams to segregate their work and control who can view or edit certain content. Additionally, this approach mitigates security risks by ensuring that sensitive content is only accessible to authorized users, reducing the risk of data breaches or misuse.

Projects updated to version 30.0.0 and newer have all their Content hub content stored in a Default workspace. The roles with permissions for the Content hub application have the same permissions for Content hub in the Default workspace. For more information see Default workspace.

The release of this feature introduces changes to related CI/CD objects. See New object types for CI/CD for possible manual steps depending on your project and repository configuration.

Scheduled tasks
Users can now define and manage scheduled tasks via the new Scheduled tasks application. Scheduled tasks automate recurring operations by defining tasks that execute at specified intervals. The feature supports task configuration, scheduling, and execution, enabling task-based automation with customizable intervals, logging, and error handling.

Developers can implement tasks by creating classes that implement the IScheduledTask interface and registering them under a unique identifier. In the Scheduled tasks application, they can then define task intervals, enable or disable tasks, and monitor results via the application’s Last result column.

In previous versions, the system relied on scheduled tasks internally. The release of this feature introduces changes to related CI/CD objects. See New object types for CI/CD for possible manual steps depending on your project and repository configuration.

Visibility conditions for content type fields
The field editor for content types and reusable field schemas was extended to support visibility conditions. These conditions allow users to set up fields that are dynamically displayed or hidden, for example based on the value of another field. By default, the system provides a set of field evaluation conditions, and developers can create and register custom visibility conditions to meet specific project requirements.

Dimensions in asset metadata
ContentItemAssetMetadata was extended with new properties representing the Width and Height of the asset in pixels. The system currently supports calculating the properties only for image assets (the value is automatically null for all other asset types). You can access these properties when retrieving assets or querying the GraphQL schema and use them, e.g., to prevent layout shifts when displaying content on the web.

The system automatically calculates the dimensions for new images. To calculate the dimensions for all images already in the system after applying the update, run the Calculate dimensions of image assets scheduled task. After the task successfully completes, you can safely delete it.

Image optimization
You can now optimize image assets for their use across different channels by converting the images to a more suitable format and adjusting their quality. To help ensure that editors use optimized images, administrators can configure automatic optimization upon image creation in the system.

To optimize any image already present in the system, reupload it (if automatic optimization is configured) or optimize the image manually.

Support for SVG and AVIF image formats
Content item assets and media libraries now support the SVG and AVIF formats for image files. Such images can be uploaded in the administration, selected in various image selectors, and displayed to your audience through channels.

After updating existing projects, the image extensions that you wish to use must be added manually in the Settings → Content → Assets → Asset allowed extensions setting.

SVG images are not allowed by default, because they may host scripts or CSS that can pose a security risk. Carefully consider the potential security impacts before allowing the SVG file type.

Custom activity support for automation
Automation now supports a new Custom activity trigger type, which allows you to set up more flexible automation processes. Additionally, custom activities can be logged by a step within an automation process, which can then trigger another process.

‘Contact field is empty’ condition for contact groups and automation
A new condition is available for contact groups and automation processes, which allows marketers to check if a contact field contains a value or not. Developers can set up the empty values for custom data types.

‘Contact field has value’ condition for automation
The Contact field is empty condition, previously only available in contact groups, can now also be used in automation processes.

Improved App Service plans of QA/UAT SaaS environments
The App Service plans for QA and UAT deployment environments were upgraded from S1 to P0V3 to improve performance.

Xperience Portal improvements
The Xperience Portal was improved in several locations:

  • Xperience Portal users can now customize the types of alerts they want to receive for each environment.
  • A new Email metrics application allows Xperience Portal users to monitor email statistics from the SendGrid platform.

Advanced rich text editor customization
New rich text editor customization options that allow developers to control how the system loads rich text editor configurations and to make dynamic adjustments of the configuration. For example, this approach can be used to insert custom CSS into the rich text editor.

Language flags
Languages were extended with a flag icon selector, enabling you to set a flag icon visually representing a language. Languages with a flag icon set have their flags displayed in the Language column in the Content hub , corresponding to the languages a content item is translated into.

Clone pages
An option to clone existing pages was added. This new option allows users to quickly create new pages with the same web page data.

Configurable Content hub listing
Content Hub now supports listing configuration, allowing users to customize the order of columns and select which columns are displayed. This configuration is client-side only and will not affect other users.

New object code name selector attribute
The object code name selector UI form component now has an ObjectCodeNameSelectorComponent attribute, which allows developers to use the selector as an editing component.

Updates and changes

.NET 8 is now the minimum supported .NET framework version
Xperience by Kentico now requires .NET 8 as the minimum framework version. Projects that update to version 30.0.0 or newer must target .NET 8 or .NET 9. The support for .NET 6 is being deprecated in alignment with Microsoft’s planned end-of-life for the version.

With this transition, support for binary serialization was removed from the system. This change primarily impacts all Info classes. The removed API includes the GetObjectData method, the ISerializable interface, and the serialization constructor of each Info class: protected (SerializationInfo info, StreamingContext context) : base(info, context). Additionally, assertions related to binary serialization testing were removed from the testing framework provided via the Kentico.Xperience.Core.Tests NuGet package. These changes reflect Microsoft’s indirect removal of BinaryFormatter from the framework.

Code generator – Change to the default behavior of provider class generation
The code generator no longer creates provider classes (InfoProvider) and interfaces (IInfoProvider) by default when generating object type classes (--type Classes). To include these, you must use the --with-provider-class parameter. This change aligns projects with our recommendation to use the IInfoProvider<TInfo> API as a generic substitute for per-Info provider classes.

For additional details on this and other parameters, refer to the documentation or use the --help option in the code generator.

Recommendations:

  • For existing projects – Review and update any existing scripts or processes in your development pipeline that rely on the automatic generation of provider classes and interfaces. Add the --with-provider-class True parameter where needed.
  • For new projects – Use IInfoProvider<TInfo> where possible for cleaner and more maintainable code. Use explicit providers only when required.

BizFormFiles moved under assets
The BizFormFiles folder stores files uploaded via form fields using the Upload file form component. For new projects installed with version 30.0.0 or newer, this folder is placed under the ~/assets folder instead of the project root.

Applying the update to existing projects does not immediately move the folder, and the system maintains full backward compatibility for the original location. However, we strongly recommend moving the folder to the new location via the following steps after you update your project:

  1. Verify whether your project or any related infrastructure relies on the original ~/BizFormFiles path. Prepare any necessary adjustments to reflect the new ~/assets/BizFormFiles path.
  2. Manually execute the Move BizFormFiles to the assets folder scheduled task.
    • This task is added to your project as part of the update
    • When executed, the task moves all BizFormFiles content under ~/assets/BizFormFiles, and then deletes the original folder.
  3. Apply any required changes from step 1.
  4. Remove any file system mapping of the ~/BizFormFiles folder to shared storage, such as Azure Blob storage or Amazon S3.
    • Typically, your project will already contain mappings of the entire ~/assets folder, so you will not need to add new mappings.

Database changes

  • The following columns in the CMS_ContentItemCommonData database table were renamed:
    • ContentItemCommonDataPageBuilderWidgets → ContentItemCommonDataVisualBuilderWidgets
    • ContentItemCommonDataPageTemplateConfiguration → ContentItemCommonDataVisualBuilderTemplateConfiguration
  • The Temp_PageBuilderWidgets table was renamed to Temp_VisualBuilderWidgets, including all columns.
  • The following columns were removed from the CMS_WorkflowAction table:
    • ActionParameters
    • ActionResourceID
    • ActionIconClass
    • ActionThumbnailClass
    • ActionDataProviderClass
    • ActionDataProviderAssemblyName
    • ActionAllowedObjects

These changes may break any custom database queries, scripts, or procedures that use the original names.

Change to the default behavior of CMSBuilderScriptsIncludeJQuery
The CMSBuilderScriptsIncludeJQuery setting introduced in version 29.6.0 now defaults to false. Users need to explicitly opt-in for jQuery usage by enabling the setting via application configuration (appsettings.json). See Link jQuery as part of builder scripts.

With this change, jQuery is considered deprecated and will be phased out completely in one of the future major releases. The library will not be updated from the current 3.5.1 version, even in the case of new vulnerability disclosures. Projects with custom components that rely on the library should consider referencing an external implementation to prevent possible issues in the future.

Multi-factor authentication system page URLs
The following system page URLs used by the multi-factor authentication feature were updated:

  • /admin/mfa-recovery-code → /admin/mfa/recovery-code
  • /admin/mfa-logon-recovery → /admin/mfa/logon-recovery

Generate URLs to Content hub pages
With the Content hub now being scoped under workspaces, the URL structure in the Content hub has been updated to include the WorkspaceID. When generating URLs to Content hub pages, make sure to specify the WorkspaceID in the IPageLinkGenerator URL parameters to avoid incorrect URLs. The WorkspaceID is retrieved from workspace-scoped items, for example, content items, content folders, or smart folders.

New object types for CI/CD

The update introduces the following object types, which are supported by the Continuous Integration and Continuous Deployment features. Consider updating the repository.config files of your CI/CD repositories, particularly when using the <IncludedObjectTypes> allowlist for object type filtering.

  • cms.scheduledtaskconfiguration – stores scheduled task configurations from the Scheduled tasks application.
    • This new object type automatically replaces the existing cms.scheduledtask object type (used internally by the system in previous versions) when serializing the repository for the first time after the update.
    • If you have cms.scheduledtask included in your repository.config file, you must remove it before serializing the repository for the first time after completing the update. This primarily concerns SaaS projects as they are required to maintain an explicit allowlist of all object types in repository.config.
  • cms.workspace – stores workspaces
    • In case you have Content hubs objects included in your repository.config file, you must add this object type to your file’s allowlist for the serialization of the repository to not fail.
  • cms.workspacedatapermission – stores the workspace permission name, application identifier, workspace identifier, and role identifier.

Breaking changes – API

VersionStatus and ContentItemVersionStatus ‘Archived’ value now produces a compilation error
The obsolete VersionStatus.Archived and ContentItemVersionStatus.Archived enum values now produce a compilation error. This change ensures developers transition to the recommended Unpublished value. To restore project compatibility, replace all instances of Archived from the corresponding enum with Unpublished.

Newly obsolete API

Generic provider updates
The following Info providers were made obsolete. Use the generic IInfoProvider provider instead.

CMS.DataProtection namespace:

  • ConsentInfoProvider
  • ConsentAgreementInfoProvider
  • ConsentArchiveInfoProvider

CMS.Modules namespace:

  • ResourceInfoProvider

CMS.ContactManagement namespace:

  • ContactInfoProvider
  • ContactGroupInfoProvider
  • ContactGroupMemberInfoProvider
  • ContactRoleInfoProvider
  • ContactStatusInfoProvider
  • VisitorToContactInfoProvider
  • AccountContactInfoProvider
  • AccountInfoProvider
  • AccountStatusInfoProvider

CMS.ContentEngine namespace:

  • ContentFolderInfoProvider

ContactInfoProvider methods
The ContactInfoProvider class for managing contacts is obsolete, and basic CRUD operations can instead be performed via the generic IInfoProvider provider. Methods that provided functionality outside of this scope were refactored into separate supporting services, and have the following replacements:

  • GetContactInfo(string email)IContactExternalDataUpdateService.GetByEmail
  • UpdateContactFromExternalDataIContactExternalDataUpdateService.Update
  • DeleteContactInfosIContactsDeleteService.BulkDelete
  • GetContactFullNameContactInfo.ContactDescriptiveName property

Content item parameter API
All the CreateContentItemParametersconstructors for creating content item parameters were made obsolete. Use the new CreateContentItemParameters constructor with 5 parameters instead, which additionally specifies a content item’s workspace.

C#


// Creates a content item metadata object
CreateContentItemParameters createParams = 
          new CreateContentItemParameters(contentType,
                                          codeName,
                                          contentItemDisplayName,
                                          languageName,
                                          workspaceName);

Content folder API
The GetRoot and GetRootAsync methods for retrieving the root content folder in Content hub were made obsolete. Use the new GetRoot and GetRootAsync methods with a workspaceName parameter for retrieving the root content folder from a specific workspace instead.

Admin UI customization API
The UINoPermissionRequired attribute, which indicated permissionless access to and visibility of applications in the admin UI, was made obsolete and renamed NoPermissionRequired, which has identical functionality.

Removed obsolete API

The refresh release removes API marked Obsolete since version 27.0.0. Ensure your code no longer references these members to avoid compilation errors.

The following list highlights important types and areas of the API that were affected.

  • CMSString wrapper class over the framework string object – use conventional framework APIs to work with strings instead.

  • TypeHelper helper methods for manipulating object type code name strings – there is no alternative.

  • SqlHelper methods for query manipulation and comparison were made internal – there is no alternative.

  • TableManager methods for working with various SQL objects – there is no alternative.

  • FileHelper methods for various text file operations – there is no alternative.

  • UserRoleInfoProvider.Add(int userId, int roleId, DateTime? validTo = null) method for creating temporary role assignments – there is no alternative.

  • GetConsentText() method for ConsentInfo objects – use the GetConsentTextAsync() method.

Fixed issues

  • Admin UI

    • Admin UI – Values entered into Code name inputs weren’t validated correctly for the maximum allowed length in certain parts of the system (e.g., content folder code names).
    • Segments in the content folder breadcrumb navigation shown in the Combined content selector dialog didn’t work correctly with all link operations provided by browsers.
    • The Asset uploader form component incorrectly displayed the previous version of an image after a new image was uploaded. The public content was not affected and the correct image was displayed.
  • Admin UI customization – It wasn’t possible to disable the Role selection field for the editing form in the Users application via the Edit UI form of the customizable User class.

  • Automation

    • Users without the Update permission for the Automation application were not able to view the contents of the General panel, receiving an Access denied notification.
    • Automation process statistics did not display time zone information in the Statistics from tooltip.
  • Content hub – Saving an update of the Requires authentication property for a content item didn’t trigger an update of the item’s Last modified date and time.

  • Emails

    • The email preview displayed an error if more than 5 levels of linked content items were added to the email’s fields. After applying the update, the error no longer appears, but the limit of 5 nested content item levels still applies, and further levels are not loaded into the email content.
    • Users without the Send email permission for email channel applications were incorrectly able to edit regular emails that were scheduled to be sent. This permission is now required. After applying the update, add the Send email permission to all roles that need to be able to edit scheduled regular emails.
  • Object types – When modeling object type relationships via a database column in a custom module class, the Reference to selector offered a large number of object types that were not relevant (such as binding object types or internal system objects).

  • Permissions – Users could see sections of a website channel’s content tree without having the Display permission set for the website’s root. Only sections breaking inheritance and having at least the Display permission were visible.

  • Users – The Users application incorrectly allowed the User name value to be edited for inactive users who hadn’t accepted the invitation yet.

  • Website content – It was not possible to create a new language variant of a page using the Copy content from another language option if the current language variant of the page contained an empty field with the Asset uploader form component.


Hotfix (December 5, 2024)

version 29.7.3

Fixed issues – security


Hotfix (November 28, 2024)

version 29.7.2

Updates and changes

  • General – The hotfix updates the following NuGet package dependencies:

    • System.Text.Json to version 8.0.5

    • System.Text.RegularExpressions to version 4.3.1

Fixed issues

  • Cookies – Signing in to the administration incorrectly increased the user’s accepted cookie level to Editor, which stopped the user from being tracked as a contact when visiting the live site in the same browser. After applying the hotfix, signing in to the administration sets the cookie level to All instead.

  • Emails – The SmtpOptions.TransferEncoding option, which can be configured when setting up SMTP server email clients, didn’t work if set via the AddXperienceSystemSmtp or AddXperienceChannelSmtp method.

  • Rich text editor – Using the rich text editor component as an editing component of a Page Builder widget property led to an error when saving text with an inserted link. The issue occurred in versions 29.7.0 and 29.7.1.

  • Website content – A user without the Update permission for specific web pages was able to publish such pages via cascade publishing in certain scenarios.


Hotfix (November 21, 2024)

version 29.7.1

New features

  • Batch confirmation of updates for channels and domains in Xperience Portal

    When configuring channels and domains for projects, users of Xperience Portal can now perform multiple queued changes and apply them all at once when the system finishes the configuration. As a result, the application does not need to be restarted after each change and is restarted only once when applying the changes.

Updates and changes

  • The user interface of Xperience Portal has been improved in several locations:
    • The Deployments application now has a new Deployment progress listing where you can observe the progress of any deployments currently in progress.
    • The Deployment history listing in the Deployments application now supports pagination and filtering.
    • The Channels application in the Channels and domains section now supports pagination and filtering.

Fixed issues – security

Fixed issues

  • Admin UI – The icon selector was, in some cases, incorrectly displayed under the content item creation dialog when used as a UI form component for a field of a content type.

  • Page Builder – Page Builder component (widget, section, page template, etc.) properties did not properly link content items if the property name started with multiple capitalized letters. As a result, usage tracking and cascade publishing didn’t work for content items linked through these properties.

  • Rich text editor – URLs with the “mailto”, “data”, and “tel” URI schemes had their URLs changed after repeated saves in the rich text editor.


Refresh (November 14, 2024)

version 29.7.0

Security advisories

Beginning with this release (November 14, 2024 onwards, product version 29.7.0 and later), you can find all new information about security updates for Xperience by Kentico in the form of security advisories.

Subscribe to Xperience by Kentico RSS feeds

Subscribe to our RSS feeds to get notified about new product features or security updates as soon as we release them.

New features

Combined content selector
The content item selector form component was improved to enable the selection of web pages from content trees of website channels in addition to reusable content items from the content hub. As a result, the selector was renamed to Combined content selector. This improvement enables developers to directly access fields of selected web pages in emails and headless content.

Administration authentication improvements
The authentication functionality of the Xperience administration now provides the following features, which help increase security against brute-force attacks:

  • Account lockout – temporarily blocks authentication for user accounts after a number of failed sign-in attempts. See Account lockout to learn more.
  • Forbidden passwords – allows developers to configure a list of passwords that cannot be submitted when users register new accounts or reset existing passwords (even if the password otherwise fulfills password policy requirements). This prevents users from choosing common or easy-to-guess passwords.

Notifications for administration users
Notifications inform users of the administration about various events. In the current release, notifications are supported for user management events, such as invitations and password resets. These notifications replace the original code-driven approach to customizing user management emails, which allows non-developers to adjust the notification content directly in the administration through the new Notifications application.

Asset download
The Content hub application now allows editors to download files uploaded as content item assets.

Automation summary for contacts
When viewing contacts in the Contact management application, the new Automation processes tab displays a list of automation processes the contact has triggered and the current step for each process. Additionally, the three latest automation processes of a contact are displayed on the Overview tab.

Run database migrations during CI/CD restore
The CI/CD utility now supports running database migrations as part of the CI/CD database restore operation via the --enable-migrations parameter. When using this parameter, migrations don’t need to be applied using external scripts. The utility now covers all CI/CD scenarios supported by Xperience.

Updates and changes

  • Automation – The Backspace, Shift and Space keys no longer have any effect in the Automation Builder interface. Previously, these keys could cause unintentional interactions while designing automation processes.

  • Form components – The Content item selector form component was renamed to Combined content selector, and the related Content items data type was renamed to Pages and reusable content. These changes only affect the administration interface. The code representation of the affected object remains the same. The form component attribute for the Combined content selector is still ContentItemSelectorComponent.

  • Forms – The UI for configuring basic autoresponders and more advanced email automation for forms was split into two separate tabs in the form options panel (Autoresponder and Automation).

New object types for CI/CD

The update introduces the following object types, which are supported by the Continuous Integration and Continuous Deployment features. Consider updating the repository.config files of your CI/CD repositories, particularly when using the <IncludedObjectTypes> allowlist for object type filtering.

  • cms.notificationemail – stores the content and configuration of system notification emails (user invitations, password reset emails, etc.).
  • cms.notificationemailtemplate – stores notification email templates.

Newly obsolete API

Generic provider updates

The ApplicationPermissionInfoProvider class from the CMS.Membership namespaces was made obsolete. Use the generic IInfoProvider provider instead.

Options API for administration authentication emails

The following options API related to user management emails was made obsolete:

  • AdminIdentityEmailOptions.SenderAddress
  • AdminIdentityEmailOptions.RegistrationEmailMessageProvider
  • AdminIdentityEmailOptions.ResetPasswordEmailMessageProvider
  • AdminIdentityEmailOptions.ResetMultifactorSecretKeyEmailMessageProvider

Instead, customize user management emails via the corresponding notifications, which can be configured through the new Notifications application in the administration UI.

If you have the obsolete AdminIdentityEmailOptions.SenderAddress property configured, it overrides sender addresses configured in the Notifications application. We recommend that you set the sender address for each notification email through the Notifications application, and then remove the usage of the obsolete API.

ContactInfoProvider methods

The following ContactInfoProvider methods are now obsolete:

  • GetContactIDByEmail(string email) – use the GetContactInfo(string email) method instead.
  • GetContactFullName(int id) – use the overload with a ContactInfo parameter instead.
  • UpdateContactFromExternalData(BaseInfo source, bool allowOverwrite, int contactID) – use the overload with a ContactInfo parameter instead.

Fixed issues – security

Fixed issues

  • Admin UI

    • The UI of the Content hub application didn’t work correctly if content items were deleted while being selected in the listing. The number of selected items wasn’t updated and the mass actions for selected remained visible even if all of the selected items were deleted.
    • When the From/To option in a listing filter was filled in, the resulting time range was calculated incorrectly (depending on the UTC offset of the server hosting the application). Applying the filter could then cause the listing to display the wrong results.
  • Auto-scaling – The system’s auto-scaling support didn’t correctly synchronize role-permission assignments to other instances of the application (for example when an application permission was removed for a role or a role was deleted).

  • Automation – Wait steps within automation processes incorrectly allowed users to enter a time interval value lower than 1.

  • CI/CD – Trying to create a different language variant of a website channel page after a CI/CD restore operation could lead to an error. This issue occurred if the language of the variant was newly added by the CI/CD restore, and only for pages that didn’t exist on the source instance of the CI/CD data.

  • Caching – Cached content of web pages was not cleared when the web page data of linked pages (e.g., URL slug) was modified.

  • Cookies – Signing in to the administration interface didn’t increase the accepted cookie level to Editor in the user’s browser. This could cause issues in the administration of projects that used custom cookies registered with the Editor level.

  • Event log – In certain cases, database exceptions related to event logging could occur when running code making use of CMS.DataEngine.ApplicationBackgroundService. For example, background system tasks and custom code were affected. The issue was caused by logging dynamic-length values to database columns limited to 100 characters.

  • Headless content – The GraphQL schema of a headless channel couldn’t be queried when a headless content type referenced other headless types via a reusable field schema that wasn’t used by any headless content types assigned to the channel.

  • Page Builder – The Page Builder’s editing UI stopped working correctly if left open for an hour without a refresh, which could cause all unsaved changes to be lost. The issue occurred on version 29.5.0 or newer.

  • Rich text editor

    • Pasting formatted text into the rich text editor could result in invalid HTML caused by multiple identical id attributes.
    • When editing the content of website channel pages, URLs containing the given website channel’s domain inserted into the rich text editor were processed incorrectly. Such URLs could then point to the wrong domain in cases where the website channel’s domain was different than the domain used to access the administration application.

Hotfix (November 7, 2024)

version 29.6.3

Fixed issues

  • Admin UI authentication – An error occurred when signing in to the administration with multi-factor authentication enabled. The issue occurred on projects that didn’t have ASP.NET Identity services configured for the application (e.g., for live site authentication).

  • Rich text editor – The Insert link → Asset dialog in the rich text editor only displayed content item assets that were translated in the currently selected language, without showing assets that were available in a fallback language.


Hotfix (October 31, 2024)

version 29.6.2

Fixed issues

  • API – The obsolete message of the AuthenticateUrl method pointed to the wrong replacement method.

  • Auto-scaling – In certain rare cases, the system’s auto-scaling support could stop synchronizing changes between active instances.


Hotfix (October 24, 2024)

version 29.6.1

Fixed issues

  • Emails – Adding a Pages field into an email content type resulted in unexpected behavior, preventing emails using the content type from being sent.

  • Event log – Triggering the event log cleaning procedure (by exceeding the event log size by a set percentage, for example) with a large number of long entries in the event log could lead to a database deadlock and the event log application becoming inaccessible. The issue was observed with 50 thousand entries and an average record size measuring a few kilobytes.


Refresh (October 17, 2024)

version 29.6.0

License key transition period ending

The release of version 29.6.0 marks the end of the three-month transition period to the new license key format introduced in the July Refresh – Product instance licensing changes.

All projects that update to version 29.6.0 and newer must use the new license keys exclusively.

New features

Multi-factor authentication for the administration
The Xperience administration now supports multi-factor authentication (MFA) for users. You can enable MFA to add an extra layer of security to the administration sign-in process – users need to provide a passcode generated by an authenticator app using the Time-based One-time Password (TOTP) algorithm. See Multi-factor authentication.

Email microchannels
The system now supports the Microchannel size for email channels. Email microchannels are available in all license tiers, but have a limit of 5 emails per microchannel. This limit restricts the maximum number of email items allowed in the channel, but not how many times these emails can be sent to recipients.

You can select the channel size when creating new email channels in the Channel management application, or switch the size for existing channels that do not exceed the maximum number of allowed emails.

Mass asset upload
The Content hub application now allows users to mass upload new files and automatically convert them to content item assets of a configured content type.

Content item selector supports multiple content types
The content item selector form component now supports multiple allowed content types. You can specify multiple content types when using the selector in content type fields or as an editing component.

Retrieval of absolute URLs of pages
The IWebPageUrlRetriever interface now enables users to directly retrieve absolute URLs of web pages. The retrieved object now contains an AboluteUrl property in addition to the RelativePath property.

‘Clicked email link with URL’ condition for contact groups and automation
A new condition is available for contact groups and automation processes, which allows marketers to check if a contact has clicked a link with a specific URL within a selected email.

Updates and changes

.NET 8 in Kentico.Xperience.Templates projects
.NET project templates installed from the Kentico.Xperience.Templates NuGet package version 29.6.0 and newer now target .NET 8 instead of .NET 6.

End of preview mode for automation
Automation, which was introduced in preview mode in refresh 29.4.0, is now released as a fully supported feature.

Excluding jQuery from Form Builder and Page Builder scripts
This release removes the dependency of Page Builder and Form Builder client-side scripts on the jQuery library. To maintain backward compatibility, users now control whether jQuery is linked on live site pages with Form Builder and Page Builder content. The behavior is configured via a new CMSBuilderScriptsIncludeJQuery setting (set using appsettings.json), which is true by default. Starting with the next major release (version 30.0.0), the setting will default to false, requiring explicit opt-in. All out-of-the-box builder features remain functional without jQuery. See Exclude jQuery from builder scripts.

jQuery will be phased out completely in one of the future major releases. For projects with custom components that rely on the library, consider disabling it in Xperience and referencing an external implementation to prevent possible issues in the future.

Detecting Page Builder read-only mode
Users now have the option to check the Page Builder mode from a retrieved IPageBuilderDataContext instance via the GetMode method. The method returns a value from the PageBuilderMode enumeration. See Establish rendering context.

Binary serialization support removed from generated Info classes
The code generator for Info classes no longer generates the following members:

  • Serializable attribute annotating the class
  • constructor: protected (SerializationInfo info, StreamingContext context) : base(info, context)

The support for this type of serialization is now obsolete. To remove these members from your custom classes, we recommend regenerating all Info classes after updating your project.

CMD
Generate Info classes

dotnet run --no-build -- --kxp-codegen --type "Classes" --with-provider-class False

Removed transitive dependency
The Microsoft.Extensions.Configuration.Binder package (transitive dependency) was removed from the Kentico.Xperience.Core package.

Newly obsolete API

  • The CMSEmailUrlDefaultScheme configuration key is now obsolete. Use the URLResolveOptions.UseSSL option instead.
  • The AuthenticateUrl Razor extension method is now obsolete. Use the new ApplyPreviewContext method, which adds preview context to the URLs instead.

Fixed issues

  • Admin UI

    • Drop-down selector UI form components incorrectly changed their height when a value was selected from an empty selector state.
    • The caching of administration requests for content item assets was improved to enhance the performance.
  • Admin UI authentication – The sign-in button for the administration incorrectly remained active even after being selected. On slower connections, this allowed users to select the button multiple times.

  • Admin UI customization – The content of UI page listings wasn’t reloaded after invoking the Response().UseCommand('LoadData') UI page command. The issue occurred on version 29.5.0 or newer.

  • Automation – Deleting a form that was configured to trigger an automation process also deleted the related process. After applying the update, the system prevents such forms from being deleted in the administration UI. Deleting such forms via the API only deletes the form and leaves the automation process.

  • CI/CD – The continuous integration repository didn’t correctly maintain the latest state of content item relationships (references to other content items via the Content items data type) that were edited via the admin UI. This could lead to errors when restoring the CI data, for example after deleting a linked content item. Projects using CI/CD should follow the steps outlined in the update instructions to get their repository to the correct state.

  • Content hub

    • Segments in the content folder breadcrumb navigation didn’t work correctly with all link operations provided by browsers (open in new tab, copy link address, etc.).
    • The dialog for renaming content folders didn’t display notifications about unsaved changes when canceling or otherwise leaving the dialog.
    • The status of content items wasn’t displayed correctly in the admin UI breadcrumbs when viewing an item on the Properties or Usage tab.
    • The system incorrectly displayed “Access denied” notifications when a user created a new language version of a content item with only View or Create permissions for the Content hub application.
  • Headless tracking

    • When logging Data input activities using the headless tracking API, the values of contact fields weren’t validated to ensure correct maximum length.
    • When logging Data input activities using the headless tracking API, values of the ContactEmail field weren’t validated to ensure correct email address format.
  • Pages – Images with multiple source URLs within page content weren’t resolved correctly in certain cases when the page was displayed in Preview mode or Page Builder. For example, the issue could occur for <picture> tags containing multiple <source> elements with srcset attributes.

  • UI form components – The DisabledFolderIdsFilter property of the Content folder selector component’s ContentFolderSelector attribute didn’t work correctly, so it wasn’t possible to specify folders that cannot be selected.

  • Users – The system didn’t correctly refresh the admin UI authentication cookie when a user changed the User name of their own account, which could lead to various errors while using the administration.

  • Website content – When a page URL (system or vanity) was accessed and was not the canonical URL of the page, the redirect to the canonical URL incorrectly returned a non-lowercased URL in certain cases.


Hotfix (October 10, 2024)

version 29.5.3

Fixed issues

  • Update procedure – An error occurred when updating a project to version 29.3.0 or newer if the project contained a very large number of Page Builder widgets with properties referencing content items.

Hotfix (September 30, 2024)

version 29.5.2

Fixed issues

  • Activities – On instances with more than one channel (of any type), Email click activities could in some cases be logged under the wrong channel or not at all. Applying the hotfix ensures that Email click activities are logged under the correct email channel and fixes the channel data for activities that were logged incorrectly. However, activities that were not logged at all due to the issue cannot be recovered.

Hotfix (September 26, 2024)

version 29.5.1

Updates and changes

Fixed issues

  • Automation – Buttons in confirmation dialogs within the Automation Builder interface incorrectly remained active even after a button was selected (for example, a dialog appears when saving changes in an enabled process). On slower connections, this allowed users to select the buttons multiple times, which could result in unexpected behavior or break the automation process.

  • Content item API – Content item query calls for retrieving items from a smart folder returned incorrect data when the InSmartFolder method was used together with the InLanguage query parameterization.

  • Update procedure – An error occurred when updating a project to version 29.3.0 or newer if the project used widgets with personalization variants in the Page Builder.


Refresh (September 19, 2024)

version 29.5.0

New features

Vanity URLs
Editors can now configure pages to use short and human-readable vanity URLs for marketing, branding, sharing, and SEO purposes without the need for configuration in the website code. Editors can also select which URL (default system or vanity) is the canonical URL of a page.

Activity logging for email link clicks
When recipients click links in email content, the system can now log the actions as activities for individual contacts. These activities are available in addition to the anonymous email statistics that are tracked in current versions of Xperience by Kentico. Email activities allow marketers to segment contacts, personalize content, and make decisions based on the actions that your audience takes when viewing email channel content. See Track email statistics to learn more.

To ensure compliance with data protection regulations, email activity logging is not active by default. Developers need to implement logic that decides when it is possible to track email activities for specific contacts, for example based on consents.

Member registration activity logging
The system now logs the new Member registration activity when a visitor completes the member registration process. Registration activities allow you to segment your contacts, or set up automation processes for engaging with newly registered members.

For visitors who are tracked as contacts, the activity is logged for the current contact. Otherwise, the activity is logged for an existing contact matching the member’s email address. If a matching contact cannot be found, a new “untracked” contact is created for the activity (based on legitimate interest).

The system automatically maps the email address of newly registered members to the email of the corresponding contact (if the contact does not already have an email value). Developers can extend the mapping for custom member fields by implementing their own mapping service.

Automation improvements
Automation now supports a new Registration trigger type, which allows you to set up processes for engaging with contacts who register as a member.

Additionally, the Automation Builder now automatically pre-fills names for new steps based on their type, and the text displayed in steps is now fully customizable (only the exact step name is used).

Content folder moving
The Content hub application now allows editors to move content folders under a different folder, together with all subfolders and contained items.

Filtering in the content folder selector
The content folder selector UI form component now allows developers to specify which content folders are disabled for selection.

Admin UI development improvements
The UI tree in the System application was extended to display URL parameters of individual UI pages.

New SaaS deployment regions
Support for Canada East, UK West, Japan West, Australia Southeast, North Central US, and Switzerland North regions was added for SaaS deployments. See SaaS overview for a list of all available regions.

Updates and changes

  • Website content – The URL properties of web pages were moved from the Content view mode to a new URLs tab with the new vanity URL properties.
  • SaaS
  • Xperience Portal – You can now see additional details about your license (Xperience license tier, number of extra custom website channel domains, and the total number of available standard and microchannels) in the Service plan and license details section of the project Dashboard.

Newly obsolete API

Generic provider updates

Provider classes from the CMS.OnlineMarketing and CMS.Activities namespaces were made obsolete. Use the generic IInfoProvider provider instead. Affected classes:

  • CMS.OnlineMarketing.TrackedWebsiteInfoProvider

  • CMS.Activities.ActivityInfoProvider

  • CMS.Activities.ActivityTypeInfoProvider

Admin UI page API

  • The IPageUrlGenerator service and the IPageUrlGenerator.GenerateUrl method for getting the URLs of administration UI pages were made obsolete. Use the new IPageLinkGenerator service and IPageLinkGenerator.GetPath method instead, which provide more robust URL generating in cases where new path segments are added to UI page URLs.

  • The UIPage attribute with the icon parameter was made obsolete. The new UIPage attribute uses an Icon property instead.

  • API members for setting URL parameter values for UI pages via a string [] array were made obsolete (for example PageConfiguration.AddEditRowAction). Use the new API which replaces the array parameter with the PageParameterValues class.

C#
Example


PageConfiguration.AddEditRowAction<ChildObjectEdit>(parameters:
  new PageParameterValues
    {
        { typeof(ChildObjectEditSection), ParentId }
    });

Smart folder selector attribute

When assigning the Smart folder selector UI form component to properties, the SmartFolderSelectorComponent attribute constructor with the contentTypeFilter parameter is now obsolete.

Instead, use the attribute constructor without parameters and assign the filter type into the corresponding attribute property – either AllowedContentTypeIdentifiersFilter or AllowedReusableFieldSchemaIdentifiersFilter.

C#
Example


[SmartFolderSelectorComponent(AllowedContentTypeIdentifiersFilter = typeof(CoffeeContentTypeFilter), Label = "Coffee smart folder", Order = 1)]
public SmartFolderReference SmartFolderWithCoffee { get; set; }

Fixed issues

  • Admin UI authentication – If an unauthenticated user attempted to access an administration page while the application was configured to use an external authentication provider for the admin UI, the returnUrl query string parameter was lost during the redirection to the authentication provider. As a result, the administration dashboard was always displayed after successfully signing in instead of the originally request admin UI page.

  • Administration – If IWebsiteChannelContext was used to get the current website channel within the context of the administration interface, an incorrect channel could be returned based on the domain in the current request’s URL. After the update, IWebsiteChannelContext only works when called within the context of website channel pages, and does not return a value for administration interface requests.

  • Automation

    • If an existing contact submitted a form with an email value that didn’t match the contact’s current email address, any automation processes (or autoresponders) configured for the form were incorrectly triggered for the current contact, instead of running for the contact matching the submitted email address. This could cause inconsistencies in autoresponder and automation emails sent as a result of the form submission.
    • Resizing the browser window while working in the Automation Builder could cause all unsaved changes to be lost if the window size was reduced enough to trigger a switch to the mobile layout. After the update, the mobile layout switch does not occur if unsaved changes are detected.
  • Content hub

    • After switching from a smart folder to a content folder, the smart folder’s filtering condition remained applied to the list of items displayed for the selected content folder.
    • An error could occur in the content item filter dialog after switching the time frame of the Last modified or Last published option while having a date selected in the other option.
  • Content item API – Content item query calls for retrieving items from a smart folder resulted in an error if the query parameterization included both InSmartFolder and WithContentTypeFields, but did not select specific content types using either OfContentType or OfReusableSchema.

  • General – Connection-related errors originating from background system services

    • In rare cases, the system could generate connection-related errors in the event log, originating from background long-running services supporting the system. The only solution was to restart the application. Error examples:

      • Not allowed to change the ConnectionString property. The connection’s current state is closed.
      • There is already an open DataReader associated with this Connection which must be closed first.
      • Invalid operation. The connection is closed.
  • Page Builder

    • Users could submit a form using the Form widget while editing website channel pages in the Page Builder view mode.
    • Users without the Update page permission could access the editable mode of Page Builder for website channel pages under certain conditions. However, any changes made this way could not be saved.
  • Permissions – Page preview URLs could be accessed by users who had their page permissions removed after the link was generated.


Hotfix (September 12, 2024)

version 29.4.3

Fixed issues

  • SaaS – Certain errors were showing up in the event log after deployment to the SaaS environment.

  • Unix/Linux – File paths were not processed correctly due to case sensitivity. The paths were being checked with lowercase characters instead of their original casing. After applying the hotfix, the original casing is used during processing.


Hotfix (September 5, 2024)

version 29.4.2

Updates and changes

  • Submitted data can no longer modify the current contact’s email address

    When users submit data via a form submission, headless tracking Data input activity, or cross-site tracking Data input activity, this data can be mapped to the fields of the associated contact. After this update, such actions can no longer be used to change the email address of the current contact.

    If the contact already has an email address stored in Xperience that doesn’t match the new email value, all related activities and field updates are performed for a different contact. Either an existing contact that matches the submitted email value is used, or a new contact is created. In these cases, the user’s associated contact remains unchanged (stored in a browser cookie on websites), but any subsequent actions, such as automation processes, are performed for the “other” contact that matches the submitted email address.

Fixed issues

  • API – It was not possible to correctly call the system’s API via an external application with only the Kentico.Xperience.Core NuGet package installed. Users could encounter issues with service resolution and database connection, for example. Applying the hotfix fixes the issues and changes the steps required to connect an external application to the system. See Configure external web applications and Configure external regular applications for details.

  • Admin UI customization – When a custom dropdown selector was displayed in a confirmation dialog, the dropdown options were covered by the dialog itself.

  • Automation – When a trigger of an automation process was deleted, it remained stored in the database. Adding a new trigger would create an additional database object, potentially causing inconsistent results in the automation process. With the hotfix applied, only the most recent trigger associated with the process remains.

  • Content hub – The toolbar of the rich text editor didn’t stick to the top of the edited field if the field’s content spanned more than the viewport height.

  • Deployment – When hosting an application in the SaaS environment or on IIS while having the Application Initialization feature enabled and configured to send preload requests (often enabled by default, for example on Microsoft Azure), these requests could have ended with a server error, resulting in errors in the system’s event log. After applying the hotfix, SaaS deployments automatically register middleware for handling preload requests and return a valid system response. To add the same middleware for projects hosted in other IIS environments, configure the new IISApplicationInitializationOptions for your application and enable the UseDefaultSystemResponseForPreload property.

    C#
    Program.cs
    
    
      using Kentico.Web.Mvc;
      ...
    
      builder.Services.Configure<IISApplicationInitializationOptions>(options =>
      {
          options.UseDefaultSystemResponseForPreload = true;
      });
    
      

  • Emails – The system could get stuck during the mailout of a large number of scheduled emails, requiring a full application restart to recover.


Hotfix (August 29, 2024)

version 29.4.1

Updates and changes

  • SaaS – Optimized the speed of creating deployments and backups for SaaS projects with a large amount of files deployed in regions located outside Europe.

Fixed issues – security

Fixed issues

  • Automation – The Contact is in recipient list condition available for Condition steps in automation processes was incorrectly evaluated as true for contacts who belonged to the recipient list, but were unsubscribed or had the bounced status.

  • Channels – It was possible to create website channels with domains that were already taken by other channels.


Refresh (August 22, 2024)

version 29.4.0

New features

Automation
Automation allows you to set up processes that dynamically interact with your audience. Marketers design the steps within each process using a visual Automation Builder interface. In the current version, you can use automation to set up advanced email follow-ups when a form is submitted. With automation, you can send a series of multiple emails, add waiting intervals, or send different emails based on conditions.

Smart folder dynamic content delivery
Dynamic content delivery can now be enabled for smart folders. This allows developers to retrieve items matching a smart folder’s filter criteria, and gives content editors the power to control which items are delivered directly in the Content hub UI, without needing to adjust code.

Such folders can be selected using the new Smart folder selector UI form component, for example in dedicated fields of website channel pages and reusable content items, or in Page Builder widget properties. Developers can then use such fields to retrieve content items from the selected smart folder.

Smart folder cloning
New option to clone smart folders, which allows users to quickly create new smart folders with the same filter criteria as an existing folder.

Smart folder properties
Users can now view the properties of smart folders in the Content hub application. The properties include the folder’s identifiers, created and last modified timestamps, as well as other metadata.

Improved Page Builder read-only mode
Page Builder now allows you to copy widgets and sections, view widget/section properties, and browse available widget personalization variants on pages in a non-editable status (e.g., Published and Unpublished).

Last published filtering in Content hub
The Content hub listing was extended to allow editors to filter items based on their Last published date and time. This new option can also be used in the filter criteria of smart folders.

Listing filter UI improvements
When a filter is applied to a listing in the administration (and when viewing a smart folder), hovering over the filter tiles above the listing now displays information about the value set for the matching filter condition.

Public API for page permission management
The new public WebPageAclManager API allows developers to manage page permissions. The API can be useful when managing website content programmatically.

Multiple allowed email purposes for the email selector
The email selector UI form component was extended with the AllowedEmailPurposes property, which allows developers to set multiple allowed email purposes.

Newly obsolete API

Generic provider updates
The following Info providers in the CMS.EmailMarketing and CMS.EmailEngine namespace were made obsolete. Use the generic IInfoProvider provider instead. This is a continuation of the effort to replace dedicated providers with the generic approach. The interfaces for these providers were made obsolete in the March 2024 Refresh.

CMS.EmailMarketing namespace:

  • EmailBounceInfoProvider
  • EmailTemplateContentTypeInfoProvider
  • EmailConfigurationInfoProvider
  • EmailChannelInfoProvider
  • EmailChannelSenderInfoProvider
  • EmailLinkInfoProvider
  • EmailStatisticsInfoProvider
  • EmailStatisticsHitsInfoProvider
  • EmailTemplateInfoProvider
  • EmailSubscriptionConfirmationInfoProvider
  • EmailMarketingRecipientInfoProvider
  • SendConfigurationInfoProvider
  • RecipientListSettingsInfoProvider

CMS.EmailEngine namespace:

  • AttachmentForEmailInfoProvider
  • EmailAttachmentInfoProvider
  • EmailInfoProvider

Fixed issues – security

Stored XSS in Checkbox form component
The Checkbox component in Form Builder was vulnerable to Cross-Site-Scripting attack (XSS). To eliminate this vulnerability, support for HTML in Checkbox component was removed.

Fixed issues

  • AI – When an email subject suggestion was clicked in the Generate with AI dialog and inserted into the email subject field, the Save button didn’t become active unless another change was made in the email’s editing form.

  • Admin UI

    • The More actions menu for listing page mass actions wasn’t displayed correctly in the Content hub application. The more actions menu appears when the mass actions available for a listing page cannot fit into the width of the viewing device.
    • The date string of the Date and DateTime selector component could overflow the designated input field when displayed on some browsers.
  • Channels – It is now possible to set an additional website domain via the admin UI (Channel management → edit a channel → General tab) for channels with domains and domain aliases set via application configuration. Domains set via the admin UI were previously disregarded for such channels. Domains configured this way behave as additional domain aliases.

  • Content hub

    • If multiple taxonomy tags were selected in a smart folder’s filter condition, but one of the tags was later deleted, the entire Taxonomy condition was cleared for the folder, and the folder’s items weren’t displayed correctly.
    • When a user switched between folders in the content item selector, any selection of items was cleared, which prevented the selection of items from different folders. After the update, item selection persists when switching between folders.
  • General – Changes made to channel configuration in one auto-scaling instance were not properly reflected in other auto-scaling instances.

  • Page Builder

    • Improved security of certain Page Builder endpoints.
    • When more than 12 widgets were available in the Page Builder widget selection dialog, widgets without a defined icon class had their names incorrectly trimmed.
    • Widget personalization condition types without specified properties could not be created.
  • Performance – The process of moving pages in a website channel application was optimized to reduce the time required for the action. The improvement mainly affects the movement of a large number of pages at once.

  • Rich text editor – After using the Refine text with AI option in a rich text field with enabled AI features, the content of selection dialogs for the Insert image and Insert link editor options wasn’t loaded.

  • Website content – Changing the primary language of a website channel caused an error in certain edge cases.


Hotfix (August 15, 2024)

version 29.3.3

Fixed issues

  • Media libraries – Synchronization tasks for auto-scaling were incorrectly created when storing media library files in a shared file system provider.

Hotfix (August 8, 2024)

version 29.3.2

Fixed issues

  • Event log – Errors were logged into the system’s event log when requests were aborted by a client (i.e., when the application canceled a task). This could result in a large number of unnecessary errors in certain environments. After applying the hotfix, such errors are no longer logged when using the default Error log level configuration for KenticoEventLog (in the project’s appsettings.json file). If required, you can return logging of such errors as information events by setting the Debug log level.

Hotfix (August 1, 2024)

version 29.3.1

New features

Fixed issues

  • AI – Artificial intelligence features could not be enabled for fields using the Rich text (HTML) data type.

  • Admin UI

    • After expanding the Properties -> Channel permissions tab on the root of a website channel’s content tree, the system displayed an incorrect message in the dialog notifying about unsaved changes for any page in the channel.
    • An incorrect error message was displayed whenever users performed an action they didn’t have permission for.
    • When users without the Display permission for a page tried to access it via its URL, an incorrect error message was displayed
  • Headless channels – Fields using the Rich text (HTML) data type could not be accessed and retrieved via GraphQL queries in headless content.

  • Licensing – Registering new license keys introduced in version 29.3.0 to the system resulted in every feature and customization leveraging artificial intelligence features returning license-related errors. For example, users could encounter errors when editing emails in email channels or when editing objects with rich text fields using the Rich text editor refinements or Generate email content features. The issue only affected projects with access to AI features.

  • Page permissions

    • Roles with the Manage permissions application-level permission were incorrectly offered when selecting roles for individual page permissions (these roles automatically have all page permissions).
    • Users with the Create page permission could only create new pages if they also had the Display permission for all the page’s children.
  • Reusable field schemas – Reusable schema fields hidden via the Display in editing form checkbox offered when editing content types on the Fields tab were not modifiable via global content item events (for reusable content items, pages, and headless items).

  • Rich text editor – When the Rich text editor UI form component was assigned to a property of a Page Builder component (widget, section, page template, etc.), it wasn’t possible to paste content from MS Word into the editor in the component’s configuration dialog. The entire dialog automatically closed together with the Word Paste Detected dialog.

  • UI form components – When running Xperience in some Linux environments (e.g., as an Azure App Service), it was not possible to enter a date or time via the DateTime selector component due to improperly triggered validation.


Refresh (July 25, 2024)

version 29.3.0

Important – Manual update steps

One of the features introduced by this release is usage tracking, which monitors references between content items in the system. For usage tracking to function correctly, the system needs to find and store all existing references during the update.

Before the update

The automatic update procedure is capable of handling references created using the default rich text editor and content item selector components. However, if your project uses any custom solutions for storing content item references, such as a custom URL selector, or a custom rich text inline editor, you need to follow a specific update procedure for this refresh:

  1. Update the project’s NuGet packages.
  2. Before updating the database, you need to implement reference extractors for any content type fields or Page Builder component properties containing references to reusable content items added via custom UI form components or inline editors.
  3. Update the project’s database and file system.

If you update your project’s database before implementing the necessary reference extractors, usage tracking will report results inconsistent with the true state of your project. Contact Kentico support for assistance if you encounter any issues or perform the database update before implementing reference extractors.

After the update

After performing the update, you need to change the data type of all fields that use the Rich text editor form component to a new data type: Rich text (HTML). Using Text and Long text data types together with the Rich text editor form component is now obsolete. The Rich text (HTML) data type uses the same database representation as Text and Long text, so you can switch the data types in the Content types application. Content types with the obsolete combination of data types and Rich text editor form components display a warning on their Fields tab. Content item usage is tracked in the affected fields but this is likely to change in the future.

You can use the following code snippet to run an automatic one-time conversion of all affected fields to the new data type. Call the ConvertTextAndLongTextTypesToRichText method, for example, on application startup after initializing Kentico services.

Download data type conversion code snippets

Product instance licensing changes

Beginning with this release (July 25, 2024 onwards, product version 29.3.0 and later), Xperience by Kentico is introducing support for a new license key format. This change allows the system to track and inform clients about contractual violations related to product usage.

Note that changes introduced by this version primarily concern projects that plan to maintain version parity with the latest Xperience by Kentico releases. Projects running Xperience by Kentico versions lower than 29.3.0 are not retroactively affected. Such projects can continue using the current license keys until otherwise indicated or until you wish to update to a newer version.

Please carefully read the following sections to familiarize yourselves with the possible impact on your projects.

Transition period

The product is entering a three-month transition period lasting until the October 2024 Refresh release. During this period, both the current license key format (managed via the License keys application) and the new one will be active and available in the product side by side. You can seamlessly switch your projects to the new format without any downtime.

The October 2024 Refresh release will remove support for the current license key format. All projects updated to the October 2024 Refresh release or newer will need to switch to the new licenses.

Changes to license key management

The License keys application is becoming obsolete and will be removed in the October 2024 Refresh release. License keys in the new format are managed via the Settings application under System -> Licenses.

Clients can generate the new keys via Client Portal. The NEW label on the key generator buttons indicates key generators for the new license keys.

To replace your current license keys with new ones:

  1. Sign in to Client Portal.
  2. Under license management, generate license keys in the new format.
  3. In your Xperience instance, open Settings -> System -> Licenses.
  4. Insert the license key into the License key setting and save the changes.
  5. Remove all obsolete license keys from the License keys application.

The new licensing model requires a single license key for each Xperience instance. You no longer need to generate a key per channel domain. Contact sales@kentico.com if you have any questions or require assistance.

License keys are no longer bound to domains

Unlike the current license key model, which requires a separate license key for each domain used by the product (e.g., for website and email channels, or domain aliases), the new license keys are not bound to individual domains. Each Xperience by Kentico instance requires only a single license key.

Product documentation

Product documentation related to licensing was updated to reflect the newly introduced approach. The documentation will contain information about both licensing models until the end of the transition period, marked by the release of the October 2024 Refresh. All information related to the old licensing process will be removed from that point onward.

New features

Page permissions
Page permissions allow you to manage and scope permissions to website channels, specific content tree sections, and individual pages. To enable the management of permissions on a page level, the usual View, Create, Update, and Delete permissions set for a whole website channel in the Role management application were replaced by:

  • Access channel and Manage permissions permissions for individual website channel applications managed in the Role management application
  • Display, Read, Create, Update, and Delete page permissions managed directly from within the website channel application

To support a seamless transition to page permissions, certain roles automatically gain the following permissions after applying the update:

  • Roles with the Update permission for the Role management application gain the Manage permissions permission.
  • Roles with any permissions for a particular website channel application gain the Access channel permission for the application and, within it, all corresponding page permissions.

Page permissions are not included in CI/CD data. After performing a CI/CD restore operation, any moved and newly created pages inherit permissions from their new parent page.

Usage tracking
Content editors can now in content throughout the system to help them make informed decisions when editing or deleting already published content. The Usage tab is now available for all content items in the Content hub. It contains a listing of reusable items and channel items that link to the currently viewed content item using the content item selector or the rich text editor.

Channel type conversion
Headless and website channels can now be converted between microchannels and regular channels using the General tab when editing a channel in the Channel management application.

Workflow roles with control over all steps
Workflows can now be configured to have a set of roles with “full control” (in addition to roles assigned to individual workflow steps). Users in these roles can work with all steps in the workflow, and also directly publish items from any step.

Scheduled maintenance of Xperience Portal projects
To minimize the possible negative effects of on your Xperience Portal projects, you can now choose specific weekdays and timeslots during which your projects can be updated in the System → Update schedule Xperience Portal application.

SaaS US West deployment regions
Support for the West US and West US 2 regions was added for SaaS deployments.

E-commerce integration – Shopify
Allows you to connect your Shopify store with an Xperience by Kentico application using Shopify Storefront and Shopify Admin APIs. The integration provides synchronization of products and e-commerce actions between the two platforms. For more information and detailed instructions, see the Xperience by Kentico Shopify integration GitHub repository.

E-commerce integration – Kentico Xperience 13
Allows you to connect a Kentico Xperience 13 store with an Xperience by Kentico application. The integration is primarily intended to enable migration of existing Kentico Xperience 13 E-Commerce projects to Xperience by Kentico, but can also be used for other scenarios. For more information and detailed instructions, see the Xperience by Kentico - Kentico Xperience 13 E-commerce GitHub repository.

New object types for CI/CD

The update introduces the following object types, which are supported by the Continuous Integration and Continuous Deployment features. Consider updating the repository.config files of your CI/CD repositories, particularly when using the <IncludedObjectTypes> allowlist for object type filtering.

  • cms.contentworkflowrole – stores binding relationships between workflows and roles, indicating that the role has full control for all of the workflow’s steps.

Obsolete data types for Rich text fields

The combination of using the Rich text editor form component with Text or Long text data types in the field editor is now obsolete. If you want to use the Rich text editor form component, use the new Rich text (HTML) data type. Using Text and Long text for non-rich text fields is still valid, and the data types themselves are not obsolete.

Newly obsolete API

  • CMS.Base.ClassHelper – there is no alternative. The type was not intended for public use. You can use the application’s service container to dynamically load all required dependencies.
  • CMS.RegisterCustomManager attribute – deprecated customization pattern. Use the decorator pattern to customize the behavior of system classes.

Fixed issues

  • CI/CD – Under certain circumstances, working with pages under one website channel could also influence the CI/CD repository structure of pages in other website channels.

  • Former URLs – When filtering former URLs based on dates, the UI displayed an incorrectly named label in the list of applied filters.

  • General – Removing variable-length fields (nvarchar data types) from system objects (content types, object types) could end in a database timeout for objects with a large number of records (~hundreds of thousands). The timeout could be caused by a database size optimization that was run every time a variable-length database column (backing the corresponding removed field) was dropped. The fix for the issue disables this automatic optimization and only runs it during CI/CD database restore. If users need to optimize the database size outside of CI/CD restore operations, they can use the new Optimize database size action added to the Overview tab of the System overview application. The action runs the equivalent of DBCC CLEANTABLE over the connected database.

  • Installation – When creating a new database via kentico-xperience-dbmanager, default system user accounts were incorrectly created with the security stamp column set to NULL.

  • Page Builder – An error occurred when using a widget, section, page template, or personalization condition that was registered with an identifier starting with a lowercase character.

  • Performance – An excessive number of database queries was used when loading pages in the content tree of website channel applications. The performance of the content tree was optimized to improve load times for website channels containing a very large number of pages.

  • Website content


Hotfix (July 11, 2024)

version 29.2.2

Fixed issues

  • Website content – If pages under different website channels had an identical tree path, and one of these pages was moved, the resulting confirmation message displayed the number of moved pages incorrectly.

Hotfix (July 4, 2024)

version 29.2.1

Fixed issues

  • Rich text editor – When inserting an image into the inline rich text editor within a Page Builder widget, the image’s alternative text was not set. The alternative text is now automatically prefilled with the image’s description (or name, if the description is not available).

Refresh (June 27, 2024)

version 29.2.0

New features

Smart folders in Content hub
The Content hub application was extended to support smart folders, which provide a new dynamic way to organize and filter content items. Each smart folder is based on a filtering condition, such as “items modified in the last 7 days”, “items with the Draft status”, “items with the Acme tag”, etc. The condition is evaluated dynamically, so items move in and out of smart folders as their fields and metadata change. A single content item can belong into any number of smart folders. Smart folders are also available in all content item selectors throughout the system.

Scheduled unpublishing of pages and content items
”Archive” functionality for content items, website channel pages and headless items was renamed to “Unpublish”, which better reflects the feature’s intended purpose. When unpublishing content items or pages, editors can now choose whether to unpublish immediately or schedule the unpublish to a future date and time.

Scheduling support for cascade publishing
When scheduling a content item or website channel page to be published, the cascade publishing feature now schedules linked items to be published at the same time, rather than publishing them immediately.

Microchannels
The system now supports the creation of microchannels. Microchannels can contain at most 20 content items of the specific channel type – pages for website channels and headless items for headless channels. You can select the channel size when creating new channels in the Channel management application. Microchannels are not supported for Email channels.

User interface improvements
The Email selector was extended to display the Status column in the list of emails available for selection. Additionally, any disabled emails in the selector now have tooltips explaining why the email cannot be selected.

Extended support for admin UI listing page filters
Filter models for admin UI listing pages were extended to support validation rules, visibility conditions and component state configurators. Additionally, new attributes provide the option to set the filter summary text that appears above the listing for individual filter properties, and add properties that appear in the filter UI, but do not affect the resulting filtering condition. This allows developers to create more advanced filters for UI listing pages.

SaaS East US 2 deployment region
Support for the East US 2 region was added for SaaS deployments.

Updates and changes

  • API – The WhereIn and WhereNotIn WHERE condition parameterization methods used by the content item and object query API were extended with overloads accepting IEnumerable in addition to ICollection.
  • Content management – All “Archive” terminology in the administration interface and API was renamed to “Unpublish”.
  • Content hub – The Authentication column was removed in the Content hub listing. Instead, a “secured” icon is displayed in the Status column for items that require authentication.
  • General – The names of certain objects (taxonomies, tags, content hub folders) no longer need to be unique. This applies to “display names” that appear in the user interface. The code names of objects still must be globally unique.
  • Rich text editor
  • User interface – Switching between pages in the pagination UI for the listing in the Content hub application now automatically scrolls to the top of the items displayed for the page.

New object types for CI/CD

The update introduces the following object types, which are supported by the Continuous Integration and Continuous Deployment features. Consider updating the repository.config files of your CI/CD repositories, particularly when using the <IncludedObjectTypes> allowlist for object type filtering.

  • cms.smartfolder – stores smart folders, which are used to dynamically categorize and filter items in the Content hub application.

Newly obsolete API

“Archive” API
All content management API with the “Archive” keyword (e.g., IContentItemManager.TryArchive, WebPageEvents.Archive, VersionStatus.Archived) was made obsolete. Use the new replacement API with the “Unpublish” keyword.

Fixed issues – security

Requests to endpoints under the /admin path returned incorrect HTTP status codes in certain cases. To improve security, the following changes were made:

  • Requests to endpoints under the /admin path now return a 400 HTTP status code if anti-forgery token validation fails.
  • Requests to non-existing endpoints under the /admin path now return a 404 HTTP status code.

Fixed issues

  • Admin UI

    • A horizontal scrollbar was incorrectly displayed in tree listings (e.g., taxonomy tree, website channel content tree) whenever a vertical scrollbar was required. The horizontal scrollbar is not necessary anymore, as all tree listings are resizable.
    • Attempting to change the data type of a field via an object’s Fields tab to an incompatible data type (for example, Date to Long text) caused a crash in the editing interface that required a full page reload to recover. After applying the refresh, an error message is shown instead.
    • Buttons that were disabled (e.g., due to insufficient user permissions) didn’t show tooltips when hovered.
    • The Change workflow step button in content management applications was missing a tooltip in scenarios where the button was inactive for the current user.
    • The pagination UI for the listing in the Content hub application didn’t display page numbers correctly if there were many pages of items.
    • The website channel content tree displayed an incorrect icon for pages that weren’t translated in the currently selected language, but had an existing language variant that was scheduled to be published.
    • Trees in the administration UI (e.g., the Content hub folder tree) didn’t scroll to the currently selected item when this was required to show the item after reloading the page.
    • Filtering configuration was incorrectly shared among all channel applications in an instance. After applying the refresh, filters can be configured independently for each channel application. However, the fix also invalidates all existing filter configurations, which need to be set up again.
  • Admin UI customization

    • Actions handled by custom components added via Page.PageConfiguration.HeaderActions.AddActionWithCustomComponent to listing page header actions didn’t work correctly.
    • Links in a listing UI page didn’t open in a new tab even though the Target property of ActionConfiguration.LinkParameters of TableActions was set to "_blank".
  • Cascade publishing – If an item was selected in the cascade publishing dialog and another action in the system prevented the item from being published (for example if the user lost permissions, or the item was meanwhile published by another user), the item incorrectly remained selected after the dialog was reloaded via the Refresh button. The issue only occurred in the cascade publishing dialog that appeared when mass publishing items in the Content hub application.

  • Content hub folders – The content hub folder tree wasn’t refreshed after renaming a folder, which could cause the folders to be displayed out of alphabetical order until the page was reloaded.

  • General – System routes were not registered correctly when using ASP.NET Core pipeline branching for middleware registration.

  • Headless channels

    • After applying the 29.1.4 update, the headless item selector component didn’t work correctly.
    • After selecting the Preview button, the Preview URL didn’t open in a new tab but was instead appended to the current URL, and a general error page was shown.
  • Media libraries – Attempting to upload a file with a name that already exists in the media library resulted in an error if the original file had a thumbnail attached. This issue occurred only in media libraries mapped to Azure storage.

  • Website content – Deleting the ‘Draft’ version of a page could result in an error on the live site due to incorrectly cleared cache.


Hotfix (June 20, 2024)

version 29.1.5

Fixed issues

  • API – Working with SQL queries containing DateTime strings (e.g., 2/22/2024 1:50:11 PM) generated by the system could result in SQL exceptions related to malformed DateTime format. Only some Linux environments are currently affected. The issue was caused by an update in the underlying operating system libraries (specifically, libicu), which changed the structure of the output DateTime format string. Applying the hotfix prevents a possible occurrence of the issue for Windows and MacOS as well, should a similar library update occur on those platforms in the future.

  • Content items – Pages referencing reusable content items via fields belonging to reusable field schemas could lose such references when the page used Page Builder and contained a widget that could also reference reusable content items via its fields. Modifying the reusable content item reference of the widget then caused the system to also remove all reusable content item references from the fields belonging to reusable field schemas.


Hotfix (June 13, 2024)

version 29.1.4

Fixed issues

  • Content management – After applying the 29.0.0 update, the content item selector displayed content items in a different order than the one in which the items were selected.

  • Membership – Performing any updates to member objects (via UserManager<ApplicationUser>) after they were created during the initial registration process caused the system to reset the member’s password. This issue could occur when, for example, email confirmation was enabled for member accounts.

  • Rich text editor – When using the Asset and Link plugins with a custom rich text editor configuration, the buttons for the plugins were not displayed in the editor’s toolbar if the toolbarButtons property was defined using a JSON object instead of an array.


Hotfix (June 6, 2024)

version 29.1.3

Fixed issues

  • API – If the ContentItemLanguageMetadata.ScheduledPublishWhen property was set while creating a new content item or page using the IContentItemManager or IWebPageManager API, and the item’s content type was under workflow, the new item was incorrectly created in the first workflow step (ContentWorkflowStepType.SystemDraft), even though it was already scheduled to be published. After applying the hotfix, such items are created in the last workflow step (ContentWorkflowStepType.SystemFinal). The update automatically moves any inconsistent items with a scheduled publish date into the last workflow step.

  • SaaS – Partial project backups were retained for 60 days instead of the intended expiration time of 60 hours.


Hotfix (May 30, 2024)

version 29.1.2

Updates and changes

Xperience Portal – You can now see the details of your service plan (formerly called “project tier”) in the Service overview section of the project Dashboard.

Fixed issues

  • CI/CD – The bindings that assign workflows to content types (cms.contentworkflowcontenttype) and workflow steps to roles (cms.contentworkflowsteprole) weren’t stored correctly by CI/CD. Consequently, only the last assigned content type for workflows and the last assigned role for each workflow step was present after restoring the data to another instance via CI/CD.

  • Cascade publishing – The cascade publishing dialog displayed linked content items as disabled if they were under workflow and in the Scheduled status. As a result, such items couldn’t be selected for immediate publishing.

  • Rich text editor – The HTML sanitizer used in the Rich text editor incorrectly processed certain sequences of characters in already encoded URLs.


Hotfix (May 23, 2024)

version 29.1.1

Fixed issues

  • CI/CD

    • The CI/CD data of pages, content items, emails and headless items could include certain values related to new versions of previously published items (ContentItemLanguageMetadataContentWorkflowStepID and ContentItemLanguageMetadataScheduledPublishWhen values in cms.contentitemlanguagemetadata files). When the CI/CD data was restored to another instance, these did not cause any issues, but represented minor data inconsistencies, since new draft versions of items are not synchronized by CI/CD.
    • When restoring CI/CD data containing a new workflow step together with an item in the given step, an error occurred and the restoration of the item failed.
  • Content hub – If a user performed an action that changed which items were shown in content item listings (e.g., entering a search phrase, applying a filter, selecting a folder), the current selection of items in the listings was cleared. After applying the hotfix, the item selection persists when the listing is modified.

  • Forms – Using output caching with a page containing a Form widget prevented all subsequent submissions of the form. After applying the update, the system automatically detects the presence of the Form widget on a page and disables its caching.

  • Taxonomies – While creating a new tag, deleting any of its parent tags redirected the user to a general error page instead of switching to a different tag in the taxonomy tree.


Refresh (May 16, 2024)

version 29.1.0

New features

Scheduled publishing of pages and content items
When publishing content items and website channel pages, editors can now choose whether to publish immediately or select a date and time when the publish will occur.

Time values in the administration displayed in the user’s local time zone
All time values in the administration are now automatically converted and displayed in the local time zone of each user, based on browser and environment settings. For example: 01:30 PM (GMT+02:00). Internally, time values are stored in the time zone of the server where the application is running (exactly like in previous versions of Xperience by Kentico).

‘Contact has value in field’ condition for contact groups
A new Contact has value in field condition is available for contact groups. This condition is fulfilled for contacts whose value in a selected field meets the specified requirements.

Taxonomy support for headless and email channels
Fields with the Taxonomy data type can now also be added to content types for emails and headless items.

Improved filtering in content hub, headless and email channel applications
The listing in content hub, headless and email channel applications now allows editors to filter items based on assigned tags. Additionally, the listing in email channel applications also now allows editors to filter emails based on their Status.

Content hub folder properties
Users can now view the properties of folders in the Content hub application. The properties include the folder’s ID, code name, created and last modified timestamps, as well as other metadata.

API for managing content hub folders
New public API that allows developers to manage content hub folders, and move items between folders. The API can be useful when implementing integrations or migrating content.

Improved reusable field schemas visualization on the content type ‘Fields’ tab
When editing content types on the Fields tab, reusable field schema placeholder elements now display all fields that constitute the assigned schema. Selecting the edit icon ( ) redirects you to the editing interface for the corresponding schema.

New content item query methods for reusable field schemas
Developers can now use the LinkingSchemaField and LinkedFromSchemaField methods when parameterizing data retrieval using content item queries. LinkingSchemaField retrieves all content items that link to at least one item from the provided input collection via a reusable schema field. LinkedFromSchemaField retrieves all content items linked from a reusable schema field belonging to items from the provided input collection.

User interface improvements
The editing experience was improved with two new improvements to the administration interface:

  • Editors can open a preview of pages in a new tab from the page actions menu.
  • Editors can resize tree UI components throughout the system to improve navigation with multiple expanded levels (e.g., in website channel applications, the page selector, Settings application, Taxonomies application).

Updates and changes

  • Content management – The names and icons of Draft item statuses were unified across all content-related applications (Content hub as well as website, email, and headless channel applications). The status names are now Draft (Initial) for new items that haven’t been published yet, and Draft (New version) for published items with a new version that is being edited.
  • Email templates – The Email templates application was moved in the administration’s application list from the Digital marketing category to Configuration.
  • Forms – Form submissions are now ordered according to their submission date and time in descending order (the latest form submissions are displayed first).

Newly obsolete API

Generic provider updates

Info provider interfaces in the following namespaces were replaced by the generic IInfoProvider<TInfo> provider and made obsolete:

CMS.MediaLibrary

  • IMediaFileInfoProvider
  • IMediaLibraryInfoProvider

CMS.DataEngine

  • IQueryInfoProvider
  • ISettingsCategoryInfoProvider
  • ISettingsKeyInfoProvider
  • ITempFileInfoProvider

CMS.EventLog

  • IEventLogInfoProvider

CMS.Globalization

  • ICountryInfoProvider
  • IStateInfoProvider

Obsolete localization API

The following API members from the CMS.Localization namespace are not intended for public use, a were made obsolete:

  • IResourceStringInfoProvider, ResourceStringInfoProvider
  • ResourceStringInfo, ResourceStringInfoBase<TInfo, TInfoProviderInterface>
  • IResourceTranslationInfoProvider, ResourceTranslationInfoProvider
  • ResourceTranslationInfo, ResourceTranslationInfoBase<TInfo, TInfoProviderInterface>
  • ISQLLocalizationSource

Obsolete publish workflow step type

The SystemPublish value in the ContentWorkflowStepType enum is now obsolete. Use the SystemFinal value instead, which represents items that are scheduled to be published.

Fixed issues – security

  • Admin UI – Admin UI API endpoints related to Page Builder and Form Builder were accessible to member accounts under specified conditions. The vulnerability didn’t enable attackers to extract sensitive data or perform unauthorized actions in the administration interface.

Fixed issues

  • API – Resetting thread context using the ContextUtils class added in version 29.0.1 caused concurrency issues in certain cases.

  • Admin UI

    • Date and time input fields were styled incorrectly if validation failed when attempting to enter a value.
    • The buttons in the confirmation dialog that appeared when deleting workflow steps were styled incorrectly.
    • Various issues related to asynchronous tasks were fixed for the administration UI. These issues could potentially cause data to be saved or displayed incorrectly, or even UI crashes in rare cases.
    • Various issues related to asynchronous tasks were fixed for the administration UI. These issues could potentially cause data to be saved or displayed incorrectly, or even UI crashes in rare cases.
  • Azure storage

    • Media library files mapped to Azure Blob storage could show incorrect file timestamps (creation and last modified dates) under certain circumstances.
    • Media library files mapped to Azure Blob storage could show incorrect file timestamps (creation and last modified dates) under certain circumstances.
  • Cascade publishing – The cascade publishing dialog didn’t work correctly in cases where another action caused the publish operation to be invalid (for example if the user lost permissions, or the item was meanwhile published by another user). Error states weren’t displayed correctly for items that could not be published for such reasons, and in certain cases the dialog became stuck in a loading state after clicking the Publish button.

  • Channels – When using auto-scaling in a project with multiple channels, a newly created channel application in one Xperience instance didn’t properly show up in the UI of the other instances.

  • Content hub folders – If the name of a content hub folder contained multiple whitespace characters in a sequence, they were displayed only as a single space in the folder tree.

  • Content item API – The content item query TopN method, when used together with Where in a ForContentType.Parameters() statement, could sometimes return an empty result due to an incorrect application of the TOP N clause in the resulting SQL query.

  • Forms – Forms with the reCAPTCHA form component couldn’t be submitted in certain cases. The issue occurred if the form was placed on a website channel configured to use reCAPTCHA version 3 and the form’s code name contained a . period character.

  • Project templates – The _LandingPageLayout.cshtml layout in the Dancing Goat project template didn’t include activity logging scripts. As a result, activity logging didn’t work on the resulting site’s Coffee samples landing page. The issue is only resolved for new projects created after updating project templates.

  • Rich text editor – When using the Insert link → Asset option of the rich text editor, the Open in new tab option didn’t work correctly if the content item asset’s file name contained the @ character.

  • Workflow – Deleting, creating and reordering a workflow’s steps could in certain cases cause the steps to be displayed in the wrong order in the Change workflow step dialog (when moving pages, emails or items between steps). The update prevents the issue from occurring, but any affected workflows need to be fixed manually after the update – drag the workflow’s last step to the first position and then back again. This ensures correct recalculation of the order for all steps.


Hotfix (May 9, 2024)

version 29.0.3

Fixed issues

  • Content management – Items selected in the content item selector weren’t saved if they were filtered out by a search in the selection dialog.

  • Pages – Custom forbidden URL characters were not replaced and remained in the URL slugs of pages. The update fixes the issue for new URLs and introduces validation on the URL slug field that checks for the forbidden characters. For existing pages, the forbidden characters need to be replaced manually.


Hotfix (May 2, 2024)

version 29.0.2

Updates and changes

  • Integrations – The Xperience by Kentico Zapier integration that was introduced in preview mode with refresh 28.4.0 is now fully supported.

Fixed issues

  • Field editor – Toggling the Display in editing form checkbox offered when editing content types on the Fields tab in the Content hub application and then attempting to save the changes triggered validation errors for other required fields in the configuration, even when their values were set correctly. This made it impossible to save any changes.

  • Headless items – Deleting a headless item from its detailed view incorrectly required the Update permission instead of Delete.


Hotfix (April 25, 2024)

version 29.0.1

New features

The CMS.Base.ContextUtils class was introduced into the public API. The class’s PropagateCurrent and ResetCurrent methods allow developers to propagate or clear the system’s thread context, such as the database connection, when executing asynchronous or parallel code (for example using Task.Run). See Integrate custom code.

Fixed issues

  • Admin UI – The Form submissions tab in the Forms application didn’t display a scrollbar if the form contained a large number of submissions. This prevented users from viewing all submissions.

  • Admin UI customization – Actions handled by custom components added via Page.PageConfiguration.TableActions.AddActionWithCustomComponent to listing page table rows did not work correctly and logged errors in the event log.

  • Content management

    • Publishing a content item, page, email or headless item with fields linking to other content items could result in high CPU utilization on the client and lead to a frozen UI in some cases (“Maximum update depth” warnings were logged in the browser console).
    • While reordering items within a content item selector, the order of content items could accidentally be changed in another selector for the same content type. This was possible by dragging an item from “selector A” over items in “selector B”.
  • Form Builder – The Radio buttons, Drop-down list, and Checkboxes Form Builder form components displayed incorrect UI for their properties. The issue was present only after applying hotfix 28.3.1 or later.

  • Pages – When a page contained both an image and a special character (e.g., ', ", &, < or >) in a rich text field, a dialog notifying about unsaved changes was incorrectly displayed when leaving the page after saving the changes or when publishing the page.

  • Rich text editor

    • After applying the 29.0.0 update, the rich text editor’s toolbar was missing if the toolbarButtons option was not included in the Customize the editor.
    • If multiple content types in the system had a Content item asset field with the same name, an error occurred when displaying the rich text editor, and the editor’s Insert image dialog didn’t work.
  • SaaS deployment – Content editors were not able to save text content with code snippets in projects hosted in the SaaS environment. WAF rules of the Cloudflare CDN were modified for POST requests originating from the administration interface to allow content with code snippets. Any POST requests originating from outside the administration interface (e.g., form submissions) must still adhere to a strict set of rules.


Refresh (April 18, 2024)

version 29.0.0

New features

Content hub folders
The Content hub application now allows users to create a hierarchy of folders for organizing content items. The purpose of folders is to help efficiently navigate through content items in the administration interface. However, these folders cannot be used to control content delivery or filter content on the live website.

Mass publishing in Content hub
The Content hub application now supports mass publishing of content items.

Scope content items offered by content item selector by reusable field schemas
The content item selector UI form component can now filter content items according to assigned reusable field schemas. Content item selectors configured via the field editor can now select the Allowed reusable field schema option. For model-driven forms such as widget property dialogs, implement the IReusableFieldSchemasFilter interface and assign it using the ContentItemSelectorComponent attribute. See the content item selector documentation for an example.

When retrieving fields scoped by reusable field schemas via content item query, use the OfReusableSchema parameterization.

When retrieving fields scoped by reusable field schemas via GraphQL, use inline fragments to access the properties of the underlying type. See, Retrieve headless items.

Ordering in the content item and headless item selectors
The selectors now support a drag-and-drop ordering mechanism for easily reordering linked items, preserving the selected order. Both the minimum and maximum number of selectable items can now also be set. This new feature enables a substantial change in the approach to content modeling, as you can now use reusable content items instead of pages without URLs to model strictly-ordered hierarchies, including website navigation. This new approach helps declutter the website channel content tree and promotes better reusability of your content model.

Content item code name generation API
Developers can now use the CMS.ContentEngine.IContentItemCodeNameProvider API to generate globally unique code names for content items programmatically.

Updated automapping support for reusable field schema
This update introduces the option to specify which model class a given content type referenced under a reusable field schema maps to when using IContentQueryExecutor.GetMappedResult<TModel> or IContentQueryResultMapper.Map.



// Maps content types of type 'Laptop.CONTENT_TYPE_NAME' from the collection of items
// referenced by the 'IComputer' schema to the 'Laptop' model class.
[MapContentTypeReferenceTo(Laptop.LAPTOP_CLASS_NAME, typeof(Laptop))]

// Maps content types of type 'Desktop.CONTENT_TYPE_NAME' from the collection of items
// referenced by the 'IComputer' schema to the 'Desktop' model class.
[MapContentTypeReferenceTo(Desktop.DESKTOP_CLASS_NAME, typeof(Desktop))]

// Other content types map to the 'Computer' model class
[MapReferenceTo(typeof(Computer))]

// Property representing reusable field schema references
public IEnumerable<IComputer> Computers { get; set; }

When no mapping preferences are specified, the system defaults first to the type of the property representing the reusable schema and finally to the type registered via RegisterContentTypeMappingAttribute.

Expanded reusable field schema data type support
Fields defined for reusable field schemas can now use the following data types:

  • Content items – content item references (content item selector)
  • Media files – media library files (media file selector)
  • Object code names and global identifiers (GUIDs) – references to objects managed by the system (object selector)
  • Pages – web page references (page selector)
  • Taxonomy – a collection of tags that belong to taxonomies (tag selector)
  • Time interval
  • Unique identifier (GUID)

Expanded email data type support
Fields defined in content types for emails can now use the following data types. The data types are also supported by macros in email templates.

  • Media files
  • Object code names
  • Object global identifiers
  • Pages
  • Time interval
  • Unique identifier (GUID)

Create pages and folders directly in the content tree
Users can now create new pages and folders directly in the content tree of website channel applications.

Updates and changes

  • Code generators – Interfaces generated for reusable field schemas now contain the code name of the schema under the REUSABLE_FIELD_SCHEMA_NAME constant.
  • Content item API
    • Web page content items retrieved via content item query now contain the identifier of their corresponding website channel in the WebPageItemWebsiteChannelId property.
    • Parts of the content item creation API (CreateContentItemParameters, CreateWebPageParameters, and CreateFolderParameters) were extended with additional overloads that no longer require the code name parameters explicitly and instead use IContentItemCodeNameProvider internally to generate one. See the reusable content item page and API examples for usage examples.

New object types for CI/CD

The update introduces the following object types, which are supported by the Continuous Integration and Continuous Deployment features. Consider updating the repository.config files of your CI/CD repositories, particularly when using the <IncludedObjectTypes> allowlist for object type filtering.

  • cms.contentfolder – stores folders used to organize items in the Content hub application. Required for all projects to ensure that the content hub works correctly.

Breaking changes

Regular email rescheduling permissions
In order to reschedule the sendout of regular emails in email channel applications, users must now belong to a role with the Send email permission for the given application.

Resolution: Add the Send email permission to all roles that need to be able to configure when regular emails are sent.

Content hub URLs
The URLs of administration UI pages for managing individual items in the Content hub application newly include a segment representing the location of the given item. The location value can either be the ID of the folder containing the given item (highlights the folder in the content hub tree) or the all constant (displays the item under “All content items”, is valid for all items).

URL path format: /admin/content-hub/<language>/<location>/list/<item ID>/<UI page> Example: /admin/content-hub/en/all/list/19/content

Resolution: Update any stored or hardcoded URLs targeting content item admin UI pages to include the location segment. Use the all location to preserve full backward compatibility.

If you have any admin UI customizations that generate links to content item UI pages, add the location parameter to your IPageUrlGenerator.GenerateUrl calls (the order of the URL parameters is significant). Use the ContentHubSlugs.ALL_CONTENT_ITEMS constant to generate “All content items” links, which are valid for any content item.



// Service obtained using dependency injection
private readonly IPageUrlGenerator pageUrlGenerator;

//...

pageUrlGenerator.GenerateUrl<ContentItemEdit>(languageName, ContentHubSlugs.ALL_CONTENT_ITEMS, contentItemId.ToString());

If you need to generate links that preserve the currently selected folder when linking within the Content hub application, use the PageParameter attribute to retrieve and bind the folder parameter from the URL.



[PageParameter(typeof(StringPageModelBinder), typeof(ContentHubFolder))]
public string FolderId { get; set; }

Then add the retrieved value to the GenerateUrl parameters in place of the ContentHubSlugs.ALL_CONTENT_ITEMS constant.

.Internal namespace API changes

Certain parts of the public API could not safely be used by developers, because they contained members from .Internal namespaces, which are not allowed for public use. These inconsistencies were fixed by moving API members between .Internal and public namespaces, or in certain cases by making members obsolete.

The following list covers impactful changes for public API scenarios – members that were moved from an .Internal namespace to a public one. To resolve potential issues in your code, remove the .Internal suffix from the given namespaces in using statements.

  • From CMS.Automation.Internal to CMS.Automation
  • From CMS.Base.Internal to CMS.Base
    • HttpCacheability, HttpCacheRevalidation – used by properties of CMS.Base.Routing.CMSActionResult, the base class of the system’s HTTP handler return type.
  • From CMS.DataEngine.Internal to CMS.DataEngine
    • GuidItem – used as an argument of CMS.DataEngine.SqlHelper.BuildGuidTable.
    • StringItem – used as an argument of CMS.DataEngine.SqlHelper.BuildStringTable.
  • From CMS.Headless.Internal to CMS.Headless
  • From Kentico.Content.Web.Mvc.Internal to Kentico.Content.Web.Mvc
    • ComponentFilterRegistrar – type used in the page template and form component filtering API.
    • FormAfterSubmitModeEnum – enum type representing possible actions after a user submits a form using the Form Page Builder widget. Not used in common scenarios, but could be required for certain Form widget customizations.

Newly obsolete API

Info provider interfaces in the CMS.ContactManagement namespace were replaced by the generic IInfoProvider<TInfo> provider and made obsolete.

  • IAccountContactInfoProvider
  • IAccountInfoProvider
  • IAccountStatusInfoProvider
  • IContactRoleInfoProvider
  • IContactStatusInfoProvider
  • IContactInfoProvider
  • IVisitorToContactInfoProvider
  • IContactGroupInfoProvider
  • IContactGroupMemberInfoProvider

Fixed issues

  • AI – Content items with custom fields of type Text assigned exclusively via reusable field schemas were unavailable when selecting items as the content source in the Generate with AI dialog for a field using the generate email content AI feature.

  • Admin UI – The text of some action confirmation messages in the administration was adjusted to be more accurate.

  • CI/CD – The Continuous Integration repository didn’t correctly maintain the latest state of content item relationships (references to other content items via the Content items data type) that were edited via the admin UI. Instead, for all operations done through the admin UI that modify content item relationships (adding and removing content items via the content item selector), the repository maintained the state immediately preceding the latest operation. Relationships assigned programmatically via the API were unaffected. After applying this refresh update, projects using CI/CD should follow the steps outlined in the update instructions to get their repository to the correct state.

  • Content hub – Attempting to edit a nonexistent content item via the content item edit page (e.g., by directly accessing the edit page URL with invalid parameters) returned an HTTP 500 error instead of the system error page.

  • Content item API – The LinkedFrom and Linking content item query parameterization methods returned a NullReferenceException when the provided content type didn’t exist. The exception type was changed to ArgumentException, which is more suitable for the reported error.

  • Content management – The cascade publishing dialog didn’t prevent selection of linked content items that would then fail to publish due to workflow restrictions. The issue occurred for items under workflow if the current user didn’t belong to a role that was allowed to work with the last step in the workflow.

  • Languages

  • Pages

    • The value of the CacheVaryByConstants.ROUTE_URL_SLUG constant was incorrect. The constant stores the name of the route parameter that holds the URL slug value for page routes, and can be used to vary the output cache of pages based on their URLs.
    • When directly publishing new pages with one or more Content item selector fields, a TaskCanceledException error occurred and was displayed in the system’s event log. However, the error did not prevent the page from being published or cause any functional issues.
  • Rich text editor – When using the Insert link → Web URL option of the rich text editor with content spanning the entire height of the content editing area, the pop-up for entering the URL was anchored to the bottom of the page and could not be filled out.


Hotfix (April 11, 2024)

version 28.4.4

Fixed issues

  • Taxonomies – The placeholder that appears in the taxonomy tree when creating tags in the Taxonomies application was displayed incorrectly in certain circumstances.

Hotfix (April 4, 2024)

version 28.4.3

Fixed issues – security

  • Users – Regular users with the Create permission for the Users application were allowed to assign the Administrator role to newly invited users.

Fixed issues

  • Page Builder – Custom HTML elements surrounding Page Builder widget zones in the administration were incorrectly removed in certain cases.

Hotfix (March 28, 2024)

version 28.4.2

Fixed issues

  • Admin UI

    • A validation message in the Rename content item dialog was not displayed correctly.
    • Exceedingly long content item names could overflow on the Content tab.
    • Exceedingly long language names could overflow in the language selector.
    • The tag selector dialog incorrectly expanded certain tags in the tag tree.
  • CI/CD – After separately updating the databases of multiple instances synchronized via CI/CD from versions 22.0-26.6 to version 27.0 or later, the system could no longer match existing Former URLs during CD restore. This led to duplicate Former URL entries in the target database after running the restore command. The hotfix also deletes any already existing Former URL duplicates in the project database.

  • UI form components – Properties for the minimum and maximum number of selected tags for the TagSelectorComponent editing component were introduced.

  • Xperience Portal – The status of custom channel domains with invalid DNS records was incorrectly displayed as Error instead of Validation failed.

Recommended manual steps for self-hosted environments

Some deployment environments, like Azure Web Apps, don’t provide a persistent file system. This can potentially lead to a loss of binary files like media libraries, content item assets, or files uploaded via the Upload file form component when redeploying the application, swapping slots, switching servers, etc. The possible loss can be prevented by mapping and storing the files in persistent shared file storage like Azure Blob or Amazon S3.

Therefore, if you:

  • Use self-managed deployments in environments without a persistent file system (e.g., Azure Web Apps )
  • Don’t have the following folders mapped to shared storage:
    • ~/assets folder containing content item assets and media library files
    • ~/BizFormFiles folder containing files uploaded from users using the Upload file form component (if you use Forms with the given component)

We recommend taking the following actions:

  1. Add mappings for the unmapped folders.
  2. Obtain the files from the unmapped folders in your deployed project and manually upload them to the shared storage. Depending on your deployment environment you might be able to access the files directly on the file system. If this isn’t possible, you can download the files manually (e.g., the files uploaded through forms are stored in each form’s submissions).

Hotfix (March 22, 2024)

version 28.4.1

Fixed issues

  • General – An error occurred when building version 28.4.0 projects using the .NET 8.0 Target framework. This also prevented NuGet package updates to 28.4.0 for projects targeting .NET 8.0.

Refresh (March 21, 2024)

version 28.4.0

New features

Taxonomies support

Taxonomies provide users with the option to tag content. Tags can be assigned to individual pieces of content for multiple purposes including but not limited to modeling relationships, categorization, and organization and classification of data. Example uses include:

Query content items without specifying content type names

In previous versions of Xperience, retrieving content items via content item query required explicitly stating the content item type as a parameter of the ForContentType method. Any implementation that relied on dynamic item selection (e.g., via selector components) often had to restrict its functionality to a predefined set of content page or resort to various workarounds due to this limitation.

This release extends content item query with options to query content items without prior knowledge of their type. The available parameterization alternatives include:

  • Assigned reusable field schemas – selects items from content types with the specified reusable schema assigned. Selection can be further limited using conventional WHERE conditions.
  • Content item identifiers, GUIDs, or code names (for website pages) – selects items that match the provided collection of identifiers (e.g., via the Page selector component).
  • A list of content types – selects items that match the provided content type names. Doesn’t require repeated ForContentType calls.

The new querying API is available via the ForContentTypes method on ContentItemQueryBuilder. See Reference - Content item query for details.

Enhancements to content item query result mapping

The process of mapping database data returned by content item queries to objects used by the live site was updated to address the requirements introduced by the querying improvements outlined above.

The existing implementation using IContentQueryExecutor.GetResult<TModel> (GetWebPageResult for pages) requires developers to pattern-match based on content type names and assign appropriate models matching the data. This is especially noticeable when working with result sets comprised of multiple content types:


// Mapping a result set containing multiple content types
await contentQueryExecutor.GetResult<IContentItemFieldsSource>(builder, dataContainer =>
{
    // Pattern-matching to suitable model classes
    switch(dataContainer.ContentTypeName)
    {
      case Coffee.CONTENT_TYPE_NAME:
          return contentQueryResultMapper.Map<Coffee>(dataContainer);
      case Event.CONTENT_TYPE_NAME:
          return contentQueryResultMapper.Map<Event>(dataContainer);
      default:
          throw new Exception("Attempting to map an unknown type.");
    }
});

While useful for advanced use cases, this approach leads to unnecessary boilerplate code in the majority of common scenarios. It also relies on prior knowledge of content types comprising the result set.

This version update introduces new query execution API – IContentQueryExecutor.GetMappedResult<TModel> (GetMappedWebPageResult for pages). This API abstracts the mapping function present in GetResult<TModel> and directly returns saturated model classes.

For result sets comprised of a single content type, you now omit the mapping function entirely and call:


var builder = new ContentItemQueryBuilder();
builder.ForContentType(Article.CONTENT_TYPE_NAME);

// 'GetMappedWebPageResult' directly returns an enumeration of types specified by the generic parameter
IEnumerable<Article> articles =
            await contentQueryExecutor.GetMappedWebPageResult<Article>(builder);

Result sets that are comprised of two or more content types or that retrieve objects based on reusable field schemas can also omit all pattern-matching within the mapping logic and work directly with instances of the corresponding model classes:


var builder = new ContentItemQueryBuilder();
// Uses the newly introduced API to retrieve multiple content types
builder.ForContentTypes(query =>
{
    query.OfContentType(Article.CONTENT_TYPE_NAME, Blog.CONTENT_TYPE_NAME);
    query.WithContentTypeFields();
});

// Gets a mixed collection of articles and blogs.
// The 'TModel' generic in GetMappedWebPageResult must cast the result set to a type shared by all models.
// This example uses 'IContentItemFieldsSource' - implemented by all generated model classes - as the shared type.
IEnumerable<IContentItemFieldsSource> result =
        await executor.GetMappedWebPageResult<IContentItemFieldsSource>(builder);

// Gets all articles
List<Article> articles = result.OfType<Article>().ToList();
// Gets all blogs
List<Blog> blogs = result.OfType<Blog>().ToList();

The system determines which model class to instantiate for each content type based on the RegisterContentTypeMapping attribute used to annotate model classes. The attribute is, by default, present in all generated classes. Each content type can be associated with exactly one model class via the attribute. To use the GetMappedResult methods in existing projects, regenerate all model classes to ensure the attribute is present in all models.

Additionally, as part of these changes, IContentQueryResultMapper and IWebPageQueryResultMapper, used by the mapping logic within GetResult<TModel>, were unified to offer identical functionality for all content item types (reusable, pages). Going forward, we recommend using IContentQueryResultMapper for all custom mapping operations. Related scenarios covered in the documentation were updated to reflect the new recommendation.

UI form components

  • You can now provide multiple dependency fields to a form component configurator, enabling you to create more complex rules and conditions for your editing components. For example:

    
      [FormComponentConfiguration(typeof(MyConfigurator),
                                  new[] { nameof(FirstDependencyField),
                                          nameof(SecondDependencyField) })]
      
  • Developers can now access the ContentTypeID and IsSecured properties in IWebPagePanelItemModifier implementations, making it possible to disable pages in the Page selector form component based on their content type and access privileges. For example:

    
      public class SecuredArticlePagesPanelItemModifier : IWebPagePanelItemModifier
      {
          public WebPagePanelItem Modify(WebPagePanelItem pagePanelItem, WebPagePanelItemModifierParameters itemModifierParams)
          {
              string contentTypeCodeName = DataClassInfoProvider.GetClassName(itemModifierParams.WebPageMetadata.ContentTypeID);
    
              // Disables selection of secured pages of the 'acme.article' type
              if (string.Equals(contentTypeCodeName, "acme.article", System.StringComparison.OrdinalIgnoreCase) && itemModifierParams.WebPageMetadata.IsSecured)
              {
                  pagePanelItem.SelectableOption.Selectable = false;
                  pagePanelItem.SelectableOption.UnselectableReason = "Cannot select secured 'acme.article' pages";
              }
    
              return pagePanelItem;
          }
      }
      

Integrations

  • CRM – The Xperience by Kentico CRM integration was updated to support bi-directional synchronization between contacts in Xperience and Leads or Contacts in the connected CRM.

  • MiniProfiler – New external module that integrates Xperience by Kentico applications with MiniProfiler. This integration allows developers to optimize database queries and reduce load times. For more information, see the Xperience by Kentico MiniProfiler GitHub repository.

  • Tag Manager – The Xperience by Kentico Tag Manager integration was updated to provide support for the following additional code snippets:

  • Zapier – New external module that enables you to create automated workflows, or “Zaps,” that can trigger actions across different platforms based on events that occur in Xperience by Kentico. For example, you can trigger actions in Zapier when a new contact is created or a content item’s workflow step changes. In the other direction, you can set up actions in Xperience that are triggered by “Zaps” from other applications – store external data as a form submission or change the workflow step of a content item. This integration empowers users to streamline repetitive tasks, synchronize data, and improve productivity without requiring any coding knowledge. The integration is currently in preview, with full support coming soon. For more information, see the Xperience by Kentico Zapier GitHub repository.

Updates and changes

  • Content types and reusable field schemas – Improved duplicate column name detection was added to content type and reusable field schema fields. Content type field names must be unique within the content type and across all reusable field schemas. Reusable schema field names must be unique across all reusable schema and content type fields.
  • Database table API – New CMS.DataEngine.Provider<TInfo> API for directly accessing IInfoProvider<TInfo> instances in code where dependency injection is not possible.
  • Website development – The RoutedWebPage type was extended by a new property containing the GUID of the currently accessed page. Developers can use this data to retrieve the page and access its content fields. For example, when developing widgets or other Page Builder components, RoutedWebPage data for the current page is accessible via ComponentViewModel.Page.

New object types for CI/CD

The update introduces the following object types, which are supported by the Continuous Integration and Continuous Deployment features. Consider updating the repository.config files of your CI/CD repositories, particularly when using the <IncludedObjectTypes> allowlist for object type filtering.

  • cms.taxonomy – stores taxonomies, i.e., collections of related tags.
  • cms.tag – stores individual taxonomy tags that can be used to organize content.

Newly obsolete API

Info provider interfaces in the following namespaces were replaced by the generic IInfoProvider<TInfo> provider and made obsolete.

CMS.Activities:

  • IActivityInfoProvider
  • IActivityTypeInfoProvider

CMS.EmailEngine:

  • IAttachmentForEmailInfoProvider
  • IEmailAttachmentInfoProvider
  • IEmailInfoProvider

CMS.EmailMarketing:

  • IEmailBounceInfoProvider
  • IEmailConfigurationInfoProvider
  • IEmailLinkInfoProvider
  • IEmailStatisticsInfoProvider
  • IEmailStatisticsHitsInfoProvider
  • IEmailTemplateInfoProvider
  • IEmailSubscriptionConfirmationInfoProvider
  • IEmailMarketingRecipientInfoProvider
  • ISendConfigurationInfoProvider
  • IRecipientListSettingsInfoProvider

CMS.Modules:

  • IResourceInfoProvider

CMS.OnlineForms:

  • IBizFormInfoProvider
  • IFormFeaturedFieldInfoProvider
  • IBizFormRoleInfoProvider

CMS.OnlineMarketing:

  • ITrackedWebsiteInfoProvider

Fixed issues – security

  • Admin UI authentication – Antiforgery cookies used by the admin UI are now generated with the secure attribute. We recommend clearing the cookies for your administration project domain after applying the refresh update to ensure the new cookie configuration is used.

Fixed issues

  • Admin UI – Very long workflow or workflow step names were displayed incorrectly in various parts of the administration UI.

  • Content hub – A selected content item’s Properties panel didn’t show the content item’s type under Information.

  • SaaS environment

    • The Cloudflare CDN cache was not purged after deployment for projects with more than 30 domains in the environment.

    • The channel domain dropdown was not fully visible in the Deployments application when a project contained a large amount of channels.

    • Status monitoring was added for the following regions:

      • Canada Central
      • East Asia (Hong Kong)
      • Germany West Central
      • Japan East
      • North Europe (Ireland)
      • UAE North
  • Selector UI component

    • The Data source value separator option (added in version 28.3.1) displayed an unresolved resource string value.
    • The semicolon character was not set as the default value of the Data source value separator option in the UI for the Dropdown selector and the Radio group Admin UI form components, as well as for the Radio buttons, Drop-down list, and Checkboxes Form Builder form components.

Hotfix (March 14, 2024)

version 28.3.3

Updates and changes

  • Website content – Special characters in page URLs are now displayed in their decoded, user-friendly versions in the URL section on the Content tab.

Fixed issues

  • Rich text editor – The HTML sanitizer used in the Rich text editor removed all entered CSS @media rules.

Hotfix (March 7, 2024)

version 28.3.2

Fixed issues

  • Code generators – When generating code for a binding class that relates objects of the same object type, the code generator produced uncompilable code containing two identically named variables. After applying the hotfix, column names are used as variable names to ensure uniqueness for bindings that target the same object types.

Hotfix (February 29, 2024)

version 28.3.1

New features

  • Form components – The Dropdown selector and the Radio group component Admin UI form components as well as the Radio buttons, Drop-down list and Checkboxes Form Builder form components didn’t display their options correctly if the option text contained a semicolon. If you want to use semicolons in the value or text of the options, configure a different separator using the new Data source value separator setting in the UI (or using the new DataSourceValueSeparator property when adding the components in code).

Fixed issues – security

  • Security – Fixed a vulnerability in the Page and Form Builder dependencies.

Fixed issues

  • Workflow
    • If the API was used to directly create a published or archived content item, and the item’s content type had a workflow assigned, some of the new item’s metadata was set incorrectly (the ContentItemLanguageMetadataContentWorkflowStepID column in the ContentItemLanguageMetadata table).
    • When creating a new content item via the Content item selector component, the Create new item dialog incorrectly allowed users to directly Publish the new item even if the given content type was under page workflow.

Refresh (February 22, 2024)

version 28.3.0

New features

Workflow

  • New workflow feature that allows you to define the life cycle for pages, reusable content items, headless items and emails. Each workflow consists of one or more custom steps between the default Draft and Published steps. This helps ensure the quality of content by setting up a reviewing and approval process tailored specifically for your organization. See Workflows.

Artificial intelligence

  • New AI feature for fields using the Rich text editor form component, which allows users to refine selected pieces of text (make text shorter, improve spelling and grammar, etc.).

Image file endpoint protection

  • New feature that allows improved protection of the media library image file endpoint (getmedia) for requests with resize parameters. When this feature is enabled, a validation hash is required for any image file requests with resize query string parameters. This feature is enabled for new installations by default. See Image file request protection for more information.
  • Note: If image endpoint protection is enabled for an existing project updated from a previous version, you need to update certain media file URLs in your content to ensure that the content is displayed correctly.

Integrations

  • Azure AI Search – An external module that enables you to create Azure AI Search indexes for the content of pages from a website channel’s content tree using a code-first approach. The module is distributed as a NuGet package. For more information, see the Xperience by Kentico Azure Search GitHub repository.

Updates and changes

  • Added a unique index on the ContentItemLanguageMetadata database table that consists of:

    • ContentItemLanguageMetadataContentItemID
    • ContentItemLanguageMetadataContentLanguageID
    • ContentItemLanguageMetadataLatestVersionStatus
  • SaaS environment

    • Automatic predeployment backups are now available not only for the PROD environment, but also for QA and UAT.
    • The Memory utilization alert is now triggered when the total memory usage of your deployed projects reaches 90% instead of 80%.

Newly obsolete API

  • Provider interfaces in the CMS.DataProtection namespace were replaced by the generic IInfoProvider<TInfo> provider and made obsolete. Affected interfaces:
    • IConsentInfoProvider
    • IConsentArchiveInfoProvider
    • IConsentAgreementInfoProvider
  • Provider interfaces in the CMS.MacroEngine namespace were replaced by the generic IInfoProvider<TInfo> provider and made obsolete. Affected interfaces:
    • IMacroIdentityInfoProvider
    • IUserMacroIdentityInfoProvider
    • IMacroRuleCategoryInfoProvider
    • IMacroRuleMacroRuleCategoryInfoProvider
    • IMacroRuleInfoProvider

Fixed issues – security

The System.IdentityModel.Tokens.Jwt package (transitive dependency) was updated to the latest version.

Fixed issues

  • Admin UI – The tile view of the applications list in the administration displayed an incorrect number of applications per row.

  • Contact management – The Email bounces column in contact listings incorrectly displayed “OK” for contacts without a known email address. After the updated, a dash is displayed instead for such contacts.

  • Content items – All public methods of IContentItemManager, except for GetContentItemMetadata and GetContentItemLanguageMetadata, now check that the content item identifier provided as input refers to a reusable content item. The purpose of IContentItemManager is to facilitate manipulation with reusable content items. The fact that it allowed users to work with other types of content items was an oversight that could lead to data inconsistencies. To work with web page items, use IWebPageManager.

  • Headless tracking – If a new custom activity type was created or an existing type’s code name was changed, the headless tracking API didn’t reflect the change until the application’s cache was cleared.

  • Modules – Attempting to create new fields without database columns in UI forms without first specifying their data type resulted in an unhandled exception instead of failed form validation.

  • Page Builder – The scroll bar was not available in the Page selector editing component when used in widget properties if the page selected as root had a large number of subpages.

  • SaaS environment – In certain rare cases, the Cloudflare CDN firewall blocked the upload of media library files.

  • UI form components – The Object code names selector component incorrectly allowed users to specify object types without a dedicated code name column.


Hotfix (February 15, 2024)

version 28.2.3

Fixed issues – security

The hotfix updates the ‘Microsoft.Data.SqlClient’ library to version 5.1.5.

Fixed issues

  • Admin UI authentication – The ExpireTimeSpan property of AdminIdentityOptions.AuthenticationOptions was not being reflected when set via the AdminIdentityOptions object. For example:

    
      builder.Services.Configure<AdminIdentityOptions>(builder.Configuration.GetSection(nameof(AdminIdentityOptions)));
      

    With the corresponding appsettings.json section:

    
      "AdminIdentityOptions": {
          "Authenticationoptions": {
              "ExpireTimeSpan": "06:00:00"
          }
      }
      

    Instead, the property was only configurable via its encapsulating AdminAuthenticationOptions type. The hotfix ensures correct behavior and also logs a warning to the event log if it detects that the ExpireTimeSpan value is being set via AdminAuthenticationOptions.

  • CI/CD – An error occurred when restoring a CI/CD repository of a project with a different default language than English into a database different than the one from which the repository was stored.

  • Code generators – Since version 28.2.0, generating provider classes and interfaces for object types via the code generator utility was not possible. The problem was caused by the --with-provider-class parameter, added in 28.2.0, which was not being correctly reflected.


Hotfix (February 8, 2024)

version 28.2.2

Fixed issues

  • SaaS deployment – The Continuous Deployment configuration file of new projects for SaaS deployment (installed with the --cloud parameter) was missing the necessary configuration to ensure reusable field schema deployment to the SaaS environment. To fix this issue for existing projects, download the Kentico.Xperience.Templates package from this hotfix, create a new boilerplate project and copy the generated Continuous Delivery configuration file from the $CDRepository folder to your project.

Hotfix (February 1, 2024)

version 28.2.1

New features

  • UI form components – You can now deploy your projects without the Xperience by Kentico administration when you make use of form component configurators. This is now possible after registering each form component configurator under an identifier via the RegisterFormComponentConfigurator assembly attribute, and then using the FormComponentConfiguration attribute with its new Identifier property.

Fixed issues

  • API – When generating content for an email field, the AI panel displayed incorrect text for the quick refinement options below the generated text.

  • Admin UI – The Save button displayed when editing headless items had an incorrect color schema.

  • CI/CD – Separately updating the databases of multiple instances synchronized via CI/CD from versions 22.0-26.6 to version 27.0 or later resulted in an inconsistent state of page URL GUIDs. This led to duplicate key errors during subsequent CI/CD restore operations, as the synchronized URLs had non-matching GUIDs. The hotfix only prevents the GUID inconsistencies when updating project databases to version 28.2.1 or newer (the issue is not resolved for projects where the inconsistencies are already present).

  • Content types – When adding reusable field schemas in the Content types application, the checkbox in the side panel did not toggle to display a checkmark - indicating successful selection of a schema for addition - unless the checkbox element was selected directly. The schema field was still added after confirmation. After applying the hotfix, the checkbox toggles correctly even if a different area of a schema is selected in the listing.


Refresh (January 25, 2024)

version 28.2.0

New features

Reusable field schemas

  • Reusable field schemas enable the reuse of a collection of content type fields across multiple content types. A common use case is grouping a set of functionally related fields that often need to be duplicated across content types. For example, for search engine optimization purposes or social networking. See Reusable field schemas.
  • Reusable field schemas also introduce a new type of code file primitive – reusable schema interfaces. Each interface encapsulates fields defined by its corresponding schema. The code generator now supports generating these files via the --type ReusableFieldSchemas parameter. Generated content type classes implement these interfaces as needed based on the set of assigned reusable field schemas. See Generate code files for system objects.

Headless content preview

  • It’s now possible to retrieve headless items in their latest available version when using an API key with the appropriate Access type.
  • After setting up the Preview URL, you can now easily navigate to your preview environment straight from a headless channel application using the Preview button.

Headless tracking

  • Headless tracking enables developers to track contacts and log activities for the audience of external content channels, such as mobile apps, single-page applications, etc. Xperience then serves as a central hub where you can monitor contacts and analyze activities for all connected websites and channels. See Headless tracking.

Website development

  • The RoutedWebPage type was extended by new properties containing further information about the language, content type and website channel of the currently accessed page. Developers can use this data to retrieve the page and access its content fields. For example, when developing widgets or other Page Builder components, the RoutedWebPage ComponentViewModel.Page.

Content management

  • The Content hub application now supports bulk deletion of content items. Select the set of content items to delete via selectors on the left-hand side of the listing.
  • Image thumbnails displayed in the user interface (e.g., in asset selector, content hub) now have a chessboard pattern as a background to improve the visibility of white images with a transparent background.

Emails

  • Regular emails sent to subscribed recipients now support one-click unsubscribe. The system automatically includes the List-Unsubscribe-Post and List-Unsubscribe headers in regular emails. If a recipient uses one-click unsubscribe, the resulting request is handled in the same way as a standard unsubscribe link in email content.

Admin UI customization

  • UI listing pages – Listing UI pages can now be extended with commands that apply to multiple items from the listing via the PageConfiguration.MassActions property.

File system providers

  • Amazon S3 – New configuration option that controls whether Amazon S3 file system mappings fall back to the original local folder if a requested file cannot be found in Amazon S3. This fallback can cause issues when deploying files using the Continuous Deployment restore process, for example during deployment to the SaaS environment. Developers can configure the option using the introduced EnableFallbackToLocalFileSystem property of AmazonStorageOptions. The default values are true for self-managed projects and false for SaaS deployments.

    C#
    Program.cs
    
    
      using Kentico.Xperience.AmazonStorage;
    
      var builder = WebApplication.CreateBuilder(args);
    
      builder.Services.AddKentico( ... );
    
      // Disables the fallback to the local file system
      builder.Services.Configure<AmazonStorageOptions>(options => options.EnableFallbackToLocalFileSystem = false);
    
      

Integrations

  • CRM – An external module (a starter kit) that simplifies the integration of Xperience by Kentico with CRM software. The module also contains two packages that directly integrate Xperience by Kentico with Microsoft Dynamics 365 Sales and Salesforce Sales Cloud CRM. The integration enables sending form submissions from Xperience to the CRM as leads and checking synchronization status in the Xperience administration. The starter kit and two integrations are distributed as NuGet packages. See the Xperience by Kentico CRM GitHub repository for details.
  • Tag Manager – An external module that allows marketers and editors to author and embed custom tags or code snippets into website channels. The module supports Google Tag Manager code snippets out of the box. The module is distributed as a NuGet package. See the Xperience by Kentico Tag Manager GitHub repository for details.

Updates and changes

Code generators

  • The --type All parameter used to generate code files for all supported objects in the system is now marked obsolete. Running the code generator utility with this parameter produces a warning in the output. The parameter’s behavior remains unchanged. However, it doesn’t support generation for reusable fields schemas introduced in this release and will output invalid code in projects that make use of this new feature. Use a combination of the existing parameters to generate equivalent output.
  • Code generators now provide the option to generate object type (module class) code files without the corresponding I*Provider and *Provider classes via the --with-provider-class class parameter. The parameter defaults to true – if not provided, object type classes are generated with their corresponding providers. If set to false, only the *Info class is generated. This option was added to support the use of the generic IInfoProvider<TInfo> provider class instead of dedicated providers per object type. See Info class managers.

Data types

  • The Date and Long integer number data types are now available for the fields of content types for emails.

Headless channels

  • Domains that are allowed for Cross-Origin Resource Sharing (CORS) by headless channel GraphQL endpoints can now be configured in the administration using the new Settings > Content > Headless > Allowed origins setting. This setting overrides allowed domains set through the CMSHeadless.CorsAllowedOrigins key in your application’s configuration file (appsettings.json by default) or the HeadlessOptions.CorsAllowedOrigins option in your project’s startup file (Program.cs). See Retrieve headless content.

Page Builder

  • The Vue.js framework used in the Page and Form Builders was updated to version 3.

Xperience Portal

  • The DNS record configuration of custom channel domains in Xperience Portal now supports IPv6 AAAA records for apex domains.

Fixed issues

  • Admin UI

    • In certain rare cases, the system could incorrectly display a confirmation dialog when selecting actions in listing pages that did not have a confirmation dialog defined.
    • The dialog for a new language variant added in the content hub was missing a caption and description.
    • The header of action columns in listing pages was missing the background. As a result, listing headers overlapped with the Actions text.
    • When using the binding UI page template, the confirmation dialog for removing items from the binding was hidden behind the editing side panel in some cases.
  • Content hub – The Properties → Information → Published status was displayed incorrectly for published content items. The issue occurred on versions 28.1.0 and newer.

  • Content item API – The behavior of column data retrieval via the GetValue and TryGetValue methods was unified for nullable and non-nullable types. If the methods do not find the requested column, they return the specified default value instead. Prior to this version, the methods returned null for nullable types and raised a NullReferenceException for non-nullable types. Developers could encounter this behavior when manually mapping the result of content item queries from IContentQueryDataContainer objects.

  • Forms – Calling BizFormItemProvider.GetItem terminated with a database exception for any combination of parameters. As a result, it was not possible to, for example, preview submitted form data via the Forms application. This issue was introduced in version 28.1.1.

  • Headless API

    • Improved the error messages returned for various invalid states in GraphQL queries for retrieving headless channel content.
    • Null values were not accepted as valid for optional arguments of GraphQL query fields in headless content retrieval requests.
    • When retrieving linked headless items via GraphQL, the items were retrieved in a different order than they were displayed in the Headless item selector.
  • Headless items – Improved UI texts and tooltips in the Headless item selector.

  • Media libraries – The error message displayed when attempting to upload files with non-allowed extensions to media libraries was updated to contain accurate information.

  • Modules – An error occurred when attempting to delete a category in the field editor of a module class UI form. For example, the problem could occur when editing a UI form of a customizable system class in the Modules application.

  • Page Builder

    • The system did not serve the minified ‘systemFormComponents.min.js’ file correctly in the Page Builder scripts for the Form widget.
    • The widget and section selection dialog in the Page Builder interface was displayed incorrectly in certain cases. After applying the update, the dialog dimensions and layout are better modified to match the screen dimensions and the number of displayed items.
  • Page templates

    • The Microsoft Application Insights client-side telemetry script was re-added to the Dancing Goat project template (kentico-xperience-sample-mvc) after being accidentally removed in version 27.0.0.
    • When implementing page templates with a custom model, it was not possible to pass data to the template view using ViewBag, ViewData or TempData.
  • Pages

    • After collapsing and subsequently expanding the URL section on the Content tab with an empty URL slug field, the UI did not display the validation error message.
    • After discarding changes made on the Content tab, the headers of form categories would disappear.
    • The URL section on the Content tab was incorrectly expanded by default on existing pages.
  • Reusable content – When a content item was linked from two different fields of another content item and the user attempted to remove the reference from one of the fields, the system did not correctly remove the reference, leaving the item linked in both fields.

  • SaaS environment – An error occurred when accessing the root of a SaaS environment domain that didn’t have a valid website channel running (e.g., a website channel domain before package deployment or a custom email channel service domain). Now the system displays an appropriate message without any errors.

  • UI form components – Expendable form categories containing fields with dependencies unexpectedly collapsed after such fields were changed.


Hotfix (January 11, 2024)

version 28.1.2

Fixed issues

  • Content types – It was incorrectly possible to remove a content type from a channel’s Allowed content types using the selector side panel, even if items of the given type already existed under the channel.

  • Rich text editor – On Linux environments (e.g., Azure App Service), projects using the .NET 8 framework could encounter an error when the system attempted to display a rich text editor form component.

  • Update procedure – When updating projects from version 27.0 (any hotfix version) to version 28.0.0 or later, the database update could fail unexpectedly if it encountered certain Page Builder configurations with slight inconsistencies.


Hotfix (January 4, 2024)

version 28.1.1

New features

  • Microsoft Azure Storage – New configuration option that controls whether Azure Storage file system mappings fall back to the original local folder if a requested file cannot be found in Azure Storage. This fallback can cause issues when deploying files using the Continuous Deployment restore process, for example during deployment to the SaaS environment. Developers can configure the option using the introduced EnableFallbackToLocalFileSystem property of AzureStorageOptions. The default values are true for self-managed projects and false for SaaS deployments.

    C#
    Program.cs
    
    
      using Kentico.Xperience.AzureStorage;
    
      var builder = WebApplication.CreateBuilder(args);
    
      builder.Services.AddKentico( ... );
    
      // Disables the fallback to the local file system
      builder.Services.Configure<AzureStorageOptions>(options => options.EnableFallbackToLocalFileSystem = false);
    
      

  • Headless channels – New CorsAllowedHeaders configuration option, which can be used to restrict which HTTP headers are allowed for content retrieval requests against headless channel GraphQL endpoints. If not set, all headers are allowed by default. See Retrieve headless content to learn more.

Updates and changes

  • The Froala Editor that provides the Rich text editor in Xperience was updated to version 4.1.4. This fixes a potential XSS vulnerability in the editor. See the Froala Changelog for details.
  • Data types – The Content items data type is now available when modeling object types in custom module classes. Note that the system doesn’t maintain the referential integrity of objects linked via this data type. Custom code must account for the referenced objects no longer existing or being otherwise invalid.

Fixed issues

  • Admin UI external authentication – The ‘@’ character in the usernames of administration users synchronized via external authentication providers (Auth0, Okta, Active Directory) was incorrectly replaced by underscore ‘_’ characters.

  • Former URLs – If a page was moved to a different position under the same parent, any former URLs of the page that contained the current parent’s URL slug were deleted.

  • Headless channels – The API endpoint of headless channels didn’t support CORS preflight requests, which could cause requests to be blocked by CORS policy.

  • Pages

    • After publishing a page in the Page Builder view mode of a website channel application, the page’s status icon in the content tree wasn’t updated correctly.
    • If a page field was set as required and used the Rich text editor form component, the following issues could occur when editing the page in the Content view mode of a website channel application:
      • The rich text editor component disappeared if the field was saved and validated with an empty value.
      • A validation error was not displayed under the field when attempting to directly publish the page with an empty value in the rich text field.
  • Settings – Changes to settings made via the Settings application were not saved under certain circumstances.


Refresh (December 14, 2023)

version 28.1.0

You can read a blog post by Sean Wright for a brief introduction of this refresh.

New features

Headless channels

  • This release introduces a production-ready version of the headless API feature. With headless channels, you can now securely retrieve content using HTTP requests and GraphQL, and consolidate your applications, services or external websites into the Xperience ecosystem.
  • Headless channel management describes how to set up and configure headless channels.
  • Headless content explains how to prepare and edit the content available for headless channels.
  • Retrieve headless content is a developer resource dedicated to retrieving Xperience content using GraphQL.

Content management

  • Cascade publishing – When publishing a page, content item, email or headless item that links to other reusable content items, the system now displays a list of all unpublished linked items. Users can select individual linked items and publish them together with the main item. See Content hub for more information.

Code generators

  • Code files generated for reusable content types now implement the IContentItemFieldsSource interface. The interface can be used as the unifying type to access system fields from a collection of multiple content types, or register extension methods that are available for all generated classes. See Generate code files for system objects.

Emails

  • Email templates – Added support for displaying links to pages referenced via Pages content item fields within email templates. See Email templates for more information.

SaaS environment

  • A new Level 1 project tier is now available for Xperience Portal projects. See SaaS service plans for more information about the available project tiers.
  • When downloading a backup of an application’s storage and files, you can now access and download the backup via the AzCopy or Azure Storage Explorer tools instead of downloading a possibly very large zip file.
  • Support for the following SaaS deployment regions was added: Germany West Central, Japan East, UAE North, Canada Central, North Europe (Ireland) and East Asia (Hong Kong).
  • Xperience Portal now displays the version of the Xperience application for all deployments.

API

  • Content item query – A new IncludeTotalCount parametrization method for content item query was added. The method ensures that every retrieved item stores the total number of items, regardless of pagination applied by the Offset method. The total count can be accessed by calling GetTotalCount() on any item retrieved by the query. See Reference - Content item query.
  • A new interface IWebPageFolderRetriever was added to allow developers to retrieve folders from the content tree of website channels.

Newly obsolete API

  • CMS.IO.Directory.PrepareFilesForImport and CMS.IO.AbstractDirectory.PrepareFilesForImport – the methods were not intended for public use.

Updates and changes

  • Content types – A content type that is allowed in a channel can no longer be removed from the channel if any content items of that type already exist under the channel. Also, when updating to this version, all missing relationships between content types and channels are automatically added.

Updated best practises

Fixed issues

  • Admin UI

    • The Select all checkbox could behave incorrectly under certain circumstances.
    • The media library and page selector side panels used incorrect scrolling behavior in certain cases.
  • Admin UI customization – The support for admin JS module development over HTTPS that was introduced in version 28.0.0 did not work with the default ASP.NET Core development certificate due to a misconfiguration.

  • Page Builder – Pages in Page Builder and Preview mode whose language was retrieved using the IContentLanguageRetriever interface were in the fallback language instead of the preferred language if fallbacks were applied.

  • Project templates – In the Dancing Goat project template the Page builder displayed wrong language variant for linked items when a language fallback was applied.


Hotfix (December 7, 2023)

version 28.0.3

Fixed issues

  • Code generators – The class form definitions for content types were incorrectly changed during the update process. As a result, the code generators did not work correctly after the update in certain cases.

Hotfix (November 30, 2023)

version 28.0.2

Fixed issues

  • Data types

    • It was not possible to work with the Object code names, Object global identifiers, and Object IDs data types in projects without the Kentico.Xperience.WebApp package (e.g., console applications).
    • The Object global identifiers data type, available for custom object types (in custom modules) and system classes since version 27.0.0, is now also available when modeling web page and reusable content types. Note that the system doesn’t maintain the referential integrity of objects linked via this data type. Custom code must account for the referenced objects no longer existing or being otherwise invalid.
  • Forms – The ~/BizFormFiles folder storing files uploaded via form fields using the Upload file form component wasn’t mapped to Azure Blob storage in projects installed for deployment to the SaaS environment. The hotfix only resolves the issue for new projects created after updating project templates. To add the mapping to existing projects, call MapAzureStoragePath($"~/BizFormFiles"); in the default StorageInitializationModule.cs file.

    C#
    
    
      protected override void OnInit()
      {
          base.OnInit();
          if (Environment.IsQa() || Environment.IsUat() || Environment.IsProduction())
          {
              MapAzureStoragePath($"~/assets/");
              MapAzureStoragePath($"~/BizFormFiles");
          }
          else
          {
              MapLocalStoragePath($"~/assets/media");
          }
      }
    
      

  • Xperience Portal

    • An error occurred in certain cases when revalidating channel domains in Xperience Portal.
    • If the channel limit was exceeded for a project in Xperience Portal, the alert message shown in the Channels application didn’t correctly display the number of allowed channels.
    • The channel domain management page under Channels and Domains in Xperience Portal displayed a misleading alert message if the user had insufficient permissions to add or edit domains (i.e., users with the Developer role).

Hotfix (November 23, 2023)

version 28.0.1

Fixed issues

  • Admin UI customization – If the ModuleInitParameters parameter was passed to the base.OnInit() call when writing the code of an admin UI customization module (inheriting from AdminModule), an exception occurred on application startup.

  • Pages – The Discard action was incorrectly available for pages in the initial Draft state (after creating a new page or a new version of an archived page).


SaaS environment update (November 21, 2023)

version 28.0.0 (NuGet packages not released for this update)

Updates and changes


Refresh (November 16, 2023)

version 28.0.0

New features

General

  • .NET 8 support – Xperience by Kentico version 28.0.0 fully supports project development on .NET 8.

Languages

  • When creating a new language variant of a page or content item, it is now possible to copy content from an existing language variant.

Page templates

  • The Preset page template feature was restored. Preset templates allow content editors to save the Page Builder configuration and content of existing pages that are based on a template. The resulting templates can then be used as a starting point for new pages.
  • TemplateViewModel and TemplateViewModel<TPropertiesType> classes were introduced to allow developers to pass a custom model to the page template’s view.

Emails

  • Email templates – The content types for which an email template is allowed can now be configured directly when editing individual templates in the Email templates application.

Website development

  • When accessing the current page in various website development scenarios, the API now provides RoutedWebPage objects, which contain the code name of the page’s content type in addition to the page ID and language. Developers can use this data to retrieve the page and access its content fields. For example, when developing widgets or other Page Builder components, the RoutedWebPage data for the current page is accessible in ComponentViewModel.Page.

Rich text editor

Customization

  • Module classes now support service resolution via IServiceProvider in initialization code, using the new OnInit(ModuleInitParameters) override. Additionally, the OnPreInit(ModuleInitParameters) override allows access to the application’s IServiceCollection, e.g., to configure the application’s startup options. See Run code on application startup.

Content modeling

  • This release changes the accessibility of the Pages and Object code names data types.
    • Pages – this data type is now available when modeling web page and reusable content types, and object types (in custom modules). Fields of this data type store references to web pages.
    • Object code names – this data type is now available when modeling web page and reusable content types , custom object types (in custom modules) and when extending system object types. Fields of this data type store references to other objects in system via object code names.Note that the system doesn’t maintain the referential integrity of objects linked via these data types. Custom code must account for the referenced objects no longer existing or being otherwise invalid.

Admin UI authentication

Admin UI customization

  • Custom JavaScript modules can now be developed in SSL-enabled environments when using the Proxy mode. To enable SSL, add the UseSSL property to the module configuration in your Xperience instance. See Prepare your environment for admin development.

Breaking changes – API

  • The ITreeNode interface was removed. The interface was not functionally connected to any system logic. It was an accidental remainder from the switch to the new content modeling approach introduced by version 27.0.0.
  • The IPageBuilderConfigurationSourceLoader and PageBuilderConfigurationSource types were moved to the Kentico.PageBuilder.Web.Mvc.Internal namespace and are not intended for public use.

Newly obsolete API

The following API members were marked obsolete, to be removed in one of the future releases:

  • The IRoutedWebPage and IWebPageDataContext types used when getting information about the current page are now obsolete. Use RoutedWebPage and WebPageDataContext instead.
  • The ActivityLoggingAPI and ActivityLoggingScript extension methods for registering activity logging scripts in page views are now obsolete. Use the new ActivityLoggingScriptV2 method instead. The method has optional parameters that allow you to enable or disable logging scripts for page-related activities and custom activities.
  • The following properties of the ObjectTypeInfo class are no longer used by the system:
    • ModuleName
    • AssemblyNameColumn
    • SizeColumn
    • MimeTypeColumn
    • ResourceIDColumn
    • DependsOnIndirectlyAfter upgrading, your custom object type classes may output warnings related to these properties. Manually remove the offending code or regenerate the affected classes using the code generator.
  • The update obsoletes the following API members related to the content model used prior to version 27.0.0 and which are no longer actively used by the system:
    • FieldBase.External
    • FieldBase.IsInherited
    • IField.External
    • IField.IsInherited
    • FormCategoryInfo.IsInherited
  • The following properties were made obsolete with no replacement:
    • FormFieldInfo.GetResolvedDefaultValue
    • FormFieldInfo.SetResolvedDefaultValue
    • FormInfo.AddFormCategory
    • FormInfo.CombineWithForm
    • FormInfo.EnsureDefaultValues
    • FormHelper.EnsureDefaultValues
    • FormHelper.GetOriginalFileName
    • FormHelper.GetGuidFileName

Fixed issues

  • AI – Email subject suggestions generated by the AI feature were in some cases displayed in a different language than the one set for the email channel after requesting adjustments via the quick refinement buttons or the manual text prompt.

  • Activities – If a custom activity was logged from client-side code directly on page load, two separate anonymous contacts were created for new visitors (one with the custom activity, the other with the system’s default page visit activities). To fix the issue, developers need to register updated activity logging scripts using the new ActivityLoggingScriptV2 extension method.

  • Admin UI

    • Some object creation pages in the administration UI had missing page titles.
    • The “select all” checkbox above selectable lists of items in the administration UI behaved incorrectly in cases where the list contained both selected and not selected items. After the fix, the checkbox either selects all items if none are currently selected, or clears the selection of all items.
    • The text of object “name” field labels was unified throughout the administration to match the “Object name” and “Code name” format.
  • CI/CD – Content item references were not restored properly in the CD Create mode, leaving the database inconsistent.

  • Channels – Validation for the maximum number of allowed characters was missing for the domain inputs offered when creating or editing channels.

  • Contact management – The Birthday and Country/State fields are now displayed when editing a contact’s profile in the Contact management application.

  • Content item API – When fields of the Content item asset data type did not have Required set and were left unpopulated, retrieving content items with such fields resulted in an exception. After the update, the retrieval API correctly returns null.

  • Content types – In certain rare cases when creating content types, the system could return an error if the code name of the newly created content type matched the database table name of an already existing, previously renamed content type.

  • Email templates – Leading and trailing whitespace characters in the names of email templates weren’t trimmed correctly in certain parts of the administration UI.

  • Emails

    • If a contact belonged to a recipient list and their email address was later deleted, an error occurred for each such contact when sending a Regular email to the recipient list. After the fix, contacts without an email address are skipped when sending emails, without causing any errors.
    • Subscription confirmation and unsubscription links didn’t work if the recipient’s email address contained certain special characters (for example ’’).
  • Forms

  • General – The application could reach the preset limit on the number of database connections under heavy traffic (e.g., during a load test).

  • Media libraries – An error occurred in certain cases when renaming a folder in a media library in the Media libraries application.

  • Pages – The Current URL or New URL fields displayed an incorrect URL value when creating a new language variant of a page that already existed in the fallback language.

  • Pages

    • Sample sites based on the Dancing Goat project template didn’t preserve the currently selected language when redirecting users after sign-in, registration or sign-out. The English variant of the site’s home page was always opened. The issue is only resolved for new projects created after updating project templates.
    • The Current URL or New URL fields displayed an incorrect URL value when creating a new language variant of a page that already existed in the fallback language.
  • Project templates – Certain sample widgets included in the Dancing Goat project template contained cross-site scripting vulnerabilities.

  • Rich text editor – Images or links added in the rich text editor weren’t created correctly if the selected content item asset contained an apostrophe ( ’ ) in its file name. This could result in missing images or broken links on the live site or in sent emails.


Hotfix (November 9, 2023)

version 27.0.4

Fixed issues

  • Recipient lists – When editing the approval or unsubscribe settings of a recipient list, an error occurred when saving the dialog after a different Thank you page or Goodbye page was selected while the Send (un)subscription confirmation option was disabled. Additionally, the selected confirmation email wasn’t cleared correctly if the Send (un)subscription confirmation option was disabled.

Hotfix (November 2, 2023)

version 27.0.3

Fixed issues – security

  • Unauthorized access – Fixed an issue that, under extremely specific conditions, allowed unauthenticated actors access to the emails of users registered in the administration interface.

  • XSS – Fixed a cross-site scripting vulnerability caused by improper sanitization of content item asset file names.

Fixed issues

  • Cross-site tracking – Cross-site tracking didn’t work correctly if the website channel linked to the tracked site had its Default cookie level set lower than Visitor.

  • Field editor – Fields with a data type that cannot be set as Required (e.g., Binary, Content items, Content item asset) couldn’t be saved and created if the Display in editing form option was disabled.

  • Pages – The Current URL and New URL fields of pages in website channel applications were not displayed and updated correctly in certain scenarios (e.g., when creating a new language variant of a page).

  • Project templates – Projects installed with the --cloud parameter had incorrect Azure Blob storage folder mappings for media library files in the StorageInitializationModule class. The issue is only resolved for new projects created after updating project templates.

  • Routing – Routes registered for specific website channels didn’t work correctly in cases where multiple RegisterWebPageRoute attributes were added for a single content type, but different website channels.

  • UI form components – If a Page selector  was limited to a section of the content tree, the selection dialog didn’t work correctly in environments with multiple website channels.


Hotfix (October 26, 2023)

version 27.0.2

Fixed issues

  • Emails – If fields with the Date and time, Decimal number or Floating-point number data types were placed into an email template, the value was not resolved according to the Formatting culture of the language set for the email channel.

  • Routing – Validation of URL collisions between the URL slugs of pages and the code names of language didn’t work correctly in certain cases.

  • UI form components

    • Some form components didn’t correctly display the value saved for the associated field under specific conditions. For example, the icon selector used when editing a content type always showed No icon selected after the General tab was reloaded.
    • The URL selector UI form component allowed users to select a page even when the field was placed outside of a website channel. After applying the hotfix, the selection functionality is disabled in this scenario, and the component only provides a text field for inserting URLs manually.

Hotfix (October 19, 2023)

version 27.0.1

New features

  • API – Asynchronous versions of services used to retrieve cache dependencies for linked content items were introduced: IWebPageLinkedItemsDependencyRetriever and ILinkedItemsDependencyRetriever. The new interfaces are IWebPageLinkedItemsDependencyAsyncRetriever and ILinkedItemsDependencyAsyncRetriever.

  • Emails – Added a new ForPreview property to the Email selector UI form component, which controls whether the selector allows emails without a published version (false by default).

Updates and changes

Fixed issues

  • AI – Selecting Cancel in the AI panel while generating content for an email field could in some cases result in an error.

  • Admin UI

    • Buttons for saving, publishing and editing pages were not visible in website channel applications when viewed on a smartphone-sized display.
    • Improved UI texts and error messages in multiple locations across the administration interface, e.g., Content hub, Media libraries, and website channel applications.
    • Validation errors were sometimes incorrectly displayed on administration pages with visibility conditions immediately after a previously hidden required field was made visible.
  • CI/CD – Continuous Integration generated unnecessary changes when the primary language of any website channel was updated. After applying the hotfix, only changes to the edited website channel object are generated.

  • Content hub – It was not possible to upload assets with uppercase characters in file extensions, e.g., image.PNG.

  • Content items

    • If a Content item selector field was used to create and directly publish a linked content item, using the Publish action for the original content item didn’t save the added link (if changes were not previously saved using the Save action).
    • When using content item query to retrieve items with a Content item asset field, an exception was thrown if the field was empty (no file uploaded). This could cause an error on the live site. After applying the hotfix, empty content item asset fields return a null value – the retrieval still needs to be handled correctly by developers to avoid null reference exceptions.
  • Emails

    • Content types for emails incorrectly had the ClassWebPageHasUrl column set to true in the CMS_Class database table.
    • The Last updated time of emails wasn’t set correctly when the email’s content or settings were updated.
    • Emails that did not have a published version yet (i.e., emails with the initial Draft status) could be selected in the administration’s email selectors, for example when configuring an autoresponder for a form. Attempting to send an unpublished email results in an error.
  • Languages – The Data protection application didn’t preserve the language selected previously in another application (e.g., Content hub).

  • Modules – It was possible to edit the General configuration of fields without database representation in the UI forms of system modules. Such changes could could cause errors in the administration.

  • Page Builder – Editing component state configuration for Page Builder legacy selectors did not work correctly after applying the October refresh (version 27.0.0).

  • Performance

    • Certain requests made by the Page Builder were not cached properly, which resulted in unnecessary database queries.
    • Projects with large numbers of content items and linked items (multiple thousands and more) generated excessively large queries when retrieving content linked item data, which could cause SQL errors on the live site.
  • Project templates – The Program.cs file in the Boilerplate (kentico-xperience-mvc) project template contained commented code that was invalid. The hotfix fixes the issue only for new boilerplate projects created after updating project templates.

  • Rich text editor – It was possible to select images without a fallback language variant for the current language in the Insert image dialog in the rich text editor. After applying the hotfix, such images are not displayed in the dialog.

  • Routing

    • Creating a page with the URL slug identical to a code name of a language led to incorrectly generated former URLs for the page. The hotfix adds validation to ensure that URL slugs of pages are not identical to the code names of any language.
    • Former URLs were not created for untranslated variants of pages when the URL slug of their ancestor changed.
  • Xperience Portal – When adding a new sending domain for an email channel in the Xperience Portal Channels application, the DNS records screen displayed incomplete domain name values.


Refresh (October 12, 2023)

version 27.0.0

This Refresh release introduces major changes to content management and general content workflow in the system.

Updating is only supported for projects on version 26.6 (any hotfix version). If you are transitioning from an older version, you need to perform the update twice – first to version 26.6.0 and then to 27.0.0 or newer.

Content management changes

This release replaces the primary method of content composition and delivery – driven by pages (TreeNode objects), the Pages application, and the DocumentQuery content delivery API – with the concept of reusable and non-reusable content items and channels. The concept of first creating a content type template and defining custom fields via the field editor remains unchanged.

Reusable content items encapsulate pieces of structured data – pure content not burdened by any information specific to a content delivery method, such as additional formatting metadata. Reusable items represent content intended for use across multiple delivery methods. Individual reusable items can also reference other reusable items, up to an arbitrary depth, to create complex, multi-level structures.

Non-reusable content items consume reusable content items via reference and serve as the medium for delivery. Each non-reusable item is responsible for transforming the referenced reusable content by providing delivery-specific formatting and metadata. Non-reusable items are tightly coupled to channels.

Channels represent a medium through which information is delivered from the system to end-users. This release introduces two types of channels: Email and Website.

Email channels are a dedicated medium of communication to a specific audience. Each project may contain multiple email channels, focusing on different content strategies, languages and audience engagement techniques.

Website channels encapsulate websites managed by Xperience. Each channel is an independent entity with its own domain name configuration and content management. Channels store content in pages and linked content items.

With this release, there is no longer a single Pages application to encapsulate the majority of content management functionality. Instead, each existing channel has a dedicated application, which can be found under the Channels category in the Xperience administration.

See the following pages for a detailed introduction to the new functionality:

Business

  • Content hub – introduces working with reusable content items.
  • Content item workflow – introduces the workflow of content items.
  • Pages – introduces working with website channels.
  • Emails – introduces working with email channels.

Administration

Development

  • Content item API – provides a general overview of reusable content item management and content delivery APIs.
  • Content retrieval – introduces working with content delivery APIs in the context of web application development.
  • Content item database structure – an overview of the database entities composing the new content model.
  • Reference - Global system events – new events for reusable content items and web pages (non-reusable content items belonging to a website channel).
  • Email templates – explains how to create templates for emails, which are now based on content types.

Note that this list is not exhaustive. Many existing features had to undergo small changes to accommodate the new approach to content modeling.

Channels instead of Sites

With the introduction of channels, the concept of grouping project-related data under a site (SiteInfo object) and the existence of site-specific objects was also removed. This should not pose a problem for existing projects, since previous Xperience by Kentico versions only supported a single site.

New features

Content management

  • Languages – Multilingual support for pages and content items was introduced. See Languages.
  • Support for running multiple websites managed by a single Xperience back-end. Documentation will be available soon.
  • Page templates – When registering Page templates for Page Builder, developers can now specify the content types for which the template is available without needing to implement template filtering (new ContentTypeNames property of the RegisterPageTemplate attribute).

Emails

  • Email channels – Emails in Xperience are now created and managed within email channels. Channels allow for clean separation of an organization’s emails, each focusing on a different content strategy or language. Every email channel has a unique sending domain, and its own application in the Xperience administration where users create and send emails.
  • Email content – The system now uses content types to define the fields available to marketers when creating emails. Email content types are tied with email templates, which contain macro placeholders that set the position of individual fields within the email content.
  • Email workflow – Emails with the Form autoresponder or Confirmation purpose now support basic Draft/Published workflow. This allows users to edit a new version of an email while the system still uses the previous published version. See Emails.
  • AI integration – Added an integration with Azure OpenAI Service, which allows users to generate content suggestions for email subjects and content fields. See Artificial intelligence features.
  • Email client configuration – The default SMTP and SendGrid email clients can now be configured separately for individual email channels, as well as system emails that are not related to a specific channel. See Email configuration.
  • Bounced email configuration – The bounced email tracking configuration for SMTP email clients can now be configured separately for individual email channels, as well as system emails. See Set up email tracking.
  • You can now set a shared sending domain for all system emails that are not created under a specific email channel (e.g., user registration, password reset, system notification emails). Use the SystemEmailOptions options class. See Email configuration.

Data protection

  • Consents – The Data protection application now allows users to create language variants of consent texts. See Consent management and Languages.

UI improvements

  • Users can now directly edit the names of pages, emails and content items by selecting an icon next to the item’s name in the editing form.

Administration UI users

  • The user registration and password reset email customization pattern, available via AdminIdentityOptions.EmailOptions was extended and simplified. The RegistrationEmailMessageProvider and ResetPasswordEmailMessageProvider options now contain a new OriginalMessage property that contains the default EmailMessage object sent by the system. You can now directly modify parts of this object instead of always having to construct the full EmailMessage when customizing these types of emails.

Administration UI development

  • Rich text editor – When creating custom Rich text editor configurations with the default Link plugin, developers can now configure which types of links are offered when the Insert link button is selected in the editor. If the pluginOptions configuration is omitted, all options shown below are used.

    JS
    
      "customPlugins": [
          {
              "pluginName": "@kentico/xperience-admin-base/Link",
              "pluginOptions": {
                  "dropdownOptions": [
                  {
                      "linkOption": "asset",
                      "componentName": "@kentico/xperience-admin-base/AssetPanel"
                  },
                  {
                      "linkOption": "external"
                  },
                  {
                      "linkOption": "webpage",
                      "componentName": "@kentico/xperience-admin-websites/PageLink"
                  }
                  ]
              }
          }
      ]
      
  • UI form components

    • New Email selector form component that allows users to select emails from an email channel. Use this new selector instead of the Object selector with the email configuration object type.
    • The Url format validation rule for UI form components provides new properties that can be enabled to also allow URL fragments starting with ‘#’ and query string values starting with ‘?’.
  • UI page templates – New binding UI page template that allows users to manage bindings, which represent many-to-many relationships between object types (*Info classes).

Breaking changes

  • Assets

    • Subfolders under the /assets folder for storing content item assets and media files are now always created with lower case names.
    • The file system folder structure for media library files no longer includes a folder matching the site code name (media libraries are now global).
  • Content types – Content type features are not available and were replaced with the Use for selector on the General tab.

    • Select Pages for content types meant for website channels.
    • Select Reusable content for content types in the Content hub.
    • Select Emails for content types meant for email channels.
  • Cookies – Default cookie level configuration is now tied to website channels and must be configured on each channel’s Channel settings tab.

  • Event log – The “Error notification email address” (CMSSendErrorNotificationTo) and “Send email notifications from” (CMSSendEmailNotificationsFrom) settings – used to configure the sending of notification emails about events logged into the event log – have been removed. The system by default no longer sends any notification emails related to the event log. If you wish to implement a similar functionality, use event log writers.

  • Forms

    • The After form submission settings of forms (Display a message, Redirect to URL, Redirect to page) were moved from the form editing UI to properties of individual Form widgets. The Autoresponder settings remain in the form UI.
    • The reCAPTCHA form component no longer controls which reCAPTCHA version is displayed to the user. Instead, it uses the reCAPTCHA version configured by the website channel under which it is displayed.
    • Forms are now global objects (not related to a specific website channel).
  • Modules – It was possible to edit certain properties of fields in the UI forms of system modules and then delete the fields. Such changes could cause errors and inconsistencies in the administration.

  • Page Builder – Page Builder is no longer enabled via the content type Features tab. Instead, you must specify a collection of content type code names when enabling Page Builder for the project in the startup pipeline.

    C#
    Program.cs
    
      features.UsePageBuilder(new PageBuilderOptions
      {
          ContentTypeNames = new[]
          {
              // Enables Page Builder for the 'LandingPage' and 'ContactsPage' content types
              LandingPage.CONTENT_TYPE_NAME,
              ContactsPage.CONTENT_TYPE_NAME
          }
      });
      

  • Page templates – Preset page templates were temporarily removed and will be added to the product soon.

  • Rich text editor – The system’s Asset and Link plugins used in rich text editor configurations now use the xperience-admin-base namespace in their pluginName value. If you use custom configurations with these plugins, you need to update the values:

    • @kentico/xperience-admin-base/Asset
    • @kentico/xperience-admin-base/Link
  • Routing – The default location of Razor view files used by the basic mode of the content tree-based routing feature was changed from ~/Views/Shared/PageTypes/<viewfile> to ~/Views/Shared/ContentTypes/<viewfile>.

  • Site domain aliases – Website domain alias configuration is now done via a code-driven approach utilizing the ASP.NET Core options pattern. See Website channel management.

Breaking changes – API

The following list covers breaking changes in frequently used API scenarios, but is not a comprehensive list of all API changes.

  • Data caching
  • Content item API
  • DocumentEngine replaced with ContentEngine and Websites projects.
    • Use generated content type classes to access page data instead of TreeNode.
    • Use IWebPageManager to manipulate pages instead of TreeNode methods.
    • The IPageDataContextRetriever service was replaced with the IWebPageDataContextRetriever and the returned object has changed.
  • Content retrieval
  • Activities
    • The IPagesActivityLogger service used to log page activities was replaced by IWebPagesActivityLogger. The methods of the service are now asynchronous and accept different parameters.
    • The CustomActivityData type used when logging custom activities has renamed properties to match the the new data structure of pages and languages.
  • Cross-site tracking
    • When configuring the cross-site tracking feature for the application, the ConsentSettings property of CrossSiteTrackingOptions now accepts an IEnumerable collection of CrossSiteTrackingConsentOptions objects instead of a single object. Add one object for every website channel where you wish to use the feature.
    • The kxt('consentdata'); function in cross-site tracking scripts now requires a languageName parameter instead of cultureCode. Set the parameter’s value to the code name of the language in which you want to load the consent texts.
  • Bounced email configuration – When configuring bounced email tracking for an SMTP email client, the SoftBounceLimit property is now available in a new BouncedEmailsGlobalOptions options class instead of BouncedEmailsOptions.
  • Content tree-based routing – The method for enabling the content-tree based routing feature for the application was renamed to UseWebPageRouting.
  • Cookies
    • The CookieHelper class is now obsolete. To work with cookies, use the newly added, non-static ICookieAccessor. Custom cookie registration is changing as well. Custom cookies now must be registered via the CookieLevelOptions options class on application startup. See Cookies for more information.
  • Forms – Forms are now global objects, so the BizFormInfo class no longer contains the FormSiteID property.
  • Legacy MVC selector API
    • The following properties used by the legacy Content selector JavaScript API were renamed:

      • Page.nodeId → Page.identifier
      • Page.nodeAliasPath → Page.treePath
      • Page.nodeGuid → Page.guid
    • The following properties used by the legacy Page selector JavaScript API were renamed:

      • pageSelectorItem.nodeGuid → pageSelectorItem.webPageGuid
    • The following properties used by the legacy Page path selector JavaScript API were renamed:

      • pathSelectorItem.nodeAliasPath → pathSelectorItem.treePath
  • Page templates – Properties were renamed for PageTemplateDefinition, PageTemplateFilterContext and the RegisterPageTemplate attribute.

Newly obsolete API

  • AdminIdentityEmailOptions.DefaultFromAddress – use the SenderAddress property on the same object instead.
  • ConsentInfo.GetConsentText – use the new asynchronous ConsentInfo.GetConsentTextAsync method instead.
  • Cookies
    • CMS.Helpers.CookieHelper – use Kentico.Web.Mvc.ICookieAccessor instead. See Cookies for more information.
    • CMS.Helpers.CookieLevel – use the static properties from Kentico.Web.Mvc.CookieLevel instead. For example: Kentico.Web.Mvc.CookieLevel.Essential.Level
  • With the removal of DocumentQuery from the system, many supporting APIs were made obsolete with no replacement.

Fixed issues – security

Fixed issues

  • Admin UI authentication

    • An error could occur in special cases when adding a new user in the Users application.
    • An error occurred if a user attempted to sign in to the administration while being signed in as a member on the live site.
    • The authentication cookie used for the administration was unnecessarily set in every response to admin UI requests. After the fix, the authentication cookie is valid for 30 minutes (unless the user signs out or the account is disabled).
    • The hashing algorithm used for admin UI user passwords was enhanced for improved security. Existing user passwords remain compatible, but we recommend that you encourage all users to set new passwords (which will automatically use the new hashing algorithm).
  • CI/CD

    • An error occurred when restoring CI/CD data if the changes included a modified module class or content type that had both added and removed fields, with the total number of fields remaining the same.
    • Changes of the Enable Continuous Integration setting were not applied immediately due to incorrect caching.
  • Code generators – When generating code for fields with the Media files data type, the corresponding properties in the resulting class incorrectly had the string type instead of IEnumerable<AssetRelatedItem>.

  • Contact groups – The Recalculate contact group button was displayed as active for users without the Update permission for the Contact groups application (an error occurred if the button was clicked).

  • Custom admin UI – The ActionConfigurationExtensions.AddCommandWithConfirmation method’s confirmationDetail parameter was not reflected when configuring custom action buttons for the admin UI.

  • Emails – The Send test email button in the Email queue application was incorrectly available for users without the Update permission for the application.

  • Field editor

    • Changing the Data type of an existing field could lead to inconsistent behavior or errors while selecting and configuring a new Form component for the field.
    • Creating a field with leading or trailing whitespace characters in the Field name caused errors and prevented editing of the field. After the fix, leading or trailing whitespace is automatically trimmed from the Field name.
    • The field editor incorrectly allowed creation of fields with the Required flag enabled, but Display in editing form disabled. This combination of field settings resulted in an error when saving the resulting editing form. Validation was added to prevent this configuration.
  • Form Builder – It was not possible to add form components with identifiers containing certain special characters (for example, acme.date-input) to forms.

  • Installation – If the kentico-xperience-dbmanager utility was installed and used without one of the Xperience project templates, errors occurred while attempting to set the database connection string. After the fix, the utlity can handle such scenarios, and create the ConnectionStrings section is the appsettings.json file if it is missing.

  • Rich text editor – The Replace image functionality in the rich text editor didn’t work correctly.

  • UI form components

    • If a form component had a custom data type (registered using DataTypeManager), fields using the component were not displayed in editing forms.
    • If the Radio button group UI form component was used for a required field, and the form was saved without changing the selected option, the component returned a null value instead of the preset default value.
    • The Media file selector UI form component could cause performance issues due to loading all files within a folder every time it was opened. After the fix, media files displayed in the selector are cached to improve performance.
  • Update procedure – Under certain circumstances, the Xperience database update could end with the following error: “There is already an open DataReader associated with this Connection which must be closed first.


Hotfix (September 14, 2023)

version 26.6.1

Fixed issues

  • Media libraries – Updating existing media files incorrectly required users to have the Update permission for the Media libraries application. After applying the hotfix, media file updates require the Manage media library permission.

Refresh (September 7, 2023)

version 26.6.0

New features

Administration

  • Listing page filters
    • The state of listing filters in the administration now persists for the duration of each user’s browsing session.
    • The listing in the Event log application now provides a filter, which makes it easier for users to find relevant events or errors.
    • The listing filter in the Content hub application was extended to allow filtering based on the last update time of items.
  • UI form components – When assigning the Content item selector component to properties via the ContentItemSelectorComponent attribute, developers can now define which content types are selectable using an IContentTypesFilter implementation.

Fixed issues

  • Membership – The Xperience-specific implementation of ASP.NET Core Identity’s password reset functionality did not update member passwords when implemented.

Hotfix (August 31, 2023)

version 26.5.2

Fixed issues

  • Rich text editor – An error was displayed when interacting with the Rich text editor toolbar if the component was located in an editing form containing another field with the Date or Date and time data type.

Hotfix (August 17, 2023)

version 26.5.1

Fixed issues

  • Admin UI customization – When initializing client admin UI modules, the system could incorrectly load files not related to the bootstrapping process, resulting in errors during application startup.

Refresh (August 10, 2023)

version 26.5.0

New features

Content management

  • The list of items in the Content hub application now provides a filter, which allows editors to easily view only selected content types, or items with specific workflow statuses or authentication requirements.

Administration

  • Administration UI development – Developers can now create filters for UI listing page, which allow users to limit which objects are displayed according to specified criteria. Filters can be added to both custom listing pages and the default listing pages in the Xperience by Kentico administration UI. See Add a listing filter to learn more.
  • UI form components – New General selector UI form component, which allows users to choose items from any set of data defined by developers. The items offered by the selector can be of any type, including external data outside of Xperience.

Integrations

  • Lucene search – An external module that integrates Xperience with the latest 4.8 beta version of Lucene.NET, enabling auto-indexing of content in Xperience based on application-local, code-defined search indexes and search results retrieval. See the project’s GitHub repository for details: xperience-by-kentico-lucene

Hotfix (August 3, 2024)

version 26.4.0 (NuGet packages not released for this update)

Fixed issues

  • Xperience Portal – Users with roles other than Tenant Administrator could not access project Settings within Xperience Portal.

Hotfix (July 20, 2024)

version 26.4.0 (NuGet packages not released for this update)

Fixed issues – security

  • XSS – Certain parts of the Xperience Portal interface were potentially vulnerable to cross-site scripting.

Refresh (July 13, 2023)

version 26.4.0

New features

Xperience Portal

  • Backups – Users can now restore full backups of projects directly from Xperience Portal. See Manage SaaS deployments.

Content management

  • Users can now create media library folders directly in the selection dialogs provided by the rich text editor (Insert image, Insert link) and the Media file selector form component.

Fixed issues

  • Users – An error occurred when adding a new user in the Users application if the site configured in the Sites application was not running on the same domain as the administration.

  • Xperience Portal

    • If a new user was invited to join multiple Xperience Portal projects, the system sent a corresponding number of invitation emails with an account activation link. The link was only valid in the latest email. After the fix, the account activation link is only present in the first “Your account has been created” email.
    • Reports in the Metrics application were not loaded correctly during deployments to production environments (and for some time after the deployment finished).
    • Users with the Developer role were incorrectly allowed to cancel scheduled deployments to the Production environment.

Hotfix (July 7, 2023)

version 26.3.3

Fixed issues

  • Emails – The Send test email feature in the Email queue application used a fixed sender (from) address, which caused issues under certain configurations. The hotfix enables users to set the From address for test emails.

Hotfix (June 29, 2023)

version 26.3.2

Fixed issues

  • CI/CD – The system performed unnecessary optimization of the file system repository after completing the Continuous Deployment store operation.

Hotfix (June 22, 2023)

version 26.3.1

Fixed issues – security

  • Permissions – Administration interface access permissions were not correctly checked for form component actions.

Fixed issues

  • Data protection – The anti-forgery cookie for live site visitors (.AspNetCore.Antiforgery.<hash>) was incorrectly removed when tracking consent was revoked. This caused certain interactive elements on the site to be unusable (consent agreements, form submissions, etc.).

  • SaaS environment

    • Database usage was not monitored correctly when the active database was swapped for a production environment of a deployed project. This could prevent the DTU utilization alert from being fired.
    • The Memory utilization alert was not fired for projects deployed in the SaaS environment.

Refresh (June 15, 2023)

version 26.3.0

New features

Content management

  • Media libraries
    • Content editors are now able to rename folders in media libraries and edit the metadata of media library files, such as title or description.

Administration

  • UI form components – A new UI form component was introduced to enable safe displaying of links within forms in the administration interface.

Fixed issues

  • Emails – Tracking of bounced emails, as well as delivered email and spam report statistics didn’t work for projects deployed to the SaaS environment. The issue also caused errors in the system’s Event log.

  • Page Builder – When attempting to copy any widget in the Page Builder interface containing invalid or deprecated HTML (e.g., a Rich text widget with HTML inserted using the Code View feature), errors were logged in the JavaScript console and the widget was not copied. After applying the refresh, the widget is copied, but a preview thumbnail is not available when inserting the widget.


Hotfix (June 8, 2023)

version 26.2.2 (NuGet packages not released for this update)

New features

  • Xperience Portal – New Alerts application in Xperience Portal, which notifies about potential problems with projects deployed in the SaaS environment. For example, an alert is fired if a deployed project is unresponsive for over 15 minutes. The system also sends notification emails to Xperience Portal users when an alert is fired. Users can enable or disable the email notifications for specific alert severity levels.

Fixed issues

  • SaaS environment – The Event log in the Monitoring application of Xperience Portal was flooded with scheduler-related errors (“An attempt was made to access a socket in a way forbidden by its access permissions.“).

  • Xperience Portal

    • Reports in the Metrics application were not loaded when the deployed project was under heavy load. After the update, the DTU report in the Metrics application no longer detects and identifies which database is active or inactive (two databases are used for production deployment environments). Instead, the databases are always named xperience_blue and xperience_green. The active/inactive status of the databases can be interpreted from the values in the DTU report.
    • The Terms of Service (ToS) acceptance screen was displayed incorrectly if a ToS update occurred while a user had the Deployments application open in Xperience Portal.
    • Time values in the Deployment history of projects in Xperience Portal were set incorrectly in certain cases. This could prevent the deployments from being displayed in chronological order.
    • When hovering over charts in the Monitoring → Metrics application, values of 0 were incorrectly displayed as “(no data)”. After the update, values equal to 0 are displayed as “0.00”, and “(no data)” is only displayed if the underlying value is null.

Hotfix (June 1, 2023)

version 26.2.2

Fixed issues

  • Field editor – The Field comparison validation rule couldn’t be added to content type fields in the Content types application.

Hotfix (May 25, 2023)

version 26.2.1

Fixed issues

  • Contact management – When deployed to Azure Web Apps, the application generated unnecessary anonymous contacts when processing requests from the environment’s bot services (Application Insights, Always On). For example, the issue occurred on projects deployed to the SaaS environment.

  • Media libraries

    • The system incorrectly checked the Delete permission for the Media libraries application when a user deleted a media library folder. After applying the hotfix, the Manage media library permission is required instead.
    • When a media library folder was deleted, the change wasn’t synchronized to other instance of the application when using Auto-scaling support.
  • SaaS environment

    • The Event log in the Monitoring application of Xperience Portal was flooded with scheduler-related errors (“An attempt was made to access a socket in a way forbidden by its access permissions.“).
    • The hotfix introduces new UseKenticoCloud middleware that must be added to all projects intended for SaaS deployment. All new projects installed with the --cloud parameter contain the middleware by default. For existing SaaS projects under development, the middleware must be added manually (to the Program.cs file by default). See Configure new projects for the required middleware order.
  • Settings – When a setting was updated in the Settings applications, the system did not immediately reflect the changed value.


Refresh (May 18, 2023)

version 26.2.0

New features

Digital marketing

  • Emails
    • The system can now track bounces and delivery rates for emails of the Regular type, as well as bounces for individual contacts in recipient lists. This allows you to identify addresses that do not correctly receive emails, which helps keep your recipient lists healthy and protects your sender reputation. For more information, see Set up email tracking and Send regular emails to subscribers.
    • Marketers can now manually trigger a Refresh in the Statistics view of emails, which immediately recalculates and displays statistics for the given email.
    • New Unsubscribe rate statistic for Regular emails. Shows the percentage and exact number of recipients who used the email’s unsubscribe link.
    • New Spam reports statistics for Regular emails, available when using SendGrid to send emails. Shows how many recipients marked the email as spam in their email client.
    • New Send email permission for the Emails application, which can be assigned to administration user roles. This permission is required to send or schedule emails of the Regular type. To preserve functionality for existing roles, the update automatically grants the Send email permission to all roles with the Update permission for the Emails application.

Updates and changes

  • Emails – Recipient lists for regular emails are no longer managed in the Contact groups application. Instead, the new Recipient lists application provides a separate management UI for this purpose.
    • To preserve functionality, the update automatically copies all permissions that existing administration user roles have for the Contact groups application, and grants them for the new Recipient lists application.
  • Contact management – The Contact groups and Recipient lists applications no longer allow contacts to be manually removed from the group or list. The option to remove contacts was misleading – the contact list is recalculated automatically based on the contact group’s condition or managed by subscriptions and unsubscriptions for recipient lists.

Fixed issues

  • Database – The system persisted incorrect Info object state in its cache in cases where a database transaction failed and was rolled back. For example, if a database transaction updating a MediaFileInfo object failed, the database state was not updated, but the updated state persisted in the system cache. This lead to data inconsistency between the application and the database, and could cause a subsequent Get operation to obtain incorrect data (when retrieved from the system cache).

  • Page Builder – Scrolling did not work correctly in the Page selector editing component dialog when using the compatibility mode of Page Builder.

  • Rich text editor – On administration pages containing multiple Rich text editor components, certain toolbar options (Insert image, Insert link, Insert Dynamic Text, Insert Double Opt-In Link) didn’t work correctly and could interact with the wrong instance of the editor. The issue could also affect custom plugins registered for the rich text editor. If you have custom plugins, review the updated documentation and make sure your plugins are registered correctly.

  • UI form components – Selecting content items via the Content item selector component resulted in duplicate selection if the checkbox was used to select individual items.


Hotfix (May 11, 2023)

version 26.1.3

Fixed issues – security

  • XSS – Page preview URLs were vulnerable to reflected XSS attacks due to improper processing. The vulnerability was exploitable only by authenticated users.

Fixed issues

  • Object types – The hotfix removes the ability to define object type fields of the Pages and Content items data types. Fields of these data types were incorrectly available to object type classes for a brief period, but their support was never intended. Note that already created object type classes making use of these data types remain unaffected. However, the system is not prepared to handle them correctly, and certain features, such as code generators, produce incorrect results. This change does not impact content types in any way.

  • UI form components – It wasn’t possible to enter values consisting only of zeros (e.g., ‘00.0’) into numeric inputs, such as the Number input form component.


Hotfix (May 4, 2023)

version 26.1.2

Fixed issues

  • Admin UI – Replaced usage of the deprecated onKeyPress event with the onKeyDown event in the client code of administration components. This change does not impact the existing public API.

Hotfix (April 27, 2023)

version 26.1.1

Fixed issues

  • UI form components – Validation errors weren’t displayed correctly in certain cases when using the Field comparison validation rules for UI form components in the administration.

  • Xperience Portal – The Application health report in the Metrics application of Xperience Portal wasn’t loaded and displayed correctly in certain cases, particularly after selecting the Last 30 days time period.


Refresh (April 20, 2023)

version 26.1.0

New features

Digital marketing

  • Activities – Added support for custom activity logging from client-side code. This allows tracking of basic interactions with important page elements, for example clicks of “call to action” buttons or links. See Custom activities.
  • Forms – Individual featured fields can now be hidden from the dialog that appears when adding fields in the Form Builder. This allows users to filter out featured fields that are not relevant for their forms.

Content management

  • Media libraries – Content editors are now able to move files between folders of a media library.

Xperience Portal

Administration

  • New Field comparison validation rules for UI form components. The rules are available for integer, decimal, floating-point number and string type fields, and allow comparisons with other fields of the same data type.

Fixed issues

  • Admin UI – Fixed inconsistent spacing between elements in the administration UI.

  • Emails – An error occurred when attempting to delete a recipient list containing one or more contacts.

  • Forms – The system performed unnecessary queries when loading and displaying the featured field options for new form fields.

  • SaaS deployment – The cms.role object type was missing in the default Continuous Deployment configuration file of new projects for SaaS deployment (installed with the --cloud parameter). As a result, role data wasn’t included in the deployment.

  • Xperience Portal

    • Storage account outages were not tracked correctly, and were not displayed correctly in the Monitoring > Outages application of Xperience Portal.
    • The date and time of the latest deployment for environments in Xperience Portal was displayed incorrectly in certain cases.

Hotfix (April 13, 2023)

version 26.0.3

Fixed issues – security

  • Roles – The roles of administration users could be modified without sufficient permissions in certain cases.

Fixed issues

  • Cross-site tracking – The tracking snippet generated for tracked websites in the Cross-site tracking application did not contain the tracked site’s URL. This issue occurred after updating a project from an older version, and also for projects deployed to the SaaS environment.

Hotfix (April 6, 2023)

version 26.0.2

Fixed issues

  • Admin UI – If an error notification bar appeared within a modal dialog and the error text was very long, the dialog was incorrectly resized to fit the text.

  • Rich text editor – Adding image links to rich text editor content did not work correctly when using the Insert link > Asset toolbar option.


Hotfix (March 31, 2023)

version 26.0.1

Fixed issues

  • Admin UI – If a selector component was used in a modal dialog, the selection side panel was displayed under the dialog and couldn’t be used. For example, the problem occurred when selecting a page in the Approval or Unsubscribe settings of a recipient list in the Contact groups application.

  • Forms

    • It was possible to submit forms without selecting a value in a Drop-down list field, even if the field was set as required.
    • The Form Builder interface was not correctly displayed as read-only for users without the Update permission for the Forms application.
  • Installation – The user-defined table type Type_OM_OrderedIntegerTable_DuplicatesAllowed used by the Xperience database installation scripts was not defined correctly. In rare cases, this could have caused issues when recalculating digital marketing activities.

  • Pages

    • The PageUrl.AbsoluteUrl property returned by the IPageUrlRetrieverService incorrectly cached the URL scheme (protocol) of the request under which the service was first called. For example, if the service was first called within a request with the HTTP scheme, all subsequest URLs in the AbsoluteUrl property were also returned with HTTP.
    • When pages contained images in their rich text fields, a dialog notifying about unsaved changes was displayed when leaving the page, even if no changes were made.
  • UI form components – The TextArea component did not correctly reflect the MinRowsNumber and MaxRowsNumber properties when only one of them was explicitly provided. That is, the text area did not display the specified minimum number of rows when only MinRowsNumber was provided and did not grow to the specified size when only MaxRowsNumber was provided.


Refresh (March 27, 2023)

version 26.0.0

New features

General

  • Xperience web applications now support registration and authentication using ASP.NET Identity.
  • New Members application for management of registered accounts.
  • Users can check which version of Xperience they are using via the newly added Product information icon displayed above the user menu in the administration interface.
  • The Xperience by Kentico source code is now available on the client portal for those who purchase it as part of their subscription.

Content management

Digital marketing

  • Contact management
    • Added support for defining custom activity types, which allows marketers to track any required action performed by contacts. Custom activities can by logged using the API or via cross-site tracking. See Custom activities.
    • Marketers can now enable or disable individual activity types in the Contact management application (applies to both default and custom activity types).
    • New Contact has performed activity with value condition type for contact groups.
  • Forms – The reCAPTCHA form component was updated to support reCAPTCHA v3. This version of reCAPTCHA provides frictionless validation without interrupting users. A score is calculated for each request, indicating whether an interaction is likely to be a bot or a valid human user.

Xperience Portal

Administration

  • The refresh introduces changes to confirmation dialogs that can be raised by listing and edit UI pages. Confirmation dialogs shown by these pages can now optionally contain forms (typically with a multi-choice or checkbox option), that can be used to control the behavior of the corresponding page command handlers.
  • New MaximumDoubleValue and MinimumDoubleValue validation rules for UI form components.

Updates and changes

  • Settings – The System → Files category and its Generate thumbnails setting are no longer displayed in the Settings application. The setting is always enabled by default.

  • Emails

    • The Sender name and Sender email properties can no longer be set immediately when creating new emails. These properties remain available in the Properties panel when editing existing emails.
    • The Properties panel of emails is now organized into two collapsible categories – General and Sender and recipients.
  • Contact management – The Status column is no longer displayed in the contact listing. This column is currently not used in Xperience by Kentico.

  • SendGrid integration – The system now uses a direct dependency on the SendGrid NuGet package (updated to version 9.28.1).

Breaking changes – API

  • PageFormSubmissionPageBase.GetFormComponents was made asynchronous and now returns Task<ICollection<IFormComponent>>. To recover from the breaking change:
    • await the method call and change the signature of the overridden method
    • pass a CancellationToken to the method call
  • IContentTypeFieldsProvider.GetFields was made asynchronous and now returns Task<ICollection<IFormFieldInfo>> . To recover from the breaking change:
    • await the method call and change the signature of the overridden method
    • pass a CancellationToken to the method call
  • The GetAssetPanelInitialPropertiesResult command result type used by RichTextEditorComponent was renamed to GetMultiSourceAssetPanelPropertiesResult .
    • The type’s Enabled property was renamed to AssetPanelEnabled.
  • The ReviewAndSendDialog UI page was moved from the Kentico.Xperience.Admin.Base.UIPages namespace to Kentico.Xperience.Admin.DigitalMarketing.UIPages.
  • The IPageManager interface, used to manage page hierarchy, was extended with an additional CheckSecurityMismatch method.

Newly obsolete API

  • IPageManager.Move(TreeNode, TreeNode, PageDropPlacement) - use IPageManager.Move(PageMoveParameters) instead.
  • The refresh introduces changes to confirmation dialogs that can be raised by Listing and Edit UI pages (e.g., when invoking actions or saving changes).
    • The following properties from EditConfiguration were consolidated into EditConfiguration.SubmitConfiguration.

      • SubmitVisible
      • SubmitLabel
      • SubmitTooltipText
    • The following properties from EditTemplateClientProperties were consolidated into EditTemplateClientProperties.SubmitButton.

      • SubmitVisible
      • SubmitLabel
      • SubmitTooltipText
    • The following properties from Action (descriptor of interactive elements on listing UI pages) were consolidated into Action.ConfirmationDialog .

      • Confirmation
      • ConfirmationContent
      • ConfirmationDetail
      • ConfirmationButton
    • The following properties from ActionConfiguration were consolidated into ActionConfiguration.ConfirmationConfiguration.

      • Confirmation
      • ConfirmationContent
      • ConfirmationDetail
      • ConfirmationButton
  • ListingPage.GetRowsFromData was extended with a cancellation token parameter. The original method signature is now obsolete.

Removed obsolete API

The refresh releases removes all API marked Obsolete since version 22.0.0.

Fixed issues – security

  • Xperience Portal – Under certain circumstances, there was a risk an unauthorized third party could access and download backups of projects deployed in the SaaS environment.

Fixed issues

  • Administration – In certain cases, it was possible to submit values using disabled fields in the administration’s editing forms.

  • Content types – If the Display in editing form option was enabled in the field editor for a content type field with the Content items data type, an error occurred when configuring further properties for the field’s form component.

  • Deployment – Sites deployed without the administration crashed during the startup process (“Unable to resolve service for type Kentico.PageBuilder.Web.Mvc.Internal.IComponentPropertiesStorageProcessor“ exception).

  • Digital marketing – Various usability improvements were made in the UI of the Emails, Email templates and Contact groups applications.

  • Emails

    • Added a new friendly warning to inform users when attempting to send a regular email to an empty recipient list.
    • Improved UI and explanation texts for emails that were sent, but do not have any logged statistics.
    • Pressing CTRLF while focused in the Source code editor of email templates triggered the editor’s built-in search functionality, which was not intended. After applying the refresh, the browser’s standard “Find in page” functionality is prioritized.
    • Some parts of the email UI remained active even if the overall editing interface was disabled, e.g., due to missing update permissions or when viewing a regular emails that was already sent out. For example, the problem affected the editing dialog for double opt-in links in form autoresponder emails, the email Plain text content editor, and certain header action buttons.
    • The content editor of form autoresponder emails displayed the placeholder for double opt-in links incorrectly if the link’s text contained special characters.
    • The editing dialog for double opt-in links in form autoresponder emails didn’t check for unsaved changes. After applying the refresh, a confirmation prompt is displayed when attempting to close the dialog with a modified link text or recipient list.
  • Modules – Field settings related to data type integrity were not validated correctly in the editor for the UI forms of module classes. For example, the problem allowed invalid values for the number of digits and decimal places of Decimal number type fields in UI forms.

  • Page Builder – Images added using the url() CSS function in the Code View mode of the Rich text widget’s editor were not displayed on the live site or in the Page Builder.

  • Project templates – When creating a SaaS environment deployment package for a project based on the Dancing Goat project template, content item asset files were incorrectly duplicated in the package (in both the standard asset folder and the Continuous Deployment repository). After the refresh, SaaS deployment packages created for new Dancing Goat project no longer include the ~/assets folder.

  • Rich text editor

    • If the rich text editor had a custom toolbar configuration with the imageReplace button, the button displayed a default Froala dialog instead of the system’s dialog for selecting images.
    • Inserting of links in the rich text editor didn’t work correctly in certain cases in the Content view mode of the Pages and Emails applications.
    • On administration UI pages with a right-side panel, the panel didn’t close correctly if the user interacted with the rich text editor toolbar on the main editing page. For example, the problem could occur when editing emails in the Emails application.
    • The Insert image and Insert link dialogs in the rich text editor displayed the Media library selection tab even if there were no media libraries present in the system.
    • The rich text editor Insert image and Insert link dialogs did not work correctly when the rich text component was used to edit the property of a form component in the Form Builder.
    • When selecting a link to a page or content item in the rich text editor, the full toolbar was incorrectly displayed instead of just the link-related toolbar options.

Hotfix (March 9, 2023)

version 25.0.2

Fixed issues

  • Content hub – When updating a Content item asset field in an existing content item and not publishing the item after, the original asset was displayed instead of the updated asset.

Hotfix (March 2, 2023)

version 25.0.1

Fixed issues

  • Admin UI – In certain cases, it was possible to submit values using disabled fields of admin UI forms.

  • MacOS – It was not possible to install the Xperience database on Apple devices equipped with the Apple silicon family of CPUs.

  • Rich text editor – The Insert image and Insert link dialogs in the rich text editor incorrectly displayed content items with a Content item asset field but no file uploaded. This could occur when a content type was created with an optional asset field.


Refresh (February 23, 2023)

version 25.0.0

New features

Content management

Digital marketing

  • Emails
    • Users can now preview and test the content of emails by sending a draft version.
    • New option to clone emails, which allows users to quickly create new emails based on the content and settings of existing emails.
    • The content editor now allows editing of double opt-in links placed into form autoresponder emails. This allows users to quickly update the text and recipient list set for existing links.
    • The Emails application now displays a status for emails of the Regular type (possible options are Draft, Scheduled, Sending and Sent).

Xperience Portal

  • Backups – Users can now manually create and download backups of applications deployed in the SaaS environment. Backups can be used to locally inspect or debug the application.

Updates and changes

Breaking changes

  • Global events – When deleting objects, the system now checks for depending objects before triggering the Delete event (ObjectEvents or *Info.TYPEINFO.Events). If any depending objects exist, the event is not triggered at all.

Breaking changes – API

  • Application startup – IFeaturesBuilder interface members BeforeConfiguration  and AfterConfiguration were not intended to be used in custom code and were removed from the public API. Extension methods for this interface (e.g., UsePageBuilder ) are used to add types required by various Xperience features into the application’s IoC container.
  • The IDataQuery interface (CMS.DataEngine) contains two new methods:
    • GetAsyncEnumerableResult
    • GetScalarResultAsync

Newly obsolete API

  • Emails – The CMS.EmailEngine.EmailSender class is now obsolete. Use IEmailService to send emails (see the Email queue API example).

Fixed issues

  • Admin UI

    • Added missing spacing to certain selection dialogs.
    • Disabled editing forms in the administration (e.g. due to missing update permissions) behaved inconsistently in certain cases. After applying the refresh, disabled editing forms always contain a warning message and have a disabled Save button with a tooltip.
    • The administration UI breadcrumbs didn’t correctly shorten text for objects with very long names.
  • CI/CD

    • If an object was deleted, but the operation was stopped due to the existence of depending objects, the files representing the object and its dependencies in the Continuous Integration repository were removed even though the object was not actually deleted.
    • The XML files representing contact groups of the Recipient list type in the CI/CD repository incorrectly used 0 or 1 values for the ContactGroupIsRecipientList boolean property, which could cause inconsistencies. After applying the refresh, the property stores True or False values.
  • Contact groups – When viewing the details of Recipient list contact groups, text in the Approval and Unsubscribe settings areas could overflow when viewed with a small display width.

  • Content types – When adding a new content type field with the Content item selector form component, the Allowed content type option could not be configured until the field was saved.

  • Cross-site tracking – Certain requests returned during cross-site tracking used an incorrect X-Frames-Options header. This combination of the header and its value is now deprecated in modern browsers. After applying the refresh, the content-security-policy header is used for this purpose.

  • Emails

    • If the application crashed or was stopped while sending a regular email to recipients, the mailout remained stuck and didn’t recover after the application restarted.
    • If the send date or time of a regular email was changed in the Reschedule dialog and the sendout was then cancelled, the dialog was not refreshed correctly and the Cancel scheduled sendout button remained visible.
    • The Preview mode of emails incorrectly allowed links in the email content to be clicked, which could lead to inconsistent behavior. After applying the refresh, links are no longer active when clicked in the email Preview.
    • The system created redundant anonymous contacts in certain cases when a user confirmed their email subscription by clicking a double opt-in link. For example, this could occur if the recipient opened the double opt-in link in a different browser than the one where the original subscription form was submitted. After applying the refresh, such anonymous contacts are automatically merged into the recipient’s main contact.
  • Performance – The number of database queries called when loading the content of Page Builder widgets was optimized. The original performance issue occurred after updating to version 24.0.0.

  • Project templates – The sample site created by the Dancing Goat project template didn’t correctly handle situations where certain content items were deleted, which could result in errors on the live site.

  • Role management

    • If a user with the Administrator role unassigned this role from their own account, an Access denied notification was displayed even though the operation was valid and the role was unassigned.
    • When using external authentication for the administration with the user synchronization frequency set to UserSynchronizationFrequency.Always, users with the Administrator role were incorrectly allowed to edit the role assignments of users managed by the external authentication provider.
  • UI form components

    • Fields based on certain form components did not display their tooltip (e.g. the Page selector or Content item selector).
    • Fields based on the Number input form component incorrectly displayed null as their value when the value was empty.
    • If a field based on the Object selector had a large number of items available and a value was already selected, the list of items loaded and displayed the first batch of items twice.
    • If a field based on the Radio group component did not have a label assigned, the resulting UI page generated warnings in the browser console. For example, the problem occurred in the Review and send dialog for emails in the administration.
  • Xperience Portal – The DevOps Engineer role did not have access to the Outages application in Xperience Portal.


Hotfix (February 16, 2023)

version 24.0.3

New features

  • Admin UI authentication – The hotfix introduces new OnSigningIn and OnSigningOut events, which are invoked when users sign in or out of the Xperience administration. Both events are available under AuthenticationOptions.CookieEventsOptions when configuring AdminIdentityOptions. See Administration - Forms authentication for details.

Fixed issues

  • General – The application could reach the preset limit on the number of database connections under heavy traffic, e.g., during a load test. In the worst case, this could result in HTTP 502 Gateway errors.

  • Page Builder – Widgets that had output caching disabled consumed unnecessary memory and the application did not clear this memory correctly.


Hotfix (February 9, 2023)

version 24.0.2

Fixed issues

  • Content items
    • Files stored as content item assets were served with an incorrect file name when downloaded on the live site.
    • On pages based on a page template, linked content items that were selected in a particular order were displayed in a random order when viewed on the live site.
  • Page Builder – After applying hotfix 24.0.1, it was not possible to publish pages that used Page Builder and contained sections without properties.

Hotfix (February 2, 2023)

version 24.0.1

Fixed issues

  • Performance – An unnecessary number of database queries was performed when loading the content of Page Builder widgets. This issue occurred after updating to version 24.0.0.

  • Roles – Modification of user-role assignments via the administration did not work correctly in certain cases. This issue occurred only after updating to version 24.0.0.


Refresh (January 26, 2023)

version 24.0.0

New features

Users

Content management

  • Content item assets – Content item assets are a new type of content items that allow content editors to upload and store various types of files, for example, photos, pictures, sound files, videos, package files, presentations, or documents. You can reuse assets stored in the Content hub throughout the system. To create a new content item asset, create a content type with an Content item asset field.
  • Content item selector – Users are now able to select content items from the content hub in component properties.
  • Media libraries
    • Content editors are now able to upload a new version of media library files.
    • Content editors are now able to view media file information such as the GUID, Media URL, size, or image resolution.

Digital marketing

  • Emails
    • New functionality that allows marketers to send regular emails to groups of recipients. Visitors subscribe by submitting a form on the website. The form sends an autoresponder email with a double opt-in link, through which recipients finish the subscription process. See Send regular emails to subscribers.
    • The system now tracks and displays statistics for emails created in the Email templates and Emails applications, including the number of sent emails, email opens and clicked links. See Track email statistics.
  • Forms – Users can now edit the Code name of forms, which allows developers to work with more practical identifiers, e.g., when rendering forms in code as stand-alone widgets.
    • Changes of the form code name break existing forms placed onto pages via the Form widget. You need to reselect the form in these widgets after making such changes.
    • Changing the code name also automatically updates the form’s Class name. Such changes break existing code files generated for the form, and developers need to update or regenerate the code.

Xperience Portal

Updates and changes

API

  • New CMS.EmailEngine.ISmtpClientFactory API that enables developers to modify the configuration of the system’s SMTP client (if using SMPT servers for mailout). This API is primarily intended for advanced environments with specific requirements.

General

  • Rich text editor – The ability to drag-and-drop content into the rich text editor UI form component was disabled. Use your operating system’s clipboard functionality instead.
  • Emails – The “Preheader” property of emails was renamed to “Preview text”. The corresponding placeholder in the source code of email templates is now $$previewtext$$. Applying the refresh automatically updates the placeholder in the source code of existing email templates.
  • Admin UI customization – UI pages for creating new objects (inheriting from the base class) no longer validate the editing form when the Change UI page command is executed. This prevents unnecessary validation errors while filling in parts of the create form.

Object types

This release changes the way hash table caching for object types is configured. In previous versions, the caching was configured by passing the HashtableSettings object via an optional constructor parameter to the object type’s I*InfoProvider implementation:

C#
Hash table caching configuration using the provider class


[ProviderInterface(typeof(IMyObjectTypeInfoProvider))]
public partial class MyObjectTypeInfoProvider : AbstractInfoProvider<MyObjectTypeInfo, MyObjectTypeInfoProvider>, IMyObjectTypeInfoProvider
{
    public MyObjectTypeInfoProvider()
            : base(MyObjectTypeInfo.TYPEINFO,
                   new HashtableSettings
                        {
                            // Enables hash table caching over the identifier and code name
                            ID = true,
                            Name = true
                        }
                   )
    {
    }
}

From this version onward, this approach and the corresponding *InfoProvider constructor are obsolete. Instead, the caching is configured directly in the *Info data class via the InfoCache attribute:

C#
Hash table caching configuration via the Info data class


[InfoCache(InfoCacheBy.ID | InfoCacheBy.Name)]
public partial class MyObjectTypeInfo : AbstractInfo<MyObjectTypeInfo, IMyObjectTypeInfoProvider>
{
}

If you are using hash table caching for custom object types, there are two ways to migrate to the new approach:

  1. Regenerate all custom object type classes using the code generator, which automatically ensures the new format. However, note that this will also require you to manually transfer all customizations made to the object type’s classes.
  2. Manually convert custom object type classes to the new approach:
    1. Remove the HashtableSettings parameter from the *InfoProvider constructor.
    2. Annotate the corresponding *Info class with the InfoCache attribute.
      1. Use the InfoCacheBy enum to determine the properties to cache by.
      2. (Optional) Use the InfoCachePriority enum to configure whether the cached items should expire.

Content hashes in admin UI script filenames

The file names of script files consumed by the Xperience admin UI now include a content hash (e.g., kentico.xperience.admin.app.entry.kxh.adf398f7ffd6e16a4961.js) This change ensures that script files cached on the client are correctly invalidated when updating to a new version. In previous versions, the client browser usually defaulted to cached scripts even if the file contents were different, requiring users to refresh the browser cache (CtrlF5) to get the latest version (or wait for cache expiration).

All newly created custom admin UI modules (see Prepare your environment for admin development) automatically include content hashing. However, if your admin UI consumes any existing custom modules, and you wish to make use of the content hashing feature, you need to make the following changes:

  1. Update all @kentico packages to 24.0.0.

  2. Open the webpack.config.js of your module and follow the comments in the following snippet:

    JS
    webpack.config.js
    
    
     const webpackMerge = require("webpack-merge");
    
     const baseWebpackConfig = require("@kentico/xperience-webpack-config");
    
     module.exports = (opts, argv) => {
       // Add the 'argv' parameter to the arrow function signature
       const baseConfig = (webpackConfigEnv, argv) => {
         return baseWebpackConfig({
           orgName: "acme",
           projectName: "web-admin",
           webpackConfigEnv: webpackConfigEnv,
           argv: argv,
         });
       };
    
       const projectConfig = {
         module: {
           rules: [
             {
               test: /\.(js|ts)x?$/,
               exclude: [/node_modules/],
               loader: "babel-loader",
             },
           ],
         },
         // Add the output-clean:true setting
         output: {
           clean: true
         },
         devServer: {
           port: 3009,
         },
       };
    
       // Pass the added 'argv' parameter to 'baseConfig'
       return webpackMerge.merge(projectConfig, baseConfig(opts, argv));
     };
    
     
  3. Rebuild the module.

The output file name now contains a content hash.

Xperience admin UI customizations boilerplate project converted to a .NET template

The Xperience admin UI customization boilerplate project (previously available for download on Prepare your environment for admin development) was converted to a .NET template. You can now install the project using dotnet new kentico-xperience-admin-sample . Afterwards, reference the created project from your Xperience application and work with it like before.

Breaking changes

Changes to assembly placement in NuGet packages

The CMS.AspNetCore.Platform assembly was moved from Kentico.Xperience.Core to the Kentico.Xperience.WebApp NuGet package and renamed to Kentico.AspNetCore.Platform.

For web applications, this change in not breaking – Kentico.Xperience.Web.App depends on the Kentico.Xperience.Core package.

However, for other types of applications (e.g., console or desktop applications), there is a possibility that your custom code called some code from the moved assembly. If you encounter breaking changes (compilation errors) in your projects after upgrading, you need to add the Kentico.Xperience.WebApp NuGet package to the affected projects.

Breaking changes – API

  • The UserInfo.Enabled property was fully removed, use UserInfo.UserEnabled instead.
  • The following members were removed from the content management API:
    • IPageTypeFieldsProvider  – use IContentTypeFieldsProvider instead.
    • IPageTypeFieldsProviderFactory – if this interface was used as a dependency, replace usages with IContentTypeFieldsProvider directly. The additional layer of abstraction introduced by the factory was removed completely.
    • PageType – there is no alternative. Implement a custom class to replace.
    • LoadAvailablePageTypesResult – there is no alternative. Implement a custom class to replace.
    • LoadAvailablePageTypesCommandArguments – there is no alternative. Implement a custom class to replace.
  • PageFormSubmissionPageBase  – the constructor now depends on IContentTypeFieldsProvider directly.
  • The CMS.AspNetCore.Platform namespace was renamed to Kentico.AspNetCore.Platform (also includes all subnamespaces).

Newly obsolete API

  • Data types – The AllowedObjectTypes property of DataType objects is now obsolete. Use the IsAvailableForDataClass  predicate instead.

Fixed issues – security

  • Permissions – Modified the behavior of various permissions in relation to digital marketing applications.
    • Contact group edit (condition builder) can no longer be opened by users without Update permissions for the Contact groups application.
    • Deleting contacts from contact groups is now possible with Update permissions for the Contact groups application.
    • The Save button when editing emails in the Emails application is now disabled for users without Update permissions.
    • Deleting collected form submissions in the Forms application is now possible with Update permissions.

Fixed issues

  • API

    • Calling the IPageDataContextRetriever.TryRetrieve method resulted in an unhandled exception if the page data context could not be initialized, instead of returning a false value.
    • Conventional MVC mechanism such as AuthorizeAttribute now work with the admin UI role-based access control model for routes registered behind /admin.
    • Exceptions caused by cancelling asynchronous operations via cancellation tokens – as a response to a cancelled client request or application shutdown, for example – were incorrectly logged to the event log as errors (e.g., as System.OperationCancelledException).
    • The API documentation for the WithPageUrlPaths DocumentQuery extension method was improved with additional remarks regarding the method usage.
  • Admin UI

    • Drop-down menus now close during a click-away action that targets an iframe with either the Page Builder, Form Builder, or page preview window.
    • Fixed the vertical alignment of button labels in the Safari browser.
    • For certain elements the ‘element is now focused’ blue border indicator was partially obscured or was rendered incorrectly.
    • Implemented responsive drop-down menus that automatically adjust based on viewport and parent element width.
    • Opening a drop-down list in a component properties dialog sometimes caused the drop-down menu to overflow the dialog window.
    • The application menu now overlays menus and panels that open from the right side of the interface (e.g., selector dialogs in the Pages application, configuration options in the Forms application) on displays where smaller viewport width causes overlaps.
    • The confirmation dialog displayed when changing page templates now uses the same look and feel as other dialog windows in the admin UI.
    • The listing pages context menu, available via (…), was obscured by the listing container in special cases.
    • The primary action button was not by default focused in interactive dialogs. Now, the primary action is always performed on enter (save, delete, confirm, etc.).
  • Content hub – Content items listed in the content hub are now by default ordered according to the Last modified column.

  • Content items – It was incorrectly possible to delete linked content items from “locked” pages that were in the published or archived workflow state.

  • Form Builder – Fixed various text overflow issues that could occur when entering long words in form component properties.

  • General

    • Optimized the number of database queries required when checking user permissions in the admin UI.
    • The Readme.txt file in the Dancing Goat and Boilerplate project templates contained an invalid link to the documentation.
  • Headless API – Fixed issues caused by the tilda ‘~’ character in asset filenames.

  • Modules – When creating fields for module classes via the field editor, the Field name length wasn’t validated correctly by the UI, and very long values could result in an error.

  • Page Builder – If Cross-Site Request Forgery validation failed when submitting a form generated by the Form Page Builder widget, a “Cannot read property of null” error was logged in the browser console in addition to the expected HTTP 400 error code.

  • Pages

    • Page URL slugs and other text longer than the width of the various page property dialogs (Information, URL) now break into multiple lines instead of disappearing past the browser window when longer than the available viewport space.
    • The content tree in the Pages application now better indicates possible placement when dragging and dropping pages.
    • The design and appearance of certain elements in the content tree was updated to better match the admin UI look and feel.
    • When changing page URL slugs on the URL tab in the Pages application, entering slugs longer than the width of the dialog window caused the input to stretch past the browser window.
    • When drag and dropping pages, the dragged pages are now hidden from their original position in the content tree instead of showing both at the original position and on the mouse cursor, possibly confusing users.
    • When moving items with children via the content tree, the confirmation prompt for the move operation did not appear in certain cases.
    • When saving page URL slugs on the URL tab in the Pages application, the Save button now transitions to a disabled state to prevent multiple concurrent requests from being submitted.
  • UI form components

    • It was not possible to view more than the first 150 files in a selected media library via the Media file selector UI form component.
    • It was possible to clear a selection made using the Object selector even if the field was marked as required.
    • Pages selected within the Page selector form component cast a shadow incorrectly when dragged.
    • Selecting a month or year in the DateTime input form component incorrectly saved the whole form.
    • The MinimumDecimalValueValidationRule and MaximumDecimalValueValidationRule validation rule attributes could not be used because the attribute constructor did not allow the decimal type as a valid attribute parameter type. The attribute constructors now accept double instead. Conversion to decimal is done by rounding to 15 significant digits using rounding to nearest (a limitation of the double input type).
    • When the Object selector was placed in a side panel, selecting any action inside the selector caused the side panel to collapse.
  • Unix/Linux – Instances hosted in Linux environments could encounter exceptions when accessing resources from Amazon S3. This would occur, for example, when accessing media library files stored in Amazon S3.

  • Xperience Portal

    • A JavaScript error was logged in the browser console when viewing the hash string salt value (DashboardProject info section) on displays with certain viewport widths.
    • A wrong type of error page was displayed for Not Found (HTTP 404) and other HTTP errors.
    • The Outages application in Xperience Portal only displayed project outage reports starting from the beginning of the month following the project deployment. For example, projects deployed 8/15/2022 could only view reports starting from 9/1/2022.
    • The deployments page may not have displayed correctly during an ongoing maintenance.
    • The format of the Account created and User added to project email notifications was not correct in case the first name of the user was unknown.
    • The project expiration date displayed on the Dashboard in Xperience Portal incorrectly included the 30 day grace period for license renewals.

Hotfix (January 19, 2023)

version 23.0.9

Fixed issues

  • Admin UI customization – Searching using the listing template resulted in an error if a column of the listed object type was named after an SQL reserved keyword (e.g., Key). After applying the hotfix, the system escapes all column names in such queries, allowing search on listing templates to work as expected.

Hotfix (January 12, 2023)

version 23.0.8

Updates and changes

  • Project templates – The initial permission configuration for the sample Digital Channel Manager role was modified to reflect security best practices. This change only applies to the Dancing Goat and Boilerplate project templates installed from Kentico.Xperience.Templates version 23.0.8 and newer. In existing installations, we strongly recommend making the following change to the Digital Channel Manager role (if present in your project): remove the View permission for the Email queue application.

Hotfix (January 5, 2023)

version 23.0.7

New features

  • Email customization – New EmailMessage.Validate extension method that validates whether properties (From, Recipients, CcRecipients, etc.) of the CMS.EmailEngine.EmailMessage object are set correctly. The method is intended primarily for use when implementing  custom email clients.

Updates and changes

  • Permissions – Only users with the  Administrator role can now change assigned roles via the Users →  edit a user → General tab.

Fixed issues

  • Event log – An error occurred when viewing the details of event log records without a description.

  • SendGrid integration – The SendGrid integration failed to send emails with email addresses specified using advanced formats such as "display name" <user@host>. After applying the hotfix, the integration supports all email address formats allowed by the  System.Net.mail.MailAddress  class.


Hotfix (December 15, 2022)

version 23.0.6

Fixed issues

  • Rich text editor – Hotfix 22.3.1 introduced HTML sanitization of content in the Rich text editor. This sanitization can result in modified or broken HTML code, for example, when adding content via the editor’s Code View option. After applying this hotfix, the sanitization additionally allows ID and data-* attributes, as well as href attributes containing mailto links in <a> tags.

Hotfix (December 8, 2022)

version 23.0.5

Fixed issues


Hotfix (December 1, 2022)

version 23.0.4

Fixed issues

  • Permissions – It was possible to modify existing forms via the Form Builder interface (Forms → edit a form → Form Builder tab) without possessing the Update permission for the Forms application. After applying the hotfix, the Update permission is required when making modifications to all forms.

Hotfix (November 24, 2022)

version 23.0.3

Fixed issues

  • Admin UI customization – API documentation was missing for the client API that enables developers to work with pages in in modal dialogs (useTemplateDialog()) , which was introduced in hotfix 23.0.1.

  • Permissions – When adding images from a media library into the content of a Rich text widget in the Page Builder, the Insert image selection dialog didn’t work for users without the Administrator role. After applying the hotfix, media files in the dialog can be viewed, selected and uploaded by users with a role that has sufficient permissions for the Pages application.


Hotfix (November 16, 2022)

version 23.0.2

Fixed issues

  • Field editor – Minor visual issues occurred within the field editor user interface in rare cases.

  • Permissions

    • Certain action buttons in the Pages and Content hub applications remained active, even if the user’s role did not have the required Create or Update permissions assigned for the given applications.
    • Delete buttons for files in the Media libraries application remained active, even if the user’s role did not have the required Manage media library permission assigned for the application.

Hotfix (November 10, 2022)

version 23.0.1

New features

  • Admin UI customization – The hotfix introduces a new useTemplateDialog() hook for the client customization API that enables developers to set the properties of pages displayed within modal dialogs via UIPageLocation(PageLocationEnum.Dialog).

Fixed issues

  • Continuous Deployment – Continuous Deployment didn’t include the data of binding object types when running the restore operation.

  • UI form components – If the Object selector UI form component was configured to select exactly one item, it was not possible to clear the selection once an object was selected.


Refresh (November 7, 2022)

version 23.0.0

New features

Users

  • Role-based access control for the Xperience administration – The refresh update introduces a permission model for the Xperience administration. The model handles only permissions for the user interface of the administration application – the visibility of applications, application elements, tabs, and pages. The added functionality consists of the following:

Digital marketing

  • Email management – Editors can now personalize emails created in the Emails applications by adding dynamic text to the content. When sending emails to specific recipients, the system replaces dynamic text with information known about the given recipient (First name, Last name or Email).

Content management

  • Headless API – A headless API for retrieving content items was released as a preview feature. Developers can now retrieve content items from Xperience using HTTP requests and the JSON data format. Check the related documentation to see the limitations related to the preview status of the feature.
  • Media libraries – Developers can now set the encoding quality used when resizing images retrieved from media libraries via a configurable options object. The configuration is provided as part of the implementation within the Kentico.Xperience.ImageProcessing NuGet package.
  • Algolia integration – An external module that allows you to create Algolia search indexes and index content types with the ‘Page’ feature in the Xperience content tree using a code-first approach. The integration also enables you to provide a search interface on the live site using .NET API, JavaScript API, or the InstantSearch.js JavaScript library. For more information, see the Algolia Search Integration GitHub repository.

Xperience Portal

  • Projects in Xperience Portal can now undergo planned scheduled maintenance. Certain features are unavailable for the duration of the maintenance. The maintenance intervals are planned by Kentico.
  • Uptime statistics for Xperience Portal projects, Deployment API, and deployment regions alongside downtime incidents are now available at status.xperience-portal.com.

Updates and changes

  • Forms – Emails that are assigned to the autoresponder of one or more forms can no longer be deleted.
  • The Froala WYSIWYG editor that provides the Rich text editor in Xperience was updated to version 4.0.15. See Froala Editor 4.0.15 for details.
  • User interface – The Properties → Metadata section in the UI of the Pages application was renamed to Information.

Breaking changes

  • During application startup, the system no longer automatically adds services related to session state and cross-origin resource sharing (CORS) to the service collection. Specifically, the IServiceCollection.AddKentico call no longer includes the following:
  • The following dependency of the Kentico.Xperience.WebApp package was updated:
    • HtmlSanitizer from version 7 . 1 . 542 to 8.0.601. The update includes several breaking changes: #365, #370
  • The following dependency of the Kentico.Xperience.Core package was updated:

Breaking changes – API

  • The following members were removed from the membership API. There is no provided alternative.
    • Removed properties:

      • RoleInfo.RoleIsDomain
      • UserRoleInfo.ValidTo
    • Removed constants:

      • RoleName.EVERYONE
      • RoleName.AUTHENTICATED
      • RoleName.NOTAUTHENTICATED

Breaking changes – Database

All changes in the database structure are automatically handled by Xperience during the update procedure. This information is provided to help you prepare in case you use custom code or scripts that rely on the original database structure.

  • The following database views were changed or removed:
    • View_CMS_UserRole_Joined was removed.
    • View_CMS_UserRole_MembershipRole_ValidOnly_Joined was removed.
    • The ValidTo column was removed from View_CMS_UserRoleMembershipRole.

Fixed issues

  • Admin UI – Several minor issues with alignment, font size, spacing and shadows were fixed in the administration interface.

  • Contact groups – Validation error messages in the contact group condition builder were duplicated when an invalid condition was submitted multiple times.

  • Emails – The Preheader field in the Properties of emails was missing a tooltip.

  • Event log – The system’s event logging API was not thread-safe, causing, e.g., Parallel.ForEach calls that logged information into the event log to incorrectly terminate with an exception.

  • Forms

    • Deleting a form with an enabled autoresponder didn’t remove the internal automation process used to send the autoresponder emails.
    • Fields with very long label text were displayed incorrectly in the Form Builder interface.
    • Horizontal scrollbars were displayed for fields in the Form Builder interface in certain cases on devices with a small display width.
    • If the form selected in a Form widget was later deleted, the widget’s configuration dialog displayed errors.
    • Multiple clicks of a form’s submit button in quick succession could cause the system to send multiple autoresponder emails. After the update, clicked submit buttons are disabled until the request is processed.
    • Multiple clicks of action buttons in the options panel of the form administration UI could trigger multiple requests. After the update, a loading button is displayed after a click until the request is processed.
    • The Country and State contact attributes were not available for mapping when configuring form fields. After the update, mapping to these attributes is supported for Text and Number fields. Text fields attempt to map country or state code name values, number fields work with country or state IDs.
    • The Form Builder interface displayed checkboxes with incorrect alignment in certain cases for Checkboxes fields.
    • The autoresponder options in the After form submission panel of the Forms application were not disabled correctly if the form was modified so that it no longer contained a field mapped to the Email contact attribute. The autoresponder options now need to be manually reconfigured if a properly mapped Email field is returned to the form.
  • Media libraries

    • When resizing images retrieved from media libraries, the image encoding quality was set to 100%, which could cause resized images to be larger in file size than the original. After the update, the default encoding quality is set to 80%.
    • WebP images uploaded to media libraries were stored and served with the wrong MIME type, and were not displayed correctly on the website.
    • Getting the URL of a media file using the IMediaFileUrlRetriever.Retrieve API always generated the file’s DirectPath URL, even when it was not required or used. When storing media files on Azure storage, this resulted in unnecessary requests to Azure.
  • Page Builder – Page, Path, Media and Attachment selectors for the Page Builder legacy compatibility mode did not preserve any order of the selected items. After applying the update, the items are stored in the order in which they were selected.

  • Pages

    • After attempting to save a conflicting URL slug for a page in the Pages application, the resulting error message disappeared immediately.
    • Fixed minor design issues in the Change template dialog in the Pages application, and added a Friendly warning with additional information.
  • UI form components

    • Entering a very long number into the Number input form component caused the value to be converted to scientific notation. After the update, only numbers between -2147483647 and 2147483647 can be entered.
    • Fields in the administration with a selector form component (e.g., Dropdown selector) did not save their value in special scenarios. The problem occurred if the field used a visibility condition, and also had an assigned configurator that dynamically populated the selection options.
    • If the Rich text editor had a custom toolbar configuration with the toolbarInline option disabled, enabling the toolbarSticky option didn’t work. The toolbar didn’t remain displayed at the top of the editing area when scrolling down in the content.
  • Xperience Portal – An error was logged to the browser console when selecting or clearing the checkbox for confirming DNS settings in the Site domains or SendGrid domains applications within Xperience Portal.


Hotfix (October 20, 2022)

version 22.3.2

Fixed issues

  • API – Creating a new media library (MediaLibraryInfo object) in code without HttpContext access resulted in an error. For example, the problem could occur when using the Xperience API in a console application.

  • Code generators – The system’s code generator created invalid code for objects (e.g., content types) with fields of the Pages and Media files data types.

  • Object types – An error occurred when using the object selector component with an object type that did not have the displayNameColumn configured in its Type info properties. The error affected fields created in the Field editor with the Object code names data type and form component, as well as code-driven properties decorated by the Object selector UI form component.


Hotfix (October 13, 2022)

version 22.3.1

New features

  • Xperience Portal – The page displayed after new users finish setting up their Xperience Portal account and password now contains a button redirecting to the portal’s sign-in screen.

Fixed issues – security

  • XSS – Administration input fields using the Rich text editor component were vulnerable to reflected XSS attacks. The hotfix ensures proper sanitization.

Fixed issues

  • Admin UI – Improved input validation on the Features tab in the Content types application.

  • Admin UI customization – The client customization framework didn’t correctly load files from JavaScript modules built on non-Windows operating systems.

  • Content hub – After updating the name of a content item in the Content hub application, the administration’s breadcrumbs and navigation menu didn’t reflect the new name.

  • Infrastructure – Export of the Xperience database to a backup file failed due to changes related to content items (introduced in Refresh 22.3.0). As a result, it was also not possible to deploy applications to the SaaS environment.


Refresh (October 6, 2022)

version 22.3.0

New features

  • Content hub – A new way of working with content was added. It is now possible to create content types (formerly page types) with a field configured to select content items. These linked content items can then be retrieved using the API. You can also manage existing content items in the Content hub application.
  • Email management – When creating emails in the Email templates and Emails applications, editors can specify the following new options:

    • Plain text content – Improves deliverability of emails. Some recipients may prefer plain text emails, and certain email clients only accept plain text.
    • Email preheader – The brief text that recipients see in their inbox after the email sender information and the subject line.
  • Xperience Portal – SaaS deployment uptime monitoring is now available in Xperience Portal. See Uptime monitoring.
  • Administration UI development
  • Forms – The listing in the Forms application contains a new column indicating whether the autoresponder is enabled for each form.
  • Contact groups – When viewing the contacts belonging to a contact group in the Contact groups application, users can now select contacts to open the given profile in the Contact management application.
  • The Text area UI form component for the administration provides new properties that allow configuration of the area’s minimum and maximum displayed height (number of rows).

Updates and changes

  • Rich text editor – When registering Rich text editor configurations, a display name needs to be specified for the configuration.
  • Field editor – Updated the names of certain field configuration options to better describe their purpose (Tooltip text and Text below the input).

Fixed issues

  • Admin UI

    • An accessibility warning was logged in the browser console when viewing administration pages containing the Password UI form component (e.g., on the sign-in or change password page).
    • Dialogs and side panels (e.g., the options panel in the Forms application) incorrectly closed after the user performed certain actions outside of the dialog area, for example mouse wheel clicks or right-clicks. After applying the update, dialogs are only closed by primary interactions, i.e., left mouse button clicks.
    • Minor improvements of the administration interface were made, for example increased font size for certain text.
    • The Icon selector form component was not disabled correctly, e.g., when viewing the editing form of a published or archived page.
    • The layout of the Form Builder designer area was broken on devices with a small display width.
    • When creating or editing fields in the Field editor, multiple scrollbars appeared in certain cases.
    • When displaying selected pages in an administration UI form, the Page selector component incorrectly showed the published name of pages, even when a newer version (draft) of the page had a different name.
  • Emails – Selecting the email name in the administration UI’s breadcrumbs incorrectly opened the email preview instead of the content editing view.

  • Forms

    • The After form submission panel in the Forms application became broken and displayed an error if an email selected for the Autoresponder was later deleted.
    • The email selector in the After form submission panel incorrectly remained enabled even if the form didn’t contain a field mapped to the Email contact attribute.
  • General

    • Running on a time zone with a large UTC offset caused unhandled errors in certain scenarios. For example, such errors could occur when logging event log records or when executing unit tests.
    • The system had a dependency on the deprecated Microsoft.jQuery.Unobtrusive.Ajax package. The Page and Form Builder scripts no longer use the jquery.unobtrusive-ajax.js bundle, and the dependency was removed. The related FormBuilderBundlesOptions.JQueryUnobtrusiveAjaxCustomBundleWebRootPath property in the API is now obsolete.
    • Domain aliases of sites were not validated correctly and allowed duplicate domain name values for the same site.
    • Field editor – Values entered into the Default value of fields were not validated in certain cases, and validation messages were displayed incorrectly.
  • Project templates – The sample site created by the Dancing Goat project template contained several broken links to non existing pages.

  • Routing

    • If the page specified in Settings → URLs and SEO → Home page was deleted, the Pages application didn’t work and an error occurred.
    • The routing engine was vulnerable to CRLF Injection when performing redirects due to improper encoding of the URL query string.

Hotfix (September 29, 2022)

version 22.2.3

Fixed issues

  • API – The AbstractTableManager.TableExists method returned false when the call terminated with an exception. After applying the hotfix, the method propagates the exception and correctly terminates.

  • Field editor – It was not possible the configure the Default value and Required status for fields of the following data types: Object code names, Object Guids, Pages, Media files


Hotfix (September 22, 2022)

version 22.2.2

Fixed issues

  • Emails – When viewing the details of emails via the Email detail dialog in the Email queue application, labels identifying individual email properties displayed unresolved resource strings instead of the corresponding property names.

  • Site domain aliases – It was not possible to register a domain name or alias starting with the www. prefix. This made it impossible to generate absolute URLs with the www. prefix to content managed by the system, as the URL generation API always prepended the URL with the site’s domain name, which resulted in URLs such as https://mydomain.com/landing. After applying the hotfix, domain names starting with www. are allowed. Moreover, the hotfix fixes an issue that allowed users to register multiple identical domain aliases for a single domain.


Hotfix (September 15, 2022)

version 22.2.1

Updates and changes

Fixed issues

  • Emails – The Preview mode for emails in the Emails application was modified to be more resilient against cross-site scripting attacks.

  • Field editor – When defining new fields via the field editor interface, the configuration of the field’s assigned UI form component was not persisted correctly in special cases. The problem occurred if the UI form component’s configuration options used components with UI page commands. Such options are disabled by default during initial field creation due to certain system limitations. However, the initial save of the field didn’t persist other configuration options that were available.


Refresh (September 8, 2022)

version 22.2.0

New features

Object type management and customization
Introduced a new Modules application with the following functionality:

  • Support for creating and registering object types into the system. Object types contain metadata that describe the properties and behavior of database entities integrated into and leveraging certain Xperience features.
  • Support for extending system object types.
  • Support for entering macro expressions. Until now, macro expressions were used by the system in the background, but were not available to users. Currently, macros are usable when configuring the default values of object type fields via the Modules application.

New email management applications
New Email templates and Emails applications that allow users to prepare and edit the content of emails directly in the Xperience administration. See Emails for more information. Currently, such emails can only be used with form autoresponders.

Xperience Portal
Custom site domains and the SendGrid sender domain can now be assigned through Xperience Portal. See Domain names for SaaS deployment and SendGrid integration.

Disqus integration
Xperience offers an external module that integrates with the Disqus comment platform. The module contains a Disqus comments widget that provides the option to add a comment section to any page on your website. Disqus also offers advanced moderation tools, analytics and monetization options. The module is distributed as a NuGet package. For more information and detailed instructions, see the Xperience by Kentico Disqus Widget GitHub repository.

Code editor UI form component
New Code editor UI form component for the administration. Provides a text editing area suitable for code, with support for syntax highlighting and line numbers.

Updates and changes

The original Emails application in the Xperience administration was renamed to Email queue. The new Emails application is now used to manage the content of emails. See Emails.

Fixed issues

  • Admin UI

    • Certain inputs and selectors displayed incorrectly when they contained a very long text value.
    • Certain locations in the administration displayed unresolved resource string keys instead of the actual text (for example the descriptions of event log records related to page workflow status changes).
    • Error messages displayed when attempting to delete an object with existing dependencies did not accurately describe the cause of the problem. For example, such errors occurred when deleting a page type with existing pages in the content tree.
    • The explanation text for the Password component was not displayed correctly in some locations.
    • When navigating between pages in listings within the administration, the screen didn’t scroll to the top of the page content.
    • When working in a dialog within the Xperience administration, notifications and error messages were incorrectly displayed outside of the dialog in certain cases.
  • Contact groups – The object selectors in contact group conditions were misaligned in certain cases.

  • Forms – The General or After form submission options panel in the form editing interface was not hidden correctly after clicking into the Form Builder editing area.

  • General – After performing a project update, the system didn’t correctly detect differences in the minor and hotfix version number of the database and project packages. The application now fails to start and returns an error on startup when such a version difference is detected. You always need to update both project packages and the database when performing an update.

  • Installation – When running the dotnet kentico-xperience-dbmanager CLI command with the --recreate-existing-database parameter, the database configuration was not preserved in certain scenarios (for example for Azure SQL databases).

  • Page Builder – Fixed minor vulnerabilities in the dependencies of Page Builder scripts.

  • Page types

    • After deleting a field in the Field editor within the Page types application, the configuration of the deleted field was incorrectly displayed instead of the values of the next field, which the field editor automatically expands.
    • The label text of the save button in the Field editor within the Page types application was unified to “Save”.
  • Pages

    • Deleting a page while editing another one prevented notifications about unsaved changes from being displayed.
    • Notifications about unsaved changes were not displayed correctly in the Pages application when attempting to move the page or its parent.
  • Rich text editor – When using the Code View of the Rich text editor to edit page content in the Pages application, changes were lost after saving the page. After applying the refresh, the editor automatically switches to the default WYSIWYG view after clicking anywhere outside of the editor area, including the page’s Save button, and changes are saved correctly.


Hotfix (September 1, 2022)

version 22.1.3

Fixed issues

  • Licensing – A licensing error prevented access to the administration if the cross-site tracking feature was enabled for the application with CrossSiteTrackingOptions configured, and the license key was missing or expired.

  • Rich text editor – For applications running on the domain root (without an application path), URLs of images and links placed into rich text editor content in the Page Builder interface became invalid after saving and publishing the page. Applying the hotfix does not fix existing broken URLs, but allows you to create correct links by re-saving and publishing the affected pages again.


Hotfix (August 26, 2022)

version 22.1.2

Fixed issues

  • Licensing – The administration dashboard didn’t work correctly when the license key had expired. As a result, users could not enter a new valid license.

Hotfix (August 19, 2022)

version 22.1.1

Fixed issues

  • Cross-site tracking – Calling the kxt('pagevisit'); function in cross-site tracking scripts generated an error in the browser console if the function’s optional onerror callback was not handled.

  • Infrastructure – The Kentico.Xperience.DbManager.dll library distributed as part of the Kentico.Xperience.DbManager NuGet package was missing a Microsoft Authenticode digital signature.

  • SaaS deployment – The Export-DeploymentPackage PowerShell script (provided as part of cloud project templates) created a malformed $StorageAssets directory within the resulting deployment package. The problem occurred for projects where an item in the directory had Copy to Output Directory set to a different value than Do not copy.

To avoid the described issue for cloud projects created using an older version of the Kentico.Xperience.Templates package, update the package and recreate the project to obtain the newest version of the Export-DeploymentPackage script.


Refresh (August 12, 2022)

version 22.1.0

New features

Minimal APIs support
The system now supports application configuration using minimal APIs introduced in .NET 6.

  • Project templates from the Kentico.Xperience.Templates NuGet package were updated – newly created projects leverage the minimal API configuration model by default.
  • The legacy configuration model with separate program entry (Program.cs) and startup files (Startup.cs by default) remains fully supported, but its use is no longer recommended. All documentation and training materials now work with minimal APIs exclusively. To migrate your codebase to the new model, follow Migrate to the new minimal hosting model in ASP.NET Core 6.0 for framework code, and Configure new projects for Xperience-related code.

Page templates

  • Page templates can now be configured using custom properties.
  • Pages created using page templates that contain Page Builder content (widgets, sections) can now be saved as Preset templates and reused when creating other pages. Templates prepared by the developers (added via RegisterPageTemplate) are now referred to as Default templates. See Page templates.
  • When changing the Default page template of a page, users now have the option to transfer existing Page Builder content over from the current page, assuming editable areas in both the source and target template use matching identifiers. See the Implement page templates section on Page templates for Page Builder for developer documentation, and the Change templates of existing pages section on Page templates for business documentation.

Xperience Portal
The hash string salt value assigned to Xperience Portal projects is now visible in Xperience Portal, under the Project info section of the project Dashboard. Previously, hash string salts were provided by Kentico alongside Xperience Portal projects using other channels.

Administration interface
The Xperience administration now uses an appropriately-themed dialog window when notifying users about interactive events (e.g., notifications about unsaved changes), instead of each browser’s default notification system.

Fixed issues

  • Admin UI customization – The BarItemGroup component (@kentico/xperience-admin-components) generated the “Each child in a list should have a unique ‘key’ prop” warning in the browser console, for example when using the field editor in the Page types application.

  • CI/CD

    • CI/CD commands returned a non-zero exit code in special cases even if the result was successful.
    • If the Continuous Integration or Continuous Deployment command-line tools were run targeting a directory without a repository.config file, the processes got stuck and could only be terminated using a hard exit (CtrlC).
  • Contact groups – Attempting to close the contact group condition dialog with unsaved changes now displays a warning prompt.

  • Cross-site tracking – The Website name column in the listing of tracked websites under Cross-site tracking → Tracked websites incorrectly displayed the tracked site’s code name instead of its display name.

  • Former URLs – Moving a page via drag-and-drop using the content tree in the Pages application incorrectly created a former URL for the page even when the page’s URL was not affected by the move operation (e.g., a reorder within the same section of the tree).

  • Forms – The Form Builder interface could be displayed on different domains via an iframe (assuming certain conditions were met).

  • General – Minor visual issues that could in certain cases appear throughout the administration interface across various browsers (listings and search inputs overflowing on smaller resolutions, incorrect shadows on certain elements, minor layout issues on specific pages, etc.).

  • Licensing – License expiration notifications were displayed incorrectly in certain cases.

  • Pages

    • After a page was moved in the content tree in the Pages application, the right-side workspace was not updated and could incorrectly display outdated information (e.g., a page’s URL still reflected the previous position).
    • After discarding changes to a page in the Pages application, certain fields on the Content tab were not reverted to their previous values (not displayed correctly from the last published or archived version of the page).
    • When editing a page’s URL slug via Properties in the Pages application, the Publish change button could disappear in rare cases.
    • When editing a page’s URL slug via Properties in the Pages application, the caption of the save button now reflects the workflow state of the page – Publish change for published pages, and Save change for unpublished or archived pages.
  • Project templates – When running the Dancing Goat project in Kestrel on Linux environments, accessing certain malformed images caused a complete shut down of the Kestrel hosting process, requiring a full application restart. The affected images were replaced. This change only applies to new projects created after updating the Kentico.Xperience.Templates NuGet package to version 22.1.0 or newer.

  • UI form components

    • Text inside disabled Text area and Text input UI form components was not visible when using the Safari browser.
    • The Form Builder interface could be displayed on different domains via an iframe (assuming certain conditions were met).
    • The URL selector UI form component could under certain circumstances lose focus unexpectedly when manually editing its value.
    • The clickable area of checkbox components in the administration was increased.
    • The object selector UI form component didn’t reflect the Tooltip and InactiveMessage properties.
    • The system incorrectly evaluated UI form component visibility conditions that made use of transitive dependencies. In these cases, the system failed to correctly reflect the values of certain fields based on their (in)visibility when evaluating the condition, which could result in incorrect visibility states. For example, assume field dependencies A → B → C, which implies that field C also depends on field A. Setting A to a value that hides B must also hide C (due to transitivity), which was not the case. After applying the fix, complex visibility conditions that depend on hidden fields use either the hidden field’s default value (if set) or an empty value.
  • Xperience Portal

    • In the Xperience Portal Deployments application, the Deploy to drop-down for selecting the target environment was incorrectly enabled even where there was no existing deployment in the source environment.
    • The expiration date of the license key generated via the License key generator application in Xperience Portal can no longer be manually specified. License key expiration is now automatically managed by the portal – all generated keys are set to expire together with the validity of your Xperience subscription.
    • The link to the License Key Generator on the Xperience Portal Dashboard didn’t work.
    • Xperience Portal password reset emails did not contain a password reset link if the user’s email address included uppercase characters.

Database changes

The following database columns were removed. This was only a cleanup on the database level – the columns were no longer used by the system. 

  • CMS_Class table – ClassIsNavigationItem
  • CMS_Class table – ClassIsMenuItemType
  • CMS_Document table – DocumentShowInMenu

Hotfix (August 5, 2022)

version 22.0.4

New features

  • Cross-site tracking – Functions in cross-site tracking scripts now provide an optional onerror callback, which allows custom handling for scenarios where cookies are blocked, as well as other error states. See Cross-site tracking.

Fixed issues

  • Cross-site tracking – Adding or revoking consent agreements using the kxt('consentagree', ...); and kxt('consentrevoke', ...); functions in cross-site tracking scripts incorrectly created an anonymous contact when the client’s browser blocked third-party cookies. In these cases, the contact was unnecessary and never contained any data, since tracking is not possible even if the visitor gives consent.

Hotfix (July 29, 2022)

version 22.0.3

Fixed issues

  • Cross-site tracking
    • Checking the consent status of the current contact using the kxt('consentcontactstatus', ...); call in cross-site tracking scripts incorrectly created a new anonymous contact in cases where the visitor had not given consent to be tracked.
    • When a visitor accepted tracking consent on an external website, and then arrived on the main Xperience site, the system failed to detect the consent and didn’t automatically set an appropriate cookie level for the main site. After applying the hotfix, the cookie level specified during application startup via CrossSiteTrackingOptions is set automatically for tracked visitors from external sites, and the cross-site contact is merged with the contact representing the visitor on the main site.

Hotfix (July 22, 2022)

version 22.0.2

Fixed issues

  • General – Minor fixed issues without direct customer impact (e.g., improved confirmation message text for the database update CLI command).

Hotfix (July 15, 2022)

version 22.0.1

Fixed issues

  • Contact groups – The recalculation warning displayed after editing a contact group’s condition behaved incorrectly. In certain cases, clicking the button didn’t immediately display the “loading” status, and the warning remained visible even after recalculation was triggered and successfully finished.

  • Cross-site tracking – When using the default configuration, the cross-site tracking scripts attempted to reach a non-existing Kentico.CrossSiteTracking/Logger/LogCrossSiteAnalytics endpoint. This caused failed requests on the tracked site’s pages.

  • Forms – If validation failed for the Email or U.S. phone number fields when submitting a form, the validation error messages were displayed incorrectly (as unresolved resource string keys).

  • Licensing – The administration incorrectly displayed license expiration notifications when using an evaluation license. After applying the hotfix, expiration notifications only appear for full licenses.

  • Project templates – The Privacy page on the Dancing Goat sample site (kentico-xperience-sample-mvc project template) displayed an error if the data protection demo was not enabled in the Sample data generator application. The hotfix does not update existing sites, only new projects created based on the Dancing Goat template.


Refresh (July 1, 2022)

version 22.0.0

The initial release of the Xperience by Kentico adopters program.