Are you vulnerable?

Konsult wishes to improve the way we inform you about security issues. Transparency is a key to make sure your websites are patched and secure as much as possible. Here you will see all security issues fixed in Kentico 12 and all future versions.

The hotfixes are cumulative, meaning that the hotfix contains all the previous hotfixes for the same version. We recommend that you apply the latest hotfix available for the respective Kentico version you are using.  If you are looking for older versions, please visit https://devnet.kentico.com/download/hotfixes.
 

Claim My Free ꓘonsultation

Hotfix 12.0.2

Published: Fri, 14 Dec 2018 13:21:35 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Contact management - When setting the 'Subsidiary of' field on the 'General' tab of an account in the 'Contact management' application, the system did not preserve the account selection if the parent account was selected via the '(more items…)' dialog window.
  • Groups - When accessing forum groups belonging to a specific group on the 'Forums' tab of the 'Group' application, more strict permissions than necessary were required.
  • Licensing - Certain operations with products could lead to SQL deadlock errors on sites with the 'Kentico CMS Base' or lower license editions.
  • Search - When indexing page attachments, errors caused by malformed attachment content (e.g., invalid Unicode characters) displayed insufficient debugging information. After applying the hotfix, the error message contains the ID and name of the attachment causing the exception.
  • Web parts - The 'ORDER BY expression' field was not taken into account when displaying related pages using the 'Repeater' web part. The default order of the related pages was always displayed.


Hotfix 11.0.46

Published: Fri, 14 Dec 2018 12:45:08 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Email marketing - On Kentico EMS instances hosting multiple sites, subscriber data was processed incorrectly when automatically merging contacts who subscribed to newsletters from different sites. This could lead to marketing emails not being sent to subscribers and loss of subscriber data in some cases.
  • Search - When indexing page attachments, errors caused by malformed attachment content (e.g., invalid Unicode characters) displayed insufficient debugging information. After applying the hotfix, the error message now contains the ID and name of the attachment causing the exception.


Hotfix 12.0.1

Published: Fri, 07 Dec 2018 11:29:21 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Email marketing - On Kentico EMS instances hosting multiple sites, subscriber data was processed incorrectly when automatically merging contacts who subscribed to newsletters from different sites. This could lead to marketing emails not being sent to subscribers and loss of subscriber data in some cases.
  • Event log - When logging new events into the event log, the system did not delete old events according to the limit specified in the 'Event log size' setting.
  • On-line Marketing - Activities of the 'Form submission' type were logged with an incorrect 'Activity URL' value on content-only (MVC) sites. After applying the hotfix, such activities are logged with the URL of the page displaying the given form.


Hotfix 11.0.45

Published: Fri, 23 Nov 2018 09:57:37 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Data protection - The 'Contact has agreed with consent' macro rule was not evaluated correctly in certain types of conditions (for example in marketing automation process triggers), and always returned a false value.
  • E-commerce - When writing custom code that obtained a shopping cart object for an existing order using the 'ShoppingCartInfoProvider.GetShoppingCartInfoFromOrder' method, the cart's 'OrderDiscount' property was not set and always returned 0 (until the shopping cart was recalculated by calling its 'Evaluate()' method).
  • Form controls - If certain drop-down selector form controls (e.g. the 'Uni selector' in 'Single drop down list' selection mode) were placed into a form that was displayed in a dialog, such as the web part configuration dialog, and the field's settings also used an 'Enabled condition', clicking the '(more items...)' option in the list did not work correctly and the additional selection dialog was not opened.


Hotfix 11.0.44

Published: Fri, 16 Nov 2018 09:24:22 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - An error occurred on pages that displayed product details using an ASCX transformation containing the 'ShoppingCartItemSelector' control, if the control's 'UnavailableVariantInfoEnabled' property was enabled and the displayed product did not have any defined variants.
  • Facebook connect - Authentication failed when signing in to a website through the 'Facebook Connect logon' web part (a JavaScript error occurred due to changes in the Facebook SDK).
  • Import/Export - When importing a page type or custom table on an instance where the given object did not exist yet, role permissions configured for the page type or custom table were not imported.


Hotfix 11.0.43

Published: Fri, 09 Nov 2018 10:05:56 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • General export - When using the general export feature of listings in the administration interface (export to Excel, CSV or XML files), text data containing special characters, such as diacritics, could be malformed in the exported files.
  • Import/Export - If the 'Membership reminder', 'Report subscription sender' or 'Users delete non activated user' scheduled tasks were imported within a package from an older version, the given tasks could not be executed due to an incorrect assembly and class name.
  • Pages - Attempting to publish a page under a workflow after restoring it from the recycle bin worked incorrectly. This happened only if the workflow was applied to an existing page after its creation.
  • Search - Local search indexes did not work when running Kentico as a scaled out Azure Web App with the 'CMSSharedFileSystem' web.config key enabled (this key was introduced in hotfix 11.0.23).


Hotfix 11.0.42

Published: Fri, 02 Nov 2018 08:56:40 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Email marketing - Certain macros related to email marketing did not take A/B testing variants of emails into account. For example, this could lead to incorrect evaluation of conditions that used the "Contact has opened marketing email" macro rules.
  • MVC - Output caching did not work correctly on the pages of MVC sites for registered users due to unnecessary cookie operations performed by the system. The problem affected users whose 'Preferred user interface culture' was set to '(default)', for example newly registered users.
  • Pages - If a multilingual page used an ad-hoc page template shared by all culture versions, deleting a culture version of the page also permanently deleted the page template (this caused the remaining culture versions to display blank content). After applying the hotfix, templates shared by multiple culture versions are deleted only after deleting the last culture version of a page.
  • Pages - A warning message about not saved changes was displayed after editing and saving a page field using the 'Uni selector' form control (on the Form or Content tab of the Pages application). The warning message was displayed even when all changes were correctly saved.
  • Search - On sites using an Azure Search index, updating a page that had the 'Exclude from search' option enabled (on the 'Properties -> Navigation' tab of the Pages application) resulted in a failed indexing task, which blocked further processing of Azure Search tasks (until the failed task was manually deleted).
  • Social Media - Due to changes in the Facebook API and updated security requirements, the initial Facebook authentication and page publishing functionality in Kentico no longer works. To use the features, you need to apply the hotfix, and manually set 'Valid OAuth redirect URIs' for your Facebook app, and ensure that it has the required permissions via the Facebook App Review. See the hotfix instructions for details.


Hotfix 11.0.41

Published: Fri, 26 Oct 2018 06:42:27 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Email marketing - If a contact was already subscribed to a newsletter with double opt-in enabled and attempted to subscribe again after the double opt-in interval had expired, the system did not inform them about the existing subscription. Similarly, calling the 'IsSubscribed' API method of the default 'ISubscriptionService' in custom code incorrectly returned a false value in these cases.
  • Page types - When adding system page fields to a page type (fields with the 'Field type' set to 'Page field'), the 'Default value' was not applied in the resulting editing form for certain system fields, for example 'DocumentMenuItemHideInNavigation'.
  • Search - Smart search indexes of the 'Pages crawler' type used incorrect URLs for pages of content only page types, which prevented content from being indexed (for example on MVC sites).


Hotfix 11.0.40

Published: Fri, 19 Oct 2018 07:32:21 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Pages - When a page field was edited on the Form tab of the Pages application with a value that did not meet the requirements of a validation rule, repeated submission of the data (e.g., moving to the next workflow step) incorrectly resulted in successful validation (while the original data was submitted).


Hotfix 11.0.39

Published: Fri, 12 Oct 2018 06:39:39 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Attachments - Resizing of attachment images according to device profiles did not work correctly. Resizing was performed according to the device profile active when the image was requested for the first time. The result was cached and incorrectly served for all other profiles until the cache expired.
  • E-commerce - Payments using the default PayPal provider failed if the site was configured to include tax in prices.
  • Email marketing - On sites running in a web farm environment, duplicate copies were sent out for a portion of newsletter or email campaign emails in certain cases.
  • Scheduler - If a scheduled task was configured to run only on specific days of the week, the 'Next run' time was calculated incorrectly under certain circumstances.


Hotfix 11.0.38

Published: Fri, 05 Oct 2018 06:21:18 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Contact management - The primary or secondary contact assigned to an account was removed if the corresponding contact was merged with another contact (for example with a new anonymous contact).
  • Field editor - An unhandled error occurred when creating fields with a data type for which no form control was available (e.g. 'Binary' type fields in custom module classes). After applying the hotfix, the error no longer occurs in these cases and the 'Form control' selector is disabled. However, it is still necessary to implement a custom form control if you wish to display fields of the given type in forms.
  • Macros - The 'RelatedDocuments' property available for page objects in macros did not work correctly (the macro is used to retrieve a collection of all pages related to the given page through a relationship with the specified name).
  • Macros - If the 'Documents' macro was used together with the 'Columns' macro method, the returned pages did not contain coupled data columns of specific page types (even when the 'WithAllData' property was added to the Documents collection, and the given columns were specified in the 'Columns' method).


Hotfix 11.0.37

Published: Thu, 27 Sep 2018 11:15:11 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Form controls - The 'HTML5 input' form control only accepted integer (whole number) values when configuring the 'Max', 'Min' and 'Step' attributes. After applying the hotfix, other types of values, such as decimal numbers or dates, can be saved into the attributes.
  • Form controls - When a field using the 'reCAPTCHA' form control was added to a form, the resulting HTML code was invalid (a <span> tag containing <div> elements). After applying the hotfix, the rendered <span> is replaced by a <div>.


Hotfix 11.0.36

Published: Fri, 21 Sep 2018 06:25:05 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Licensing - Licenses were not loaded correctly when using cultures with certain calendar types (for example the Persian calendar).
  • Sites - In special cases, switching between sites in the header of the administration interface could cause an error (stack overflow exception) and a possible site crash. The problem occurred only on instances with customizations performing certain types of actions within handlers for the user update event.


Hotfix 11.0.35

Published: Fri, 14 Sep 2018 06:27:48 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Pages - Page aliases containing wildcards were processed in an incorrect order in certain cases. For example, if a page had two aliases with paths like '/page/{param}' and '/page/{p1}-{p2}', accessing the URL path '/page/value1-value2' resulted in the first alias being selected instead of the second (the value of the 'param' parameter was 'value1-value2', and the 'p1' and 'p2' parameters were not set). After applying the hotfix, you need to resave all page aliases where this problem occurs.


Hotfix 11.0.34

Published: Fri, 07 Sep 2018 06:38:22 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Continuous integration - If the serialization of an object by the continuous integration solution failed because the resulting file's absolute path exceeded the maximum limit of 260 characters, the system logged a 'PathTooLongException' error into the event log without any additional debugging information. After applying the hotfix, the error message contains the absolute path of the file.
  • Personas - On sites running in a web farm environment, content personalization conditions based on the visitor's persona were not evaluated correctly in some cases, which caused the incorrect personalized content to be displayed.
  • WYSIWYG editor - After enabling SCAYT (Spell Check As You Type) functionality in the editor, the options dialog (languages, dictionaries, etc.) did not work correctly.


Hotfix 11.0.33

Published: Fri, 24 Aug 2018 06:38:25 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - The 'Sales' and 'Number of orders' e-commerce reports displayed an incorrect "Total" value when filtering with a specific 'To' date was used.
  • Search - When storing smart search indexes on a shared file system (for example Azure Blob storage or on instances deployed to Azure Web Apps), the index files could become locked if an application restart occurred while building or updating an index. This blocked further index operations, such as index rebuilds. After applying the hotfix, the system is able to automatically resolve most scenarios related to locked index files. If your system already contains index lock files created before applying the hotfix, you need to manually delete them from the file system.


Hotfix 11.0.32

Published: Fri, 17 Aug 2018 06:24:43 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Salesforce - When using the Kentico integration API for Salesforce in custom code, a FormatException error occurred after executing a SOQL query that returned an empty value for a field.
  • Web parts - On instances with a database hosted on SQL Server 2008 R2, an error occurred when selecting a query in the configuration dialog of a custom query web part (for example via the 'Query name' property of the 'Repeater with custom query' web part). The issue only occurred after applying hotfix 11.0.12 or newer.


Hotfix 11.0.31

Published: Fri, 10 Aug 2018 07:46:46 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • User interface - When using a selection dialog to select items with a specified filter (e.g., adding applications filtered by name to the default system dashboard for individual roles via the 'Roles' application), the filtering operation was also applied to the existing selection of items, often causing the loss of a portion of the selected items.


Hotfix 11.0.30

Published: Fri, 03 Aug 2018 06:47:57 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Email marketing - In an environment with multiple sites running on a single domain, an error occurred when a user tried to create a new email feed in the 'Email marketing' application.
  • General export - The menu providing data export options did not work in the 'Contact demographics' report accessible from the 'Email marketing' and 'Campaigns' applications.


Hotfix 11.0.29

Published: Fri, 27 Jul 2018 06:38:02 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - When displaying coupon codes added to a customer's shopping cart, it was not possible to adjust the appearance of codes that are no longer valid (for example after the cart's total price falls under the value required by the coupon code's discount). After applying the hotfix, coupon code transformations provide an 'IsApplied' data property, which can be used to evaluate whether codes are still valid.
  • Form controls - The 'Country selector' form control did not display the state selector element if used for a field in a form that was placed into an editable text area through the 'On-line form' inline widget.


Hotfix 11.0.28

Published: Fri, 20 Jul 2018 06:18:28 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Data engine - The API incorrectly allowed 'Union', 'UnionAll', 'Intersect' and 'Except' operations to be used with IMultiQuery objects (most commonly 'MultiDocumentQuery' objects returned when retrieving pages of multiple types). These operations are not supported for such objects and generated incorrect queries. After applying the hotfix, such operations result in a "not supported" exception.
  • E-commerce - Users without the administrator privilege level were not allowed to manually create or edit coupon codes for gift cards, even with sufficient permissions for managing gift cards.
  • Email marketing - Sending of marketing emails failed if monitoring of bounced emails was enabled and the sender name configured for the email feed or specific email contained a comma character.
  • Event log - When an administrator performed actions while impersonating another user, entries created in the system's event log did not contain the administrator's original name (only the name of the impersonated user).
  • General export - When using the Advanced export feature for page aliases in the 'View all aliases' dialog in the Pages application, an error occurred if the 'Current page only' option was disabled.
  • Sites - After attempting to save a domain alias with a domain value that was already used by another alias (on the same site or another site), the edited site was stopped.
  • Transformations - Users without the administrator privilege level encountered an 'Access denied' error when attempting to edit hierarchical transformations from the web part configuration dialog in the Pages application, even if they had sufficient permissions for the 'Design' and 'Content' modules.


Hotfix 11.0.27

Published: Fri, 13 Jul 2018 06:01:54 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - Payments using the default PayPal provider failed if the order had an applied Buy X Get Y discount or Product coupon discount with a certain type of additional condition (for example a discount available only for registered users).
  • Marketing automation - 'Unsubscribe from newsletter' action of the 'Newsletter subscription' step in Marketing automation did not work correctly.
  • On-line Marketing - By default, the geolocation feature uses MaxMind's GeoLite or GeoIP Legacy Databases, which will be discontinued in the future. The hotfix allows you to manually integrate the newer GeoIP2 Databases. To do this, you need to apply the hotfix, then install the 'Kentico.Geolocation.Update-v11' NuGet package, and add the required database files into your web project. See the hotfix instructions for details.


Hotfix 11.0.26

Published: Fri, 29 Jun 2018 06:50:12 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Dialogs - When performing page content tree actions in a modal dialog (for example moving a page), the interface could be confusing after switching to the listing mode that shows all sub-pages of a specific page. After applying the hotfix, a notification message is displayed to inform the user about the change of listing mode and to enable them to get back to the original listing.
  • Email marketing - Default values of email widget properties were incorrectly applied whenever empty values were saved to the properties.
  • General export - When using the Advanced export feature for the activity log in the 'Contact management' application, an error occurred if the 'Export raw database data' option was enabled and columns that are not included in the activity list by default were selected.
  • Web farms - When a URL path value of the 'Route' type was modified for a page, the changes were not synchronized correctly between web farm servers.


Hotfix 11.0.25

Published: Fri, 22 Jun 2018 10:51:45 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Email marketing - Email widgets did not reflect the selected UI culture when storing their properties which could lead to an error when editing the widget. After applying the hotfix, you need to manually re-save the configuration of affected widgets in your emails.
  • Widgets - If content personalization was enabled, adding a widget with the 'Skip initial configuration' option enabled on a page under workflow could cause other widgets in the given zone to disappear after the page was saved.


Hotfix 11.0.24

Published: Fri, 15 Jun 2018 07:14:47 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Code generation - Code generated for page types, custom tables, forms or module classes was invalid if the given object had a field with a description containing newline characters. Saving the resulting code could lead to an error on the site (the code could not be compiled).
  • Data protection - Searching for personal data in the 'Data protection' application was inefficient. Applying the hotfix improves the performance of the personal data search.
  • General - Errors were generated in the system's event log when web bots, such as search engine crawlers, processed pages containing certain types of selector components (for example a country selector).
  • General - The system did not accept values of the floating-point number (double) type that contained a digit group separator (thousands separator), but did not have a decimal part. The problem occurred only after applying hotfix 11.0.22 or newer.
  • Translation services - Translations.com submission could fail when a page was submitted for translation into multiple cultures, but was already translated into some of the target cultures (even though the 'Skip already translated pages' checkbox was selected).
  • User interface - When clicking the 'Clear' button next to the 'In roles' and 'Not in roles' fields in the advanced user search on the 'Users' tab of the 'Users' application, the textbox field was not cleared.
  • Web parts - The system incorrectly resolved URLs of videos inserted via the 'YouTube video' web part or widget. The issue only occurred after applying hotfix 11.0.22 or newer.


Hotfix 11.0.23

Published: Fri, 08 Jun 2018 07:17:28 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Continuous integration - When running continuous integration configured to not exclude any object types, or using the object blacklist (i.e. having objects specified under the '<ExcludedObjectTypes>' element in the 'repository.config' file) and restoring a new custom table type already containing some data, the corresponding data was restored only after the second time continuous integration was run. After applying the hotfix, new custom table definitions together with their corresponding data are restored in a single run of the continuous integration application.
  • Cookie consent - When the 'Cookie law and tracking consent' web part was placed on a page and the 'Default cookie level' setting was set to 'System', users were repetitively signed out from the administration interface after attempting to view this page in the Pages application.
  • Data protection - Links to pages inserted into consent text in the 'Data protection' application did not always reflect the culture selected in the 'Language of consent' selector.
  • General - The access denied page of the administration interface did not work correctly when running on certain types of domains, and a generic 403 error was displayed instead when a user attempted to access an administration page without the required permissions.
  • General - If the Target framework of a Kentico web project was set to .NET Framework 4.7.2, a compilation error occurred due to an ambiguous reference (ToHashSet method). The error could also occur after installing .NET Framework 4.7.2 if live site debugging was enabled on the live site.
  • Localization - If the '~\CMSPages\PortalTemplate.aspx' page was customized by adding the Async="true" attribute to the 'Page' directive, resolving of resource strings in page content did not work correctly.
  • Web farms - Redundant web farm synchronization tasks were being created and processed in environments where multiple web farm instances shared a single file system (e.g., when running Kentico in Azure Web Apps). This could lead to unwanted side effects, e.g., when synchronizing smart search indexes. The hotfix introduces a new 'CMSSharedFileSystem' web.config key that notifies web farm instances they are operating over a shared file system and configures them accordingly. See the hotfix instructions documentation page for more details.


Hotfix 11.0.22

Published: Fri, 01 Jun 2018 13:09:27 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Email marketing - Merging of contacts who subscribed to newsletters from different sites caused data inconsistencies, which could lead to errors when sending the newsletters.
  • Form controls - If a field using a text area form control (e.g. 'Text area' or 'Rich text editor') had a specified maximum text length, the system logged macro security warnings in the event log when the text length was exceeded in the resulting form, even if the text did not contain any macros.
  • General - Evaluation of form field validation rules could fail or lead to errors in special cases.
  • On-line Marketing - The processing of on-line marketing activities could malfunction and log errors in the event log under certain circumstances.
  • Users - Adding a site-specific role to a user on the Roles tab in the Users application caused all global roles to be removed for the given user.


Hotfix 11.0.21

Published: Fri, 18 May 2018 06:32:27 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Code generation - Code generated for page types, custom tables, forms or module classes was invalid if the given object had a field of the Text or Long text type with a default value containing certain characters (for example newlines or quotation marks). Saving the resulting code could lead to an error on the site (the code could not be compiled).
  • Continuous integration - An error occurred when restoring continuous integration files if the data contained an object with a field representing an optional reference to another object, and the referenced object was deleted (for example, the 'ItemCreatedBy' field of custom table data items referencing a user object). After applying the hotfix, such objects are restored successfully with a null value in the given reference field.
  • Macros - Macros placed in the code of transformations could become invalid in special cases after re-signing macros in System -> Macros -> Signatures. The problem occurred if the macro expression contained certain characters (e.g. '<' or '>'), and object versioning was used for transformations, for example when undoing check-out or restoring an older version of a transformation.
  • Web parts - If object locking of page templates was enabled, templates containing the 'Customer address' or 'Customer detail' web part could not be checked in while displaying web part content (on the Design tab of the Pages application).


Hotfix 11.0.20

Published: Fri, 11 May 2018 06:26:31 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - Discount coupon codes could be applied more than once during checkout in certain cases.
  • Widgets - When selecting a layout of a widget in the 'Widgets' application, an error occurred if there was a large number of available layouts and the '(more items...)' option was selected.


Hotfix 11.0.19

Published: Fri, 04 May 2018 06:33:32 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-mail engine - Sending of emails failed and an error was logged in certain cases if one of the email address field values (e.g., email recipients) ended with a semicolon character (typically used as a separator between addresses). For example, the problem occurred when sending form email notifications.
  • On-line Marketing - The 'Log on-line marketing activity' property was reset for pages under workflow every time a new version of the page was created.
  • Social Media - Effective May 18th, 2018, the LinkedIn API will no longer work with the original OAuth 1.0 implementation in Kentico. The hotfix updates the system to use OAuth 2.0 authentication for LinkedIn company management and authentication functionality. After applying the hotfix, you need to add appropriate 'Authorized Redirect URLs' for your application in the LinkedIn developer portal, and also 'Reauthorize' all LinkedIn company profiles in your 'LinkedIn' application in Kentico. See the hotfix instructions for details.