Are you vulnerable?

Konsult wishes to improve the way we inform you about security issues. Transparency is a key to make sure your websites are patched and secure as much as possible. Here you will see all security issues fixed in Kentico 12 and all future versions.

The hotfixes are cumulative, meaning that the hotfix contains all the previous hotfixes for the same version. We recommend that you apply the latest hotfix available for the respective Kentico version you are using.  If you are looking for older versions, please visit https://devnet.kentico.com/download/hotfixes.
 

Claim My Free ꓘonsultation

Hotfix 13.0.43

Published: Tue, 14 Sep 2021 07:22:45 GMT

Hotfix 13.0.43 is the Kentico Xperience 13 Refresh 3 release, which represents a larger update than a standard hotfix and includes new features. For detailed information about the introduced changes, please refer to the Refresh release notes.
 
Be sure to check our Hotfix instructions before starting the hotfix process. It might save you some trouble afterwards.


Hotfix 13.0.42

Published: Fri, 03 Sep 2021 08:56:11 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-mail engine - The system stopped sending emails in rare cases when an SMTP server did not return any response. Emails remained stuck in the email queue with the 'Sending' state. On instances with only one SMTP server configured, this scenario could fully block sending of emails.
  • Security - The screen lock functionality did not activate if the screen lock interval was configured to a period longer than 15 minutes.
  • Unix/Linux - It was not possible to run Xperience-specific isolated integration tests (derived from the 'IsolatedIntegrationTests' class) in Linux environments due to database connection issues. The hotfix introduces a new 'CMSTestIsolatedAltConnectionString' configuration key that allows test projects to connect to databases running in Linux environments. See the hotfix instructions for details.


Hotfix 13.0.41

Published: Fri, 27 Aug 2021 10:15:34 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • MVC - Links generated by the 'Url.Action' and 'Html.ActionLink' methods on MVC sites had invalid URLs for pages that used page templates. The problem could occur if the methods were called directly in a page template view or in the code of a layout used by the page.
  • WYSIWYG editor - The Rich text editor for the Page Builder did not allow customization of the 'Insert Link' dialog. The 'linkAttributes' toolbar option was not reflected by the system.
  • WYSIWYG editor - If an image tag was manually inserted in the 'Code View' of the Rich text editor component, an error occurred when using the 'Replace' option for the image. For example, the problem occurred when editing the content of the 'Rich text' page builder widget.


Hotfix 13.0.40

Published: Fri, 13 Aug 2021 09:19:24 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Attachments - The image resizing settings configured in 'Settings > System > Files > Image resizing' were not applied to images uploaded as page attachments using the 'Attachment selector' or 'Rich text editor' component. For example, the problem occurred when a file was uploaded through a page builder widget property using one of the given form components.
  • Files - An error occurred when retrieving files using Xperience handlers on ASP.NET Core sites with certain non-English default content cultures (e.g., Arabic). For example, the issue occurred for permanent URLs of media library files based on the 'getmedia' handler, such as '/getmedia/0140bccc-9d47-41ea-94a9-ca5d35b2964c/image.jpg'.
  • Form builder - The Form Builder was incorrectly configured to detect the default invariant culture when running on Linux environments. As a result, attempts to access the Form Builder interface resulted in an error in certain cases (ArgumentNullException). The issue occurred only after applying hotfix 13.0.14 or newer.
  • Sentiment analysis - The sentiment analysis feature did not work in cases where all wrapping HTML tags were removed from the content of a page field based on the 'Rich text editor' form control.
  • User interface - Radio button or checkbox lists in the administration interface were not styled correctly and could overflow if there was a very large number of options. For example, the problem could occur when displaying filters based on E-commerce product options.


Hotfix 13.0.39

Published: Fri, 06 Aug 2021 09:48:29 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • A/B testing - On instances with hotfix 13.0.25 or newer applied, A/B tests incorrectly logged visits of the tested page and conversions for visitors who had not given consent to be tracked as contacts (did not accept on-line marketing cookies). This could impact the conversion statistics of A/B tests in a misleading way. After applying the hotfix, visits and conversions are logged only for contacts included in the A/B test. If a visitor gives consent after viewing the tested page for the first time, visits and conversions are logged only after they revisit the page.
  • Form builder - When the 'Rich text editor' was assigned to a property of a form component or section, the editor interface incorrectly displayed the 'Select' option for links and 'Replace' option when editing images. These options are not supported in the form builder and caused an error when clicked. After applying the hotfix, the unsupported options are hidden when the rich text editor is used within the form builder.
  • Media library - The image resizing settings configured in 'Settings > System > Files > Image resizing' were not applied to images uploaded using the 'Media files selector' or 'Rich text editor' component. For example, the problem occurred when a file was uploaded through a page builder widget property using one of the given form components.
  • UI personalization - If the UI personalization feature was enabled, the 'Properties > Navigation' tab in the Pages application was not accessible even if the corresponding element in the UI personalization settings was allowed for a user's role.


Hotfix 13.0.38

Published: Fri, 30 Jul 2021 12:14:30 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - Dependency injection was not supported when developing filters for page templates or form components. After applying the hotfix, the constructor of filter classes implementing 'IPageTemplateFilter' or 'IFormComponentFilter' can have parameters (e.g., instances of services registered in the project's DI container). Such filters must be registered into the corresponding filter collection using the 'Add<FilterClassType>' method, with the filter class as the generic type parameter.
  • Hotfix - When installing hotfix 13.0.37, certain files were incorrectly marked and detected as customized, which prevented the hotfix from fully applying changes (manual resolving of the affected code was required). Apply hotfix 13.0.38 or newer to correctly fix issues from the previous hotfix.
  • Macros - Macro rules didn't work correctly if they had a parameter with a 'Field caption' that contained the '&' character. When such rules were added to a condition, the condition was only saved as macro code without the rule interface. Additionally, any macro rule translators registered to optimize the rule's performance were not applied.


Hotfix 12.0.95

Published: Thu, 29 Jul 2021 08:48:32 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - The 'UserInfoProvider.GetUserName' method could cause a null reference exception in certain scenarios where the processed user did not exist. This could lead to errors when calling user-related API in custom code, for example the 'UserRoleInfoProvider.DeleteUserRoleInfo' method.
  • Page builder - Actions in the page builder and form builder interface that opened confirmation dialogs did not work when using version 92.0.4515 or newer of the Chrome browser. For example, the problem occurred when deleting widgets and sections, or after canceling changes in a properties dialog. The following error was logged into the browser console: "A different origin subframe tried to create a javascript dialogue. This is no longer allowed and was blocked."


Hotfix 13.0.37

Published: Tue, 27 Jul 2021 17:05:47 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • On-line forms - When using the 'Display text' option in the 'After the form is submitted' setting on a form's 'General' tab with localized text, the entered text was incorrectly subjected to HTML encoding before being displayed on the live site (e.g., the '<' character was transformed into '&lt').
  • Page builder - Actions in the page builder and form builder interface that opened confirmation dialogs did not work when using version 92.0.4515 or newer of the Chrome browser. For example, the problem occurred when deleting widgets and sections, or after canceling changes in a properties dialog. The following error was logged into the browser console: "A different origin subframe tried to create a javascript dialogue. This is no longer allowed and was blocked."


Hotfix 13.0.35

Published: Fri, 16 Jul 2021 09:06:26 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - The 'UserInfoProvider.GetUserName' method could cause a null reference exception in certain scenarios where the processed user did not exist. This could lead to errors when calling user-related API in custom code, for example the 'UserRoleInfoProvider.DeleteUserRoleInfo' method.
  • Content personalization - The object and general selector components with multiple item selection did not work correctly in page builder widget personalization dialogs. If one of these selectors was assigned as the editing component of a personalization condition type property, selecting a value for the property resulted in a broken personalization dialog.
  • Pages - The 'Edit > Page' and ' Preview' tabs of the Pages application incorrectly required the 'Modify' permission for pages (i.e., the 'Content' module or specific page types). These tabs displayed blank content for users with only 'Read' and 'Browse tree' permissions.
  • Staging - Staging synchronization tasks for custom table items were always logged for all sites in the system, even when the 'CMSStagingLogGlobalObjectsOnlyForAssignedSites' configuration key was enabled. After applying the hotfix, the tasks are logged only for sites to which the parent custom table of the modified item is assigned.


Hotfix 13.0.34

Published: Fri, 09 Jul 2021 08:52:09 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Form components - Dependency injection was not supported when developing data provider classes that load and prepare items for the General selector component. After applying the hotfix, the constructor of data provider classes implementing 'IGeneralSelectorDataProvider' can have parameters (e.g., instances of services registered in the project's DI container).
  • Salesforce - With replication of contacts into SalesForce leads enabled, data was not correctly transferred to SalesForce for merged contacts (when a merged contact was updated or a new contact was created and merged into an existing contact). The issue also incorrectly prevented such contacts from being replicated in the future.
  • WYSIWYG editor - When adding a link to images within the content of the Rich text editor component, the link URL could not be typed manually. Pasting the link or selecting an item to link worked correctly. For example, the problem occurred when editing the content of the 'Rich text' page builder widget.
  • WYSIWYG editor - Editing and saving a link within the content of the Rich text editor component did not work unless the existing link was cleared beforehand. For example, the problem occurred when editing the content of the 'Rich text' page builder widget.


Hotfix 13.0.33

Published: Fri, 02 Jul 2021 09:21:13 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Search - Azure search index update tasks generated by the system for stand-alone SKUs incorrectly contained data that could trigger an index update for a page with an identical ID as the stand-alone SKU. Such index updates were unnecessary, since stand-alone SKUs are not tied to pages and updates never lead to changes in any page objects.
  • URL rewriting & SEO - When a page was accessed under an 'Alternative URL' with the system configured to redirect to the main page URL, any query string parameters present in the URL became duplicated (e.g., '?utm_source=xxx' transformed into '?utm_source=xxx?utm_source=xxx').
  • WYSIWYG editor - Custom toolbar configurations for the Rich text editor were not applied when the component was used in a page builder widget. The problem occurred after applying hotfix 13.0.31 or 13.0.32 (Refresh 2).


Hotfix 13.0.32

Published: Fri, 25 Jun 2021 11:18:45 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Content editing - The button for performing sentiment analysis of rich text or text area fields didn't have a tooltip (on the Content tab of the Pages application).
  • Form controls - If an administration form field used the 'Calendar' form control and had a visibility condition depending on another field, datetime macros placed into the field's default value were incorrectly resolved into the English (en-US) culture instead of the user's selected UI culture. This could lead to inconsistencies or date format errors. For example, if a page type field used the Calendar form control, with the '{%DateTime.Now%}' macro as the default value, the problem could occur when a user with the 'English - United Kingdom' UI culture created a new page of the given type.
  • Media library - When the 'CMSMediaLibraryDisplayOnlyImportedFiles' configuration key (an internal key provided via support to specific customers) was set to true, ordering the list on the 'Files' tab of the media library editing interface based on the 'Modified' column resulted in an error.
  • Page builder - The 'Rich text editor' component displayed the preview of its content incorrectly when used in a page builder configuration dialog (for example assigned as the editing component of a widget property). The issue only occurred after applying hotfix 13.0.31 (Refresh 2).
  • Page builder - If a page builder component property used the object or general selector with multiple item selection, unselecting an item triggered the evaluation of visibility conditions incorrectly, which resulted in a broken state of the selector. The issue occurred only after applying hotfix 13.0.25 or newer.
  • Web farms - In hosting environments that dynamically adjust the number of instances (e.g., autoscaling in Azure App Services), deactivated web farm servers always remained in the system with the 'Not responding' status for 24 hours. This could cause performance problems and heavy database load due to large numbers of unnecessary synchronization tasks generated after scaling down the number of servers. The hotfix adds the option to adjust the interval for which web farm servers stay in the 'Not responding' status before being deleted. To change the default interval of 24 hours, set the new 'CMSWebFarmNotRespondingInterval' configuration key to the required number of minutes, e.g., '60' for 1 hour.


Hotfix 13.0.31

Published: Tue, 22 Jun 2021 07:41:13 GMT

Hotfix 13.0.31 is the Kentico Xperience 13 Refresh 2 release, which represents a larger update than a standard hotfix and includes new features. For detailed information about the introduced changes, please refer to the Refresh release notes.
 
Be sure to check our Hotfix instructions before starting the hotfix process. It might save you some trouble afterwards.


Hotfix 13.0.30

Published: Fri, 11 Jun 2021 10:25:51 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Page builder - On sites with a defined Administration domain alias, an error occurred when viewing parts of the administration based on virtual context URLs, for example the Preview mode of pages and the page builder or form builder interface. The issue only affected instances with hotfix 13.0.29 or newer applied.
  • URL rewriting & SEO - The 'Use URLs with trailing slash' setting for sites with content tree-based routing only applied to URLs generated for pages by the system. Page URLs with a different trailing slash state were not redirected based on the selected option.


Hotfix 13.0.29

Published: Fri, 04 Jun 2021 19:48:58 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security - The hotfix updates the authentication functionality for virtual context URLs used in the administration interface when previewing or editing live site pages. The minor changes ensure a higher level of security.
  • General - On instances containing multiple sites hosted on a single application with shared resources (e.g., using the same Azure Web Apps service or a shared application pool on an IIS server), switching between sites in the administration caused errors for virtual context URLs, for example when viewing pages in Preview mode, editing pages using the page builder, or editing forms in the Form builder interface.
  • WYSIWYG editor - Page fields based on the 'Rich text editor' form control were displayed incorrectly in cases where the field was disabled for editing. For example, the problem could occur on the 'Content' tab for pages under workflow with the 'Published' status.


Hotfix 13.0.27

Published: Fri, 28 May 2021 12:53:45 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security (Informative) - Self Cross-site scripting when submitting forms - A cross-site scripting vulnerability was present when submitting form data using the Form widget or on the Recorded data tab in the administration. Only the users submitting the form were affected by this vulnerability, therefore it is classified as self-XSS.
  • Unix/Linux - Attempting to retrieve files hosted on external storage via Xperience handlers (e.g., 'GetAzureFile.aspx') resulted in a HTTP 404 Not Found error. This issue only occurred on ASP.NET Core applications hosted on Linux.


Hotfix 13.0.26

Published: Fri, 21 May 2021 11:59:14 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - Getting URLs for image variants of page attachments by calling the 'WithVariant' extension method for 'IPageAttachmentUrl' objects did not work, and the original unmodified attachment URL was returned.
  • URL rewriting & SEO - When using the former URLs functionality for pages on a site with content tree-based routing, the system did not preserve query string values when redirecting visitors from former URLs to the current ones.


Hotfix 13.0.25

Published: Fri, 14 May 2021 12:26:52 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • A/B testing - Pages with a running A/B test displayed variants inconsistently to visitors who had not given consent to be tracked as contacts (did not accept on-line marketing cookies). After applying the hotfix, the system assigns a page variant and stores it into the new 'CMSVarAB<name>' cookie even for visitors who are not tracked as contacts. This cookie is only used to keep content consistent and does not enable any tracking or logging of conversions.
  • General - The Xperience administration project contained an old version of the 'System.Text.Json' assembly in its Lib folder, which could cause assembly version conflicts. Applying the hotfix removes the obsolete assembly (the correct version is already provided via an installed NuGet package).
  • Page builder - Page builder component properties using the object or general selector with multiple item selection triggered the evaluation of visibility conditions after the selection of the first item. As a result, it was not possible to select multiple items and the dialog did not close properly. The issue occurred only after applying hotfix 13.0.23 or newer.
  • Pages - For pages with a name longer than the maximum allowed alias length of 50 characters, the system could in certain cases generate a page alias value ending with the replacement character for forbidden URL characters (a hyphen by default). This character was removed on subsequent saves of the page, which could lead to inconsistencies, for example when staging the page to another server. After applying the hotfix, page aliases are always generated without the replacement character at the end.


Hotfix 13.0.24

Published: Fri, 07 May 2021 10:44:06 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Media library - When the 'CMSMediaLibraryDisplayOnlyImportedFiles' configuration key (an internal key provided via support to specific customers) was set to true, the list on the 'Files' tab of the media library editing interface only displayed the first page of files. Any additional pages contained an empty list of files.
  • Microsoft Azure - An error occurred when retrieving media files from Azure storage on ASP.NET Core sites hosted in environments where the live site and administration applications used cultures with different date and time formatting (e.g., 'en-US' for the administration and 'cs-CZ' for the live site).
  • Pages - For pages under workflow with content locking enabled, fields using the 'Rich text editor' form control did not save changes in certain cases after performing a 'Check in' action. The problem occurred only if the editing form was refreshed after the changes were made in the rich text editor, for example by uploading an attachment file into a different page field.


Hotfix 12.0.94

Published: Fri, 07 May 2021 08:19:48 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Event management - Sending of emails to an event's attendees on the 'Send email' tab in the Events application did not work correctly. In certain cases, emails were not generated for all of the event's attendees and errors could occur.


Hotfix 13.0.23

Published: Fri, 30 Apr 2021 10:04:00 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • General - The hotfix updates the 'System.Text.Encodings.Web' package to version 4.7.2 for .NET Framework (MVC 5) projects.
  • On-line forms - The input elements of form fields generated by the system's default 'Form' widget did not have the 'input-validation-error' class assigned when the submitted value was not valid (either due to failed validation rules or an empty value in required fields).
  • Page builder - Page builder component properties using the object or general selector did not trigger evaluation of visibility conditions. When the property value was changed, the visibility conditions of other depending properties were not re-evaluated. To ensure that this functionality works properly, apply hotfix 13.0.25 or newer.
  • Page builder - If a Tooltip was specified when assigning an editing component to a property used in the page builder, it was not displayed in the resulting property configuration dialog for certain types of editing components (e.g., selectors or Rich text).


Hotfix 13.0.22

Published: Fri, 23 Apr 2021 08:49:56 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Files - File and directory operations (media file manipulation, attachment upload, etc.) sometimes resulted in an error if the manipulated resource was stored on a UNC path (e.g., \\host-name\share-name\file-path). The issue occurred only after applying hotfix 13.0.10 or newer.
  • Page builder - The object selector for page builder components was displayed incorrectly when the field was focused without clicking, for example by using the 'Tab' key to navigate the widget properties dialog.


Hotfix 13.0.21

Published: Fri, 16 Apr 2021 09:19:06 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Caching - The 'CacheHelper.EnsureKey' API method did not work correctly if the cache key parameter was not fully in lower case (the key was touched even if it was already present in the application's cache). After applying the hotfix, the cache key parameter processing is no longer case-sensitive and existing cache keys are detected correctly.
  • Localization - System emails based on the 'Membership - Change password request', 'Membership - Password reset confirmation' and 'E-commerce - Automatic registration' email templates were sent with an incorrect culture in certain scenarios. Localization macros placed into the templates were resolved into a default culture (English) instead of the user's current content culture on the site.
  • Pages - The search in the Pages application did not work correctly when using the '(SQL search)' option. The results always displayed all pages regardless of the search phrase.


Hotfix 12.0.93

Published: Fri, 09 Apr 2021 12:05:35 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Localization - System emails based on the 'Membership - Change password request', 'Membership - Password reset confirmation' and 'E-commerce - Automatic registration' email templates were sent with an incorrect culture in certain scenarios. Localization macros placed into the templates were resolved into a default culture (English) instead of the user's current content culture on the site.


Hotfix 13.0.20

Published: Fri, 09 Apr 2021 08:42:40 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Continuous integration - If continuous integration was enabled and a site's 'Routing mode' setting was switched to a different option, an error could occur when restoring the updated 'Page URL path' objects to the database.


Hotfix 13.0.19

Published: Thu, 01 Apr 2021 08:58:20 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • ASP.NET Core - Automated tests created using the 'Kentico.Xperience.Libraries.Tests' NuGet package did not work in projects targeting ASP.NET Core 5. Running tests inheriting from the provided base classes, such as 'CMS.Tests.UnitTests', resulted in an error.
  • Page types - When editing a page type in the Page types application on the General tab, the default 'Small icon' and 'Large icon' images displayed after switching the 'Page type icon' property to 'Images' mode were missing.
  • Search - The 'User account for crawler' property was not displayed when editing smart search indexes of the 'Pages' type (for both Local and Azure indexes). The issue affected instances with hotfix 13.0.16 (Refresh 1) or newer applied.


Hotfix 13.0.18

Published: Fri, 26 Mar 2021 13:23:22 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - Automated unit testing of page template filters was not possible due to internal API. Applying the hotfix makes the constructors of the 'PageTemplateDefinition' and 'PageTemplateFilterContext' classes public.
  • Caching - If a page builder widget on an ASP.NET Core site had output caching enabled (using the 'AllowCache' property of the 'RegisterWidget' attribute), and the widget's implementation was not based on a view component, an error occurred when rendering the widget in an editable area that allowed caching.
  • Email marketing - URLs generated by the 'ViewInBrowserUrl' macro that allow recipients to view marketing emails in a browser did not work when shared on certain external platforms, for example Facebook or Facebook Messenger. Opening the URL resulted in an "Access denied" error.
  • Licensing - For sites running under a Free edition license, attempting to change the 'Default content culture' on the General tab of the site editing interface resulted in an unhandled error.
  • Localization - When localizing text fields in the administration's 'Localize field' dialog, the 'Use existing resource key' option was only available for users with the Global administrator privilege level. After applying the hotfix, the option can also be used by editors with the 'Localize strings' permission for the 'Localization' module.
  • Page builder - An error occurred when adding page builder editable areas to views on an ASP.NET Core site via the 'EditableAreaAsync' extension method, if the 'EditableAreaOptions' parameter was not specified. The issue occurred only after applying hotfix 13.0.16 (Refresh 1).
  • Pages - The system did not display the page template selection dialog when creating new pages in the Pages or Products application for page types representing a product (when at least one page template was registered for these product page types).
  • Web farms - In rare cases, web farm task execution became stuck due to a deadlock that occurred during cache invalidation. This caused synchronization issues between the administration and live site applications.


Hotfix 13.0.17

Published: Fri, 19 Mar 2021 11:15:52 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Page builder - Setting the logging verbosity ('LogLevel' property) for the 'KenticoEventLog' application logger in ASP.NET Core projects to anything lower than 'Warning' (i.e., 'Trace,' 'Debug,' or 'Information') lead to errors when editing pages in the page builder interface.
  • Page types - When editing a page type in the Page types application on the General tab, the 'Page type icon' property was always initially displayed in 'Font icon class' mode, even if the 'Images' mode was previously selected and an image file was uploaded. This could cause users to unintentionally overwrite the icon when saving the page type properties.
  • URL rewriting & SEO - On sites that used 'Custom' routing mode, setting values without a starting slash ('/') for the 'URL pattern' of page types resulted in invalid URLs for the given pages. For example, such URLs could cause errors in the administration's page selectors. After applying the hotfix, the system automatically processes URL patterns with a starting slash if one is missing in the entered value.


Hotfix 13.0.16

Published: Tue, 16 Mar 2021 08:46:05 GMT

Hotfix 13.0.16 is the Kentico Xperience 13 Refresh 1 release, which represents a larger update than a standard hotfix and includes new features. For detailed information about the introduced changes, please refer to the Refresh release notes.
 
Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.


Hotfix 13.0.15

Published: Fri, 05 Mar 2021 16:23:07 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • URL rewriting & SEO - In certain cases, the system incorrectly returned a 404 (Not Found) error when attempting to access administration URLs ending with an extension (e.g., custom '.aspx' handlers or UI templates). The issue occurred only after applying hotfix 13.0.10 or newer.


Hotfix 13.0.14

Published: Fri, 26 Feb 2021 11:26:56 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • General - The system incorrectly handled locking of zip files (for example the '\App_Themes\Default\Images\Images.zip' package), which could block certain deployment scenarios for the administration application.
  • General - The Xperience assemblies incorrectly used the specific hotfix number in their patch version, for example '13.0.10'. This could lead to compatibility problems for referencing custom assemblies and require generating of unwanted binding redirects. After applying the hotfix, the assembly version is fixed as '13.0.13', including future hotfixes.
  • Localization - If a different UI culture than English ('en-US') was selected for the administration on an ASP.NET Core site, text within the page and form builder interface was not resolved correctly in certain cases.
  • Page builder - Typing in fields within page builder properties dialogs triggered unnecessary reloads of the editing form. This could cause loss of entered text characters and other user experience issues, particularly in the case of slower connections.