Are you vulnerable?

Konsult wishes to improve the way we inform you about security issues. Transparency is a key to make sure your websites are patched and secure as much as possible. Here you will see all security issues fixed in Kentico 12 and all future versions.

The hotfixes are cumulative, meaning that the hotfix contains all the previous hotfixes for the same version. We recommend that you apply the latest hotfix available for the respective Kentico version you are using.  If you are looking for older versions, please visit https://devnet.kentico.com/download/hotfixes.
 

Claim My Free ꓘonsultation

Hotfix 13.0.70

Published: Fri, 13 May 2022 05:26:23 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Form builder - Using spaces in the values of the 'Radio buttons' form component generated elements with IDs containing spaces, which violates the HTML5 specification. After applying the hotfix, spaces are replaced by underscores in element IDs.


Hotfix 13.0.69

Published: Fri, 06 May 2022 07:56:02 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Contact management - In special cases, recalculations used to update dynamic contact groups caused gaps in the identity column (primary key) of the 'OM_ContactGroupMember' database table. On sites with very heavy traffic, this could lead to overflow errors and contacts were not added to contact groups correctly. The problem occurred in cases where a contact group condition contained a custom macro rule with a registered macro rule translator returning a query with an OR operator.


Hotfix 13.0.68

Published: Fri, 29 Apr 2022 12:11:17 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Performance - The system incorrectly streamed data into the application memory when serving non-HTML content. This could lead to heavy memory allocation when returning large files or other types of data in action results. For example, the problem occurred for the default file handlers, such as '/getresource' and '/getmedia' or for custom endpoints that returned file content. The hotfix optimizes this type of memory usage for ASP.NET Core projects. Additionally, the hotfix introduces the 'DisableUrlResolutionAttribute', which developers can use to disable memory allocation for custom controller actions that return non-HTML content (e.g., PhysicalFileResult).


Hotfix 13.0.67

Published: Fri, 22 Apr 2022 11:12:16 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • WYSIWYG editor - The 'Check Spelling' feature in the 'Full' toolbar of the administration's rich text editor no longer works and causes the editor to freeze, which can lead to lost content changes. The hotfix removes the option from the editor, as the third-party plugin responsible for the feature is deprecated and has reached end-of-life. The SCAYT (Spell Check As You Type) feature remains without changes.


Hotfix 13.0.66

Published: Fri, 08 Apr 2022 08:47:04 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security (Important) - Denial of service caused by improper input validation - A specially crafted request sent to the GetResource handler may have been used to launch a denial-of-service attack. The vulnerability was fixed via input validation.
  • Security (Moderate) - Administrators able to export Global administrator users - Users with the 'Administrator' privilege level were able to send requests that exported data about other users with the higher 'Global administrator' privilege level (this was not possible directly in the user interface). The export may have contained all user data stored in the database.
  • Integration bus - If the administration application was unexpectedly restarted while processing an integration task, the task was indefinitely evaluated as running, which prevented further integration tasks from being processed.
  • Media library - When viewing files in the Media library application, URLs containing the direct file path were encoded incorrectly and the displayed URL was invalid. For example, the problem affected files in media libraries using Azure Storage. The issue occurred after applying hotfix 13.0.64 (Refresh 5).


Hotfix 12.0.99

Published: Fri, 08 Apr 2022 07:40:05 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security (Important) - Denial of service caused by improper input validation - A specially crafted request sent to the GetResource handler may have been used to launch a denial-of-service attack. The vulnerability was fixed via input validation.
  • Form components - Form validation provided by the 'reCAPTCHA' form component on MVC sites could be bypassed in certain scenarios.


Hotfix 13.0.65

Published: Fri, 01 Apr 2022 10:40:54 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Attachments - Changes made to the 'System -> Files -> Check attachments permissions' setting were not reflected on the live site until the application's cache was cleared.
  • Caching - Default cache dependencies were not configured automatically when loading pages using the 'IPageRetriever' service in cases where the developer enabled caching without explicitly setting the 'Dependencies' of the 'IPageCacheBuilder' expression. After applying the hotfix, the service automatically adds the default dependencies for the cached data (default dependencies include the retrieved pages and their page types).
  • Marketing automation - Marketing automation processes with 'Time-based' triggers could get stuck when the trigger started the process for a large number of contacts. A stuck process remained in an action step (such as 'Send marketing email) and did not continue for the given contact.
  • Media library - Thumbnail images could not be uploaded for media library files when using Microsoft Azure Blob storage. The issue occurred after applying hotfix 13.0.10 or newer.
  • UI personalization - If the UI personalization feature was enabled, the 'Contacts' view mode on the 'Process' tab of a process in the Marketing automation application was not accessible for users without the 'Administrator' privilege level (even if the user's roles had sufficient permissions and the corresponding element allowed in the UI personalization settings).


Hotfix 13.0.64

Published: Tue, 29 Mar 2022 09:16:05 GMT

Hotfix 13.0.64 is the Kentico Xperience 13 Refresh 5 release, which represents a larger update than a standard hotfix and includes new features. For detailed information about the introduced changes, please refer to the Refresh release notes.
 
Be sure to check our Hotfix instructions before starting the hotfix process. It might save you some trouble afterwards.


Hotfix 13.0.63

Published: Fri, 18 Mar 2022 10:41:54 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Caching - Moving a page to another location in the content tree did not clear the page's original parent from the cache.
  • Content editing - For pages with fields based on the 'Rich text editor' form control, notifications about unsaved changes were incorrectly displayed twice on the 'Content' tab in the Pages application.
  • Dialogs - Selecting a file in a media selection dialog that was limited to a specific media library made it impossible to select files in other media dialogs that were limited to a different library. For example, the problem could occur when editing pages with two fields based on the 'URL selector' form control, each with a different media library selected in the form control's 'Available site libraries' setting.
  • Email marketing - If a marketing email recipient viewed an email in a client that blocked images used for open tracking, and then clicked on a tracked link in the email content, the system logged the open statistic for the email, but didn't log the 'Opened marketing email' activity for the given contact. This could lead to marketing data inconsistencies between the email statistics and the activity log. After applying the hotfix, email open activities are logged when the action is recognized through a link click (depending on the site's consent requirements and the cookies stored in the browser where the recipient opens the link).
  • Import toolkit - When using the Import toolkit utility to add a new culture version to an existing page, the import incorrectly replaced one of the page's existing culture versions instead of creating a new version. To fix the issue, the hotfix must be applied to the Setup files (switch to advanced mode in the hotfix utility).
  • REST - Authentication hash parameters generated for REST service URLs with the HTTPS schema were invalid. The resulting requests failed to authenticate and returned the 401 Unauthorized status code.


Hotfix 13.0.62

Published: Fri, 25 Feb 2022 13:44:08 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Caching - When using the 'IPageRetreiver' API to load and cache page content, the caching did not work in cases where the expiration period was not directly specified in the code, and the system's default 'Cache content (minutes)' setting had a value of 60 or more minutes.
  • E-commerce - Products (SKUs) with very long names were displayed incorrectly when creating or editing orders in the 'Orders' application.


Hotfix 13.0.61

Published: Fri, 04 Feb 2022 14:44:32 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Authentication - On ASP.NET Core sites with external authentication (e.g., Azure AD) enabled for the entire live site, authentication didn't work correctly for virtual context URLs in the administration. As a result, related parts of the administration, such as the Preview mode of pages and the page or form builder interface, did not work unless users were already authenticated on the live site.
  • Licensing - In certain cases, the system licensing incorrectly evaluated web farm availability for localhost environments, causing synchronization issues. The problem could occur in setups containing only domain-specific licenses.


Hotfix 13.0.60

Published: Fri, 28 Jan 2022 10:05:56 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Images - Automatic generating of alternative text for images using the Microsoft Azure Computer Vision image recognition did not work for images inserted into the content of a 'Rich text' widget in the page builder interface. The problem only occurred when the 'Enable on-line marketing' setting was disabled.
  • Scheduler - In rare cases, an exception that occurred when launching the Scheduler Windows service masked a different exception, resulting in a misleading error message logged in the Windows Event Viewer. To fix the problem for new installations in the future, also apply hotfix 13.0.60 or newer to your Xperience setup files.
  • Web farms - When using the 'Automatic' web farm mode, deleting a 'Healthy' or 'Transitioning' web farm server via the 'Web Farms' application caused synchronization issues within the environment. After applying the hotfix, it is no longer possible to delete 'Healthy' and 'Transitioning' web farm servers if using the 'Automatic' mode. Only servers with the 'Not responding' status can be deleted.


Hotfix 13.0.59

Published: Fri, 21 Jan 2022 11:35:35 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - If the 'WithPageUrlPaths' parametrization method was used for DocumentQuery API calls together with a restricted list of retrieved data columns (e.g., using the 'Columns' method), the system did not automatically include the 'NodeSiteID' column, which is required for certain scenarios. For example, this could lead to errors when retrieving the absolute URL of the loaded pages.
  • On-line forms - Localization of a form's 'After the form is submitted' values ('Display text' or 'Redirect to URL') using resource strings on the 'General' tab of the form's editing interface did not work correctly. When the form was displayed on the live site using the 'Form' widget, the English version of the text was always displayed instead of using the current page's culture.


Hotfix 13.0.58

Published: Fri, 14 Jan 2022 10:42:08 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • ASP.NET Core - Automated unit tests created using the 'Kentico.Xperience.Libraries.Tests' NuGet package did not work in projects targeting the latest .NET 6.0 release. Running tests inheriting from the 'CMS.Tests.UnitTests' base class resulted in an error.
  • Debug - The cache debug did not correctly process certain types of cache items related to objects available only on the side of the live site application. As a result, these cache items were missing on the 'Live site' tab of the cache debug in the administration.
  • WYSIWYG editor - The 'Dynamic text' dialog in the Rich text editor component for the page builder didn't work in certain cases. The problem occurred on pages containing multiple editors (e.g., several 'Rich text' widgets in the page builder), if the 'Enable on-line marketing' setting was disabled.
  • WYSIWYG editor - If the Rich text editor for the page builder had a custom toolbar configuration with the 'toolbarInline' and 'toolbarVisibleWithoutSelection' options enabled, the cursor jumped unexpectedly to other occurrences of the editor when working with multiple editors on the same page. For example, the problem could occur on pages containing multiple 'Rich text' widgets. The hotfix updates the used Froala editor to version 4.0.8.


Hotfix 13.0.57

Published: Fri, 07 Jan 2022 10:30:54 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security (Important) - Cross-site scripting via file upload - Stored cross-site scripting could occur if a user uploaded a malicious XML file as a page attachment or metafile.
  • API - If the 'WithPageUrlPaths' parametrization method was used for DocumentQuery API calls together with a restricted list of retrieved data columns (e.g., using the 'Columns' method), the system did not automatically include required page columns, which could lead to errors.


Hotfix 13.0.56

Published: Fri, 17 Dec 2021 09:28:52 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • WYSIWYG editor - Video or audio multimedia files inserted into rich text page fields were not displayed correctly on the website. The problem affected pages fields based on the 'Rich text editor' form control when media was added via the 'Insert image or media' or 'Quickly insert media' button. The generated markup contained the deprecated '<object>' element, which is no longer supported by current browsers.


Hotfix 12.0.98

Published: Thu, 16 Dec 2021 14:12:20 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - The hotfix improves the performance of 'Buy X Get Y' discounts with buy conditions based on product sections. The evaluation of such discounts was slow for shopping carts containing a large number of products.


Hotfix 13.0.55

Published: Fri, 10 Dec 2021 16:22:55 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security (Important) - Cross-site scripting via file upload in media libraries - Stored cross-site scripting occurred if a user uploaded a malicious XML file into a media library.
  • E-commerce - The hotfix improves the performance of 'Buy X Get Y' discounts with buy conditions based on product sections. The evaluation of such discounts was slow for shopping carts containing a large number of products.
  • Media library - The validation process for media library folder names was too complex and could cause the administration interface to freeze. The problem occurred when creating a folder in a media library if the folder name was long and contained invalid characters.
  • Page builder - After editing the properties of a page template for pages under workflow with check-in/check-out enabled, the changes were not displayed immediately on the Page tab in the Pages application after the page was saved. The problem was caused by incorrect clearing of cached template property values, and the page was displayed correctly on the live site or after a full reload in the administration.
  • Pages - The 'Generate preview link' button on the Properties > URLs tab in the Pages application did not work correctly and could not be used to invalidate the previous preview link for the page.


Hotfix 13.0.54

Published: Fri, 03 Dec 2021 11:25:06 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Form components - The default value of form components was initialized incorrectly. This caused an error for form components that had a non-nullable data type (e.g., value types such as 'int' or 'bool') in cases where a default value was not assigned.
  • URL rewriting & SEO - Alternative URLs of a page didn't work correctly after the URL slug was changed for one of the page's ancestors in the content tree. The original cached alternative URLs were not invalidated correctly, so the problem persisted until the application's cache was cleared.


Hotfix 13.0.53

Published: Fri, 26 Nov 2021 15:35:48 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security (Critical) - SQL injection in certain macros - Certain online marketing macro methods contained an SQL injection vulnerability that could be abused by authenticated editors in the administration interface. Adding a malicious SQL query as a macro method parameter could allow unauthorized access to data or modifications in the database.
  • E-commerce - If a product had multiple culture versions, certain properties, such as the 'Product name', 'Description' and 'Short description' couldn't be cleared to an empty value for the non-default culture. The product incorrectly used the value from the default culture version instead of the empty value.


Hotfix 13.0.52

Published: Tue, 23 Nov 2021 08:48:33 GMT

Hotfix 13.0.52 is the Kentico Xperience 13 Refresh 4 release, which represents a larger update than a standard hotfix and includes new features. For detailed information about the introduced changes, please refer to the Refresh release notes.
 
Be sure to check our Hotfix instructions before starting the hotfix process. It might save you some trouble afterwards.


Hotfix 13.0.51

Published: Fri, 12 Nov 2021 19:19:10 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Form components - The system's reCAPTCHA form component did not support communication via the TLS 1.3 protocol. If the live site application was configured to use TLS 1.3, forms containing the reCAPTCHA component could not be submitted and the component itself returned a 'The reCAPTCHA server is unavailable' validation error.
  • Licensing - Under rare circumstances, accessing the 'License keys' application resulted in an error, making it impossible to manage product licenses.
  • Unix/Linux - It was not possible to edit widget properties via the configuration dialog (cogwheel icon). Attempting to save any changes resulted in an HTTP 403 (Forbidden) error. This issue only occurred when the live site was deployed in Linux environments.


Hotfix 13.0.50

Published: Fri, 05 Nov 2021 10:59:55 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Content personalization - Dependency injection was not supported when developing personalization condition type classes for page builder widgets. After applying the hotfix, the constructor of condition type classes inheriting from the 'ConditionType' base class can have parameters (e.g., instances of services registered in the project's DI container). The hotfix does not add dependency injection support in controller classes that implement custom configuration dialogs for personalization conditions (inheriting from 'ConditionTypeController').
  • Search - It was not possible to change the domain name suffix of requests generated by the system for Azure search services (e.g., 'myazuresearchservice.search.windows.net'). The majority of commercial search services are hosted on the 'search.windows.net' domain. However, certain Azure subscription types, such as Azure Government, host search services under different domains. The hotfix introduces a new 'CMSAzureSearchDnsSuffix' configuration key that allows you to specify the domain where your search services are hosted, overriding the default system behavior. See the hotfix instructions for details.


Hotfix 12.0.97

Published: Fri, 05 Nov 2021 09:40:57 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Search - It was not possible to change the domain name suffix of requests generated by the system for Azure search services (e.g., 'myazuresearchservice.search.windows.net'). The majority of commercial search services are hosted on the 'search.windows.net' domain. However, certain Azure subscription types, such as Azure Government, host search services under different domains. The hotfix introduces a new 'CMSAzureSearchDnsSuffix' configuration key that allows you to specify the domain where your search services are hosted, overriding the default system behavior. See the hotfix instructions for details.


Hotfix 13.0.49

Published: Fri, 29 Oct 2021 08:20:42 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Page builder - If a widget zone's name (identifier) was added or changed in the code of a page builder section, new pages with the section displayed an unnecessary warning, even though the page didn't contain any widgets that could be affected by the change. The problem occurred if the updated section was the default option for an editable region on the page or its template.
  • Page builder - Script tags placed in the markup of page and form builder components (for example widgets) were rendered without attributes in most cases when the component was displayed in the builder interface or the live version of the page. For example, this could break scripts using the ' type="module" ' attribute.
  • Staging - After a role with assigned users was updated and synchronized through staging, the event log on the target server contained confusing 'Remove user from role' entries. The problem only affected the event log and the users were not actually removed from the role.


Hotfix 13.0.48

Published: Fri, 22 Oct 2021 14:02:15 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - In ASP.NET Core projects, an error occurred when using dependency injection to get instances of services with a Scoped lifetime within the constructors of certain Xperience API classes. For example, the problem affected General selector data providers ('IGeneralSelectorDataProvider' implementations), Object selector Where condition providers, form components, page template or form component filters, and 'ICacheVaryBy' implementations.
  • E-commerce - Copying a product page with multiple culture versions incorrectly created a redundant copy of the related SKU object for every culture version. After applying the hotfix, only one SKU is created for the product page copy and shared by all culture versions.


Hotfix 13.0.47

Published: Fri, 08 Oct 2021 10:45:00 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Files - If a media library file or page attachment contained non-ASCII characters in its name, accessing the file through a permanent link ('~/getmedia' or '~/getattachment' URL) resulted in an error. The problem occurred only on sites using the ASP.NET Core development model.


Hotfix 13.0.46

Published: Fri, 01 Oct 2021 09:01:27 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Page builder - Under special circumstances, it was possible to select more items than allowed by the set limit in certain selectors for page builder component properties. The problem could occur if a user performed the selection while additional items were also being loaded for pagination in the selector.
  • Page builder - Image thumbnails in the 'Media files selector' for page builder component properties could overflow the borders of the selector field due to incorrect CSS z-index values.
  • Pages - Changes of the 'Show in menu' flag on the 'Properties > Navigation' tab of pages weren't saved. The issue occurred only after applying hotfix 13.0.39 or newer.
  • URL rewriting & SEO - When a page on an ASP.NET Core site was accessed under an alternative URL with the 'Alternative URLs mode' configured to 'Rewrite', any query string parameters present in the URL became duplicated (e.g., '?utm_source=xxx' transformed into '%3futm_source=xxx?utm_source=xxx') and a redirection loop occurred.


Hotfix 13.0.45

Published: Fri, 24 Sep 2021 10:14:24 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Media library - Accessing media library files using the direct file path did not work correctly in certain scenarios on sites using the ASP.NET Core development model. The issue occurred only after applying hotfix 13.0.44.
  • Page builder - The 'Page selector' dialog for page builder component properties had a potentially misleading tooltip for the button that selected all pages on the current level. The hotfix updates the tooltip to provide more accurate information.
  • Page builder - After a page chosen in the 'Page' or 'Path' selector components was deleted from the site, the selector automatically removed it without displaying any information. After applying the hotfix, the selectors display a "Missing page" warning in this scenario. The issue affected instances with hotfix 13.0.43 (Refresh 3), which allows selection of multiple pages for these selectors.
  • Search - On sites running behind a proxy server or another service that masks the application's original domain (e.g., Azure Application Gateway), the smart search crawler used for page types with a 'HTML output' search data source did not work correctly. JWT token validation failed, which resulted in logged errors and only content available for public users was indexed. The hotfix fixes the issue for ASP.NET Framework (MVC 5) sites. For ASP.NET Core sites, Forwarded Headers Middleware needs to be set up for the project. See the hotfix instructions for details.
  • User interface - If a macro was placed into the default value of a field with the 'Date & Time' data type in a module class (or its Alternative form), the value was not resolved correctly in the resulting administration interface form for users with a non-English UI culture.


Hotfix 12.0.96

Published: Mon, 20 Sep 2021 11:54:56 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - When creating new products representing a 'Bundle', the 'Remove from inventory' property was always saved with the 'Remove bundle only' value, even if a different option was selected.
  • E-mail engine - The system stopped sending emails in rare cases when an SMTP server did not return any response. Emails remained stuck in the email queue with the 'Sending' state. On instances with only one SMTP server configured, this scenario could fully block sending of emails.
  • Form builder - The form component selection dialog in the form builder interface was positioned incorrectly when adding fields to very long forms that required scrolling.
  • Page builder - Saving a page with a large amount of page builder content could fail in certain cases. The problem was caused by deadlocks that could occur when saving large page builder configurations due to incorrect processing of asynchronous requests.


Hotfix 13.0.44

Published: Fri, 17 Sep 2021 11:09:18 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security (Important) - Flawed MIME type validation for uploaded files - Certain locations within the system allowed uploading of files with a spoofed Content-Type that did not match the file extension, which could lead to XSS vulnerability.
  • Attachments - On ASP.NET Core sites, page attachments that were stored on the file system in a custom folder (configured as a virtual path in the 'Settings -> System -> Files -> Files folder' setting) were not loaded and returned a 404 Not Found error if the 'Settings -> System -> Performance -> Redirect files to disk' setting was enabled.
  • E-commerce - When creating new products representing a 'Bundle', the 'Remove from inventory' property was always saved with the 'Remove bundle only' value, even if a different option was selected.
  • Sentiment analysis - When working with the marketing automation process generated by the sentiment analysis demo on the Dancing Goat sample site, an error occurred if the 'Analyze sentiment' custom step was manually added to the process. The error prevented further work in Design mode for the process.