Are you vulnerable?

Konsult wishes to improve the way we inform you about security issues. Transparency is a key to make sure your websites are patched and secure as much as possible. Here you will see all security issues fixed in Kentico 12 and all future versions.

The hotfixes are cumulative, meaning that the hotfix contains all the previous hotfixes for the same version. We recommend that you apply the latest hotfix available for the respective Kentico version you are using.  If you are looking for older versions, please visit https://devnet.kentico.com/download/hotfixes.
 

Claim My Free ꓘonsultation

Hotfix 13.0.30

Published: Fri, 11 Jun 2021 10:25:51 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Page builder - On sites with a defined Administration domain alias, an error occurred when viewing parts of the administration based on virtual context URLs, for example the Preview mode of pages and the page builder or form builder interface. The issue only affected instances with hotfix 13.0.29 or newer applied.
  • URL rewriting & SEO - The 'Use URLs with trailing slash' setting for sites with content tree-based routing only applied to URLs generated for pages by the system. Page URLs with a different trailing slash state were not redirected based on the selected option.


Hotfix 13.0.29

Published: Fri, 04 Jun 2021 19:48:58 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security - The hotfix updates the authentication functionality for virtual context URLs used in the administration interface when previewing or editing live site pages. The minor changes ensure a higher level of security.
  • General - On instances containing multiple sites hosted on a single application with shared resources (e.g., using the same Azure Web Apps service or a shared application pool on an IIS server), switching between sites in the administration caused errors for virtual context URLs, for example when viewing pages in Preview mode, editing pages using the page builder, or editing forms in the Form builder interface.
  • WYSIWYG editor - Page fields based on the 'Rich text editor' form control were displayed incorrectly in cases where the field was disabled for editing. For example, the problem could occur on the 'Content' tab for pages under workflow with the 'Published' status.


Hotfix 13.0.27

Published: Fri, 28 May 2021 12:53:45 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security (Informative) - Self Cross-site scripting when submitting forms - A cross-site scripting vulnerability was present when submitting form data using the Form widget or on the Recorded data tab in the administration. Only the users submitting the form were affected by this vulnerability, therefore it is classified as self-XSS.
  • Unix/Linux - Attempting to retrieve files hosted on external storage via Xperience handlers (e.g., 'GetAzureFile.aspx') resulted in a HTTP 404 Not Found error. This issue only occurred on ASP.NET Core applications hosted on Linux.


Hotfix 13.0.26

Published: Fri, 21 May 2021 11:59:14 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - Getting URLs for image variants of page attachments by calling the 'WithVariant' extension method for 'IPageAttachmentUrl' objects did not work, and the original unmodified attachment URL was returned.
  • URL rewriting & SEO - When using the former URLs functionality for pages on a site with content tree-based routing, the system did not preserve query string values when redirecting visitors from former URLs to the current ones.


Hotfix 13.0.25

Published: Fri, 14 May 2021 12:26:52 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • A/B testing - Pages with a running A/B test displayed variants inconsistently to visitors who had not given consent to be tracked as contacts (did not accept on-line marketing cookies). After applying the hotfix, the system assigns a page variant and stores it into the new 'CMSVarAB<name>' cookie even for visitors who are not tracked as contacts. This cookie is only used to keep content consistent and does not enable any tracking or logging of conversions.
  • General - The Xperience administration project contained an old version of the 'System.Text.Json' assembly in its Lib folder, which could cause assembly version conflicts. Applying the hotfix removes the obsolete assembly (the correct version is already provided via an installed NuGet package).
  • Page builder - Page builder component properties using the object or general selector with multiple item selection triggered the evaluation of visibility conditions after the selection of the first item. As a result, it was not possible to select multiple items and the dialog did not close properly. The issue occurred only after applying hotfix 13.0.23 or newer.
  • Pages - For pages with a name longer than the maximum allowed alias length of 50 characters, the system could in certain cases generate a page alias value ending with the replacement character for forbidden URL characters (a hyphen by default). This character was removed on subsequent saves of the page, which could lead to inconsistencies, for example when staging the page to another server. After applying the hotfix, page aliases are always generated without the replacement character at the end.


Hotfix 13.0.24

Published: Fri, 07 May 2021 10:44:06 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Media library - When the 'CMSMediaLibraryDisplayOnlyImportedFiles' configuration key (an internal key provided via support to specific customers) was set to true, the list on the 'Files' tab of the media library editing interface only displayed the first page of files. Any additional pages contained an empty list of files.
  • Microsoft Azure - An error occurred when retrieving media files from Azure storage on ASP.NET Core sites hosted in environments where the live site and administration applications used cultures with different date and time formatting (e.g., 'en-US' for the administration and 'cs-CZ' for the live site).
  • Pages - For pages under workflow with content locking enabled, fields using the 'Rich text editor' form control did not save changes in certain cases after performing a 'Check in' action. The problem occurred only if the editing form was refreshed after the changes were made in the rich text editor, for example by uploading an attachment file into a different page field.


Hotfix 12.0.94

Published: Fri, 07 May 2021 08:19:48 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Event management - Sending of emails to an event's attendees on the 'Send email' tab in the Events application did not work correctly. In certain cases, emails were not generated for all of the event's attendees and errors could occur.


Hotfix 13.0.23

Published: Fri, 30 Apr 2021 10:04:00 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • General - The hotfix updates the 'System.Text.Encodings.Web' package to version 4.7.2 for .NET Framework (MVC 5) projects.
  • On-line forms - The input elements of form fields generated by the system's default 'Form' widget did not have the 'input-validation-error' class assigned when the submitted value was not valid (either due to failed validation rules or an empty value in required fields).
  • Page builder - Page builder component properties using the object or general selector did not trigger evaluation of visibility conditions. When the property value was changed, the visibility conditions of other depending properties were not re-evaluated. To ensure that this functionality works properly, apply hotfix 13.0.25 or newer.
  • Page builder - If a Tooltip was specified when assigning an editing component to a property used in the page builder, it was not displayed in the resulting property configuration dialog for certain types of editing components (e.g., selectors or Rich text).


Hotfix 13.0.22

Published: Fri, 23 Apr 2021 08:49:56 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Files - File and directory operations (media file manipulation, attachment upload, etc.) sometimes resulted in an error if the manipulated resource was stored on a UNC path (e.g., \\host-name\share-name\file-path). The issue occurred only after applying hotfix 13.0.10 or newer.
  • Page builder - The object selector for page builder components was displayed incorrectly when the field was focused without clicking, for example by using the 'Tab' key to navigate the widget properties dialog.


Hotfix 13.0.21

Published: Fri, 16 Apr 2021 09:19:06 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Caching - The 'CacheHelper.EnsureKey' API method did not work correctly if the cache key parameter was not fully in lower case (the key was touched even if it was already present in the application's cache). After applying the hotfix, the cache key parameter processing is no longer case-sensitive and existing cache keys are detected correctly.
  • Localization - System emails based on the 'Membership - Change password request', 'Membership - Password reset confirmation' and 'E-commerce - Automatic registration' email templates were sent with an incorrect culture in certain scenarios. Localization macros placed into the templates were resolved into a default culture (English) instead of the user's current content culture on the site.
  • Pages - The search in the Pages application did not work correctly when using the '(SQL search)' option. The results always displayed all pages regardless of the search phrase.


Hotfix 12.0.93

Published: Fri, 09 Apr 2021 12:05:35 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Localization - System emails based on the 'Membership - Change password request', 'Membership - Password reset confirmation' and 'E-commerce - Automatic registration' email templates were sent with an incorrect culture in certain scenarios. Localization macros placed into the templates were resolved into a default culture (English) instead of the user's current content culture on the site.


Hotfix 13.0.20

Published: Fri, 09 Apr 2021 08:42:40 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Continuous integration - If continuous integration was enabled and a site's 'Routing mode' setting was switched to a different option, an error could occur when restoring the updated 'Page URL path' objects to the database.


Hotfix 13.0.19

Published: Thu, 01 Apr 2021 08:58:20 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • ASP.NET Core - Automated tests created using the 'Kentico.Xperience.Libraries.Tests' NuGet package did not work in projects targeting ASP.NET Core 5. Running tests inheriting from the provided base classes, such as 'CMS.Tests.UnitTests', resulted in an error.
  • Page types - When editing a page type in the Page types application on the General tab, the default 'Small icon' and 'Large icon' images displayed after switching the 'Page type icon' property to 'Images' mode were missing.
  • Search - The 'User account for crawler' property was not displayed when editing smart search indexes of the 'Pages' type (for both Local and Azure indexes). The issue affected instances with hotfix 13.0.16 (Refresh 1) or newer applied.


Hotfix 13.0.18

Published: Fri, 26 Mar 2021 13:23:22 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - Automated unit testing of page template filters was not possible due to internal API. Applying the hotfix makes the constructors of the 'PageTemplateDefinition' and 'PageTemplateFilterContext' classes public.
  • Caching - If a page builder widget on an ASP.NET Core site had output caching enabled (using the 'AllowCache' property of the 'RegisterWidget' attribute), and the widget's implementation was not based on a view component, an error occurred when rendering the widget in an editable area that allowed caching.
  • Email marketing - URLs generated by the 'ViewInBrowserUrl' macro that allow recipients to view marketing emails in a browser did not work when shared on certain external platforms, for example Facebook or Facebook Messenger. Opening the URL resulted in an "Access denied" error.
  • Licensing - For sites running under a Free edition license, attempting to change the 'Default content culture' on the General tab of the site editing interface resulted in an unhandled error.
  • Localization - When localizing text fields in the administration's 'Localize field' dialog, the 'Use existing resource key' option was only available for users with the Global administrator privilege level. After applying the hotfix, the option can also be used by editors with the 'Localize strings' permission for the 'Localization' module.
  • Page builder - An error occurred when adding page builder editable areas to views on an ASP.NET Core site via the 'EditableAreaAsync' extension method, if the 'EditableAreaOptions' parameter was not specified. The issue occurred only after applying hotfix 13.0.16 (Refresh 1).
  • Pages - The system did not display the page template selection dialog when creating new pages in the Pages or Products application for page types representing a product (when at least one page template was registered for these product page types).
  • Web farms - In rare cases, web farm task execution became stuck due to a deadlock that occurred during cache invalidation. This caused synchronization issues between the administration and live site applications.


Hotfix 13.0.17

Published: Fri, 19 Mar 2021 11:15:52 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Page builder - Setting the logging verbosity ('LogLevel' property) for the 'KenticoEventLog' application logger in ASP.NET Core projects to anything lower than 'Warning' (i.e., 'Trace,' 'Debug,' or 'Information') lead to errors when editing pages in the page builder interface.
  • Page types - When editing a page type in the Page types application on the General tab, the 'Page type icon' property was always initially displayed in 'Font icon class' mode, even if the 'Images' mode was previously selected and an image file was uploaded. This could cause users to unintentionally overwrite the icon when saving the page type properties.
  • URL rewriting & SEO - On sites that used 'Custom' routing mode, setting values without a starting slash ('/') for the 'URL pattern' of page types resulted in invalid URLs for the given pages. For example, such URLs could cause errors in the administration's page selectors. After applying the hotfix, the system automatically processes URL patterns with a starting slash if one is missing in the entered value.


Hotfix 13.0.16

Published: Tue, 16 Mar 2021 08:46:05 GMT

Hotfix 13.0.16 is the Kentico Xperience 13 Refresh 1 release, which represents a larger update than a standard hotfix and includes new features. For detailed information about the introduced changes, please refer to the Refresh release notes.
 
Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.


Hotfix 13.0.15

Published: Fri, 05 Mar 2021 16:23:07 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • URL rewriting & SEO - In certain cases, the system incorrectly returned a 404 (Not Found) error when attempting to access administration URLs ending with an extension (e.g., custom '.aspx' handlers or UI templates). The issue occurred only after applying hotfix 13.0.10 or newer.


Hotfix 13.0.14

Published: Fri, 26 Feb 2021 11:26:56 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • General - The system incorrectly handled locking of zip files (for example the '\App_Themes\Default\Images\Images.zip' package), which could block certain deployment scenarios for the administration application.
  • General - The Xperience assemblies incorrectly used the specific hotfix number in their patch version, for example '13.0.10'. This could lead to compatibility problems for referencing custom assemblies and require generating of unwanted binding redirects. After applying the hotfix, the assembly version is fixed as '13.0.13', including future hotfixes.
  • Localization - If a different UI culture than English ('en-US') was selected for the administration on an ASP.NET Core site, text within the page and form builder interface was not resolved correctly in certain cases.
  • Page builder - Typing in fields within page builder properties dialogs triggered unnecessary reloads of the editing form. This could cause loss of entered text characters and other user experience issues, particularly in the case of slower connections.


Hotfix 13.0.13

Published: Fri, 19 Feb 2021 10:25:18 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Cultures - Switching the culture in the Pages application caused an error if the selected culture used a Presentation URL with a different domain. The problem occurred on multilingual sites where the 'URL format for multilingual sites' setting was set to 'Domain', and a matching 'Visitor culture' was assigned to one of the site's domain aliases.
  • Email marketing - The macro tree and autocomplete help incorrectly offered macros under the 'Email' entity, even when editing marketing email templates of a type other than 'Email' (Subscription, Unsubscription, Double opt-in). Such macros only resolve in the content of marketing emails based on templates of the 'Email' type, and are hidden for other templates after applying the hotfix.


Hotfix 13.0.12

Published: Fri, 12 Feb 2021 12:48:53 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Form components - If a selector form component, for example 'Radio buttons', 'Drop-down list' or 'Multiple choice', was assigned in the code of a form field using the 'EditingComponent' attribute and one of its 'DataSource' options had an empty value, e.g., ";(none)", this option was not displayed after the resulting form was refreshed, for example when the form evaluated a visibility condition. The issue only occurred on ASP.NET Core sites.


Hotfix 13.0.11

Published: Fri, 05 Feb 2021 10:24:42 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • User interface - The calendar date and time selector in the administration interface was displayed with incorrect background styling when used to select a time range between two dates (for example when the 'From' and 'To' selector was opened above Web analytics report graphs).


Hotfix 13.0.10

Published: Fri, 29 Jan 2021 10:19:24 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Cultures - The culture selector in the Pages application did not display all options on sites with more than 13 assigned cultures.
  • Page builder - Custom plugins registered for the Rich text editor page builder component were ignored due to incorrect initialization.
  • Page builder - The 'Radio buttons' form component was styled and displayed incorrectly when used in a page builder configuration dialog (for example assigned as the editing component of a widget property).
  • Page builder - If long content (multiple paragraphs) was entered into the Rich text editor for the page builder, adding a new line caused the page to scroll down to the bottom of the widget content. The hotfix resolves the issue by updating the used Froala editor to version 3.2.6.
  • Page builder - Files or other resources containing a special character in their name were not loaded correctly when viewing content within the page builder interface, preview mode or the form builder in certain cases. The system incorrectly calculated the hash for the resource's URL. For example, the problem could affect files with special characters in their name added through a page builder widget using the media selector dialog.
  • Search - The 'Search fields' tab in the Page type editing interface was only available for page types that had the 'URL' feature enabled. After applying the hotfix, the search configuration is displayed for all page types that have either custom fields or the 'URL' feature. The change allows searching for page items that hold content, but do not need their own URL.
  • Unix/Linux - When accessing pages that contained resized images (e.g., from media libraries), it was possible to encounter 'System.ArgumentException: Parameter is not valid' errors when rendering certain resized images. This issue only affected Linux deployments of ASP.NET Core projects.
  • Unix/Linux - The hotfix addresses a number of filesystem-related issues encountered when hosting ASP.NET Core live site applications in Linux environments. The issues were primarily caused by a dependency on Windows-like filesystem conventions, so mostly impacted features reliant on Input/Output operations. The following is a non-exhaustive list of affected features: media library operations (insert, modify, delete), smart search (running indexing tasks, index rebuilds), web farm synchronization, scheduler functionality run on the live site. See the hotfix instructions for more information.


Hotfix 13.0.9

Published: Fri, 22 Jan 2021 15:33:45 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - If a product bundle was automatically added to a customer's shopping cart as part of a 'Buy X Get Y' discount, the system incorrectly inserted two of each item included in the bundle.
  • Media library - An error occurred when creating a new media library after applying hotfix 13.0.4 or newer. The problem was caused by incorrectly signed macros, and can be fixed by applying hotfix 13.0.9, or alternatively by re-signing macros in the system.
  • On-line forms - When cloning forms, the maximum length of the new form's 'DB table name' was not validated correctly and allowed values that were too long. This could lead to inconsistencies with the resulting form.


Hotfix 13.0.8

Published: Fri, 15 Jan 2021 12:30:17 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Data engine - Changing the order of certain global objects resulted in an error after applying hotfix 13.0.7. For example, the issue could affect custom object types or custom tables with an order column.
  • Hotfix - Applying a previous version 13 hotfix to the Kentico Xperience setup files added incorrect versions of certain installation files and templates. As a result, new projects created using the hotfixed installer had an invalid database and did not work correctly To fix the problem, you need to apply hotfix 13.0.8 or newer to the setup files.
  • Marketing automation - When a marketing automation process was automatically initiated by a trigger of the 'Time-based' type, contacts going through an 'If/Else' step got stuck even though they met the step's condition. The process remained in the 'Pending' state for the contact and could not finish.


Hotfix 13.0.7

Published: Fri, 08 Jan 2021 12:20:00 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Data engine - If a custom object type was stored outside of the default database (e.g., in a separated database for on-line marketing data), the system used an incorrect database connection when updating the order or ID path for the given objects, resulting in an error. For example, the problem occurred when displaying such objects in the administration using the UniGrid control and attempting to change the order of objects.
  • General - On ASP.NET Core sites, an instance of the 'IDataProtectionProvider' service was always required on application startup. This could cause slower application start and errors when developing isolated integration tests if a mock instance of this service was not created for every test.


Hotfix 13.0.6

Published: Fri, 11 Dec 2020 15:29:38 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Page builder - The cookie level of the system's 'KenticoCookiePolicyTest' cookie (used to detect the 3rd party domain blocking policy of a browser) was too high. This could result in incorrectly displayed error messages in the Xperience administration, e.g. in the page builder interface.
  • Search - Pages crawler search indexes did not reuse connections correctly on HTTPS sites. For example, this could cause SNAT Port Exhaustion errors to occur when rebuilding indexes on sites hosted on the Azure App Service, leading to missing page results.


Hotfix 12.0.92

Published: Fri, 11 Dec 2020 08:22:59 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security (Informative) - Possible information disclosure in form control error messages - If an error occurred when rendering a Portal Engine form control, the error message displayed on the live site included stack trace information.
  • E-mail engine - Emails sent from the 'Send email' tab in the 'Email queue' application or the 'Mass email' tab in the 'Users' application did not resolve relative virtual URLs to their absolute form correctly. For example, this could result in broken links to pages on Portal Engine sites. The issue occurred only after applying hotfix 12.0.79 or newer.
  • Search - Pages crawler search indexes did not reuse connections correctly on HTTPS sites. For example, this could cause SNAT Port Exhaustion errors to occur when rebuilding indexes on sites hosted on the Azure App Service, leading to missing page results.
  • Users - Editing a user's memberships in the administration interface on the 'Membership' tab of the 'Users' application for a selected site incorrectly removed any memberships that the user had assigned on other sites. The problem did not occur when memberships were assigned in the 'Membership' application or automatically by purchasing a product associated with the membership.


Hotfix 13.0.5

Published: Mon, 07 Dec 2020 12:03:36 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • General - Applying hotfix 13.0.4 caused errors in the administration application and prevented the project from compiling.
  • Media library - The hotfix allows media libraries to use the direct file path in URLs when adding links to files in Xperience content (instead of permanent media file URLs). For example, direct file URLs may be desired for media files placed in external storage, such as Microsoft Azure Blob storage. The option can be configured when editing individual media libraries on the 'General' tab. The configured URL format applies when adding links to media files in the rich text editor (using the page builder widget or when editing rich text page fields) and via page fields based on the 'Media selection' form control.
  • Pages - If certain characters (for example a ` grave accent) were used in the 'URL slug' of a page, the value could no longer be changed and an error occurred when viewing the page in the administration interface and on the live site.
  • Search - Azure search indexes of the 'Pages' or 'Pages crawler' type did not update after a page included in the index was updated (and a corresponding search task was processed).
  • Users - Editing a user's memberships in the administration interface on the 'Membership' tab of the 'Users' application for a selected site incorrectly removed any memberships that the user had assigned on other sites. The problem did not occur when memberships were assigned in the 'Membership' application or automatically by purchasing a product associated with the membership.


Hotfix 13.0.3

Published: Fri, 27 Nov 2020 12:35:57 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Files - On ASP.NET Core sites, the system generated malformed links to static files displayed under preview mode (in the 'Pages' application or when viewed via a generated preview URL). The issue occurred only for files placed outside the application's web root (~/wwwroot folder). Most commonly affected were media library files, which are by default stored in a dedicated site folder outside the application's web root.
  • Localization - Localization (e.g., via the system's ResHelper class) did not work and resulted in an error in projects targeting .NET Core 5.
  • Page builder - The search in the 'Media files selector' dialog for page builder components did not work in certain browsers (for example Firefox), and the displayed media files were not filtered.
  • Page builder - The properties dialog in the page builder interface prevented 'mouseup' and 'mousedown' button events from propagating. As a result, any form components that registered listeners for such events did not work correctly in the dialog when assigned to properties.
  • Pages - On ASP.NET Core sites that used content tree-based routing, pages configured to require authentication did not redirect public visitors to the site's sign-in page. The 401 Unauthorized response was returned instead.
  • Search - Changes made to the 'Enable smart search indexing' setting ('Settings' application -> System -> Search) were only reflected after application restart.


Hotfix 13.0.2

Published: Fri, 20 Nov 2020 13:32:18 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-mail engine - Emails sent from the 'Send email' tab in the 'Email queue' application or the 'Mass email' tab in the 'Users' application did not resolve relative virtual URLs to their absolute form in certain cases.
  • Import/Export - Disabling the 'Rebuild site search indexes' option in the 'Objects selection' step of the import wizard did not work correctly, and the option always persisted as enabled after switching to a different object category.


Hotfix 13.0.1

Published: Fri, 13 Nov 2020 17:35:26 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-mail engine - The 'Email queue' application incorrectly required the 'Modify email queue' permission to 'Refresh' the queue. After applying the hotfix, the 'Read email queue' permission is sufficient to refresh the queue.
  • Email marketing - Added a tip box with an introduction video for the 'Email marketing' application.