Are you vulnerable?

Konsult wishes to improve the way we inform you about security issues. Transparency is a key to make sure your websites are patched and secure as much as possible. Here you will see all security issues fixed in Kentico 12 and all future versions.

The hotfixes are cumulative, meaning that the hotfix contains all the previous hotfixes for the same version. We recommend that you apply the latest hotfix available for the respective Kentico version you are using.  If you are looking for older versions, please visit https://devnet.kentico.com/download/hotfixes.
 

Claim My Free ꓘonsultation

Hotfix 12.0.90

Published: Fri, 23 Oct 2020 06:13:41 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Facebook integration - Due to changes in the Facebook API and related permissions, the functionality for publishing content to Facebook pages may stop working. To use the feature, you need to apply the hotfix and manually update your Facebook app. Ensure that your app has the 'pages_manage_posts', 'pages_read_user_content' and 'read_insights' permissions, upgrade the Facebook API Version to 'v8.0', and generate a new page access token for your Facebook app in Kentico.
  • Page builder - The folder tree area of the 'Media files selector' dialog for page builder components was too narrow, which could make it hard to read long or nested media folder names. The hotfix updates the design of the dialog to improve visibility in the folder tree.


Hotfix 12.0.89

Published: Fri, 16 Oct 2020 08:32:18 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - Payments using the default PayPal provider resulted in a validation error if the order used a gift card with a value higher than the total price of all purchased items (only applies to cases where payment was still necessary after calculating the order's final price with shipping and tax).
  • E-mail engine - Cleaning of archived emails with attachment files was inefficient, and could potentially lead to timeout issues if the database contained a large number of archived emails with an attachment.
  • Marketing automation - Marketing automation processes could get stuck on 'Wait' steps and licensing errors were logged. The problem occurred in cases where the background scheduled task handling the wait step was executed in the context of a site with a license edition lower than EMS (on instances with multiple sites using different license editions).


Hotfix 12.0.88

Published: Fri, 09 Oct 2020 08:02:17 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Licensing - Running an MVC site with the Small Business license edition resulted in license limitation errors. After applying the hotfix, Small Business licenses support web farm synchronization and the errors no longer occur.


Hotfix 12.0.87

Published: Fri, 02 Oct 2020 09:45:06 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Staging - If the system was configured to store file binary data on the file system, staging tasks did not synchronize these files for object-related meta files. For example, the problem could affect product images assigned to SKUs.


Hotfix 12.0.86

Published: Fri, 25 Sep 2020 09:14:45 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Form controls - The 'reCAPTCHA' form control and MVC form component only processed the current content culture as a 2 character ISO code, which could cause the reCAPTCHA to display in the incorrect culture. For example, the problem could occur on sites using the 'zh-HK' Chinese culture, which displayed the reCAPTCHA in the 'zh-CN' culture instead.


Hotfix 12.0.85

Published: Fri, 18 Sep 2020 10:52:15 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • General export - An error occurred when using the Advanced export feature for email marketing link click statistics with the 'Export raw database data' option enabled and all data columns selected.
  • Staging - Page update staging tasks generated after adding or modifying a related page from another site did not synchronize the relationship change to target servers. After applying the hotfix, staging supports synchronization of relationships between pages on different sites.


Hotfix 12.0.84

Published: Fri, 11 Sep 2020 10:14:23 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Page types - An error occurred when rolling back to a previous version of a page type with one or more child page types (i.e. page types that inherit fields).
  • Web analytics - If a web analytics log file for exit page candidates contained invalid or malformed data, processing failed and prevented logging of all web analytics statistics. After applying the hotfix, such files are deleted and processing of other analytics logs continues.


Hotfix 12.0.83

Published: Fri, 28 Aug 2020 06:58:59 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Reporting - The 'Print' functionality in the Reporting application did not work on sites with the 'Kentico CMS Base' or lower license editions.


Hotfix 12.0.82

Published: Fri, 21 Aug 2020 08:16:50 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Microsoft Azure - On sites hosted in Azure, an error occurred in the administration interface when viewing pages in Preview mode or the page builder for pages whose node alias path contained non-ASCII characters. The virtual context URLs used by these features had escaped characters when obtained from Azure, resulting in a non-matching hash.
  • Page builder - When caching the output of controller actions using the ASP.NET output caching, the page builder did not load in the 'Pages' application for pages displayed through the cached actions. Instead, only a preview of the cached page was displayed. This problem occurred in special scenarios, for example, when caching based on specific parameters defined in the 'VaryByParam' property.


Hotfix 12.0.81

Published: Fri, 14 Aug 2020 08:49:11 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-mail engine - Cleaning of archived emails could fail in cases where the scheduler was configured to run in request-based mode and the administration site did not receive regular traffic. This could lead to buildup of sent emails and cause intervals of heavy database load.
  • Licensing - Domains containing a port number were not correctly registered as belonging to the domain for which a license was issued. This caused issues with the system's web farm functionality.


Hotfix 12.0.80

Published: Fri, 07 Aug 2020 09:04:53 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Form builder - The visibility condition and validation rule components of the system's 'Form builder' feature contained a memory leak. Sites making heavy use of these components experienced severely heightened memory utilization, eventually resulting in an application crash.
  • WYSIWYG editor - When editing page fields based on the 'Rich text editor' form control, the system incorrectly handled virtual URLs in the 'poster' attribute of 'video' tags (added through the editor's Source mode). After saving such a URL into the content, subsequent edits loaded a relative URL resolved according to the application path of the administration application. Re-saving the field could cause the poster URL to become invalid, for example if the live site was running with a different application path than the administration.


Hotfix 12.0.79

Published: Fri, 31 Jul 2020 07:47:36 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Form builder - It was not possible to set a static 'id' attribute for the 'form' HTML element of forms placed using the system's default 'Form' widget. By default, the system always generated a random 'id' for each form to prevent multiple forms with identical identifiers from being placed on a single page. After applying the hotfix, you can suppress this behavior by setting the 'id' attribute via the 'FormWidgetRenderingConfiguration.FormHtmlAttributes' property. However, note that this sets the same 'id' attribute for ALL form widget instances. As a result, having more than one form per page is not supported under this configuration.
  • Page builder - If content added through the page builder (for example using a text editor widget) included absolute URLs with a domain matching the current site's Presentation URL, the URLs became broken after resaving the content. The system resolved such URLs into internal virtual context URLs ('/cmsctx/...') to work within the administration interface, but this value was incorrectly saved into the database on subsequent edits. After applying the hotfix, such absolute URLs are modified to relative URLs after being saved, and the system correctly handles the virtual context URL conversions. The fix does not address any existing broken links - these need to be fixed and resaved manually.


Hotfix 12.0.78

Published: Fri, 24 Jul 2020 08:05:17 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - Payments using the default PayPal provider resulted in a validation error if the order contained a note longer than 165 characters. After applying the hotfix, order notes that exceed this number of characters are trimmed before being sent to PayPal.


Hotfix 12.0.77

Published: Fri, 10 Jul 2020 08:06:50 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - Free shipping offers with a 'Minimum order amount' were incorrectly evaluated without subtracting any applied order discounts from the checked order price. Note that after applying the hotfix, orders will no longer qualify for free shipping if their price does not meet the minimum amount after subtracting an order discount.


Hotfix 12.0.76

Published: Fri, 03 Jul 2020 10:57:24 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Pages - An error occurred in the language version comparison mode of the Pages application for users whose username contained certain special characters, such as a backslash (typically for users created via external authentication).
  • Pages - Certain scenarios did not work correctly if the 'URL pattern' of page types on MVC sites contained a page path macro that could resolve into a value with multiple URL segments, such as the 'NodeAliasPath' field. For example, detection of alternative URL conflicts did not work for the resulting pages. After applying the hotfix, the system handles such macros if they are the only value placed into the URL pattern.


Hotfix 12.0.75

Published: Fri, 26 Jun 2020 09:37:08 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security (Important) - Method used to resolve URLs was vulnerable to XSS - There were several occurrences of a cross-site scripting vulnerability when the system resolved URLs whose relative part contained a special sequence of characters. The vulnerability occurred in the administration interface, as well as controls that could be used on the live site. The issue was fixed by filtering out these characters.

    Workaround for all Kentico versions

    A manual workaround for this issue is to add URL sequences from "/(A(" to "/(Z(" to the <denyUrlSequence> web.config element. The web.config should contain the following:

    <denyUrlSequences>
        <add sequence="/(A(" />
        <add sequence="/(B(" />
        ...
        <add sequence="/(Z(" />
    </denyUrlSequences>
  • Pages - Users created via external authentication whose username contained certain special characters could encounter an error when viewing pages in the Pages application, for example in Preview mode or in the page builder edit mode on the 'Page' tab. After applying the hotfix, the virtual context URLs used to display such content store the GUID of the current user instead of the username.
  • Search - The system generated individual smart search indexing tasks for each page associated with a given product (SKU object) every time the product was modified. This occurred even for pages not included under any smart search indexes. After applying the hotfix, the system generates a single smart search task per SKU modification that processes all pages related to the product.


Hotfix 12.0.74

Published: Fri, 19 Jun 2020 07:51:14 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Authentication - The system did not generate a valid callback URL for external authentication providers if the site was running on a domain with a non-standard port number (different than 80 for HTTP, 443 for HTTPS). This resulted in an endless chain of redirects between the application and the authentication provider.
  • Form builder - The 'Checkbox' form component's 'Text' property did not support localization macro expressions.


Hotfix 12.0.73

Published: Fri, 12 Jun 2020 07:58:09 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - Kentico API that relied on static contexts, such as 'SiteContext', 'ContactManagementContext', or 'CMSActionContext', did not work and returned empty values when called within custom asynchronous (async) methods. After applying the hotfix, the contexts correctly persist their values within async code.
  • Files - When a folder was mapped to another location using the file system provider API, moving or copying of files from the local file system into the mapped folder did not work correctly in certain scenarios. For example, if a media library folder was mapped to Azure Blob storage, the system did not create files when using the import feature to add media files into the given folder.
  • Localization - Registration emails sent when a new user registered on a Portal Engine site through the 'Registration form' or 'Custom registration form' web part did not have the correct culture in certain scenarios. Localization macros placed into registration email templates (e.g. 'Membership - Registration' or 'Membership - Registration confirmation') were resolved into a default culture (English) instead of the user's current content culture on the site.
  • Page builder - If a custom form component using the React JavaScript library was assigned to a property of a page builder component (widget, section, etc.), click events (onclick) did not work in the resulting properties dialog. After applying the hotfix, click events of React components are triggered correctly in page builder property configuration dialogs.


Hotfix 12.0.72

Published: Fri, 05 Jun 2020 09:25:38 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Staging - Staging tasks of the 'Break ACL inheritance' type were not logged correctly when the change was triggered by incoming synchronization from another server (typically in environments with 3 or more connected staging servers).


Hotfix 12.0.71

Published: Fri, 22 May 2020 06:41:34 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-commerce - When utilizing the 'Shipping option selection' web part in the checkout process on a Portal Engine site, an error occurred if a customer selected a shipping option and then later switched back to the default '(Please select)' item. After applying the hotfix, the web part no longer displays the '(Please select)' item after selecting and saving a valid shipping option. The problem occurred after applying hotfix 12.0.35 or newer.
  • Licensing - License keys containing domain names shorter than four characters were not recognized by the system.


Hotfix 12.0.70

Published: Fri, 15 May 2020 07:45:48 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • E-mail engine - If using a database server with relatively low-tier performance (for example an Azure SQL database with 400 DTUs) and sending extremely large numbers of emails, cleaning of archived emails could fail and potentially lead to buildup of sent emails, and even performance issues or crashes on the website. To fix the issue, either scale up the database, increase the database connection timeout, or lower the batch size for archived email deletion by adding the new 'CMSEmailDeleteBatchSize' key to the project's web.config file. The key's default value is 2000.


Hotfix 9.0.9

Published: Wed, 13 May 2020 08:57:19 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Continuous integration - Child pages of linked pages weren't updated by the continuous integration solution when the source page of the link or one of its ancestors was renamed, moved or deleted.
  • Scheduler - Scheduled tasks with the 'Period' property set to 'Month' were not planned correctly (the system did not set a 'Next run' time).
  • Staging - When viewing staging tasks on the 'Pages' tab of the 'Staging' application, the titles of the listed tasks did not provide clickable links to the related pages.
  • User interface - When viewing the application list in the Chrome browser, the search box was pre-filled with the current user's username if the login credentials were saved in the browser and the Chrome Autofill feature was enabled.
  • Web farms - When running in a web farm environment, updates to the content of resource strings didn't invalidate the resource strings cached on other servers in the web farm. As a result, old resource string content was displayed until the cache was cleared for the given server.
  • Web parts - Paging didn't work when using the 'Universal viewer with custom query' web part if the 'Load individual pages' property was enabled and the 'Cache item name' property was set to a custom value.


Hotfix 9.0.8

Published: Wed, 13 May 2020 08:57:19 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Attachments - When restoring culture versions of pages from the recycle bin, attachment files stored in page fields were not restored correctly.
  • Continuous integration - After renaming a field of a page type, the continuous integration solution did not update the serialized data representing pages of the given type (i.e. the 'fields.xml' files of individual pages stored in the 'CIRepository' folder).
  • Email marketing - When creating or modifying campaign emails, a duplicate scroll bar was displayed on the screen.
  • Macros - When calling the 'Where' macro method for a collection of objects within a text transformation, the method worked correctly only for the first item to which the transformation was applied.
  • Page types - When editing sites in the Sites application, it wasn't possible to assign or remove page types for the site on the 'Assigned objects -> Page types' tab.
  • Pages - Scripts used in the administration UI were loaded on the live site in anonymous sessions when not required.
  • Pages - Saving changes made to the Owner field of content only pages on the General tab in the Pages application caused an error.
  • Search - Page search indexes didn't work correctly if the indexed content included pages whose parent was excluded. When the content of such pages changed, the search index wasn't updated.
  • Web parts - 'Universal viewer' and 'Universal viewer with custom query' web parts caused an error if Paging mode was set to 'Postback' and the Pager position was set to 'Bottom' or 'Top and bottom'.


Hotfix 9.0.7

Published: Wed, 13 May 2020 08:57:19 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - The SKU property of the 'ProductOptionSelector' control didn't contain a setter. Selecting an option's SKU with the control therefore required an unnecessary database request when getting the SKU with its ID.
  • Blogs - When configuring the 'Blog comments' widget, an error occurred after changing the value of the 'Site name' property. In general, the problem could be triggered by postbacks during the configuration of any web part or widget with a property based on the 'Blog name selector' form control.
  • Blogs - When the Blogs application live tile was added to a user's dashboard, the system could not retrieve the number of blog posts and caused an error.
  • E-commerce - Orders could have been created with a payment method which wasn't applicable when no shipping was required.
  • Email marketing - When using link tracking for campaign emails, the system didn't consistently store the links in lower case in the database. The issue does not affect the link tracking functionality and was only fixed for the purposes of consistency.
  • Macros - The 'HTML editor toolbar set' property of the Editable text web part did not resolve macros in on-site edit mode.
  • On-line forms - When deleting a site, the system did not remove the database tables storing the data of forms assigned to the given site.
  • Search - The smart search crawler does not index pages on HTTPS sites without a certificate from a trusted authority. If you need to use self-signed certificates, you may override the certificate validation by adding the <add key="CMSSearchCrawlerAcceptAllCertificates" value="true" /> key to your web.config.


Hotfix 9.0.6

Published: Wed, 13 May 2020 08:57:19 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - Automated tests inheriting from the 'CMS.Tests.IsolatedIntegrationTests' base class failed due to database timeout errors under certain circumstances.
  • Avatars - When replacing existing avatar images, the new image was not saved if uploaded directly after the old image was removed without first submitting the change.
  • Modules - After deleting a UI element with child elements, the child elements were not displayed in the recycle bin. Restoring the parent did not restore the child elements.
  • On-line forms - Email notifications about new data records submitted for forms and autoresponder emails incorrectly displayed time values for fields of the 'Date' data type (in addition to the entered date).
  • Pages - An error occurred when using listing web parts to display related pages defined through a field of the 'Pages' type (advanced content modeling) in combination with columns specified in the Columns property.
  • Portal engine - When using on-site editing mode as an editor without the administrator privilege level, content defined through the 'HTML envelope' properties of web parts was incorrectly displayed for web parts that were not visible.
  • Staging - If a page under workflow had the "Publish from" date set in the future, editing the page and moving it to the published step did not log a corresponding "Publish page" staging task (the task was logged only after the publish date). After applying the hotfix, the staging task is logged immediately, which allows synchronization of the page's published state with a set "Publish from" date.


Hotfix 9.0.51

Published: Wed, 13 May 2020 08:57:19 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Security - Added security improvements to the application.


Hotfix 9.0.50

Published: Wed, 13 May 2020 08:57:19 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Contact management - When the deletion of inactive contacts took longer than 1 minute, the next run of the 'Delete inactive contacts' scheduled task was not set, and the task did not execute again. To fix the problem, you need to manually execute the scheduled task after applying the hotfix.
  • Macros - Macros for loading component CSS did not work for transformations and web part layouts. For example: {% CSS.Transformations["custom.article.list"] %}
  • Web analytics - The 'Analytics browser capabilities' web part did not work and pages containing the web part generated logging requests that resulted in an error (CSRF exception). The problem occurred after applying hotfix 9.0.48.


Hotfix 9.0.5

Published: Wed, 13 May 2020 08:57:19 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • API - Calling the 'TreeProvider.SelectNodes' method resulted in an error if the parameters were configured to retrieve multiple page types and a data column shared by at least two of the page types.
  • API - Automated tests inheriting from any of the CMS.Tests base classes failed when located in a project outside of the Kentico solution folder (CMS).
  • Authentication - Authentication of users did not work after setting the 'CMSUserSaltColumn' web.config key to a custom value.
  • Caching - Web parts containing a page data source (for example the 'Repeater' or 'Universal viewer') could lose their cached data in scenarios where a custom value was set for the 'Cache item name' property. The problem usually only occurred on sites with heavy traffic.
  • Contact management - When using a separated on-line marketing database, the action for removing all accounts from a contact group didn't work and an error was logged into the event log.
  • Controls - The 'MultiFileUploader' control displayed an invalid message in scenarios where the number of uploaded files exceeded the maximum allowed number set through the 'MaxNumberToUpload' property.
  • E-commerce - On installations without the 'On-line marketing' component, an error occurred when adding a new customer during the creation of an order in the 'Orders' application.
  • Email marketing - The 'Check bounced emails' scheduled task does not work when executed using the external scheduling service. Applying the hotfix disables the 'Use external task' property for the task on all existing sites. If you use the external scheduling service, you may need to manually disable the property for new instances of the task after creating or importing a new site.
  • Macros - When calling the 'ToString' macro method for DateTime or TimeSpan values with a formatting string parameter, the specified format was not applied to the result.
  • Pages - Restoring culture versions of pages from the recycle bin could cause an error if the first restored version was not in the site's default culture.
  • Scheduler - Scheduled tasks configured to be executed by the external scheduling service incorrectly displayed warnings about late execution in certain cases.
  • Search - Highlighting of keywords in smart search results didn't work correctly when using the 'TextHelper.OnBeforeRemoveDiacritics' event to customize handling of diacritics in a way that replaces special characters with a string of a different length. Note that the search does not highlight text with diacritics in scenarios where the search keywords contain the equivalent string without diacritics (even after applying the hotfix).
  • Staging - An error occurred when synchronizing "Update page" staging tasks on instances without an EMS license (Ultimate or lower).
  • Web analytics - When using web analytics, the system generated unnecessary SearchLogHit requests when searches with empty keywords occurred on the site.


Hotfix 9.0.49

Published: Wed, 13 May 2020 08:57:19 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Email marketing - An error occurred after applying the subject filter on the 'Emails' tab when editing an email campaign in the Email marketing application.
  • Form controls - The 'Logic CAPTCHA' form control displayed the "(please enter the answer to the question or statement)" text even if its hidden 'ShowAfterText' property was disabled.
  • Search - An infinite loop could occur when building page smart search indexes if the indexed data fields contained complex HTML or XML structures.
  • Social Marketing - Facebook insight data was not collected for pages assigned to Facebook apps using version 2.7 or newer of the Facebook API (i.e. apps created after July 13, 2016).
  • Transformations - An error occurred when using transformations with a dot character in their code name. For example, if the system fetched a transformation directly from the database, the transformation's code name was parsed incorrectly and caused an error.


Hotfix 9.0.48

Published: Wed, 13 May 2020 08:57:19 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Authentication - Windows Active Directory authentication could cause an error if replacement of forbidden characters was disabled for roles via the 'CMSEnsureSafeRoleNames' web.config key. The error occurred if import of AD domain groups as roles was enabled and the authenticated user belonged to at least one group with a forbidden character in its name.
  • Caching - After exporting and importing a page template containing the 'Output cache dependencies' web part, the keys specified in the web part's 'Cache dependencies' property were processed incorrectly and combined into a single invalid line.
  • Continuous integration - If the restoring of continuous integration data to the database failed, it was difficult to diagnose the exact cause in certain cases. If the process fails during the composition of an object consisting of multiple parts, the error message now contains the file system paths of the related files.
  • Hotfix - Kentico instances installed from setup files with hotfix 9.0.40 or newer applied did not work (errors occurred due to missing assembly files).
  • Media library - When sending emails from Kentico (for example in the Email queue application), images added to the email content from a media library with resized dimensions were inserted with a relative URL, which caused them to be unavailable when viewed in email clients.
  • Web farms - Changes of license keys were not synchronized correctly between web farm servers, which could lead to logged errors in certain cases.


Hotfix 9.0.47

Published: Wed, 13 May 2020 08:57:19 GMT

Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.

Fixed bugs:

  • Authentication - When using certain external identity providers for authentication (for example Access Control Service), the system incorrectly handled situations where the identity provider returned an empty username claim. This caused an authentication loop for the client, which could result in the system generating multiple user accounts.
  • E-commerce - When using the search in customer selection dialogs (for example when manually creating new orders), the system only displayed customers with matching last names. After applying the hotfix, the search also uses the first name, company and email address customer fields.