October 2025 Releases

When attempting to cascade permissions to new assets from users who had been deleted, the warning that the user did not exist caused a fatal error, and an HTTP 500 response.

The error handling for setting permissions was replaced with exception handling. The handling of the exception for missing user permissions when assets were created was set to log the issue and continue.

Creating an asset in a location where a deleted user has been granted cascaded permissions will no longer produce a fatal error. This includes through the asset management API.

A session value was missing when using Matrix Cookie Passthrough on REST Resource assets. This could cause content not to be displayed on the first view (a "fresh session").

The session value is now checked to see if it is present and set if it does not exist. When using Matrix Cookie Passthrough on a REST Resource asset, content will be shown even on fresh sessions.

The PHP session system automatically set Cache-Control: no-cache and Pragma: no-cache headers when session_start() was called. These headers conflicted with the cacheable headers set by RedirectDataPathHandler, causing Cloudflare CDN to ignore the cacheable directives and always hit the origin server.

The flow-on effects from this issue caused 302 redirects from /__data URLs not to be cached by Cloudflare CDN. Every redirect request hit the origin server, increasing server load and causing poor performance for users accessing redirected assets.

The fix modifies RedirectDataPathHandler to remove conflicting cache headers before setting cacheable ones. The removeConflictingCacheHeaders() method was also added to remove Cache-Control, Pragma, and Expires headers set by the PHP session system, allowing proper cacheable headers to be set for 302 redirects.

Many bots do not preserve cookies when making multiple requests, resulting in a large number of public user sessions that are used for a single request, which can sometimes affect regular user sessions.

Squiz Content Management now retains single-use public sessions for a shorter period, resulting in more session storage space available for regular users.

Platform changes caused the detected media (MIME) type of JSON files to change, so they were no longer detected as text files. This caused an issue where, under certain circumstances, the contents of a .json file in relation to a physical file asset could not be viewed.

The media (MIME) type is now checked and treated as text for physical file assets. The content of .json files is now reliably viewable and can be referenced in asset_contents keywords.

An issue with location data not being populated for web behavior events prevented the country matching logic from working as expected.

Under these conditions, a segment like international visitor would be incorrectly allocated to visitors of in the configured country.

Now segmentation that relies on location data operates as expected in web events.

The XML BOM was causing errors to be generated. The plugin now removes the BOM. The elements are extracted without errors.

When a user was using inline edit and clicking on links to start editing the link text, any links on the web page opened the page rather than allowing edits to the links.

The fix adds a listener for click events on inline editable links, which prevents navigation in build mode. In preview mode, the links open in a new browser tab.

Long-running cron jobs can become permanently stuck when cron nodes are rotated or are stopped while running. Manual intervention was required to clear the stuck state, which prevented the self-healing mechanism from working properly for long-running job deadlocks.

The fix added the missing running_long attribute reset to the clear_cron_deadlock.php script in the --clear --force functionality. When the cron manager initiates a new run, it clears existing locks for a fresh start, including the running_long attribute, enabling proper self-healing for long-running job deadlocks.

Both Asset Syncing and Asset Management APIs are now automatically activated for all customers.

Customers can always use Asset Syncing and Asset Management APIs without needing to ask for the features to be activated by Squiz Support.

Under certain conditions, not having a create location for file type inputs would fail asset validation. Validation failure could cause forms with file type input field types in conjunction with email options to fatally error.

The fatal error is now caught and logged with a default value set, which prevents the condition from presenting.

When an asset listing page or search page was set as the root node for a listing asset, a null value was passed through to the getRootNodes() function. When null was set as the root node, certain functionality of the listing asset, such as the %root_nodes% keyword, resulted in errors.

The value returned when no root nodes can be found was changed from null to an empty list. Problematic code paths processing can now continue with no root nodes in a more compatible format.

In our continuous efforts to enhance system performance and reliability, Squiz Integrations instances hosted in the AU region have undergone a data and process migration to new infrastructure.

As a result, the IP addresses for Squiz Integrations AU instances have changed.

Read Gateway IP Registry for details about the Gateway IP Registry microsite and to find links to get all IP addresses in JSON or plain-text format.

This strategic move aims to optimize our service quality and ensure greater resilience and scalability.

Added the ability to modify the transformed parameter using a regex find and replace.

Indexer option -metadata_t_overrides_title has been added to allow metadata t to override title.

Some customers are unable to see the content auditor due to an error when processing JSON content that contains dates in ISO 8601 standard format.

With this change, the content auditor now shows information when the content is JSON data containing ISO 8601 standard format dates.

Some customers have large amounts of auto-completion data which are unable to be uploaded in a single file. This change allows data to be uploaded in multiple files.

The links for export accessibility reports were not updated when the search data model changed. The accessibility reports did not contain any results.

Now that the accessibility reports use the correct data model, they are providing the requested data when exported.

The original implementation of the access restriction plugin prevented auto-completion results from being available. This change has reversed that behavior, and now auto-completion results can be seen.

The data sources function is designed to gather and process data, making it available for search through search packages. When a data source is now updated, it bypasses the update steps built for search packages.

The data sources function is designed to gather and process data, making it available for search through search packages.

When a data source is created it will have access_restriction=no_access configuration key set by default.

As a result, attempts to access it through the /s/search endpoint will return a 403 error with the message "Sorry, your machine does not have access to …​"

Customers can now use -disable_html_title_processing, which is an indexer_option flag that allows <title> tags to be ignored.

Ignoring title tags prevents the tags being being added to the metadata t class.

Dependencies have been upgraded to address security issues, ensuring a safer and more reliable system.

Dependencies have been upgraded to address security issues, ensuring a safer and more reliable system.