October 2025 Releases

When attempting to cascade permissions to new assets from users who had been deleted, the warning that the user did not exist caused a fatal error, and an HTTP 500 response.

The error handling for setting permissions was replaced with exception handling. The handling of the exception for missing user permissions when assets were created was set to log the issue and continue.

Creating an asset in a location where a deleted user has been granted cascaded permissions will no longer produce a fatal error. This includes through the asset management API.

A session value was missing when using Matrix Cookie Passthrough on REST Resource assets. This could cause content not to be displayed on the first view (a "fresh session").

The session value is now checked to see if it is present and set if it does not exist. When using Matrix Cookie Passthrough on a REST Resource asset, content will be shown even on fresh sessions.

The PHP session system automatically set Cache-Control: no-cache and Pragma: no-cache headers when session_start() was called. These headers conflicted with the cacheable headers set by RedirectDataPathHandler, causing Cloudflare CDN to ignore the cacheable directives and always hit the origin server.

The flow-on effects from this issue caused 302 redirects from /__data URLs not to be cached by Cloudflare CDN. Every redirect request hit the origin server, increasing server load and causing poor performance for users accessing redirected assets.

The fix modifies RedirectDataPathHandler to remove conflicting cache headers before setting cacheable ones. The removeConflictingCacheHeaders() method was also added to remove Cache-Control, Pragma, and Expires headers set by the PHP session system, allowing proper cacheable headers to be set for 302 redirects.

Many bots do not preserve cookies when making multiple requests, resulting in a large number of public user sessions that are used for a single request, which can sometimes affect regular user sessions.

Squiz Content Management now retains single-use public sessions for a shorter period, resulting in more session storage space available for regular users.

Platform changes caused the detected media (MIME) type of JSON files to change, so they were no longer detected as text files. This caused an issue where, under certain circumstances, the contents of a .json file in relation to a physical file asset could not be viewed.

The media (MIME) type is now checked and treated as text for physical file assets. The content of .json files is now reliably viewable and can be referenced in asset_contents keywords.

An issue with location data not being populated for web behavior events prevented the country matching logic from working as expected.

Under these conditions, a segment like international visitor would be incorrectly allocated to visitors of in the configured country.

Now segmentation that relies on location data operates as expected in web events.