DXP Releases for 2025

Releasing locks on a page with unsaved changes will now show a confirmation prompt similar to when attempting to navigate away from the page.

This minor improvement to how locks are handled on pages will help prevent customers from losing page updates accidentally.

The Stale if error expiry time default has been increased from one to seven days.

Increasing the expiry time by this degree allows Edge to serve cached content better if Squiz Content Management cannot serve the page for a period that includes the weekend.

Squiz Link fields used as an array item have received a minor improvement in the component editing UI, improving usability when presented in narrower editing views. The updated design is visible for all existing components using Squiz Links on both content and standard pages.

The update changes the presentation of Squiz Link fields from a "primitive" array type to a complex array type that supports inputs. Complex array types (such as Cards) can offer more than one input type.

Changes introduced to the package controlling the formatted text editor (FTE) caused a regression in table borders and controls. Style overrides were added to the core styles to fix the underlying issue with the package.

An issue discovered in an internal API was discovered where warnings were being promoted to exceptions. This unintended escalation caused warning and notice-level alerts to halt function execution. An API mode that logs warnings without promoting them to error status was added. Genuine errors remain unaffected, and warnings are logged and appended to internal API responses.

User names were checked for uniqueness with a SQL LIKE instead of strict equality. If a username was set with a SQL wildcard character (% or _) it could have been detected as colliding with another username, even if it was unique. The LIKE check was replaced with a strict equality check, which correctly evaluates the uniqueness of user names.

Warnings on internal API and Asset Management API requests were being incorrectly converted into fatal errors, which caused those requests to fail unexpectedly. Exception handling was improved on the internal API and Asset Management API. Warnings generated in API calls will now log to error.log and not affect API request processing.

The request correlation ID, which users see in a fatal error condition (including exceptions) in version 6.51.0 of Squiz Content Management, was not displayed in error logs. Customers could not properly correlate the ID given in a fatal error to messages in the error log. The correlation ID is now available in the error log. Error logs now contain a portion stating the correlation ID and the source of it (normally Cf-Ray)

An issue with how Metadata screens were loading components and returning a ready state caused issues with updating or editing metadata fields. WYSIWYG fields were particularly affected by this issue. Lifecycle hooks with states were added when loading Metadata screens. The hooks get passed from children components to parent components, which allows the Metadata screen and its components to load correctly and then pass the ready state to Viper, so it is initialized correctly.

Access to remap rules was restricted to the Remap Manager’s Edit screen. Remap rules were not shown in read-only mode on the Details screen. Read access permissions used by other assets were added to the remap rules, which allow them to appear in read-only mode.

Logical comparison differed between displaying and activating triggers, which caused some imported triggers to appear deactivated but run when their conditions were met. The logical comparison was made consistent between display and activation, preventing triggers from running if they appear deactivated in the UI.

When initially created, the Send Email trigger action sent an unserialized empty array default value to an Email Format attribute object, which controls how the email options appear in the action. In PHP 8.0 or later, the screen would throw a TypeError exception and would not fully load. The default value is now changed to the serialized version of the previous default value, which allows trigger actions to load in PHP 8.1 environments.

The DN not found message was being logged for every LDAP user that was deleted or not found upon an action or refresh of an asset’s Details screen. This excessive logging overwhelmed the logs and made them unusable. After evaluating the value of the messages in the log, the solution was to remove the messages so that the logs could be used to troubleshoot issues again.

When opening the Version history screen on a redirect asset, an attempt was made to normalize some data not in the expected structure. A type mismatch resulted in PHP throwing a warning because there was an attempt to loop through data that was unparseable. Type checking was added to the control before the unexpected structure was passed, preventing the warning from occurring. The array type was added as a default value for the passed parameter, along with type hinting in the method’s signature.

An issue was discovered in the Set Metadata Field Date trigger action where an attempt was made to call end() on the result of an array function. PHP produced an Only variables should be passed by reference notice when using the Set Metadata Field Date trigger action with Metadata Date fields that had Contextable turned off. The offending code was removed in the Set Metadata Field Date trigger action, which fixed the issue.

Part of the dynamic membership code that controls whether the live or draft version of an asset should be shown to users was adding users even if no current user was set for the workflow. When this condition appeared, reference report generation failed with an “Asset ID cannot be empty” exception. A try/catch block was added around the dynamic membership code to catch the empty/invalid asset ID code and skip it if it is invalid (including empty). The dynamic membership code is now ignored if no user has been set as current or the user ID is invalid.

Previously, the Resource Browser and the Page Builder UI did longer round-trips through the Component Service to fetch asset info, which was much slower and unnecessary.

With this minor improvement, the Resource Browser and the input fields in Page Builder will get Matrix info directly from the Content Management instance. Removing the unnecessary round-trip through Component Service speeds up the load time experienced by Content Authors using content page assets.

When a formatted text editor block is edited in the preview panel, all editing overlays and tool capsules are hidden unless hovered over.

This minor improvement reduces the option clutter previously experienced by some customers when using the preview panel to edit text.

An issue was discovered where the test status in the A/B test list was hardcoded to Running and not dynamically set to the status of the test status in the Optimization dashboard, or the content page Settings dialog box.

The A/B Test statuses are now dynamically set based on the A/B Test status, which results in a more consistent experience between the list, page settings dialog box, and Optimization dashboard.

It was discovered that asset_lineage design areas could not be exported using Mirror without a start_at_level value set.

Design areas that did not contain this value prevented Mirror from performing export operations, which caused the export script to stop unexpectedly.

Checks have been added to skip empty start_at_level values, allowing the script to continue to the next export phase.

The View Records section of CSV data source assets has been updated to present CSV data using JSON instead of the built-in PHP print_r format.

JSON format is now the standard format for showing data structures. print_r is a PHP built-in format..

The View Records section of JSON data source assets has been updated to present JSON data using JSON format instead of the built-in PHP print_r format.

JSON format is now the standard format for showing data structures instead of print_r, a PHP built-in format. Transforming JSON data sources using print_r instead of directly rendering the JSON was unnecessary.

It was discovered that the content of large files was not limited to search indexing. In some circumstances, indexing these files could cause the system to run out of memory.

A limit was added to text-type files that only allows indexing until the limit is reached.

Due to the unavailability of V8 memory limit and time limit thresholds, the complex JS executions involved with Server-side JavaScript (SSJS) could cause customer instances to run out of memory. In some severe cases, this could result in the entire instance shutting down unexpectedly, potentially causing customer outages.

The fix adds V8 JavaScript time limits and memory limits, which can be configured by Root Users only through the System Configuration screen. The limits can be configured using the setTimeLimit and setMemoryLimit options in the user interface.

SSJS should run within the limits of V8 JavaScript and throw an exception if it reaches the limits instead of potentially causing a customer outage.

The solution authentication user ID was strictly checked to determine if it should be added to the cache key. The type was changed internally between integer and string.

These conditions prevented the solution authentication user from being flagged as relevant to the cache, which sometimes caused the wrong cache to get served when solution authentication was in use.

The user ID is no longer strictly checked, and a regression test has been added to capture this condition if it reappears.

Dependencies have been upgraded to address security issues, ensuring a safer and more reliable system.

The push data source and filter classes ignored the filter.class configuration key. This key was required for each MODIFY request sent to the push API. The lack of the configuration key caused unexpected behavior between data sources depending on the type.

The change implemented applies the filter.classes configuration key value for push data sources if no filter query option is provided with the push API request.

The SEO auditor returned internal content created for accessibility auditing purposes. The incorrect common words appeared in the audit results, making it difficult to interpret them.

The content was removed from the SEO auditor to no longer affect legitimate results returned to users.

The StringDocumentFilter generated an illegal character error when processing a URL set by the plugin, which caused errors while updating the data source with plugins applied.

The plugin framework tool can now handle special characters such as | in the start URLs. A raw string is first converted to a Java URL object and then encoded into a Java URI object while ensuring special characters are accepted by URL and not URI.

Users can now preview configuration files, including metadata-mappings.cfg, xml-index.cfg, and site_profiles.cfg through WebDav and the configuration file manager.

The configuration is displayed in raw format, and users can copy it between different instances or resources.

This minor improvement removes the often cumbersome, time-consuming, and error-prone approach of manually entering the configuration information using the dedicated Administration UI.

The username or password label used for form authentication could be inconsistent. For example, the form label for the username could be email instead of username. Under these conditions, the external crawler could not find the matched username/password value(s) for pre-crawl authentication.

Data source configuration keys were added for username and password labels when encountered in either pre-crawl or in-crawl authentication requests. Username and password labels that are not the typical username/password form labels are now handled correctly.

If a user did not have the correct permission to modify configuration keys in an attempt to update it, instead of the relevant error message the UI was displaying [object] [object].

The error handling under these circumstances was improved so that the user either receives useful feedback about the invalid value of the configuration key or the lack of permissions they hold to modify the key.

Cutting out and pasting back exactly the same content into a FreeMarker template was causing the system to save an empty file.

The system now prevents empty files from being saved when cutting and pasting the same content into the template editor.

The push system attempted to clean up all data sources running as query processors but failed because the document data and delete lists were missing. When setting the push optimization features, the “prepare Funnelback for upgrade” feature failed.

Push optimization features were adjusted to skip cleaning up data sources in SLAVE mode when preparing to run an upgrade. These adjustments allow the optimization features to iterate past the skippable collections and complete the process.

The !FunDoesNotExist:padrenull plugin query appeared in analytics reports because it indicated empty search results. Customers were unsure what the plugin query meant in the context of the analytics report. This confusion caused unnecessary support cases requesting that the plugin query be manually added to the denylist of each affected Squiz Search instance.

The item !FunDoesNotExist:padrenull was added to the global denylist, which prevents the plugin query from appearing in analytics reports.

If the display of a key depended on the value of another key with a parameter, only the first key value with a parameter would be taken into account, instead of any that fulfilled the condition. Adding the next key with a wildcard that fulfilled the dependent key condition would not display the dependent key form to provide its value.

The fix displays the dependent key form if any key with a parameter fulfills the condition instead of only the first key value. Users are now able to provide plugin configuration details.

A new plugin named Faceted navigation - advanced sort by date lets you sort faceted navigation based on dates that use a custom format. This plugin provides an input date format and converts it to a consistent and sortable output format of YYYYMMDDhhmmss.

You can sort a metadata-based facet by date, where the dates are represented in a custom format. If you have facet categories like Jan 2010, Jun 2021, Nov 2019, the facet categories can now be sorted by a normalized date. The plugin converts the metadata labels to dates internally before sorting.

The original maximum timeout that could be set for crawl requests to a web page was 30 seconds. Pages that exceeded the 30 second crawl timeout would not be processed during an update.

The maximum timeout that can be set for crawl requests (crawler.request_timeout) was increased to two minutes (120 seconds). If the crawl request timeout configuration is set to the maximum value, then web pages that take over 30 seconds will now be processed

An aurora replication lag between the read and write database caused issues with determining which metadata version to use when a chained metadata trigger applied updates to an asset. If a chained metadata trigger update was in progress, a second running trigger failed to update the metadata value.

Time checks were added between saving and the next attempt to read the database to determine if the trigger should read from the original database instead of the replica database. This check ensures the most current database is used.

The following types of transient errors were causing OAuth to unexpectedly fail, triggered fatal errors, and ultimately prevented users from continuing with the authentication flow:

Users experiencing these transient errors would see an ungraceful failure in the authentication process and would need to manually restart their attempt.

OAuth authentication has been updated to automatically retry the process in the event of transient errors. Instead of immediately triggering a fatal error, the system now attempts multiple retries before stopping authentication completely.

This change significantly reduces the likelihood of failures and ensures a smoother experience.

Content Management users with system administrator or root user permissions can now set a custom warning message and limit through the Global preferences  Configure warning and limit for containers per standard page setting.

The alert appears when content authors have either reached or exceeded the recommended number of components on the standard page they are creating.

This setting will help content authors make better decisions about how they are building content using standard page assets and will avoid performance issues when configuring too many CCTs on a standard page.

Asset listings were using inefficient methods to query data, work on the data structure, and sort the result. As a result, sorting and rendering results in asset listings was slow, and memory intensive.

Improvements were made to provide a more efficient approach of querying data, modifying data structures and sorting results. These improvements result in better asset listing load performance.

When an asset was published or set to live, a bug with how version history event listeners were loaded caused minor version history entries (for example, 0.x.0) to not be recorded. This issue caused inconsistencies between the documented versioning rules and the stored version history, making it difficult for users to track version changes.

The event listeners are loaded before proceeding deep into the HIPO execution path. Customers can now reliably track minor version history updates made to assets.

There was no mechanism in the stylesheet to show a scrollbar when the root node drop-down height exceeded the browser viewport’s height. When many root nodes were in the drop-down, some entries at the bottom could not be selected.

Updated stylesheet rules were applied to the root node drop-down to show the scrollbar when needed. The stylesheet change lets users scroll the asset tree and select the asset they need from the list.

A blank content page triggers an issue where the reload button appears clickable but does nothing, leading to user confusion.

The logic for the reload button was modified to perform its intended function even when there is no content to be reloaded. With these changes, the reload button now correctly performs a reload action and animates upon click.

A recent issue occurred when an unexpected and unhandled error was detected within a component while evaluating JSON schema for live previewing Squiz Content Management asset pointers. This error prevented all of Page Builder from loading.

Error handling has been added to mitigate JSON schema interactions that cause errors when fetching Squiz Content Management asset pointers. A customError block issue type and improved error messaging have also been introduced to report errors handled by the system, providing users with instructions on how to proceed correctly.

In Preview mode, users encountered an issue where the total segment count was not visible when selecting multiple segments, particularly when the longest priority segment had a lengthy name.

This limitation has been addressed by displaying the total segment count in Preview mode, even when the highest priority segment is selected with a long name.

Following feedback from our APB beta testing, it was observed that users were experiencing confusion between the Page Builder Edit mode toggle button and the button used to acquire page locks in Matrix.

To clarify this, we have renamed the "Edit mode" toggle button to simply "Build mode", streamlining the user interface to reduce potential misunderstandings.

Previously, the File Store UI did not support uploads larger than 50 MB while the API handled up to 100 MB.

This change brings the UI up to API feature parity, offering a more convenient way to manage files through the UI.

When configuring a CDP event with an Authorized condition, the Events UI did not protect against selecting unsupported rule types or typing string values when the condition required boolean values.

To fix this problem, the Authorized event condition now automatically fills the correct values, which are read-only and set to equals true. Users can now configure Authorized event conditions that behave as expected.

Fixed how the Queues page renders for retry flows.

Fixed a RangeError: Maximum call stack size exceeded console error when navigating to a locked workspace using the Tenant Admin UI.

Fixed an issue where the erroneous filter was not applying when redirecting from the Dashboard to Executions.

Fixed an issue where some threads were missing on the Execution page after applying specific filters.

Fixed an issue where the three-dots menu was not clickable when the full-screen mode was toggled for the credentials menu.

Fixed an issue in the Implement tab where changes to the shutdown timeout for a flow did not apply without refreshing the page.

Fixed an issue where unnecessary \ characters were added to the $getPassthrough() expression when the user switched the mapping section from developer mode to integrator mode.

This component is a copy of the existing Email component, enhanced with the ability to set custom credentials.

This addition allows flexible management of different domains, workflows, and API keys.

REST assets had code that only functioned if they were running within a web request with "Append Query String" enabled. If REST assets were used through a scheduled task, the task would fail to run and cause a cron deadlock.

REST assets have been updated to assume an empty query string when running without a web request. REST assets with "Append Query String" enabled can be run from scheduled tasks.

The upgrade to PHP 8.1 altered the behavior of a control statement that caused an unexpected assignment of a null value for an element in the $asset_ids array. This condition occurred when an empty Link Information value was saved on a Link asset. The issue caused a fatal error and prevented users from saving link information.

The control statement was updated to explicitly handle cases where $_REQUEST[$prefix]['assetid'] is not set or is null before adding it to the $asset_ids array. This change prevents invalid asset IDs from being introduced into the system. Users can now save empty Link Information values if they need to.

Mirror and asset syncing operations only searched for asset IDs in specific patterns to avoid treating random numbers as asset IDs. Designs that specified a Menu Normal Design Area with a root_node asset ID configured directly in the parse file would be erroneously excluded from the search and break the imported design because they failed to migrate.

Mirror was updated to match asset IDs in Menu Normal Design Area root_nodes, which allows them to migrate correctly with Mirror or asset syncing.

The value for Global preferences  Component preferences  Default presentation types was not correctly set for custom components. If Article was the default presentation type, the custom component used block (div) when a user created a custom component.

This fix ensures custom components use the default presentation type specified in Global preferences.

Quick options in components initially supported enum properties. This release has expanded quick options properties to support boolean types. This minor improvement helps component developers create more flexible components that meet organizational needs.

The subscription anniversary date was manually set against a customer’s subscription, but was not being updated when the anniversary date passed. This meant that customers could not see accurate dates and usage data against their DXP subscription.

The subscription anniversary date now automatically updates for each year that passes, always showing the most up-to-date anniversary date. DXP subscription usage will be relative to that date.

Functionality to update access within Advanced Forms was only passing updated access requirements and not the user’s name, which accidentally overrides the name with "undefined". Any reporting or viewing of users will show "undefined undefined" as the author’s name.

With this release the full name of the user is updated in Advanced Forms each time their access is updated. Full names of users are correctly showing up in reports.

Users can now upload a PNG, JPEG file, or WEBP avatar image up to 500KB to their Squiz Integrations user profile.:

This feature lets users add a small personalized touch to user profiles. Customers can now see uploaded avatars when they are in their Squiz Integrations instance.

The Workspaces, Contract Settings pages, and several dialog boxes have all received improvements to responsiveness through their conversion over to React.

This update brings the benefits of React’s component-based architecture, enhancing responsiveness and interactivity for users.

The Executions page has been updated to sync pagination as it is received through connected WebSockets. This enhancement enables real-time updates and seamless navigation when viewing execution data.

Users can experience synchronized pagination that automatically adjusts as data is received through WebSockets, ensuring that the displayed information remains current and accurate.

The API endpoint GET /workspaces/get_workspaces_all_list can deliver a sorted list of available workspaces based on user permissions within the corresponding contract.

The enhanced workspace management capabilities provided by this new endpoint let users retrieve a comprehensive view of all workspaces they are authorized to access, streamlining workspace navigation and organization.

The GET v2/recipes API endpoint now allows users to search for Recipes based on a specific word or phrase in the recipe title.

By incorporating this search functionality into the API and UI, users can locate and access recipes that match their search terms, streamlining the recipe discovery process and improving overall usability within the system.

Sailor-NodeJS has been upgraded to v2.7.4 to fix the error location when a component uses the Rebound functionality.

This upgrade also improves the performance of several components that received this upgrade in the Integrations v25.06 release.

The implementation of how data paths are used is changing. 404s from the data are now redirected if they appear valid.

The existing implementation was causing an unacceptable number of 404 errors.

The authentication MAC cache was not cleared when the user logged out. After logging out, the user could see logged-in page content if the instance was behind a MAC cache.

A call to regenerate the session ID has been added during logout to prevent MAC from using the same cached session immediately. When the user on a MAC instance logs out, the page no longer has cached content for authenticated sessions.

The Acalog Basic plugin required updates to its API to allow program metadata information to be passed through.

Some minor changes to the logic about http client double-encoding were also made. Configuration settings were updated for the Search data source settings.

An issue with client-side JavaScript caused it to not run for actions other than refreshing the browser or saving a page and reloading the content page asset. Any reload or refresh action taken on the content page iFrames was not re-added, and components with custom Javascript failed to run.

Script tags are now re-added to the page correctly upon reload action for content page assets. A livePreviewUpdated event is emitted to signify that javascript should re-append any eventListeners.

Fixed the issue where a deleted workspace was not removed from the list of workspaces in the left sidebar.

Fixed the issue where a recently deleted workspace did not disappear from the UI’s View All Workspaces page.

Fixed the issue where the mapper error was not displayed on the thread page, ensuring better visibility for troubleshooting.

Fixed the issue preventing users from setting the log level to Warning for a step through the UI.

Fixed the issue where an inactive webhook flow returned a successful response instead of an appropriate error.

Fixed the issue where executions contained no records when the flow type was changed to webhook.

Fixed the issue where personal workspaces were incorrectly displayed in the Other Contract Workspaces section when the user had the Member role in the contract.

Fixed the issue where webhooks failed to recognize valid credentials due to a basic authentication username/password mismatch.

Fixed the issue where the HTTP Reply component failed to send the correct message if it was added to a flow version other than the first.

Not all selections were restored due to the options being incorrectly removed from the address bar. Only some options were restored after obtaining locks to the page.

The fix stores all selections temporarily to be restored after locks have been acquired. Personalization, A/B Tests, Page Width and the active block in the outline are remembered and restored after obtaining locks to the page.

Very large serialized objects were being encoded. In some cases, this could cause the system to run out of memory (OOM) (for example, purging many assets).

Very large serialized objects are now truncated before encoding. Purging thousands of assets will no longer cause an OOM fatal error.

Enabling ESI for 404s is a best practice, and doing this today requires multiple manual steps. The steps can be replaced by a feature flag option, which will enable the 404 without manual intervention.

When the ESI 404 settings are enabled and the appropriate conditions are met, Matrix will automatically wrap the 404 in an ESI include when responding.

To enable the feature:

The conditions required for the ESI include response to work are detailed here:

Re-initialization of Viper instances on the page was a blocking process. Page builder loaded very slowly on pages containing multiple components with inline editable Viper fields.

The fix updated how the inline Viper instances are loaded into the page. The initializations of the Viper instances will not block page Builder on the page.

When selecting an image in a Viper text field, selection handles were placed inside a div and appended to the main input. While all Viper instances successfully remove this element when losing focus, Page Builder mirrors content between elements.

It was, therefore, possible for another Viper instance to inject its overlay element into another instance. This unintended behavior happened when resizing an image in the Page Outline view, which caused an erroneous HTML element to appear in user content.

The fix removes the overlay element entirely and creates a shadow DOM node directly on the main Viper element, which is automatically hidden when the page is saved.

Content editors often do not need to use a full size image when selecting images for page content. With this release, image varieties can now be selected within components and content pages.

Read the March 2025 new features to learn more.

The Executions page interface visually represents the Mapper step. This interface was inspired by the Flow Queues page design.

Read the March 2025 Integrations new features to learn more.

A timestamp display feature is now available on the Step Execution Error page.

Read the March 2025 Integrations new features to learn more.

A dedicated Search field is now available on the Contract List interface.

Read the March 2025 Integrations new features to learn more.

A dedicated Search field with paging support is now available for workspaces.

Read the March 2025 Integrations new features to learn more.

This release introduces enhanced error responses for repeated requests to inactive or deleted flows. These protections offer an improved spam prevention strategy for webhook microservices and reduce overall system load.

Read the March 2025 Integrations new features to learn more.

A class property that content in safe edit depended on was removed in the CMS/6.61.0 release. This removed property caused a fatal error on affected assets. This hotfix release re-adds the property. Additionally, a bypass has been added when unknown properties are found in safe editing data. Customers no longer experience fatal errors when affected assets attempt to access a non-existent property.

Several dependencies have been upgraded in Squiz Data Services to address security issues, ensuring a safer and more reliable system.

A minor improvement was made to components that reference page assets to respect the Matrix context when used in a content page or standard page assets.

Component Service often fetched content from Squiz Content Management but did not use the Matrix context. When a component is used on a page that handles context, any content fetched from Squiz Content Management should respect the context.

When a user selected an image within a component, but then purged that asset from Squiz Content Management completely, the page preview could not load.

Error handling and reporting were added through an error placeholder element to ensure pages will still load under these circumstances.

When removing personalization or A/B testing from a content block, blocks could end up in a "Hidden (Empty)" state in the page outline. Standalone hidden blocks could affect the Preview panel by incorrectly showing duplicated content and missing overlays.

If the default variant of a block is hidden (empty) and all other variants are removed, then that hidden (empty) block is now entirely deleted from the page outline. Standalone hidden (empty) blocks no longer appear in page outline views, and overlays and content appear correctly when personalization or A/B testing is removed.

Due to the unavailability of V8 memory and time limits, complex JavaScript executions caused entire Squiz Content Management instances to run out of memory (OOM). This OOM failure cascaded down the technology stack to the infrastructure hosting the instance.

V8 JavaScript memory and time limits were added in this release and are configurable through the System Configuration area in Squiz Content Management. With this change, server side JavaScript executes within the limits of V8 JavaScript. V8 throws an exception if it reaches the limits instead of taking down the instance.

A string was passed to a method that expected an int|float value. When upgraded to php81, a fatal error would occur when attempting to edit JSON web token assets.

The type is now set to int, and a safe default has been implemented if invalid values are unintentionally passed to the method. Users on an instance with php81 will no longer see a fatal error on the JSON Web Token asset when attempting to edit its settings.

The ^as_asset keyword modifier previously did an additional query to the DB to check that each asset existed before loading it.

The ^as_asset keyword modifier was improved to remove the query, which makes the keyword modifier return results faster.

A non-countable typed value was being passed to a method that required a countable type (for example, an array) Systems on php81 would encounter a fatal error in this scenario.

The value’s type is now correctly checked and handled before attempting to count it. The selection limit rule for select input types on custom forms will no longer fatal error in this way.

The message previously would show the time to expire, which could be confusing if the user with locks refreshed their locks (resetting the lock wait time in the message)

The message has removed the expiry time to make the message simpler and less confusing for users.

Simple edit users (content editor users) authenticated externally could not edit links to their user assets. Triggers that physically link the user to user groups were blocked when running as a simple edit user (content editor).

A bypass of the check for editing the links to the active user was put in place for triggers with Ignore permissions selected, which fixes the originally discovered issue.

A type array variable was being passed to a function that only accepts a string type value.

Passing ?a= query parameters with an array value was causing fatal errors.

The value is now checked to be of the correct type before calling the function in question. Passing ?a= query parameters with an array value will no longer cause fatal errors.

The components with the inline editable region were not fully accountable for any hidden inline editable regions. The hidden inline editable regions appeared unexpectedly while the Content screen was scrolled.

An element visibility check was added to ensure the hidden inline editable regions are not visible. The components with inline editable regions like tabs and accordions can be edited inline with the correct overlays and regions behaving as they should on the Content page.

When adding an image using Viper or the formatted text editor (FTE), the default behavior sets the width and height using the original image’s dimensions. However, image elements should use the variety’s width and height values for images with a derived variety. Because the image element defaulted to using the original image’s dimensions, images resized or optimized into different varieties were displayed with the wrong dimensions.

The fix involved updating the logic to correctly retrieve the width and height parameters from the content store. This change ensures that whenever an image variant is provided, its specific dimensions are used rather than falling back to those of the original file. Images now appear with the proper dimensions, maintaining the intended aspect ratio and layout within the text content in Viper and FTE.

The resource browser search was not pushing link assets to the search collection. As a result, users experienced incomplete search results within the resource browser.

The push logic in the search collection was updated to include link asset types.

After the update, the resource browser search correctly includes link assets and all other supported asset types. This change ensures that users can search for and retrieve link assets as required.

Previously, deleting a component would fail if the associated Content Schema could not be removed. Consequently, this meant that if a component had been used within a Content Page, its deletion would be unsuccessful.

Error handling during component deletion was improved to resolve this. As a result, components can now be deleted without error, even after they have been used in Content Pages.

The FormattedText type was expanded to include more content block types.

This increased complexity was not efficiently processed during saving and rendering, particularly with deeply nested content structures.

Components would then experience timeouts, and the service would crash due to high CPU usage.

The JSON Schema processing of FormattedText has been short-circuited to utilize more efficient handlers to address this.Components using FormattedText now have reduced response times and the service is stabilized.

Corrected a typo in the JSONata operator tips to ensure accurate guidance is provided to users during expression building.

Due to Snowflake restrictions, the authentication mechanism has been updated to OAuth 2.0.

This update introduces a breaking change, rendering it incompatible with versions 1.x.x, and necessitates the updating of existing credentials.

Enhancements include the implementation of a reusable client and connection for all actions and triggers.

Furthermore, the Node engine has been updated to version 20.x, Sailor to version 2.7.5, and the component-commons-library to version 3.2.2.

The Send Request Action now supports attachments, allowing users to upload images and files.

The Node engine has been updated to version 20.x. Additionally, Sailor has been updated to version 2.7.5, the component-commons-library to version 3.2.2, and Axios to version 1.8.4. Various development dependencies have also been updated.

The input metadata for the Lookup Objects Action has been corrected.

An issue that prevented data emission in Emit Individually mode for the Lookup Objects Action has been resolved.

The Sailor version has been updated to 2.7.5, and the component-commons-library version has been updated to 3.2.2.

Verifying credentials now functions correctly even when the API version is not explicitly included in the URL.

The Node.js engine has been updated to version 20.x. Additionally, Sailor has been updated to version 2.7.5, and the component-commons-library is now at version 3.2.2.

Missing or removed properties from a Rest Resource asset saved in safe mode caused pages that used the Rest Resource asset not to render and throw errors. Additional checks now verify if properties exist before assigning the property. This change ensures that pages dependent on Rest Resource assets render as intended.

Modernizing the Metadata screen to use React meant that assets on the frontend that use the Custom Edit Layout asset could not use the %metadata-F_metadata_values% keyword to show the entire Metadata value editing interface.

Using the %metadata-F_metadata_values% keyword in a Custom Edit Layout would result in a blank table. This bug did not affect keywords that printed individual sections or fields.

The implemented fix uses the "classic" metadata values editing output when not in the Admin UI. A similar switch is used to show the classic interface in the Contents screen (for example, while editing metadata found in Component Templates). Custom Edit Layouts subsequently print the expected metadata editing interface using the %metadata-F_metadata_values% keyword.

Missing system version metadata was causing a PHP fatal error due to an incorrect return type from a function. In most cases, pages would fail to render completely for public users.

The incorrect return type was fixed, and regression tests were added. Missing system version metadata now generates a warning and allows the page to continue rendering.

The Deja Vu internal object caching system would store the temporary properties of forms such as the current submission. Custom Form Pages would sometimes load with a submission in context, which led to different site users overwriting the same form submission.

The temporary variables of the forms are no longer written to Deja Vu.

Form state such as the current submission is only set when the request specifies it, and when the checks for access to that submission pass.

Multiple Availability Zones (AZ) are used in Squiz DXP to maximize availability for DXP Content Management instances. It was discovered that request times could be significantly degraded when a web node picked a database instance that caused traffic to flow between AZs.

Squiz Content Management now keeps track of latencies between database instances and uses the fastest instance for read queries. Using the fastest database instance allows most traffic to stay within the same AZ, providing optimized response times to the user.

The forward response header feature was case-sensitive, which could cause issues with HTTP header forwarding. Case-sensitive headers could cause potential issues if the forwarded header and the allowed header name do not match exactly.

The fix changes the forward response feature to be case-insensitive, as HTTP headers are case-insensitive by nature. Headers can now match based on their names and not the case.

In Squiz DXP, checking a newly uploaded file into the file versioning repository and back into the data directory for use involves read operations from different database instances. It was discovered that replication lag could cause the checkout to read from the previous version of the file versioning history, before the new version was written to the database.

The checkout operation now uses the read-write endpoint when uploading a new file, which is also used by the check-in process immediately before.

Occasionally, the search database powering Resource Browser Search would end up in a read-only state if too many updates were received. This condition prevented assets from being added to the database, which meant searching for assets could be inconsistent. New assets sometimes fail to appear in results.

The Resource Browser Search now self-recovers the search database if it is read-only, allowing assets to be added to the database records.

The plugin allows changing the default title derivation for search results by specifying a different element in the HTML page to obtain the title from.

Read the April 2025 new features to learn more.

A new checkbox has been implemented on the Integrations flow Execution page to enhance user experience.

Read the April 2025 new features to learn more.

When the last user with ownership rights is removed from an Integrations contract, workspace ownership will now automatically transfer to the contract owner.

Read the April 2025 new features to learn more.

The implementation of inline editing caused regions to be clickable, which inadvertently gave focus to the underlying contenteditable fields.

Consequently, users were unable to position their cursor on a specific part of the contenteditable field with their initial click.

The implementation has been updated to allow the contenteditable field to be clickable through the region, rather than the region directly providing focus.

As a result of this adjustment, users can now position their cursor precisely where they want within the contenteditable field on their first click.

The Recent Locations list was not being updated to reflect the most recently selected asset’s location.

This meant that users selecting multiple assets within the same location would not have that location readily available, requiring them to navigate through the folder tree repeatedly.

To address this, the logic for adding new recent locations to local storage has been corrected to ensure that the latest values of hierarchy and source are used.

As a result, the Recent Locations list will now be updated whenever a user selects an asset in a new location, improving the efficiency of asset selection.

Previously, the component preview reload would not trigger the component’s JavaScript to re-run, leading to a broken reloaded live preview. Additionally, the image slider’s inline editing button was not clickable.

To resolve these issues, the dispatching of the livePreviewUpdated event has been added during the component preview reload. Furthermore, an additional event listener for pointerdown has been implemented specifically for handling the image slider component.

As a result of these changes, the component preview reload now functions correctly for these specific components, and the inline editing within the image slider component is now working as expected.

Viper encountered an issue where it could not unapply a style, such as bold or italic, when no text was selected within a viper editor field.

This lack of handling for unapplying styles without a selection led to the page entering an infinite loop.

Eventually, this infinite loop would cause the page to crash due to excessive memory consumption.

The fix implemented ensures that Viper no longer attempts to unapply a style when there is no text selection present.

As a result of this change, the page will no longer freeze when users attempt to unapply styles without selecting text. Users will now need to manually select the desired text before unapplying any styles.

The component primitive inline text field could be unintentionally hidden when the system incorrectly detected that it was outside the component’s boundaries.

This resulted in the component primitive inline text field becoming hidden and non-editable after editing in the Viper field.

To resolve this, the check for being outside the bounds has been modified to not apply to containers with a zero dimension.

This ensures that the primitive inline text field is no longer incorrectly considered out of bounds.

Consequently, the component primitive inline text field will now function as expected during editing.

Previously, the page outline was not correctly constrained to the same height as the preview panel.

Consequently, the page outline had the potential to expand beyond the dimensions of the preview panel.

This could lead to a situation where the viper toolbar, which is anchored to the top of the preview panel frame, would scroll out of sight.

To address this, the styling has been adjusted to ensure that the page outline is now limited to the same height as the preview panel.

As a result of this fix, the viper toolbar will remain visible and will no longer be able to scroll off the screen.

Previously, errors encountered while requesting a REST Resource page were not properly handled.

As a consequence, a REST error occurring within a Cron process would lead to a fatal error, causing the entire Cron run to terminate prematurely.

The handling of errors by REST Resources has been modified. Instead of triggering a fatal error, errors are now treated as non-fatal and are recorded in the cron error log.

This change ensures that a single Curl or REST error no longer disrupts the entire Matrix Cron run, while still providing a record of the error in the log for diagnosis.

An issue arose where retrieving asset information for deactivated users would fail. Specifically, when an asset was created or updated by a user who had since been deactivated, getting the user for the asset would return a null value. This null value was then incorrectly used to look up the user asset. Consequently, any attempt to update a Squiz Search collection with the null value would result in an error that blocked all subsequent updates and led to errors within the HIPO Manager.

To resolve this, the code has been modified to include checks that a user asset is successfully retrieved, if not, the creator and updater fields will now default to empty strings.

As a result of these changes, assets associated with deactivated users no longer cause errors. The creator and updater fields for these assets will now simply appear blank, and Funnelback collection updates will now complete successfully.

Fix the bug for the Acalog API - Get catalogs is not a valid XML.

The plugin now handles the invalid XML response from the Acalog API gracefully by converting the invalid XML to a valid one.

This change added an option, Metadata class, from which to source weight. This option allows the weight for auto-completion suggestions generated by the plugin to be sourced from a mapped metadata class.

This change added an option, Suggestion weight, that allows the default weight for auto-completion suggestions generated by the plugin to be defined.

This change extends the Split HTML or XML plugin to support sourcing a document’s URL from an XML attribute when splitting XML documents.

Fixed a bug where the plugin returns the message: record_type which should be set to 'CUSTOM', while the record type is set to custom in the configuration file.

Squiz Data Services requests sent through the /__dxp URL would return a 404 response code when the request included a query string. This meant that requests containing filtering, sorting, or pagination query strings were not supported.

The way URL routing paths are constructed and joined was updated to cater for query strings after the / character in URLs. Requests with query string parameters to Data Services through the /__dxp route no longer fail with a 404 response code.

Updated xml-crypto package

All associated auth-clients and auth-secrets are now automatically removed when a contract is deleted.

The migrations process cleans up any existing auth-clients and auth-secrets that are not linked to active contracts or workspaces.

Initial component release

Initial component release

Initial component release

The local runtime used node:vm to sandbox the component execution. This did not provide a consistent environment with the deployed components.

Certain runtime APIs such as Headers and URLSearchParams were not available during local development.

Re-implemented the local development runtime to use Miniflare to have a close match with the runtime that deployed components have. All expected runtime APIs are available.

The plugin allows changing the default title derivation for search results by specifying a different element in the HTML page to obtain the title from.

Read the April 2025 new features to learn more.

The plugin now allows document kill and query independent evidence (QIE) configurations to be downloaded from one or more publicly accessible URLs during an update.

The Logging Service has been updated with several key improvements designed to enhance the developer experience during debugging making logs easier to find and understand.

Read the May 2025 new features to learn more.

Improve ease of managing OAuth2 and other authentication clients directly in the UI.

Read the May 2025 New Features to learn more.

Replace unstable CodeMirror library to improve memory management and overall stability.

Read the May 2025 New Features to learn more.

Avatar images are resized automatically for optimal performance when uploaded.

Read the May 2025 New Features to learn more.

Provide clearer context about where a flow error occurred.

Read the May 2025 New Features to learn more.

Improve documentation and clarity for workflows.

Read the May 2025 New Features to learn more.

Users are better informed when system delays occur.

Read the May 2025 New Features to learn more.