March 2026 Releases

Validation rules for dropdown and list fields (Select, Option List, Checkbox List, and Checkbox table) were previously available regardless of whether the field allowed single or multiple selections. That lets users add rules that don’t apply (for example, "Selection Limit" on a single-select field), which could cause errors or confusing behaviour. This improvement restricts the rules offered and applied. Hence, they match the field type: single-select fields show rules that apply to a single value, and multi-select fields show rules that apply to multiple values.

When you add or edit validation rules on a Select, Option List, Checkbox List, or Checkbox Table form field, you will only see rules that are valid for that field. Single-select fields (for example, Select with "Multiple?" off, Option List) show rules such as Length, Email, and Text Contains. Multi-select fields (for example, Select with "Multiple?" on, Checkbox List, and Checkbox Table) show Selection Limit, Selection, and Text Contains.

If you change a Select field from single to multiple (or the reverse), rules that no longer apply are hidden until you switch back; they are not deleted.

Select fields allow select limit rules set to greater than 1 even when set to single select because single select fields require a selection (more than zero). While the server-side code has been updated to treat selection limits greater than 1 as if they were 1, the client-side code has not been updated to support this treatment.

If a single select field has a selection limit set greater than 1, it will never pass client-side validation.

To work around the issue, set the selection limit of single select fields to 1, or remove the rule and mark the field as required. Single select fields can then be filled out in a way that satisfies client-side validation rules.

A regex expecting a string could be passed an array value, which resulted in a fatal error in some cases.

The value is now checked and handled correctly before the regex check.

When merging multiple preference sets with common keys, the code did not preserve the keys that were not common to both preferences. This condition caused some user preferences to be lost during the merge process.

The fix preserves keys that are present in only one of the preference sets during merging. Now users will not lose their preferences, even when they have sets of preferences that share only some keys.

A fatal error (ArgumentCountError) occurred when trying to cascade metadata to assets that could not acquire the lock, causing the UI to stop responding with a loading spinner and returning a 500 error. Incorrect parenthesis placement in the translate() call caused sprintf() to receive the wrong number of arguments because the "metadata" argument was incorrectly placed in translate() instead of sprintf().

Several fixes were necessary to correct this behavior:

The HIPO job now shows a warning message instead of causing a fatal error, allowing users to continue using the page when metadata locks cannot be acquired.

The asset tree was filtering invalid links from the child link count against sq_ast on every load, even though the data was not used anywhere critical, and any corruption is repaired regularly in the DXP.

The data could only be displayed completely if %asset_num_kids% was used in Asset display name.

The asset tree no longer filters out invalid links on each request; instead, it relies on the link table having valid data. In extreme cases, displaying a child asset with ~700k direct children is expected to reduce the ~4.5s asset tree request to ~0.7s.

A content page can be included in a design’s nested content customization. When the "Cache Globally?" option is set, the HTML markup is cached across domains, which causes issues when the cached markup is resolved to page content across origins.

When the markup was cached on domain A, users on domain B who used that cached content would see a "message": "Router: Missing tenant config header" in place of the page content.

The fix changes the markup produced when rendering a content page to allow correct resolution across multiple origins. Users no longer see the missing tenant config header error for content pages in design customizations that are cached globally.

When the default block was hidden, the personalized block action menu in Page Builder displayed an unavailable 'Add Items' menu for active segments without variants.

The fix ensures the personalized block action menu only shows the Add text, Add component, and Add layout menu options when they are available to use.

The dxp_content_template_id attribute was intentionally not set during asset cloning. It was discovered that the template selector relied on this missing attribute to populate the available templates array. Without the attribute present, there was no relationship to the cloned template ID.

The fix to the content page cloning method now sets the dxp_content_template_id attribute to the original templateId. This change populates the available templates array and the template selector is correctly populated when a templated content page is cloned.

It was discovered that the missingBlock reason was incorrectly assigned in unused content for page blocks that were moved into template-locked page zones.

When the page zone changed to a template-locked zone, then the content was deleted, the template incorrectly showed the missingBlock reason rather than the lockedZone reason.

The fix now shows only the lockedZone reason for zones that change from page-locked to template-locked, and correctly tracks content moving between these zones.

Default values were set to NULL to prevent fall back to the default value if a user intentionally cleared the value.

In a template-locked zone, this behavior meant users could not save an empty "default but not required" value. For required fields on a templated page in unlocked zones, this behavior caused validation issues.

The fix ensures that empty default values are set to an empty string when validation can be skipped. For example, a required field in a template-unlocked zone.

When a user acquired locks, opened the Edit panel, then released the locks, the active block was not cleared from window.pbSelection. At the same time, the page was active and the edit panel was open. This problem caused the active block to persist in the edit panel at times.

The fix clears the window.pbSelection.activeBlock information when the page is active in setActiveBlock(), which allows the block to be correctly forgotten and the UI to show the correct state.

Security improvements address dependency vulnerabilities.