March 2026 Releases

Validation rules for dropdown and list fields (Select, Option List, Checkbox List, and Checkbox table) were previously available regardless of whether the field allowed single or multiple selections. That lets users add rules that don’t apply (for example, "Selection Limit" on a single-select field), which could cause errors or confusing behaviour. This improvement restricts the rules offered and applied. Hence, they match the field type: single-select fields show rules that apply to a single value, and multi-select fields show rules that apply to multiple values.

When you add or edit validation rules on a Select, Option List, Checkbox List, or Checkbox Table form field, you will only see rules that are valid for that field. Single-select fields (for example, Select with "Multiple?" off, Option List) show rules such as Length, Email, and Text Contains. Multi-select fields (for example, Select with "Multiple?" on, Checkbox List, and Checkbox Table) show Selection Limit, Selection, and Text Contains.

If you change a Select field from single to multiple (or the reverse), rules that no longer apply are hidden until you switch back; they are not deleted.

Select fields allow select limit rules set to greater than 1 even when set to single select because single select fields require a selection (more than zero). While the server-side code has been updated to treat selection limits greater than 1 as if they were 1, the client-side code has not been updated to support this treatment.

If a single select field has a selection limit set greater than 1, it will never pass client-side validation.

To work around the issue, set the selection limit of single select fields to 1, or remove the rule and mark the field as required. Single select fields can then be filled out in a way that satisfies client-side validation rules.

A regex expecting a string could be passed an array value, which resulted in a fatal error in some cases.

The value is now checked and handled correctly before the regex check.

When merging multiple preference sets with common keys, the code did not preserve the keys that were not common to both preferences. This condition caused some user preferences to be lost during the merge process.

The fix preserves keys that are present in only one of the preference sets during merging. Now users will not lose their preferences, even when they have sets of preferences that share only some keys.

A fatal error (ArgumentCountError) occurred when trying to cascade metadata to assets that could not acquire the lock, causing the UI to stop responding with a loading spinner and returning a 500 error. Incorrect parenthesis placement in the translate() call caused sprintf() to receive the wrong number of arguments because the "metadata" argument was incorrectly placed in translate() instead of sprintf().

Several fixes were necessary to correct this behavior:

The HIPO job now shows a warning message instead of causing a fatal error, allowing users to continue using the page when metadata locks cannot be acquired.

The asset tree was filtering invalid links from the child link count against sq_ast on every load, even though the data was not used anywhere critical, and any corruption is repaired regularly in the DXP.

The data could only be displayed completely if %asset_num_kids% was used in Asset display name.

The asset tree no longer filters out invalid links on each request; instead, it relies on the link table having valid data. In extreme cases, displaying a child asset with ~700k direct children is expected to reduce the ~4.5s asset tree request to ~0.7s.

A content page can be included in a design’s nested content customization. When the "Cache Globally?" option is set, the HTML markup is cached across domains, which causes issues when the cached markup is resolved to page content across origins.

When the markup was cached on domain A, users on domain B who used that cached content would see a "message": "Router: Missing tenant config header" in place of the page content.

The fix changes the markup produced when rendering a content page to allow correct resolution across multiple origins. Users no longer see the missing tenant config header error for content pages in design customizations that are cached globally.

When the default block was hidden, the personalized block action menu in Page Builder displayed an unavailable 'Add Items' menu for active segments without variants.

The fix ensures the personalized block action menu only shows the Add text, Add component, and Add layout menu options when they are available to use.

The dxp_content_template_id attribute was intentionally not set during asset cloning. It was discovered that the template selector relied on this missing attribute to populate the available templates array. Without the attribute present, there was no relationship to the cloned template ID.

The fix to the content page cloning method now sets the dxp_content_template_id attribute to the original templateId. This change populates the available templates array and the template selector is correctly populated when a templated content page is cloned.

It was discovered that the missingBlock reason was incorrectly assigned in unused content for page blocks that were moved into template-locked page zones.

When the page zone changed to a template-locked zone, then the content was deleted, the template incorrectly showed the missingBlock reason rather than the lockedZone reason.

The fix now shows only the lockedZone reason for zones that change from page-locked to template-locked, and correctly tracks content moving between these zones.

Default values were set to NULL to prevent fall back to the default value if a user intentionally cleared the value.

In a template-locked zone, this behavior meant users could not save an empty "default but not required" value. For required fields on a templated page in unlocked zones, this behavior caused validation issues.

The fix ensures that empty default values are set to an empty string when validation can be skipped. For example, a required field in a template-unlocked zone.

When a user acquired locks, opened the Edit panel, then released the locks, the active block was not cleared from window.pbSelection. At the same time, the page was active and the edit panel was open. This problem caused the active block to persist in the edit panel at times.

The fix clears the window.pbSelection.activeBlock information when the page is active in setActiveBlock(), which allows the block to be correctly forgotten and the UI to show the correct state.

Security improvements address dependency vulnerabilities.

This plugin was changed to support prefix mode, so the plugin can facilitate search-based auto-completion when the partial query is sent without a trailing *.

When Prefix mode is enabled, wildcard characters in the query are ignored, and expansion is applied to the end of the entire query (e.g. abc def behaves as abc def*).

Unnecessary requests were initiated when trying to Edit and render the content screen.

The unnecessary requests have been removed, and acquiring locks on the content screen is now faster.

Squiz Content Management JavaScript code assumed that it was the only thing to set the window.opener DOM property.

When the admin interface was opened through a JavaScript link by using window.open(), without sending the noopener argument, some features did not work reliably.

The fix ensures that when the main admin interface code is set, window.opener is reset to null if it is set.

The admin interface now works the same regardless of how the property is called.

It was discovered that external-uuid query parameters were not processed correctly by the system in custom edit layouts.

Assets linked from the Content Management backend would not render correctly if they lacked a URL.

The system now checks for external-uuid query parameters in the backend, which makes the content of assets without URLs load correctly.

A rule to check total selections was not included when validating the Custom form option list field.

The lack of total selections validation caused the "Required entry" validation to allow form submissions when no option was selected from the options list.

The rule to check total selections was updated to include validating the Custom form option list field lists, preventing this condition from being ignored.

Component boolean properties with default values were incorrectly treated as empty strings or null values when set to false.

Pages and templates (with components in locked zones) could not be saved when component boolean properties with defaults were unchecked.

Component boolean properties with defaults are correctly treated as false if unchecked.

Pages and templates with components that have boolean properties with default values unchecked are now correctly treated as false and can be saved.

The course material has been updated to support the current layout development capabilities, which includes layout properties and helpers.

This information brings this part of the course up to current configuration recommendations. Enroll now by visiting Squiz Academy.

The course material has been updated to support the current layout features, which include layout properties.

Enroll now by visiting Squiz Academy.

The asset types allowed to be linked to content pages for modern asset management screens did not include the content page asset types. Content pages could not be selected as a parent location in the asset picker on the modern asset linking screen for another content page.

The content page was added to the list of asset types allowed to be linked to content pages. Other content pages can now be selected as parent locations for content pages from the linking screen.

A failed regular expression was not being checked or handled. In scenarios involving very large data sets, this could cause Server-side JavaScript (SSJS) to be treated as front-end JavaScript.

The regular expression result is now always checked and handled if it fails. SSJS will no longer be executed as frontend JS in this way.

Non-numeric values were being used in addition, which caused a fatal error and prevented the morphing of a select input into a checkbox list input (under a Custom Form).

The value is now checked for numeric validity before the addition attempt, with a sensible fallback option. The morphing of a select input into a checkbox list under a custom form now works as intended.

Logic that handles /data path redirects wasn’t checking for remaps, as well as missing logic to handle when the path is instead /data_direct. This logic error could cause redirections (setup in the Remap Manager) from the /__data path to fail with a 404.

Both /data & /data_direct are now checked during the redirection logic. Remaps from /__data paths setup in the Remap Manager will now work as intended.

If the applied template has been updated (for example, by adding or reordering content), these changes are automatically applied to the page the next time it is loaded in Page Builder. However, they need to be saved to take effect in the frontend.

Before this change, a content editor would need to make a separate manual change to the page content before the Save action is enabled, meaning they could not easily propagate these automatically applied template changes to the frontend.

If the applied template is updated, a content editor can now easily apply these changes to their page by loading it and clicking Save, without having to make any other edits.

In the template selector, a brief error was displayed, followed by a different error once the applied template finished loading.

For example, a templated page with a broken, purged template would display the purged message before the broken message.

A spinner appears in the template selector, and no template alert message is shown until the applied template finishes loading.

Adding a layout to a page was not detected as a change. Therefore, the template selector was not deactivate correctly.

You were able to add, remove, or change a template in this state, which would confuse when your newly added layout was lost.

Newly added layouts are now detected as a genuine page change. When newly added layouts are added to a page, a template cannot be added, changed, or removed until the page is saved.

Those implementing components want better traceability from an uploaded component version in the Squiz DXP Console back to the code that created it, including who created it and when.

When uploading a component version with the dxp-next command-line, developers can add the --version-tag option and specify a custom string to aid traceability back to the source of the change. This string can be any text, but a recommended use is a commit ID or a commit URL. The tag you specify is shown on the component page in the Squiz DXP Console.

The DXP CLI and Simulator defaulted to 0.0.0.0, which was incompatible with Windows environments and contradicts the official documentation. This resulted in "connection refused" errors for Windows users and general confusion regarding the correct URL to use for local development.

Users had to manually substitute 0.0.0.0 with localhost in their browser’s address bar to successfully access the Simulator and follow the tutorial steps.

The change from 0.0.0.0 to localhost ensures a seamless, cross-platform experience that aligns with public tutorials and technical documentation.

Security improvements address dependency vulnerabilities.

Developer guidance for generating JWTs as Bearer Tokens was improved, facilitating easier integration and reducing confusion regarding terminology.

Read Bearer Token docs for more information.

Added a React Error Boundary to catch uncaught rendering errors breaking the UI without a controlled fallback in the front-end.

Updated the email body for the workspace-invite-new-user template to clearer, user-friendly copy to improve clarity and tone for workspace invitations.

Fixed displayed times appearing in the wrong time zone on the Flow Designer Settings tab.

Authenticating with SSO after opening a recipe link while logged out could leave the recipe page unloaded.

Fixed failure to load the recipe page after authenticating opening a recipe link while logged out and signing in with Google.

Fixed platform service sometimes failing to create a messageId for a queued message, which caused the flow error-handler to fail and the step to stick.

Deleted user references could cause the Flow Versions page to fail to load.

Fixed the Flow Versions page failing to load or displaying incorrectly when a version was associated with a deleted user.

Initial component release.

Initial component release.

Initial component release.

Added strong-soap v5.0.7 library support.

Added strong-soap v5.0.7 library support.

Beautify JSON files option added to Create Commit action and improved test suite for Create Commit action and edge cases.

Removed unused node dependency plus these changes and improved README information.

Removed node and amqplib dependencies and improved README information.

Improved End Time boundary logic in Get New and Updated Objects Polling Trigger.

Fixed GraphQL InlineFragment handling in Additional fields configuration field.

Removed unused node dependency plus these changes.

Now waits for connection before sending ack/nack.

Read the March 2026 new features to learn more.

Read the March 2026 new features to learn more.

Documented new array comparison operators (@>, !@>, ~@>, !~@>, <@, !<@, <@~, !<@~) and provided practical usage examples. This improves technical guidance for developers implementing granular security rules on Datastore collections and documents.

Read the comparison operators and blueprint examples for more information.

Reason: Introduce a monthly limit on emitted data items (records and errors) from flow steps and expose the usage limits in APIs so teams can avoid unexpected overages.

Result: - v2/quotas/usages and v2/quotas/limits now include per_contract_message_count_limit and per_workspace_message_count_limit. - Quota checks run when starting a flow (Start) and when running a flow manually (Run Now). - If the quota is exceeded, launching the flow is blocked. - Email when usage reaches 80% and 100% with the vendor notification text for contract/workspace message count. - Note: when the quota is exceeded, all flows in the contract may be suspended; they can be resumed by Elastic.io Support after a resource limit increase request.

Read the March 2026 new features to learn more.

Read the March 2026 new features to learn more.

Read the March 2026 new features to learn more.