DXP Releases for 2026

Dependencies have been upgraded to address security issues, ensuring a safer and more reliable system.

Headers disallowing caching had already been set when a query string parameter was present in the URL.

When the Redirect URLs with Trailing Slash system configuration was activated, if a query string were present in the URL, the redirect would be served with headers instructing upstream caches not to cache the result. This header instruction resulted in requests being unnecessarily forwarded to the CMS.

The cacheability headers were unset and explicitly reset to appropriate values by the CMS when performing the redirect from URLs containing a trailing slash.

CMS now sends appropriate cachability headers when redirecting from a trailing slash, and a query string is present

The wrong asset was being matched for an event that retrieved keywords.

This mismatch prevented keywords from displaying on the Format Bodycopy contents screen under a Custom Form.

The event listening logic now directly checks for this scenario and delegates correctly.

Keywords on the content screen now list correctly for Format Bodycopy assets under Custom Forms.

The PHP end() function returned false if run on an empty array.

When no results were present, search pages with custom grouping could produce a fatal TypeError on some platform versions.

The code path for custom grouping was updated to avoid calling end() when there were no results.

All platform versions will now correctly show the no results page when custom grouping is enabled.

When the option to use UUIDs instead of asset IDs for linking to assets directly was introduced, the image preview code was not changed.

If the URLs containing ?a= will return a 404 system setting was enabled, then the preview for an image on the details screen showed a broken image due to a 404 Not Found error.

The preview URL for images was updated to use the external-uuid link.

Image previews now appear normally, regardless of whether the URLs containing ?a= will return a 404 system setting is active.

To ensure compatibility with platform versions, the ^increment and ^decrement keyword modifiers no longer have any effect on strings that are not entirely numeric.

For example, a value of "mach 1" would previously have been modified by ^increment to output "mach 2". And a value of "aa" would have become "ab".

These types of transformations no longer occur, and they will be output unchanged as "mach 1" or "aa".

Wholely numeric values, such as "5432" or "-26", will still be incremented or decremented normally by the keyword modifiers.

Thesaurus filters on Asset Listing Pages treat all related links to thesaurus terms as filter weights, and newer platform versions change the behaviour of arithmetic operations on non-numeric strings to be fatal.

Thesaurus filters on Asset Listing Pages would often cause a fatal error on newer platform versions.

The fix implemented ignores non-numeric strings when performing arithmetic operations for Thesaurus filters.

Thesaurus filters on Asset Listing Pages now work correctly regardless of the link values in the system.

Changes to allow Matrix to use the fastest database in the backend exposed an issue where transactions were being started on the read-only database. A warning was added to help identify any cases that were missing from the test suite.

A small number of these human-readable diagnostic warnings were subsequently shown to users.

The incorrect transactions have been removed, and the warnings will stop showing to users. Squiz Content Management can reliably use a faster DB in the backend.

Squiz Content Management was unable to cache asset URLs within DejaVu, so whenever URLs were used, a Database lookup was required, even if the asset was already cached in DejaVu.

To attempt to fix this problem, Squiz Content Management was updated to cache asset URL information within DejaVu alongside the rest of the asset details.

However, this change to the product resulted in an unplanned regression and had to be removed in this hotfix version.

Provide layout ID and display layout and component information more consistently.

Layout ID available from the information form, and improved consistency between page builder and Squiz DXP layout/component information.

Clearing block validation warnings, missing checks for locked layout zones, or containing locked layout zones.

Incorrect block validation warnings are displayed when saving a template.

Updated clear validation warning logic to evaluate whether a zone is a locked layout or contains one.

Unlocking top-level zones and locked layouts results in the correct clearing of block validation warnings.

When a Content Template is imported with the XML tool, it does not sync correctly with the template service.

There is a visible error in the import HIPO job, and then an error when visiting the content screen of any Content templates after import.

Template name sync no longer occurs on import, and a template record is created for the newly imported Content Template asset.

No errors are displayed in the import HIPO job, and the newly imported Content Template can be edited from an empty state.

When a layout zone was set as a primary zone on a templated page, it wasn’t getting reset when that layout was deleted from the page.

Template service validation failed if a user tried to save the page.

The fix clears the primary zone to null if a layout primary zone was deleted.

The page now saves when a layout that had a zone set as primary no longer exists on the page.

When a templated Content Page had a template applied, resulting in unused content, continuously swapping back and forth between the original and new template corrupted the state of the content page. Content page editing is unusable until the page is reloaded.

Better data conversions were implemented to handle continuous transformations.

Content page editing remains usable after switching between two templates in a single session.

A link to Squiz DXP logs was available for Content Page assets, but was missing for Content Template assets.

With this minor improvement, users can now navigate from Content Template asset logs to DXP logs and view logged events for that asset.

Previously, when the chatbot provided a generic fallback response (for example, "I’m sorry, I couldn’t find an answer"), this interaction was successfully shown to the user in the chat window but was not saved to the permanent history log.

The system now correctly records all response types, ensuring your conversation history accurately reflects the full dialogue.

Previously, the X-Forwarded-For edit plugin did not have a dedicated mode to isolate only the final IP address in a forwarded chain. This made it difficult to handle specific network configurations where the last hop was the required identifier.

The plugin now includes a KeepLast configuration mode. When enabled, the plugin strips all other IP addresses from the X-Forwarded-For header, retaining only the last one.

This update ensures more accurate IP detection for search usage analytics, Curator, and IP-based access restrictions in complex proxy environments.

Archive extraction with data sets large enough to split over multiple unzip processes could trigger duplicate folder creation if files in those folders were split over multiple unzip processes.

As a result, duplicate folders could appear in the frontend DXP Console File Store browser causing visual confusion. While File Store still unzipped the archives correctly, the duplicate folders could cause visual confusion for users.

The fix adds additional checks to ensure duplicate folders are not created under these conditions.

The course material has been updated to support the current layout development capabilities, which include the switch to the manifest.json configuration file format.

This information brings this part of the course up to current configuration recommendations.

Enroll now through Squiz Academy.

The generic messages shown to users when uploading schema changes are now replaced with more helpful messaging.

This minor improvement to error message communication may help users identify and fix issues with their schemas more readily.

Read Schema upload errors in the Single Customer View section of the Customer Data Platform docs.

If the binoculars needed to switch trees to find an asset, because it is not found underneath the current one’s restricted root node, the current selection was then cleared on the original (and thus incorrect) asset tree.

Multiple assets could end up selected, on the newly shown asset tree, when using the binoculars.

The asset selection clearing was made consistent with other selection clearing code.

Only the asset located by the binoculars will be selected.

Duplicate form submissions could occur if the same POST request were made multiple times and other protections did not prevent it.

With the Form submission token validation feature flag enabled, a Form Submission Token Validation to Prevent Duplicate Submissions setting becomes available on the Content screen of Custom Forms assets. When this option is enabled, a token is added to the custom form and tracked on the server to ensure that a submission is processed only once.

An issue is known where file attachments may still be processed in duplicate submissions, even though an error apperas for the attachment. This known issue will be fixed before the full release of the feature and removal of the feature flag.

Certain platform upgrades could cause breaks in how htmlspecialchars and htmlentities work, potentially breaking the encoding of special characters and entities.

The fix adds a feature flag that allows preserving the old behaviour. Upgrading systems in this way will no longer cause encoding to break.

Squiz Content Management has been unable to control cache times for __data, resulting in some files remaining in cache longer than necessary.

If the Serve __data from Matrix is enabled, Matrix will now directly serve file assets with __data URLs.

The administration interface references to virus scanning have been removed.

The way Squiz Content Management scanned files for potential malware did not scale up in the Squiz DXP environment. It also should not be possible to turn this feature on and off because the legacy virus scanning system was not implemented.

Squiz is reassessing how best to perform malware scanning of files in the Squiz DXP environment and which interface is required to support this function.

The zone ID was stored as a zone name for some unused content zones, including parent and missing block zones. In some unused content scenario conditions, the zone ID was displayed instead of the zone name.

The fix looks up the zone name, if available, instead of the zone ID for unused content zones. This change means that zone names take precedence over zone IDs in the Page Builder Layouts UI.

The message string "A layout update has removed this entire zone" now appears for page-managed content on a templated page. This message string replaces the longer string "A layout update has removed this entire zone. This content will continue to re-appear here until it is handled in the template."

Two strings could appear in unused content as a result of deploying a new version of the layout that had zones changed or removed. The wrong message was displaying incorrectly in page-managed content on a templated page, and this fix improves the messaging in this area of the UI.

An adjustment was made to layouts when content was moved to Unused content during a layout update. Any parent layouts that a layout is nested in will now appear as a structural placeholder in Unused Content, so the content editor knows where the layout came from.

When emptied, these parent layouts were not automatically removed, and there was no way to remove them other than clicking the checkbox to clear Unused Content entirely. Now, any partially affected layouts in Unused Content will disappear when emptied.

Unused content reasons due to layout zone changes now cascade to any nested layouts affected by them.

Before this improvement, if unused content appeared after deploying a different version of a layout, unused content reasons would appear on the top-level layout, but not on nested affected layouts.

Fixed missing mapper passthrough on retry from the previous step, improving retry reliability.

This ensures the message retry behavior includes mapper passthrough.

When a contract owner removes a user who was the only member of a developer team, ownership now automatically transfers to the first contract owner.

This fix prevents orphaned teams when the sole member is removed.

Initial component release.

Initial component release.

A new eLearning course for Site Builders is available that provides foundational learning to support customers who are using or want to use the recently released content templates feature.

Read the January 2026 new features to learn more.

A new learning plan for Site Builders brings together three learning materials on content template design fundamentals.

Read the January 2026 new features to learn more.

The ELV25-009, ELV25-010, ELV25-011, and ELV25-012 video eLearning courses are now available in Squiz Academy.

Read the January 2026 new features to learn more.

A Force XML plugin is available in Squiz Search to work around issues with non-conformant XML source files.

Read the January 2026 new features to learn more.

Zones in the page outline (and unused content) now appear in the order defined in manifest.json

Read the January 2026 new features to learn more.

A recent product improvement to the way manifest files in templates are structured using JSON is now reflected in the Component Service documentation.

Read the January 2026 new features to learn more.

Read the February 2026 new features to learn more.

For a tenant with custom roles enabled and a single Search instance when non-owners logged in non of there custom roles were being used.

When logging in a user the code changed there user record type and roles to only include the clients primary role. Consequence:

The code has been adjusted to ensure the user record is not changed when a user logs in.

The useer has the roles assigned to them to complete required Search tasks.

The segment sets feature allows administrators and site builders to scope Personalization segment sets based on their required availability across sites.

The documentation required to understand this feature was updated to reflect the support for segment sets in Squiz Content Management.

Read the Segment scoping documentation to learn more.

Added: Send event on non-push data source update stop. Changed: Send event after successful view swap for non-push data sources as a post swap step instead of during the index phase. Send event after successful commit for push data sources as a post commit step instead of during the index phase.

An incorrect name for the page parameter was used when creating page navigation links.

Page navigation links contained multiple incorrect parameters for page numbers, and the wrong page was loaded.

Page parameter name is fixed when generating URL links, so the parameter is properly cleared and set to the correct page number.

Page navigation links now only contain a single page parameter with the correct value.

preg_replace works with URLs that include query params. Some replacement patterns preserve query params in the output, then the code appends them again, causing duplicates.

Query parameters are duplicated in redirect URLs when remap rules have "Preserve query string in remaps" enabled. For example, /example?foo=bar redirects to /example2?foo=bar?foo=bar instead of /example2?foo=bar.

The fix extracts query params before regular expression replacement, strips them from the URL, then merges the query parameters back by using getRemapUrlWithQueryString(), which handles the existing ? correctly.

Query parameters are preserved exactly once in redirect URLs.

A value used in Workflows was not being correctly type-checked, which caused a PHP fatal error in certain circumstances.

The value causing the fatal error now has correct type checking in place.

The ability to preserve legacy handling of HTML entities and special character encodings was added in 6.80.0 as described in the January 2026 errata.

It was discovered that this feature change could not accept null values from other parts of the codebase. Fatal errors were generated (including visible errors on the frontend interface) when certain variables or keyword modifiers are used.

The fix combines Null values into an empty string before handling.

The original fatal errors no longer occur, and null values are treated as empty strings.

Squiz Content Management was unable to cache asset URLs in DejaVu, so whenever URLs were used, a Database lookup was required even if the asset was already cached in DejaVu.

Squiz Content Management will now cache asset URL information in DejaVu alongside the rest of the Asset details, reducing database queries and improving page render times for pages with many URL lookups.

Squiz Content Management was unable to cache asset permissions or major links (Type 1/2) within DejaVu, so any requests had to go to the database to fetch those details.

Squiz Content Management will now cache asset permissions & major links (Type 1/2) in DejaVu alongside the rest of the asset details, reducing database queries and improving page render times for pages with many URL lookups.

The "missing zone" reason is attributed to top-level zones changing from page-managed to locked.

An incorrect zone reason was displayed for template-locked top-level zones in unused content.

Detect when the page managed zone specifically changed to template-locked and assign the correct reason.

The correct locked zone reason appears when the page zone is changed to template-locked.

Unused content zones could sometimes appear in a random order and not align with the zone order in the template/page.

Zones in unused content appear in the order they are on the page/template, with any deleted zones appearing at the top.

Each code sample in the Data Services documentation now shows the configuration file it is associated with.

This additional prescriptiveness will help readers clearly identify which persistent file any given code sample is from.

Mentions of server components and server-based static file support documentation are now unavailable in the Component Service documentation.

Read the February 2026 enablement updates section to learn more.

A bug was discovered where the date filter plugin threw an error when the Facebook Data Source returned a page type other than POST or EVENT.

The plugin was updated to process page types other than POST or EVENT.

This plugin was changed to allow reading the last x-forwarded-for IP address from the access_restriction.prefer_x_forwarded_for parameter.

This change lets the plugin retain the last IP address if the option is set. This behavior is required by Content Management and Squiz Search to properly track the locations of users who request searches through Content Management.

Documentation required updates that reflected the behavior of search user accounts in Squiz DXP.

Added notes on search user account behavior when DXP users are turned off or re-enabled.

Read Squiz DXP Console Search Custom Roles documentation for more information.

The documentation lacked operational nuances and exhaustive technical restrictions relevant to custom roles in Squiz DXP.

Consolidated all technical guardrails, operational behaviors, and best practices into the public documentation.

Read Search Custom Roles documentation for more information.

The Datastore documentation feature page for JavaScript SDK did not contain links to the SDK.

Improved the aggregation feature page to clearly link to the JavaScript SDK usage page, which now contains links to the SDK itself.

Read Datastore Aggregation documentation for more information.

Read the February 2026 new features to learn more.

Read the February 2026 new features to learn more.

Read the February 2026 new features to learn more.

Read the February 2026 new features to learn more.