Hotfix (September 14, 2023)

version  26.6.1

Fixed issues

  • Media libraries – Updating existing media files incorrectly required users to have the Update permission for the Media libraries application. After applying the hotfix, media file updates require the Manage media library permission.

Refresh (September 7, 2023)

version 26.6.0

New features


  • Listing page filters
    • The state of listing filters in the administration now persists for the duration of each user's browsing session.
    • The listing in the Event log application now provides a filter, which makes it easier for users to find relevant events or errors.
    • The listing filter in the Content hub application was extended to allow filtering based on the last update time of items.
  • UI form components – When assigning the Content item selector component to properties via the ContentItemSelectorComponent attribute, developers can now define which content types are selectable using an IContentTypesFilter implementation.

Fixed issues

  • Membership – The Xperience-specific implementation of ASP.NET Core Identity's password reset functionality did not update member passwords when implemented.

Hotfix (August 31, 2023)

version  26.5.2

Fixed issues

  • Rich text editor – An error was displayed when interacting with the Rich text editor toolbar if the component was located in an editing form containing another field with the Date or Date and time data type.

Hotfix (August 17, 2023)

version  26.5.1

Fixed issues

  • Admin UI customization – When initializing client admin UI modules, the system could incorrectly load files not related to the bootstrapping process, resulting in errors during application startup.

Refresh (August 10, 2023)

version 26.5.0

New features

Content management

  • The list of items in the Content hub application now provides a filter, which allows editors to easily view only selected content types, or items with specific workflow statuses or authentication requirements.


  • Administration UI development – Developers can now create filters for UI listing page, which allow users to limit which objects are displayed according to specified criteria. Filters can be added to both custom listing pages and the default listing pages in the Xperience by Kentico administration UI. See Add a listing filter to learn more.
  • UI form components – New General selector UI form component, which allows users to choose items from any set of data defined by developers. The items offered by the selector can be of any type, including external data outside of Xperience.


  • Lucene search – An external module that integrates Xperience with the latest 4.8 beta version of Lucene.NET, enabling auto-indexing of content in Xperience based on application-local, code-defined search indexes and search results retrieval. See the project's GitHub repository for details: xperience-by-kentico-lucene

Hotfix (August 3, 2023)

version 26.4.0 (NuGet packages not released for this update)

Fixed issues

  • Xperience Portal – Users with roles other than Tenant Administrator could not access project Settings within Xperience Portal.

Hotfix (July 20, 2023)

version 26.4.0 (NuGet packages not released for this update)

Fixed issues

  • Security – Certain parts of the Xperience Portal interface were potentially vulnerable to cross-site scripting.

Refresh (July 13, 2023)

version 26.4.0

New features

Xperience Portal

  • Backups – Users can now restore full backups of projects directly from Xperience Portal. See Manage SaaS deployments.

Content management

  • Users can now create media library folders directly in the selection dialogs provided by the rich text editor (Insert image, Insert link) and the Media file selector form component.

Fixed issues

  • Users – An error occurred when adding a new user in the Users application if the site configured in the Sites application was not running on the same domain as the administration.

  • Xperience Portal
    • Reports in the Metrics application were not loaded correctly during deployments to production environments (and for some time after the deployment finished).
    • Users with the Developer role were incorrectly allowed to cancel scheduled deployments to the Production environment.
    • If a new user was invited to join multiple Xperience Portal projects, the system sent a corresponding number of invitation emails with an account activation link. The link was only valid in the latest email. After the fix, the account activation link is only present in the first "Your account has been created" email.

Hotfix (July 7, 2023)

version 26.3.3

Fixed issues

  • Emails – The Send test email feature in the Email queue application used a fixed sender (from) address, which caused issues under certain configurations. The hotfix enables users to set the From address for test emails.

Hotfix (June 29, 2023)

version 26.3.2

Fixed issues

  • Continuous Deployment – The system performed unnecessary optimization of the file system repository after completing the Continuous Deployment store operation.

Hotfix (June 22, 2023)

version 26.3.1

Fixed issues

  • Data protection – The anti-forgery cookie for live site visitors (.AspNetCore.Antiforgery.<hash>) was incorrectly removed when tracking consent was revoked. This caused certain interactive elements on the site to be unusable (consent agreements, form submissions, etc.).

  • Security – Administration interface access permissions were not correctly checked for form component actions.

  • Saas environment

    • The Memory utilization alert was not fired for projects deployed in the SaaS environment.

    • Database usage was not monitored correctly when the active database was swapped for a production environment of a deployed project. This could prevent the DTU utilization alert from being fired.

Refresh (June 15, 2023)

version 26.3.0

New features

Content management

  • Media libraries – Content editors are now able to rename folders in media libraries and edit the metadata of media library files, such as title or description.


  • UI form components – A new UI form component was introduced to enable safe displaying of links within forms in the administration interface.

Fixed issues

  • Page Builder – When attempting to copy any widget in the Page Builder interface containing invalid or deprecated HTML (e.g., a Rich text widget with HTML inserted using the Code View feature), errors were logged in the JavaScript console and the widget was not copied. After applying the refresh, the widget is copied, but a preview thumbnail is not available when inserting the widget.

  • Emails – Tracking of bounced emails, as well as delivered email and spam report statistics didn’t work for projects deployed to the SaaS environment. The issue also caused errors in the system’s Event log.

Hotfix (June 8, 2023)

version 26.2.2 (NuGet packages not released for this update)

New features

  • Xperience Portal – New Alerts application in Xperience Portal, which notifies about potential problems with projects deployed in the SaaS environment. For example, an alert is fired if a deployed project is unresponsive for over 15 minutes. The system also sends notification emails to Xperience Portal users when an alert is fired. Users can enable or disable the email notifications for specific alert severity levels.

Fixed issues

  • SaaS environment – The Event log in the Monitoring application of Xperience Portal was flooded with scheduler-related errors (“An attempt was made to access a socket in a way forbidden by its access permissions.“).
  • Xperience Portal

    • Time values in the Deployment history of projects in Xperience Portal were set incorrectly in certain cases. This could prevent the deployments from being displayed in chronological order.
    • The Terms of Service (ToS) acceptance screen was displayed incorrectly if a ToS update occurred while a user had the Deployments application open in Xperience Portal.

    • When hovering over charts in the Monitoring → Metrics application, values of 0 were incorrectly displayed as “(no data)”. After the update, values equal to 0 are displayed as “0.00”, and “(no data)” is only displayed if the underlying value is null.

    • Reports in the Metrics application were not loaded when the deployed project was under heavy load. After the update, the DTU report in the Metrics application no longer detects and identifies which database is active or inactive (two databases are used for production deployment environments). Instead, the databases are always named xperience_blue and xperience_green. The active/inactive status of the databases can be interpreted from the values in the DTU report.

Hotfix (June 1, 2023)

version 26.2.2

Fixed issues

  • Field editor – The Field comparison validation rule couldn’t be added to content type fields in the Content types application.

Hotfix (May 25, 2023)

version 26.2.1

Fixed issues

  • Contact management – When deployed to Azure Web Apps, the application generated unnecessary anonymous contacts when processing requests from the environment's bot services (Application Insights, Always On). For example, the issue occurred on projects deployed to the SaaS environment.

  • Media libraries
    • When a media library folder was deleted, the change wasn’t synchronized to other instance of the application when using Auto-scaling support.
    • The system incorrectly checked the Delete permission for the Media libraries application when a user deleted a media library folder. After applying the hotfix, the Manage media library permission is required instead.
  • Settings – When a setting was updated in the Settings applications, the system did not immediately reflect the changed value.
  • SaaS environment – The hotfix introduces new UseKenticoCloud middleware that must be added to all projects intended for SaaS deployment. All new projects installed with the --cloud parameter contain the middleware by default. For existing SaaS projects under development, the middleware must be added manually (to the Program.cs file by default). See Configure new projects for the required middleware order.

Refresh (May 18, 2023)

version 26.2.0

New features

Digital marketing

  • Emails
    • The system can now track bounces and delivery rates for emails of the Regular type, as well as bounces for individual contacts in recipient lists. This allows you to identify addresses that do not correctly receive emails, which helps keep your recipient lists healthy and protects your sender reputation. For more information, see Set up email tracking and Send regular emails to subscribers.
    • Marketers can now manually trigger a Refresh in the Statistics view of emails, which immediately recalculates and displays statistics for the given email.
    • New Unsubscribe rate statistic for Regular emails. Shows the percentage and exact number of recipients who used the email's unsubscribe link.
    • New Spam reports statistics for Regular emails, available when using SendGrid to send emails. Shows how many recipients marked the email as spam in their email client. 
    • New Send email permission for the Emails application, which can be assigned to administration user roles. This permission is required to send or schedule emails of the Regular type. To preserve functionality for existing roles, the update automatically grants the Send email permission to all roles with the Update permission for the Emails application.

Updates and changes

  • Emails – Recipient lists for regular emails are no longer managed in the Contact groups application. Instead, the new Recipient lists application provides a separate management UI for this purpose.
    • To preserve functionality, the update automatically copies all permissions that existing administration user roles have for the Contact groups application, and grants them for the new Recipient lists application.
  • Contact management – The Contact groups and Recipient lists applications no longer allow contacts to be manually removed from the group or list. The option to remove contacts was misleading – the contact list is recalculated automatically based on the contact group's condition or managed by subscriptions and unsubscriptions for recipient lists.

Fixed issues

  • Rich text editor – On administration pages containing multiple Rich text editor components, certain toolbar options (Insert image, Insert link, Insert Dynamic Text, Insert Double Opt-In Link) didn’t work correctly and could interact with the wrong instance of the editor. The issue could also affect custom plugins registered for the rich text editor. If you have custom plugins, review the updated documentation and make sure your plugins are registered correctly.

  • Page Builder – Scrolling did not work correctly in the Page selector editing component dialog when using the compatibility mode of Page Builder.
  • Admin UI components – Selecting content items via the Content item selector component resulted in duplicate selection if the checkbox was used to select individual items.
  • Database table API – The system persisted incorrect Info object state in its cache in cases where a database transaction failed and was rolled back. For example, if a database transaction updating a MediaFileInfo object failed, the database state was not updated, but the updated state persisted in the system cache. This lead to data inconsistency between the application and the database, and could cause a subsequent Get operation to obtain incorrect data (when retrieved from the system cache).

Hotfix (May 11, 2023)

version 26.1.3

Fixed issues

  • Admin UI components – It wasn’t possible to enter values consisting only of zeros (e.g., '00.0') into numeric inputs, such as the Number input form component.

  • Object types – The hotfix removes the ability to define object type fields of the Pages and Content items data types. Fields of these data types were incorrectly available to object type classes for a brief period, but their support was never intended. Note that already created object type classes making use of these data types remain unaffected. However, the system is not prepared to handle them correctly, and certain features, such as code generators, produce incorrect results. This change does not impact content types in any way.
  • Security – Page preview URLs were vulnerable to reflected XSS attacks due to improper processing. The vulnerability was exploitable only by authenticated users.

Hotfix (May 4, 2023)

version 26.1.2

Fixed issues

  • Administration UI – Replaced usage of the deprecated onKeyPress event with the onKeyDown event in the client code of administration components. This change does not impact the existing public API.

Hotfix (April 27, 2023)

version 26.1.1

Fixed issues

  • UI form components – Validation errors weren’t displayed correctly in certain cases when using the Field comparison validation rules for UI form components in the administration.

  • Xperience Portal – The Application health report in the Metrics application wasn’t loaded and displayed correctly in certain cases, particularly after selecting the Last 30 days time period.

Refresh (April 20, 2023)

version 26.1.0

New features

Digital marketing

  • Activities – Added support for custom activity logging from client-side code. This allows tracking of basic interactions with important page elements, for example clicks of "call to action" buttons or links. See Custom activities.
  • Forms – Individual featured fields can now be hidden from the dialog that appears when adding fields in the Form Builder. This allows users to filter out featured fields that are not relevant for their forms.

Content management

  • Media libraries – Content editors are now able to move files between folders of a media library.

Xperience Portal


  • New Field comparison validation rules for UI form components. The rules are available for integer, decimal, floating-point number and string type fields, and allow comparisons with other fields of the same data type.

Fixed issues

  • Emails – An error occurred when attempting to delete a recipient list containing one or more contacts.

  • Forms – The system performed unnecessary queries when loading and displaying the featured field options for new form fields.

  • User interface – Fixed inconsistent spacing between elements in the administration UI.

  • Deployment to the SaaS environment – The cms.role object type was missing in the default Continuous Deployment configuration file of new projects for SaaS deployment (installed with the --cloud parameter). As a result, role data wasn’t included in the deployment.

  • Xperience Portal
    • The date and time of the latest deployment for environments in Xperience Portal was displayed incorrectly in certain cases.
    • Storage account outages were not tracked correctly, and were not displayed correctly in the Monitoring > Outages application of Xperience Portal.

Hotfix (April 13, 2023)

version 26.0.3

Fixed issues

  • Cross-site tracking – The tracking snippet generated for tracked websites in the Cross-site tracking application did not contain the tracked site’s URL. This issue occurred after updating a project from an older version, and also for projects deployed to the SaaS environment.

  • Security – The roles of administration users could be modified without sufficient permissions in certain cases.

Hotfix (April 6, 2023)

version 26.0.2

Fixed issues

  • Rich text editor – Adding image links to rich text editor content did not work correctly when using the Insert link > Asset toolbar option.

  • Administration UI – If an error notification bar appeared within a modal dialog and the error text was very long, the dialog was incorrectly resized to fit the text.

Hotfix (March 31, 2023)

version 26.0.1

Fixed issues

  • Installation – The user-defined table type Type_OM_OrderedIntegerTable_DuplicatesAllowed used by the Xperience database installation scripts was not defined correctly. In rare cases, this could have caused issues when recalculating digital marketing activities.

  • Pages – When pages contained images in their rich text fields, a dialog notifying about unsaved changes was displayed when leaving the page, even if no changes were made.
  • Pages – The PageUrl.AbsoluteUrl property returned by the IPageUrlRetrieverService incorrectly cached the URL scheme (protocol) of the request under which the service was first called. For example, if the service was first called within a request with the HTTP scheme, all subsequest URLs in the AbsoluteUrl property were also returned with HTTP.

  • Forms – It was possible to submit forms without selecting a value in a Drop-down list field, even if the field was set as required.
  • Forms – The Form Builder interface was not correctly displayed as read-only for users without the Update permission for the Forms application.

  • Administration UI – If a selector component was used in a modal dialog, the selection side panel was displayed under the dialog and couldn’t be used. For example, the problem occurred when selecting a page in the Approval or Unsubscribe settings of a recipient list in the Contact groups application.
  • UI form components – The TextArea component did not correctly reflect the MinRowsNumber and MaxRowsNumber properties when only one of them was explicitly provided. That is, the text area did not display the specified minimum number of rows when only MinRowsNumber was provided and did not grow to the specified size when only MaxRowsNumber was provided.

Refresh (March 27, 2023)

version 26.0.0

New features


  • Xperience web applications now support registration and authentication using ASP.NET Identity.
  • New Members application for management of registered accounts. 
  • Users can check which version of Xperience they are using via the newly added Product information icon displayed above the user menu in the administration interface.
  • The Xperience by Kentico source code is now available on the client portal for those who purchase it as part of their subscription.

Content management

Digital marketing

  • Contact management
    • Added support for defining custom activity types, which allows marketers to track any required action performed by contacts. Custom activities can by logged using the API or via cross-site tracking. See Custom activities.
    • Marketers can now enable or disable individual activity types in the Contact management application (applies to both default and custom activity types).
    • New Contact has performed activity with value condition type for contact groups.
  • Forms – The reCAPTCHA form component was updated to support reCAPTCHA v3. This version of reCAPTCHA provides frictionless validation without interrupting users. A score is calculated for each request, indicating whether an interaction is likely to be a bot or a valid human user.

Xperience Portal


  • The refresh introduces changes to confirmation dialogs that can be raised by listing and edit UI pages. Confirmation dialogs shown by these pages can now optionally contain forms (typically with a multi-choice or checkbox option), that can be used to control the behavior of the corresponding page command handlers
  • New MaximumDoubleValue and MinimumDoubleValue validation rules for UI form components.

Breaking changes – API

  • PageFormSubmissionPageBase.GetFormComponents was made asynchronous and now returns Task<ICollection<IFormComponent>>. To recover from the breaking change:
    • await the method call and change the signature of the overridden method
    • pass a CancellationToken to the method call
  • IContentTypeFieldsProvider.GetFields was made asynchronous and now returns Task<ICollection<IFormFieldInfo>> . To recover from the breaking change:
    • await the method call and change the signature of the overridden method
    • pass a CancellationToken to the method call
  • The GetAssetPanelInitialPropertiesResult command result type used by RichTextEditorComponent was renamed to GetMultiSourceAssetPanelPropertiesResult .
    • The type's Enabled property was renamed to AssetPanelEnabled.
  • The ReviewAndSendDialog UI page was moved from the Kentico.Xperience.Admin.Base.UIPages namespace to Kentico.Xperience.Admin.DigitalMarketing.UIPages.

  • The IPageManager interface, used to manage page hierarchy, was extended with an additional CheckSecurityMismatch method. 

Newly obsolete API

  • IPageManager.Move(TreeNode, TreeNode, PageDropPlacement) - use IPageManager.Move(PageMoveParameters) instead.
  • The refresh introduces changes to confirmation dialogs that can be raised by Listing and Edit UI pages (e.g., when invoking actions or saving changes).
    • The following properties from EditConfiguration were consolidated into EditConfiguration.SubmitConfiguration.
      • SubmitVisible
      • SubmitLabel
      • SubmitTooltipText
    • The following properties from EditTemplateClientProperties were consolidated into EditTemplateClientProperties.SubmitButton.
      • SubmitVisible
      • SubmitLabel
      • SubmitTooltipText
    • The following properties from Action (descriptor of interactive elements on listing UI pages) were consolidated into Action.ConfirmationDialog .
      • Confirmation
      • ConfirmationContent
      • ConfirmationDetail
      • ConfirmationButton
    • The following properties from ActionConfiguration were consolidated into ActionConfiguration.ConfirmationConfiguration.
      • Confirmation
      • ConfirmationContent
      • ConfirmationDetail
      • ConfirmationButton
  • ListingPage.GetRowsFromData was extended with a cancellation token parameter. The original method signature is now obsolete.

Removed obsolete API

The refresh releases removes all API marked Obsolete since version 22.0.0.

Updates and changes

  • Settings – The System → Files category and its Generate thumbnails setting are no longer displayed in the Settings application. The setting is always enabled by default.
  • Emails

    • The Sender name and Sender email properties can no longer be set immediately when creating new emails. These properties remain available in the Properties panel when editing existing emails.

    • The Properties panel of emails is now organized into two collapsible categories – General and Sender and recipients.

  • Contact management – The Status column is no longer displayed in the contact listing. This column is currently not used in Xperience by Kentico.

  • SendGrid integration – The system now uses a direct dependency on the SendGrid NuGet package (updated to version 9.28.1).

Fixed issues

  • Modules – Field settings related to data type integrity were not validated correctly in the editor for the UI forms of module classes. For example, the problem allowed invalid values for the number of digits and decimal places of Decimal number type fields in UI forms.
  • Administration – In certain cases, it was possible to submit values using disabled fields in the administration's editing forms.
  • Content types – If the Display in editing form option was enabled in the field editor for a content type field with the Content items data type, an error occurred when configuring further properties for the field’s form component.

  • Xperience Portal security – Under certain circumstances, there was a risk an unauthorized third party could access and download backups of projects deployed in the SaaS environment. 
  • Page Builder – Images added using the url() CSS function in the Code View mode of the Rich text widget's editor were not displayed on the live site or in the Page Builder.
  • Project templates – When creating a SaaS environment deployment package for a project based on the Dancing Goat project template, content item asset files were incorrectly duplicated in the package (in both the standard asset folder and the Continuous Deployment repository). After the refresh, SaaS deployment packages created for new Dancing Goat project no longer include the ~/assets folder.

  • Deployment – Sites deployed without the administration crashed during the startup process (“Unable to resolve service for type Kentico.PageBuilder.Web.Mvc.Internal.IComponentPropertiesStorageProcessor“ exception).

Digital marketing

  • Emails
    • The editing dialog for double opt-in links in form autoresponder emails didn’t check for unsaved changes. After applying the refresh, a confirmation prompt is displayed when attempting to close the dialog with a modified link text or recipient list.
    • The content editor of form autoresponder emails displayed the placeholder for double opt-in links incorrectly if the link’s text contained special characters.
    • Some parts of the email UI remained active even if the overall editing interface was disabled, e.g., due to missing update permissions or when viewing a regular emails that was already sent out. For example, the problem affected the editing dialog for double opt-in links in form autoresponder emails, the email Plain text content editor, and certain header action buttons.

    • Pressing CTRL+F while focused in the Source code editor of email templates triggered the editor’s built-in search functionality, which was not intended. After applying the refresh, the browser’s standard “Find in page” functionality is prioritized.

    • Added a new friendly warning to inform users when attempting to send a regular email to an empty recipient list.
    • Improved UI and explanation texts for emails that were sent, but do not have any logged statistics.
  • Various usability improvements were made in the UI of the Emails, Email templates and Contact groups applications.

Rich text editor

  • Inserting of links in the rich text editor didn't work correctly in certain cases in the Content view mode of the Pages and Emails applications.
  • If the rich text editor had a custom toolbar configuration with the imageReplace button, the button displayed a default Froala dialog instead of the system’s dialog for selecting images.

  • The rich text editor Insert image and Insert link dialogs did not work correctly when the rich text component was used to edit the property of a form component in the Form Builder.

  • When selecting a link to a page or content item in the rich text editor, the full toolbar was incorrectly displayed instead of just the link-related toolbar options.
  • On administration UI pages with a right-side panel, the panel didn’t close correctly if the user interacted with the rich text editor toolbar on the main editing page. For example, the problem could occur when editing emails in the Emails application.
  • The Insert image and Insert link dialogs in the rich text editor displayed the Media library selection tab even if there were no media libraries present in the system.

Hotfix (March 9, 2023)

version 25.0.2

Fixed issues

  • Content hub – When updating a Content item asset field in an existing content item and not publishing the item after, the original asset was displayed instead of the updated asset.

Hotfix (March 2, 2023)

version 25.0.1

Fixed issues

  • Administration interface – In certain cases, it was possible to submit values using disabled fields of admin UI forms.
  • MacOS – It was not possible to install the Xperience database on Apple devices equipped with the Apple silicon family of CPUs. 
  • Rich text editor – The Insert image and Insert link dialogs in the rich text editor incorrectly displayed content items with a Content item asset field but no file uploaded. This could occur when a content type was created with an optional asset field.

Refresh (February 23, 2023)

version 25.0.0

New features

Content management

Digital marketing

  • Emails
    • Users can now preview and test the content of emails by sending a draft version.
    • New option to clone emails, which allows users to quickly create new emails based on the content and settings of existing emails.
    • The content editor now allows editing of double opt-in links placed into form autoresponder emails. This allows users to quickly update the text and recipient list set for existing links.
    • The Emails application now displays a status for emails of the Regular type (possible options are Draft, Scheduled, Sending and Sent).

Xperience Portal

  • Backups – Users can now manually create and download backups of applications deployed in the SaaS environment. Backups can be used to locally inspect or debug the application.

Breaking changes

  • Global events – When deleting objects, the system now checks for depending objects before triggering the Delete event (ObjectEvents or *Info.TYPEINFO.Events). If any depending objects exist, the event is not triggered at all.

Breaking changes - API

  • Application startup – IFeaturesBuilder interface members BeforeConfiguration  and AfterConfiguration were not intended to be used in custom code and were removed from the public API. Extension methods for this interface (e.g., UsePageBuilder ) are used to add types required by various Xperience features into the application's IoC container.
  • The IDataQuery interface (CMS.DataEngine) contains two new methods:
    • GetAsyncEnumerableResult

    • GetScalarResultAsync

Obsolete API

  • Emails – The CMS.EmailEngine.EmailSender class is now obsolete. Use IEmailService to send emails (see the Email queue API example).

Updates and changes

Fixed issues

  • Role management – When using external authentication for the administration with the user synchronization frequency set to UserSynchronizationFrequency.Always, users with the Administrator role were incorrectly allowed to edit the role assignments of users managed by the external authentication provider.
  • Performance – The number of database queries called when loading the content of Page Builder widgets was optimized. The original performance issue occurred after updating to version 24.0.0.

  • Project templates – The sample site created by the Dancing Goat project template didn't correctly handle situations where certain content items were deleted, which could result in errors on the live site.

Digital marketing

  • Emails
    • If the application crashed or was stopped while sending a regular email to recipients, the mailout remained stuck and didn't recover after the application restarted.
    • The system created redundant anonymous contacts in certain cases when a user confirmed their email subscription by clicking a double opt-in link. For example, this could occur if the recipient opened the double opt-in link in a different browser than the one where the original subscription form was submitted. After applying the refresh, such anonymous contacts are automatically merged into the recipient's main contact.
    • The Preview mode of emails incorrectly allowed links in the email content to be clicked, which could lead to inconsistent behavior. After applying the refresh, links are no longer active when clicked in the email Preview.
  • Cross-site tracking – Certain requests returned during cross-site tracking used an incorrect X-Frames-Options header. This combination of the header and its value is now deprecated in modern browsers. After applying the refresh, the content-security-policy header is used for this purpose.

Continuous Integration and Deployment

  • Continuous Integration – If an object was deleted, but the operation was stopped due to the existence of depending objects, the files representing the object and its dependencies in the Continuous Integration repository were removed even though the object was not actually deleted.
  • The XML files representing contact groups of the Recipient list type in the CI/CD repository incorrectly used 0 or 1 values for the ContactGroupIsRecipientList boolean property, which could cause inconsistencies. After applying the refresh, the property stores True or False values.

User interface

  • Disabled editing forms in the administration (e.g. due to missing update permissions) behaved inconsistently in certain cases. After applying the refresh, disabled editing forms always contain a warning message and have a disabled Save button with a tooltip.
  • UI form components
    • If a field based on the Object selector had a large number of items available and a value was already selected, the list of items loaded and displayed the first batch of items twice.
    • Fields based on the Number input form component incorrectly displayed null as their value when the value was empty.
    • If a field based on the Radio group component did not have a label assigned, the resulting UI page generated warnings in the browser console. For example, the problem occurred in the Review and send dialog for emails in the administration.
    • Fields based on certain form components did not display their tooltip (e.g. the Page selector or Content item selector).
  • Emails – If the send date or time of a regular email was changed in the Reschedule dialog and the sendout was then cancelled, the dialog was not refreshed correctly and the Cancel scheduled sendout button remained visible.
  • Content types – When adding a new content type field with the Content item selector form component, the Allowed content type option could not be configured until the field was saved.

  • Role management – If a user with the Administrator role unassigned this role from their own account, an Access denied notification was displayed even though the operation was valid and the role was unassigned.
  • Contact groups – When viewing the details of Recipient list contact groups, text in the Approval and Unsubscribe settings areas could overflow when viewed with a small display width.
  • The administration UI breadcrumbs didn't correctly shorten text for objects with very long names.
  • Added missing spacing to certain selection dialogs.

Xperience Portal

  • The DevOps Engineer role did not have access to the Outages application in Xperience Portal.

Hotfix (February 16, 2023)

version 24.0.3

Fixed issues

  • Page Builder – Widgets that had output caching disabled consumed unnecessary memory and the application did not clear this memory correctly.

  • General – The application could reach the preset limit on the number of database connections under heavy traffic, e.g., during a load test. In the worst case, this could result in HTTP 502 Gateway errors.

New features

  • Admin UI authentication – The hotfix introduces new OnSigningIn and OnSigningOut events, which are invoked when users sign in or out of the Xperience administration. Both events are available under AuthenticationOptions.CookieEventsOptions when configuring AdminIdentityOptions. See Administration - Forms authentication for details.

Hotfix (February 9, 2023)

version 24.0.2

Fixed issues

  • Content items
    • On pages based on a page template, linked content items that were selected in a particular order were displayed in a random order when viewed on the live site.
    • Files stored as content item assets were served with an incorrect file name when downloaded on the live site.
  • Page Builder – After applying hotfix 24.0.1, it was not possible to publish pages that used Page Builder and contained sections without properties.

Hotfix (February 2, 2023)

version 24.0.1

Fixed issues

  • Roles – Modification of user-role assignments via the administration did not work correctly in certain cases. This issue occurred only after updating to version 24.0.0.

  • Performance – An unnecessary number of database queries was performed when loading the content of Page Builder widgets. This issue occurred after updating to version 24.0.0.

Refresh (January 26, 2023)

version 24.0.0

New features


Content management

  • Content item assets – Content item assets are a new type of content items that allow content editors to upload and store various types of files, for example, photos, pictures, sound files, videos, package files, presentations, or documents. You can reuse assets stored in the Content hub throughout the system. To create a new content item asset, create a content type with an Content item asset field.
  • Content item selector – Users are now able to select content items from the content hub in component properties.
  • Media libraries
    • Content editors are now able to upload a new version of media library files.
    • Content editors are now able to view media file information such as the GUID, Media URL, size, or image resolution.

Digital marketing

  • Emails
    • New functionality that allows marketers to send regular emails to groups of recipients. Visitors subscribe by submitting a form on the website. The form sends an autoresponder email with a double opt-in link, through which recipients finish the subscription process. See Send regular emails to subscribers.
    • The system now tracks and displays statistics for emails created in the Email templates and Emails applications, including the number of sent emails, email opens and clicked links. See Track email statistics.
  • Forms – Users can now edit the Code name of forms, which allows developers to work with more practical identifiers, e.g., when rendering forms in code as stand-alone widgets.
    • Changes of the form code name break existing forms placed onto pages via the Form widget. You need to reselect the form in these widgets after making such changes.
    • Changing the code name also automatically updates the form's Class name. Such changes break existing code files generated for the form, and developers need to update or regenerate the code.

Xperience Portal

Breaking changes

Changes to assembly placement in NuGet packages

The CMS.AspNetCore.Platform assembly was moved from Kentico.Xperience.Core to the Kentico.Xperience.WebApp NuGet package and renamed to Kentico.AspNetCore.Platform.

For web applications, this change in not breaking – Kentico.Xperience.Web.App depends on the Kentico.Xperience.Core package.

However, for other types of applications (e.g., console or desktop applications), there is a possibility that your custom code called some code from the moved assembly. If you encounter breaking changes (compilation errors) in your projects after upgrading, you need to add the Kentico.Xperience.WebApp NuGet package to the affected projects.

Breaking changes – API

  • The UserInfo.Enabled property was fully removed, use UserInfo.UserEnabled instead.
  • The following members were removed from the content management API:
    • IPageTypeFieldsProvider  – use IContentTypeFieldsProvider instead.
    • IPageTypeFieldsProviderFactory – if this interface was used as a dependency, replace usages with IContentTypeFieldsProvider directly. The additional layer of abstraction introduced by the factory was removed completely.
    • PageType – there is no alternative. Implement a custom class to replace.
    • LoadAvailablePageTypesResult – there is no alternative. Implement a custom class to replace.
    • LoadAvailablePageTypesCommandArguments – there is no alternative. Implement a custom class to replace.
  • PageFormSubmissionPageBase  – the constructor now depends on IContentTypeFieldsProvider directly.
  • The CMS.AspNetCore.Platform namespace was renamed to Kentico.AspNetCore.Platform (also includes all subnamespaces).

Obsolete API

  • Data types – The AllowedObjectTypes property of DataType objects is now obsolete. Use the IsAvailableForDataClass  predicate instead .

Updates and changes


  • New CMS.EmailEngine.ISmtpClientFactory API that enables developers to modify the configuration of the system's SMTP client (if using SMPT servers for mailout). This API is primarily intended for advanced environments with specific requirements.


  • Rich text editor – The ability to drag-and-drop content into the rich text editor UI form component was disabled. Use your operating system's clipboard functionality instead.
  • Emails – The "Preheader" property of emails was renamed to "Preview text". The corresponding placeholder in the source code of email templates is now $$previewtext$$. Applying the refresh automatically updates the placeholder in the source code of existing email templates.
  • Admin UI customization – UI pages for creating new objects (inheriting from the base class) no longer validate the editing form when the Change UI page command is executed. This prevents unnecessary validation errors while filling in parts of the create form.

Object types

This release changes the way hash table caching for object types is configured. In previous versions, the caching was configured by passing the HashtableSettings object via an optional constructor parameter to the object type's I*InfoProvider implementation:

Hash table caching configuration using the provider class
public partial class MyObjectTypeInfoProvider : AbstractInfoProvider<MyObjectTypeInfo, MyObjectTypeInfoProvider>, IMyObjectTypeInfoProvider
    public MyObjectTypeInfoProvider()
            : base(MyObjectTypeInfo.TYPEINFO, 
				   new HashtableSettings
					   		// Enables hash table caching over the identifier and code name
            				ID = true,
            				Name = true

From this version onward, this approach and the corresponding *InfoProvider constructor are obsolete. Instead, the caching is configured directly in the *Info data class via the InfoCache attribute:

Hash table caching configuration via the Info data class
[InfoCache(InfoCacheBy.ID | InfoCacheBy.Name)]
public partial class MyObjectTypeInfo : AbstractInfo<MyObjectTypeInfo, IMyObjectTypeInfoProvider>

If you are using hash table caching for custom object types, there are two ways to migrate to the new approach:

  1. Regenerate all custom object type classes using the code generator, which automatically ensures the new format. However, note that this will also require you to manually transfer all customizations made to the object type's classes.
  2. Manually convert custom object type classes to the new approach:
    1. Remove the HashtableSettings parameter from the *InfoProvider constructor.
    2. Annotate the corresponding *Info class with the InfoCache attribute.
      1. Use the InfoCacheBy enum to determine the properties to cache by.
      2. (Optional) Use the InfoCachePriority enum to configure whether the cached items should expire.

Content hashes in admin UI script filenames

The file names of script files consumed by the Xperience admin UI now include a content hash (e.g., This change ensures that script files cached on the client are correctly invalidated when updating to a new version. In previous versions, the client browser usually defaulted to cached scripts even if the file contents were different, requiring users to refresh the browser cache (Ctrl+F5) to get the latest version (or wait for cache expiration).

All newly created custom admin UI modules (see Prepare your environment for admin development) automatically include content hashing. However, if your admin UI consumes any existing custom modules, and you wish to make use of the content hashing feature, you need to make the following changes:

  1. Update all @kentico packages to 24.0.0.
  2. Open the webpack.config.js of your module and follow the comments in the following snippet:

    const webpackMerge = require("webpack-merge");
    const baseWebpackConfig = require("@kentico/xperience-webpack-config");
    module.exports = (opts, argv) => {
      // Add the 'argv' parameter to the arrow function signature
      const baseConfig = (webpackConfigEnv, argv) => {
        return baseWebpackConfig({
          orgName: "acme",
          projectName: "web-admin",
          webpackConfigEnv: webpackConfigEnv,
          argv: argv,
      const projectConfig = {
        module: {
          rules: [
              test: /\.(js|ts)x?$/,
              exclude: [/node_modules/],
              loader: "babel-loader",
    	// Add the output-clean:true setting	
        output: {
          clean: true
        devServer: {
          port: 3009,
      // Pass the added 'argv' parameter to 'baseConfig'
      return webpackMerge.merge(projectConfig, baseConfig(opts, argv));
  3. Rebuild the module.

The output file name now contains a content hash.

Xperience admin UI customizations boilerplate project converted to a .NET template

The Xperience admin UI customization boilerplate project (previously available for download on Prepare your environment for admin development) was converted to a .NET template. You can now install the project using dotnet new kentico-xperience-admin-sample . Afterwards, reference the created project from your Xperience application and work with it like before.

Fixed issues


  • Calling the IPageDataContextRetriever.TryRetrieve method resulted in an unhandled exception if the page data context could not be initialized, instead of returning a false value.
  • The API documentation for the WithPageUrlPaths DocumentQuery extension method was improved with additional remarks regarding the method usage. 
  • Exceptions caused by cancelling asynchronous operations via cancellation tokens – as a response to a cancelled client request or application shutdown, for example – were incorrectly logged to the event log as errors (e.g., as System.OperationCancelledException).
  • Conventional MVC mechanism such as AuthorizeAttribute now work with the admin UI role-based access control model for routes registered behind /admin

Content management

  • Content hub - Content items listed in the content hub are now by default ordered according to the Last modified column.
  • Content items – It was incorrectly possible to delete linked content items from "locked" pages that were in the published or archived workflow state.

  • Form Builder – Fixed various text overflow issues that could occur when entering long words in form component properties.
  • Headless API – Fixed issues caused by the tilda '~' character in asset filenames.
  • Pages – When moving items with children via the content tree, the confirmation prompt for the move operation did not appear in certain cases.
  • Page Builder – If Cross-Site Request Forgery validation failed when submitting a form generated by the Form Page Builder widget, a "Cannot read property of null" error was logged in the browser console in addition to the expected HTTP 400 error code.

Digital marketing

  • Security – Modified the behavior of various permissions in relation to digital marketing applications.
    • Contact group edit (condition builder) can no longer be opened by users without Update permissions for the Contact groups application.
    • Deleting contacts from contact groups is now possible with Update permissions for the Contact groups application.
    • The Save button when editing emails in the Emails application is now disabled for users without Update permissions.
    • Deleting collected form submissions in the Forms application is now possible with Update permissions.


  • The Readme.txt file in the Dancing Goat and Boilerplate project templates contained an invalid link to the documentation.
  • Optimized the number of database queries required when checking user permissions in the admin UI.


  • When creating fields for module classes via the field editor, the Field name length wasn’t validated correctly by the UI, and very long values could result in an error.

UI form components

  • It was not possible to view more than the first 150 files in a selected media library via the Media file selector UI form component.
  • Pages selected within the Page selector form component cast a shadow incorrectly when dragged.
  • It was possible to clear a selection made using the Object selector even if the field was marked as required.
  • When the Object selector was placed in a side panel, selecting any action inside the selector caused the side panel to collapse.
  • Selecting a month or year in the DateTime input form component incorrectly saved the whole form.

  • The MinimumDecimalValueValidationRule and MaximumDecimalValueValidationRule validation rule attributes could not be used because the attribute constructor did not allow the decimal type as a valid attribute parameter type. The attribute constructors now accept double instead. Conversion to decimal is done by rounding to 15 significant digits using rounding to nearest (a limitation of the double input type).


  • Instances hosted in Linux environments could encounter exceptions when accessing resources from Amazon S3. This would occur, for example, when accessing media library files stored in Amazon S3.

User interface visual improvements

  • Opening a drop-down list in a component properties dialog sometimes caused the drop-down menu to overflow the dialog window.
  • For certain elements the 'element is now focused' blue border indicator was partially obscured or was rendered incorrectly.
  • Pages application
    • When changing page URL slugs on the URL tab in the Pages application, entering slugs longer than the width of the dialog window caused the input to stretch past the browser window.
    • When saving page URL slugs on the URL tab in the Pages application, the Save button now transitions to a disabled state to prevent multiple concurrent requests from being submitted.
    • Page URL slugs and other text longer than the width of the various page property dialogs (Information, URL) now break into multiple lines instead of disappearing past the browser window when longer than the available viewport space.
    • The design and appearance of certain elements in the content tree was updated to better match the admin UI look and feel.
    • When drag and dropping pages, the dragged pages are now hidden from their original position in the content tree instead of showing both at the original position and on the mouse cursor, possibly confusing users.
    • The content tree in the Pages application now better indicates possible placement when dragging and dropping pages. 
  • Drop-down menus now close during a click-away action that targets an iframe with either the Page Builder, Form Builder, or page preview window.
  • The primary action button was not by default focused in interactive dialogs. Now, the primary action is always performed on enter (save, delete, confirm, etc.).

  • The confirmation dialog displayed when changing page templates now uses the same look and feel as other dialog windows in the admin UI.
  • The listing pages context menu, available via (...), was obscured by the listing container in special cases.
  • Implemented responsive drop-down menus that automatically adjust based on viewport and parent element width.
  • The application menu now overlays menus and panels that open from the right side of the interface (e.g., selector dialogs in the Pages application, configuration options in the Forms application) on displays where smaller viewport width causes overlaps. 
  • Fixed the vertical alignment of button labels in the Safari browser.

Xperience Portal

  • The project expiration date displayed on the Dashboard in Xperience Portal incorrectly included the 30 day grace period for license renewals.
  • The Outages application in Xperience Portal only displayed project outage reports starting from the beginning of the month following the project deployment. For example, projects deployed 8/15/2022 could only view reports starting from 9/1/2022.
  • A JavaScript error was logged in the browser console when viewing the hash string salt value (Dashboard Project info section) on displays with certain viewport widths.
  • A wrong type of error page was displayed for Not Found (HTTP 404) and other HTTP errors.
  • The format of the Account created and User added to project email notifications was not correct in case the first name of the user was unknown.
  • The deployments page may not have displayed correctly during an ongoing maintenance.

Hotfix (January 19, 2023)

version 23.0.9

Fixed issues

  • Admin UI customization – Searching using the listing template resulted in an error if a column of the listed object type was named after an SQL reserved keyword (e.g., Key). After applying the hotfix, the system escapes all column names in such queries, allowing search on listing templates to work as expected.

Hotfix (January 12, 2023)

version 23.0.8

Updates and changes

  • Security – The initial permission configuration for the sample Digital Channel Manager role was modified to reflect security best practices. This change only applies to the Dancing Goat and Boilerplate project templates installed from Kentico.Xperience.Templates version 23.0.8 and newer. In existing installations, we strongly recommend making the following change to the Digital Channel Manager role (if present in your project): remove the View permission for the Email Queue application.

Hotfix (January 5, 2023)

version 23.0.7

Fixed issues

  • SendGrid integration – The SendGrid integration failed to send emails with email addresses specified using advanced formats such as "display name" <user@host>. After applying the hotfix, the integration supports all email address formats allowed by the  System.Net.mail.MailAddress  class.
  • Event log – An error occurred when viewing the details of event log records without a description.

Updates and changes

  • Permissions – Only users with the  Administrator role can now change assigned roles via the Users  edit a user → General tab.

New features

  • Email customization – New EmailMessage.Validate extension method that validates whether properties (From, Recipients, CcRecipients, etc.) of the CMS.EmailEngine.EmailMessage object are set correctly. The method is intended primarily for use when implementing  custom email clients.

Hotfix (December 15, 2022)

version 23.0.6

Fixed issues

  • Rich text editor – Hotfix 22.3.1 introduced HTML sanitization of content in the Rich text editor. This sanitization can result in modified or broken HTML code, for example, when adding content via the editor's Code View option. After applying this hotfix, the sanitization additionally allows ID and data-* attributes, as well as href attributes containing mailto links in <a> tags.

Hotfix (December 8, 2022)

version 23.0.5

Fixed issues

Hotfix (December 1, 2022)

version 23.0.4

Fixed issues

  • Permissions – It was possible to modify existing forms via the Form Builder interface (Forms → edit a form → Form Builder tab) without possessing the Update permission for the Forms application. After applying the hotfix, the Update permission is required when making modifications to all forms.

Hotfix (November 24, 2022)

version 23.0.3

Fixed issues

  • Permissions – When adding images from a media library into the content of a Rich text widget in the Page Builder, the Insert image selection dialog didn’t work for users without the Administrator role. After applying the hotfix, media files in the dialog can be viewed, selected and uploaded by users with a role that has sufficient permissions for the Pages application.

  • Admin UI customization – API documentation was missing for the client API that enables developers to work with pages in in modal dialogs (useTemplateDialog()) , which was introduced in hotfix 23.0.1.

Hotfix (November 16, 2022)

version 23.0.2

Fixed issues

  • Permissions – Certain action buttons in the Pages and Content hub applications remained active, even if the user’s role did not have the required Create or Update permissions assigned for the given applications.

  • Permissions – Delete buttons for files in the Media libraries application remained active, even if the user’s role did not have the required Manage media library permission assigned for the application.

  • Field editor – Minor visual issues occurred within the field editor user interface in rare cases.

Hotfix (November 10, 2022)

version 23.0.1

Fixed issues

  • Continuous Deployment – Continuous Deployment didn't include the data of binding object types when running the restore operation.

  • UI form components – If the Object selector UI form component was configured to select exactly one item, it was not possible to clear the selection once an object was selected.

New features

  • Admin UI customization – The hotfix introduces a new useTemplateDialog() hook for the client customization API that enables developers to set the properties of pages displayed within modal dialogs via UIPageLocation(PageLocationEnum.Dialog).

Refresh (November 7, 2022)

version 23.0.0

New features


  • Role-based access control for the Xperience administration – The refresh update introduces a permission model for the Xperience administration. The model handles only permissions for the user interface of the administration application – the visibility of applications, application elements, tabs, and pages. The added functionality consists of the following:

Digital marketing

  • Email management – Editors can now personalize emails created in the Emails applications by adding dynamic text to the content. When sending emails to specific recipients, the system replaces dynamic text with information known about the given recipient (First name, Last name or Email).

Content management

  • Headless API – A headless API for retrieving content items was released as a preview feature. Developers can now retrieve content items from Xperience using HTTP requests and the JSON data format. Check the related documentation to see the limitations related to the preview status of the feature.
  • Media libraries – Developers can now set the encoding quality used when resizing images retrieved from media libraries via a configurable options object. The configuration is provided as part of the implementation within the Kentico.Xperience.ImageProcessing NuGet package.
  • Algolia integration – An external module that allows you to create Algolia search indexes and index content types with the 'Page' feature in the Xperience content tree using a code-first approach. The integration also enables you to provide a search interface on the live site using .NET API, JavaScript API, or the InstantSearch.js JavaScript library. For more information, see the Algolia Search Integration GitHub repository.

Xperience Portal

  • Projects in Xperience Portal can now undergo planned scheduled maintenance. Certain features are unavailable for the duration of the maintenance. The maintenance intervals are planned by Kentico.
  • Uptime statistics for Xperience Portal projects, Deployment API, and deployment regions alongside downtime incidents are now available at

Breaking changes

  • During application startup, the system no longer automatically adds services related to session state and cross-origin resource sharing (CORS) to the service collection. Specifically, the IServiceCollection.AddKentico call no longer includes the following:
  • The following dependency of the Kentico.Xperience.WebApp package was updated:
    • HtmlSanitizer from version 7 . 1 . 542 to 8.0.601. The update includes several breaking changes: #365, #370
  • The following dependency of the Kentico.Xperience.Core package was updated:

Breaking changes – API

  • The following members were removed from the membership API. There is no provided alternative. 
    • Removed properties:
      • RoleInfo.RoleIsDomain

      • UserRoleInfo.ValidTo

    • Removed constants:

      • RoleName.EVERYONE
      • RoleName.AUTHENTICATED

Breaking changes – Database

  • The following database views were changed or removed:
    • View_CMS_UserRole_Joined was removed.
    • View_CMS_UserRole_MembershipRole_ValidOnly_Joined was removed.

    • The ValidTo column was removed from View_CMS_UserRoleMembershipRole

Updates and changes

  • Forms – Emails that are assigned to the autoresponder of one or more forms can no longer be deleted.
  • The Froala WYSIWYG editor that provides the Rich text editor in Xperience was updated to version 4.0.15. See Froala Editor 4.0.15 for details.
  • User interface – The Properties → Metadata section in the UI of the Pages application was renamed to Information.

Fixed issues


  • UI components

    • Fields in the administration with a selector form component (e.g., Dropdown selector) did not save their value in special scenarios. The problem occurred if the field used a visibility condition, and also had an assigned configurator that dynamically populated the selection options.

    • If the Rich text editor had a custom toolbar configuration with the toolbarInline option disabled, enabling the toolbarSticky option didn't work. The toolbar didn't remain displayed at the top of the editing area when scrolling down in the content.

    • Entering a very long number into the Number input form component caused the value to be converted to scientific notation. After the update, only numbers between -2147483647 and 2147483647 can be entered.
  • Event log – The system's event logging API was not thread-safe, causing, e.g., Parallel.ForEach calls that logged information into the event log to incorrectly terminate with an exception.

Content management

  • Page Builder – Page, Path, Media and Attachment selectors for the Page Builder legacy compatibility mode did not preserve any order of the selected items. After applying the update, the items are stored in the order in which they were selected.
  • Media library
    • WebP images uploaded to media libraries were stored and served with the wrong MIME type, and were not displayed correctly on the website.
    • Getting the URL of a media file using the IMediaFileUrlRetriever.Retrieve API always generated the file's DirectPath URL, even when it was not required or used. When storing media files on Azure storage, this resulted in unnecessary requests to Azure.
    • When resizing images retrieved from media libraries, the image encoding quality was set to 100%, which could cause resized images to be larger in file size than the original. After the update, the default encoding quality is set to 80%.


  • If the form selected in a Form widget was later deleted, the widget's configuration dialog displayed errors.
  • Deleting a form with an enabled autoresponder didn’t remove the internal automation process used to send the autoresponder emails.
  • The autoresponder options in the After form submission panel of the Forms application were not disabled correctly if the form was modified so that it no longer contained a field mapped to the Email contact attribute. The autoresponder options now need to be manually reconfigured if a properly mapped Email field is returned to the form.
  • The Country and State contact attributes were not available for mapping when configuring form fields. After the update, mapping to these attributes is supported for Text and Number fields. Text fields attempt to map country or state code name values, number fields work with country or state IDs.
  • Multiple clicks of a form's submit button in quick succession could cause the system to send multiple autoresponder emails. After the update, clicked submit buttons are disabled until the request is processed.
  • Multiple clicks of action buttons in the options panel of the form administration UI could trigger multiple requests. After the update, a loading button is displayed after a click until the request is processed.

User interface

  • Pages
    • After attempting to save a conflicting URL slug for a page in the Pages application, the resulting error message disappeared immediately.
    • Fixed minor design issues in the Change template dialog in the Pages application, and added a Friendly warning with additional information.
  • Contact groups – Validation error messages in the contact group condition builder were duplicated when an invalid condition was submitted multiple times.
  • Emails – The Preheader field in the Properties of emails was missing a tooltip.
  • Forms
    • Horizontal scrollbars were displayed for fields in the Form Builder interface in certain cases on devices with a small display width.
    • The Form Builder interface displayed checkboxes with incorrect alignment in certain cases for Checkboxes fields.
    • Fields with very long label text were displayed incorrectly in the Form Builder interface.

  • Several minor issues with alignment, font size, spacing and shadows were fixed in the administration interface.

Xperience Portal

  • An error was logged to the browser console when selecting or clearing the checkbox for confirming DNS settings in the Site domains or SendGrid domains applications within Xperience Portal.

Hotfix (October 20, 2022)

version 22.3.2

Fixed issues

  • API – Creating a new media library (MediaLibraryInfo object) in code without HttpContext access resulted in an error. For example, the problem could occur when using the Xperience API in a console application.

  • Code generators – The system's code generator created invalid code for objects (e.g., content types) with fields of the Pages and Media files data types.

  • Object types – An error occurred when using the object selector component with an object type that did not have the displayNameColumn configured in its Type info properties. The error affected fields created in the Field editor with the Object code names data type and form component, as well as code-driven properties decorated by the Object selector UI form component.

Hotfix (October 13, 2022)

version 22.3.1

Fixed issues

  • Infrastructure – Export of the Xperience database to a backup file failed due to changes related to content items (introduced in Refresh 22.3.0). As a result, it was also not possible to deploy applications to the SaaS environment.

  • Security – Administration input fields using the Rich text editor component were vulnerable to reflected XSS attacks. The hotfix ensures proper sanitization.
  • Content hub – After updating the name of a content item in the Content hub application, the administration's breadcrumbs and navigation menu didn’t reflect the new name.
  • Admin UI customization – The client customization framework didn't correctly load files from JavaScript modules built on non-Windows operating systems.
  • User interface – Improved input validation on the Features tab in the Content types application.

New features

  • Xperience Portal – The page displayed after new users finish setting up their Xperience Portal account and password now contains a button redirecting to the portal’s sign-in screen.

Refresh (October 6, 2022)

version 22.3.0

New features

  • Content hub – A new way of working with content was added. It is now possible to create content types (formerly page types) with a field configured to select content items. These linked content items can then be retrieved using the API. You can also manage existing content items in the Content hub application.
  • Email management – When creating emails in the Email templates and Emails applications, editors can specify the following new options:
    • Plain text content – Improves deliverability of emails. Some recipients may prefer plain text emails, and certain email clients only accept plain text.
    • Email preheader – The brief text that recipients see in their inbox after the email sender information and the subject line.
  • Xperience Portal – SaaS deployment uptime monitoring is now available in Xperience Portal. See Uptime monitoring.
  • Administration UI development
  • Forms – The listing in the Forms application contains a new column indicating whether the autoresponder is enabled for each form.
  • Contact groups – When viewing the contacts belonging to a contact group in the Contact groups application, users can now select contacts to open the given profile in the Contact management application.
  • The Text area UI form component for the administration provides new properties that allow configuration of the area's minimum and maximum displayed height (number of rows).

Updates and changes

  • Rich text editor – When registering Rich text editor configurations, a display name needs to be specified for the configuration.
  • Field editor – Updated the names of certain field configuration options to better describe their purpose (Tooltip text and Text below the input).

Fixed issues


  • Running on a time zone with a large UTC offset caused unhandled errors in certain scenarios. For example, such errors could occur when logging event log records or when executing unit tests.
  • Field editor – Values entered into the Default value of fields were not validated in certain cases, and validation messages were displayed incorrectly.
  • Domain aliases of sites were not validated correctly and allowed duplicate domain name values for the same site.
  • The system had a dependency on the deprecated Microsoft.jQuery.Unobtrusive.Ajax package. The Page and Form Builder scripts no longer use the jquery.unobtrusive-ajax.js bundle, and the dependency was removed.
    • The related FormBuilderBundlesOptions.JQueryUnobtrusiveAjaxCustomBundleWebRootPath property in the API is now obsolete.

Content management

  • Content tree-based routing
    • If the page specified in Settings → URLs and SEO → Home page was deleted, the Pages application didn't work and an error occurred.
    • The routing engine was vulnerable to CRLF Injection when performing redirects due to improper encoding of the URL query string.
  • When displaying selected pages in an administration UI form, the Page selector component incorrectly showed the published name of pages, even when a newer version (draft) of the page had a different name.

Digital marketing

  • Forms
    • The After form submission panel in the Forms application became broken and displayed an error if an email selected for the Autoresponder was later deleted.
    • The email selector in the After form submission panel incorrectly remained enabled even if the form didn't contain a field mapped to the Email contact attribute.
  • Emails – Selecting the email name in the administration UI's breadcrumbs incorrectly opened the email preview instead of the content editing view.

User interface

  • The layout of the Form Builder designer area was broken on devices with a small display width.
  • Dialogs and side panels (e.g., the options panel in the Forms application) incorrectly closed after the user performed certain actions outside of the dialog area, for example mouse wheel clicks or right-clicks. After applying the update, dialogs are only closed by primary interactions, i.e., left mouse button clicks.
  • The Icon selector form component was not disabled correctly, e.g., when viewing the editing form of a published or archived page.
  • When creating or editing fields in the Field editor, multiple scrollbars appeared in certain cases.

  • An accessibility warning was logged in the browser console when viewing administration pages containing the Password UI form component (e.g., on the sign-in or change password page).
  • Minor improvements of the administration interface were made, for example increased font size for certain text.

Project templates

  • The sample site created by the Dancing Goat project template contained several broken links to non existing pages.

Hotfix (September 29, 2022)

version 22.2.3

Fixed issues

  • Field editor – It was not possible the configure the Default value and Required status for fields of the following data types: Object code names, Object Guids, Pages, Media files
  • API – The AbstractTableManager.TableExists method returned false when the call terminated with an exception. After applying the hotfix, the method propagates the exception and correctly terminates.

Hotfix (September 22, 2022)

version 22.2.2

Fixed issues

  • Emails – When viewing the details of emails via the Email detail dialog in the Email queue application, labels identifying individual email properties displayed unresolved resource strings instead of the corresponding property names.

  • Domain names and domain aliases – It was not possible to register a domain name or alias starting with the www. prefix. This made it impossible to generate absolute URLs with the www. prefix to content managed by the system, as the URL generation API always prepended the URL with the site's domain name, which resulted in URLs such as . After applying the hotfix, domain names starting with www. are allowed. Moreover, the hotfix fixes an issue that allowed users to register multiple identical domain aliases for a single domain.

Hotfix (September 15, 2022)

version 22.2.1

Fixed issues

  • Emails – The Preview mode for emails in the Emails application was modified to be more resilient against cross-site scripting attacks.

  • Field editor – When defining new fields via the field editor interface, the configuration of the field's assigned UI form component was not persisted correctly in special cases. The problem occurred if the UI form component's configuration options used components with UI page commands. Such options are disabled by default during initial field creation due to certain system limitations. However, the initial save of the field didn't persist other configuration options that were available.

Updates and changes

Refresh (September 8, 2022)

version 22.2.0

New features

  • Introduced a new Modules application with the following functionality:
    • Support for creating and registering object types into the system. Object types contain metadata that describe the properties and behavior of database entities integrated into and leveraging certain Xperience features.

    • Support for extending system object types.
    • Support for entering macro expressions. Until now, macro expressions were used by the system in the background, but were not available to users. Currently, macros are usable when configuring the default values of object type fields via the Modules application.
  • Email management – New Email templates and Emails applications that allow users to prepare and edit the content of emails directly in the Xperience administration. See Emails for more information. Currently, such emails can only be used with form autoresponders.
  • Xperience Portal – Custom site domains and the SendGrid sender domain can now be assigned through Xperience Portal. See Domain names for SaaS deployment and SendGrid integration.
  • Integrations – Xperience offers an external module that integrates with the Disqus comment platform. The module contains a Disqus comments widget that provides the option to add a comment section to any page on your website. Disqus also offers advanced moderation tools, analytics and monetization options. The module is distributed as a NuGet package. For more information and detailed instructions, see the Xperience by Kentico Disqus Widget GitHub repository.
  • New Code editor UI form component for the administration. Provides a text editing area suitable for code, with support for syntax highlighting and line numbers.

Updates and changes

  • The original Emails application in the Xperience administration was renamed to Email queue. The new Emails application is now used to manage the content of emails. See Emails.

Fixed issues


  • After performing a project update, the system didn't correctly detect differences in the minor and hotfix version number of the database and project packages. The application now fails to start and returns an error on startup when such a version difference is detected. You always need to update both project packages and the database when performing an update.

Content management

  • Rich text editor – When using the Code View of the Rich text editor to edit page content in the Pages application, changes were lost after saving the page. After applying the refresh, the editor automatically switches to the default WYSIWYG view after clicking anywhere outside of the editor area, including the page's Save button, and changes are saved correctly.
  • Page Builder – Fixed minor vulnerabilities in the dependencies of Page Builder scripts.

User interface

  • Pages
    • Notifications about unsaved changes were not displayed correctly in the Pages application when attempting to move the page or its parent.
    • Deleting a page while editing another one prevented notifications about unsaved changes from being displayed.
  • Page types
    • After deleting a field in the Field editor within the Page types application, the configuration of the deleted field was incorrectly displayed instead of the values of the next field, which the field editor automatically expands.
    • The label text of the save button in the Field editor within the Page types application was unified to “Save”.
  • Forms – The General or After form submission options panel in the form editing interface was not hidden correctly after clicking into the Form Builder editing area.
  • Contact groups – The object selectors in contact group conditions were misaligned in certain cases.
  • Error messages displayed when attempting to delete an object with existing dependencies did not accurately describe the cause of the problem. For example, such errors occurred when deleting a page type with existing pages in the content tree.
  • Certain locations in the administration displayed unresolved resource string keys instead of the actual text (for example the descriptions of event log records related to page workflow status changes).
  • When working in a dialog within the Xperience administration, notifications and error messages were incorrectly displayed outside of the dialog in certain cases.
  • The explanation text for the Password component was not displayed correctly in some locations.
  • Certain inputs and selectors displayed incorrectly when they contained a very long text value.
  • When navigating between pages in listings within the administration, the screen didn't scroll to the top of the page content.


  • When running the dotnet kentico-xperience-dbmanager CLI command with the --recreate-existing-database parameter, the database configuration was not preserved in certain scenarios (for example for Azure SQL databases).

Hotfix (September 1, 2022)

version 22.1.3

Fixed issues

  • Licensing – A licensing error prevented access to the administration if the cross-site tracking feature was enabled for the application with CrossSiteTrackingOptions configured, and the license key was missing or expired.

  • Rich text editor – For applications running on the domain root (without an application path), URLs of images and links placed into rich text editor content in the Page Builder interface became invalid after saving and publishing the page. Applying the hotfix does not fix existing broken URLs, but allows you to create correct links by re-saving and publishing the affected pages again.

Hotfix (August 26, 2022)

version 22.1.2

Fixed issues

  • Licensing – The administration dashboard didn't work correctly when the license key had expired. As a result, users could not enter a new valid license.

Hotfix (August 19, 2022)

version 22.1.1

Fixed issues

  • Cross-site tracking – Calling the kxt('pagevisit'); function in cross-site tracking scripts generated an error in the browser console if the function’s optional onerror callback was not handled.
  • Infrastructure – The Kentico.Xperience.DbManager.dll library distributed as part of the Kentico.Xperience.DbManager NuGet package was missing a Microsoft Authenticode digital signature.
  • SaaS environment deployment – The Export-DeploymentPackage PowerShell script (provided as part of cloud project templates) created a malformed $StorageAssets directory within the resulting deployment package. The problem occurred for projects where an item in the directory had Copy to Output Directory set to a different value than Do not copy.

    To avoid the described issue for cloud projects created using an older version of the Kentico.Xperience.Templates package , update the package and recreate the project to obtain the newest version of the Export-DeploymentPackage script.

Refresh (August 12, 2022)

version 22.1.0

New features

  • Minimal APIs support – The system now supports application configuration using minimal APIs introduced in .NET 6.

    • Project templates from the Kentico.Xperience.Templates NuGet package were updated – newly created projects leverage the minimal API configuration model by default.

    • The legacy configuration model with separate program entry (Program.cs) and startup files (Startup.cs by default) remains fully supported, but its use is no longer recommended. All documentation and training materials now work with minimal APIs exclusively. To migrate your codebase to the new model, follow Migrate to the new minimal hosting model in ASP.NET Core 6.0 for framework code, and Configure new projects for Xperience-related code.

  • Page templates
    • Page templates can now be configured using custom properties.
    • Pages created using page templates that contain Page Builder content (widgets, sections) can now be saved as Preset templates and reused when creating other pages. Templates prepared by the developers (added via RegisterPageTemplate) are now referred to as Default templates. See Page templates.
    • When changing the Default page template of a page, users now have the option to transfer existing Page Builder content over from the current page, assuming editable areas in both the source and target template use matching identifiers. See the Implement page templates section on Page templates for Page Builder for developer documentation, and the Change templates of existing pages section on Page templates for business documentation.
  • Xperience Portal – The hash string salt value assigned to Xperience Portal projects is now visible in Xperience Portal , under the  Project info section of the project Dashboard . Previously, hash string salts were provided by Kentico alongside Xperience Portal projects using other channels.
  • User interface – The Xperience administration now uses an appropriately-themed dialog window when notifying users about interactive events (e.g., notifications about unsaved changes), instead of each browser's default notification system.

Fixed issues

Content management

  • Pages
    • After a page was moved in the content tree in the Pages application, the right-side workspace was not updated and could incorrectly display outdated information (e.g., a page's URL still reflected the previous position).
    • After discarding changes to a page in the Pages application, certain fields on the Content tab were not reverted to their previous values (not displayed correctly from the last published or archived version of the page).
    • When editing a page's URL slug via Properties in the Pages application, the caption of the save button now reflects the workflow state of the page – Publish change for published pages, and Save change for unpublished or archived pages.
    • When editing a page's URL slug via Properties in the Pages application, the Publish change button could disappear in rare cases.
  • Former URLs – Moving a page via drag-and-drop using the content tree in the Pages application incorrectly created a former URL for the page even when the page's URL was not affected by the move operation (e.g., a reorder within the same section of the tree).

Digital marketing

  • Contact groups – Attempting to close the contact group condition dialog with unsaved changes now displays a warning prompt.
  • Cross-site tracking – The Website name column in the listing of tracked websites under Cross-site tracking → Tracked websites incorrectly displayed the tracked site's code name instead of its display name.
  • Forms – The Form Builder interface could be displayed on different domains via an iframe (assuming certain conditions were met).

User interface

  • Admin UI form components
    • Text inside disabled Text area and Text input UI form components was not visible when using the Safari browser.
    • The asset selector UI form component didn't display the "required" indicator (red asterisk) when the corresponding field was marked as required. 
    • The object selector UI form component didn't reflect the Tooltip and InactiveMessage properties.
    • The URL selector UI form component could under certain circumstances lose focus unexpectedly when manually editing its value.
    • The clickable area of checkbox components in the administration was increased.
  • UI field visibility conditions – The system incorrectly evaluated UI form component visibility conditions that made use of transitive dependencies. In these cases, the system failed to correctly reflect the values of certain fields based on their (in)visibility when evaluating the condition, which could result in incorrect visibility states. For example, assume field dependencies A → B → C, which implies that field C also depends on field A. Setting A to a value that hides B must also hide C (due to transitivity), which was not the case. After applying the fix, complex visibility conditions that depend on hidden fields use either the hidden field's default value (if set) or an empty value.
  • Licensing – License expiration notifications were displayed incorrectly in certain cases.
  • Minor visual issues that could in certain cases appear throughout the administration interface across various browsers (listings and search inputs overflowing on smaller resolutions, incorrect shadows on certain elements, minor layout issues on specific pages, etc.).

Administration client code

  • The BarItemGroup component (@kentico/xperience-admin-components) generated the "Each child in a list should have a unique 'key' prop" warning in the browser console, for example when using the field editor in the Page types application.

Xperience Portal

  • The expiration date of the license key generated via the License key generator application in Xperience Portal can no longer be manually specified. License key expiration is now automatically managed by the portal – all generated keys are set to expire together with the validity of your Xperience subscription.
  • Xperience Portal password reset emails did not contain a password reset link if the user's email address included uppercase characters.
  • In the Xperience Portal Deployments application, the Deploy to drop-down for selecting the target environment was incorrectly enabled even where there was no existing deployment in the source environment.
  • The link to the License Key Generator on the Xperience Portal Dashboard didn't work.


  • If the Continuous Integration or Continuous Deployment command-line tools were run targeting a directory without a repository.config file, the processes got stuck and could only be terminated using a hard exit (Ctrl+C).
  • CI/CD commands returned a non-zero exit code in special cases even if the result was successful.

Project templates

  • When running the Dancing Goat project in Kestrel on Linux environments, accessing certain malformed images caused a complete shut down of the Kestrel hosting process, requiring a full application restart. The affected images were replaced. This change only applies to new projects created after updating the Kentico.Xperience.Templates NuGet package to version 22.1.0 or newer.

Database changes

  • The following database columns were removed. This was only a cleanup on the database level – the columns were no longer used by the system. 

    • CMS_Class table – ClassIsNavigationItem

    • CMS_Class table – ClassIsMenuItemType

    • CMS_Document table – DocumentShowInMenu

Hotfix (August 5, 2022)

version 22.0.4

Fixed issues

  • Cross-site tracking – Adding or revoking consent agreements using the kxt('consentagree', ...); and kxt('consentrevoke', ...); functions in cross-site tracking scripts incorrectly created an anonymous contact when the client’s browser blocked third-party cookies. In these cases, the contact was unnecessary and never contained any data, since tracking is not possible even if the visitor gives consent.

New features

  • Cross-site tracking – Functions in cross-site tracking scripts now provide an optional onerror callback, which allows custom handling for scenarios where cookies are blocked, as well as other error states. See Cross-site tracking .

Hotfix (July 29, 2022)

version 22.0.3

Fixed issues

  • Cross-site tracking
    • Checking the consent status of the current contact using the kxt('consentcontactstatus', ...); call in cross-site tracking scripts incorrectly created a new anonymous contact in cases where the visitor had not given consent to be tracked.
    • When a visitor accepted tracking consent on an external website, and then arrived on the main Xperience site, the system failed to detect the consent and didn’t automatically set an appropriate cookie level for the main site. After applying the hotfix, the cookie level specified during application startup via CrossSiteTrackingOptions is set automatically for tracked visitors from external sites, and the cross-site contact is merged with the contact representing the visitor on the main site.

Hotfix (July 22, 2022)

version 22.0.2

Fixed issues

  • Minor fixed issues without direct customer impact (e.g., improved confirmation message text for the database update CLI command).

Hotfix (July 15, 2022)

version 22.0.1

Fixed issues

  • Cross-site tracking – When using the default configuration, the cross-site tracking scripts attempted to reach a non-existing Kentico.CrossSiteTracking/Logger/LogCrossSiteAnalytics endpoint. This caused failed requests on the tracked site’s pages.

  • Contact groups – The recalculation warning displayed after editing a contact group’s condition behaved incorrectly. In certain cases, clicking the button didn’t immediately display the “loading” status, and the warning remained visible even after recalculation was triggered and successfully finished.

  • Forms – If validation failed for the Email or U.S. phone number fields when submitting a form, the validation error messages were displayed incorrectly (as unresolved resource string keys).

  • Licensing – The administration incorrectly displayed license expiration notifications when using an evaluation license. After applying the hotfix, expiration notifications only appear for full licenses.

  • Project templates – The Privacy page on the Dancing Goat sample site (kentico-xperience-sample-mvc project template) displayed an error if the data protection demo was not enabled in the Sample data generator application. The hotfix does not update existing sites, only new projects created based on the Dancing Goat template.

Xperience by Kentico (July 1, 2022)

version 22.0.0

The initial release of the Xperience by Kentico adopters program.