Xperience changelog

Refresh (January 26, 2023)

version 24.0.0

New features


Content management

  • Content item assets – Content item assets are a new type of content items that allow content editors to upload and store various types of files, for example, photos, pictures, sound files, videos, package files, presentations, or documents. You can reuse assets stored in the Content hub throughout the system. To create a new content item asset, create a content type with an Asset uploader field.
  • Content item selector – Users are now able to select content items from the content hub in component properties.
  • Media libraries
    • Content editors are now able to upload a new version of media library files.
    • Content editors are now able to view media file information such as the GUID, Media URL, size, or image resolution.

Digital marketing

  • Emails
    • New functionality that allows marketers to send regular emails to groups of recipients. Visitors subscribe by submitting a form on the website. The form sends an autoresponder email with a double opt-in link, through which recipients finish the subscription process. See Send regular emails to subscribers.
    • The system now tracks and displays statistics for emails created in the Email templates and Emails applications, including the number of sent emails, email opens and clicked links. See Track email statistics.
  • Forms – Users can now edit the Code name of forms, which allows developers to work with more practical identifiers, e.g., when rendering forms in code as stand-alone widgets.
    • Changes of the form code name break existing forms placed onto pages via the Form widget. You need to reselect the form in these widgets after making such changes.
    • Changing the code name also automatically updates the form's Class name. Such changes break existing code files generated for the form, and developers need to update or regenerate the code.

Xperience Portal

Breaking changes

Changes to assembly placement in NuGet packages

The CMS.AspNetCore.Platform assembly was moved from Kentico.Xperience.Core to the Kentico.Xperience.WebApp NuGet package and renamed to Kentico.AspNetCore.Platform.

For web applications, this change in not breaking – Kentico.Xperience.Web.App depends on the Kentico.Xperience.Core package.

However, for other types of applications (e.g., console or desktop applications), there is a possibility that your custom code called some code from the moved assembly. If you encounter breaking changes (compilation errors) in your projects after upgrading, you need to add the Kentico.Xperience.WebApp NuGet package to the affected projects.

Breaking changes – API

  • The UserInfo.Enabled property was fully removed, use UserInfo.UserEnabled instead.
  • The following members were removed from the content management API:
    • IPageTypeFieldsProvider – use IContentTypeFieldsProvider instead.
    • IPageTypeFieldsProviderFactory – if this interface was used as a dependency, replace usages with IContentTypeFieldsProvider directly. The additional layer of abstraction introduced by the factory was removed completely.
    • PageType – there is no alternative. Implement a custom class to replace.
    • LoadAvailablePageTypesResult – there is no alternative. Implement a custom class to replace.
    • LoadAvailablePageTypesCommandArguments – there is no alternative. Implement a custom class to replace.
  • PageFormSubmissionPageBase – the constructor now depends on IContentTypeFieldsProvider directly.
  • The CMS.AspNetCore.Platform namespace was renamed to Kentico.AspNetCore.Platform (also includes all subnamespaces).

Updates and changes


  • New CMS.EmailEngine.ISmtpClientFactory API that enables developers to modify the configuration of the system's SMTP client (if using SMPT servers for mailout). This API is primarily intended for advanced environments with specific requirements.


  • Rich text editor – The ability to drag-and-drop content into the rich text editor UI form component was disabled. Use your operating system's clipboard functionality instead.
  • Emails – The "Preheader" property of emails was renamed to "Preview text". The corresponding placeholder in the source code of email templates is now $$previewtext$$. Applying the refresh automatically updates the placeholder in the source code of existing email templates.
  • Admin UI customization – UI pages for creating new objects (inheriting from the base class) no longer validate the editing form when the Change UI page command is executed. This prevents unnecessary validation errors while filling in parts of the create form.

Object types

This release changes the way hash table caching for object types is configured. In previous versions, the caching was configured by passing the HashtableSettings object via an optional constructor parameter to the object type's I*InfoProvider implementation:

Hash table caching configuration using the provider class
public partial class MyObjectTypeInfoProvider : AbstractInfoProvider<MyObjectTypeInfo, MyObjectTypeInfoProvider>, IMyObjectTypeInfoProvider
    public MyObjectTypeInfoProvider()
            : base(MyObjectTypeInfo.TYPEINFO, 
				   new HashtableSettings
					   		// Enables hash table caching over the identifier and code name
            				ID = true,
            				Name = true

From this version onward, this approach and the corresponding *InfoProvider constructor are obsolete. Instead, the caching is configured directly in the *Info data class via the InfoCache attribute:

Hash table caching configuration via the Info data class
[InfoCache(InfoCacheBy.ID | InfoCacheBy.Name)]
public partial class MyObjectTypeInfo : AbstractInfo<MyObjectTypeInfo, IMyObjectTypeInfoProvider>

 If you are using hash table caching for custom object types, there are two ways to migrate to the new approach:

  1. Regenerate all custom object type classes using the code generator, which automatically ensures the new format. However, note that this will also require you to manually transfer all customizations made to the object type's classes.
  2. Manually convert custom object type classes to the new approach:
    1. Remove the HashtableSettings parameter from the *InfoProvider constructor.
    2. Annotate the corresponding *Info class with the InfoCache attribute.
      1. Use the InfoCacheBy enum to determine the properties to cache by.
      2. (Optional) Use the InfoCachePriority enum to configure whether the cached items should expire.

Content hashes in admin UI script filenames

The file names of script files consumed by the Xperience admin UI now include a content hash (e.g., kentico.xperience.admin.app.entry.kxh.adf398f7ffd6e16a4961.js) This change ensures that script files cached on the client are correctly invalidated when updating to a new version. In previous versions, the client browser usually defaulted to cached scripts even if the file contents were different, requiring users to refresh the browser cache (Ctrl+F5) to get the latest version (or wait for cache expiration).

All newly created custom admin UI modules (see Prepare your environment for admin development) automatically include content hashing. However, if your admin UI consumes any existing custom modules, and you wish to make use of the content hashing feature, you need to make the following changes:

  1. Update all @kentico packages to 24.0.0.
  2. Open the webpack.config.js of your module and follow the comments in the following snippet:

    const webpackMerge = require("webpack-merge");
    const baseWebpackConfig = require("@kentico/xperience-webpack-config");
    module.exports = (opts, argv) => {
      // Add the 'argv' parameter to the arrow function signature
      const baseConfig = (webpackConfigEnv, argv) => {
        return baseWebpackConfig({
          orgName: "acme",
          projectName: "web-admin",
          webpackConfigEnv: webpackConfigEnv,
          argv: argv,
      const projectConfig = {
        module: {
          rules: [
              test: /\.(js|ts)x?$/,
              exclude: [/node_modules/],
              loader: "babel-loader",
    	// Add the output-clean:true setting	
        output: {
          clean: true
        devServer: {
          port: 3009,
      // Pass the added 'argv' parameter to 'baseConfig'
      return webpackMerge.merge(projectConfig, baseConfig(opts, argv));
  3. Rebuild the module.

The output file name now contains a content hash.

Xperience admin UI customizations boilerplate project converted to a .NET template

The Xperience admin UI customization boilerplate project (previously available for download on Prepare your environment for admin development) has been converted to a .NET template. You can now install the project using dotnet new kentico-xperience-admin-sample. Afterwards, reference the created project from your Xperience application and work with it like before.

Fixed issues


  • Calling the IPageDataContextRetriever.TryRetrieve method resulted in an unhandled exception if the page data context could not be initialized, instead of returning a false value.
  • The API documentation for the WithPageUrlPaths DocumentQuery extension method was improved with additional remarks regarding the method usage. 
  • Exceptions caused by cancelling asynchronous operations via cancellation tokens – as a response to a cancelled client request or application shutdown, for example – were incorrectly logged to the event log as errors (e.g., as System.OperationCancelledException).
  • Conventional MVC mechanism such as AuthorizeAttribute now work with the admin UI role-based access control model for routes registered behind /admin

Content management

  • Content hub - Content items listed in the content hub are now by default ordered according to the Last modified column.
  • Content items – It was incorrectly possible to delete linked content items from "locked" pages that were in the published or archived workflow state.

  • Form Builder – Fixed various text overflow issues that could occur when entering long words in form component properties.
  • Headless API – Fixed issues caused by the tilda '~' character in asset filenames.
  • Pages – When moving items with children via the content tree, the confirmation prompt for the move operation did not appear in certain cases.
  • Page Builder – If Cross-Site Request Forgery validation failed when submitting a form generated by the Form Page Builder widget, a "Cannot read property of null" error was logged in the browser console in addition to the expected HTTP 400 error code.

Digital marketing

  • Security – Modified the behavior of various permissions in relation to digital marketing applications.
    • Contact group edit (condition builder) can no longer be opened by users without Update permissions for the Contact groups application.
    • Deleting contacts from contact groups is now possible with Update permissions for the Contact groups application.
    • The Save button when editing emails in the Emails application is now disabled for users without Update permissions.
    • Deleting collected form submissions in the Forms application is now possible with Update permissions.


  • The Readme.txt file in the Dancing Goat and Boilerplate project templates contained an invalid link to the documentation.
  • Optimized the number of database queries required when checking user permissions in the admin UI.


  • When creating fields for module classes via the field editor, the Field name length wasn’t validated correctly by the UI, and very long values could result in an error.

UI form components

  • It was not possible to view more than the first 150 files in a selected media library via the Media file selector UI form component.
  • Pages selected within the Page selector form component cast a shadow incorrectly when dragged.
  • It was possible to clear a selection made using the Object selector even if the field was marked as required.
  • When the Object selector was placed in a side panel, selecting any action inside the selector caused the side panel to collapse.
  • Selecting a month or year in the DateTime input form component incorrectly saved the whole form.

  • The MinimumDecimalValueValidationRule and MaximumDecimalValueValidationRule validation rule attributes could not be used because the attribute constructor did not allow the decimal type as a valid attribute parameter type. The attribute constructors now accept double instead. Conversion to decimal is done by rounding to 15 significant digits using rounding to nearest (a limitation of the double input type).


  • Instances hosted in Linux environments could encounter exceptions when accessing resources from Amazon S3. This would occur, for example, when accessing media library files stored in Amazon S3.

User interface visual improvements

  • Opening a drop-down list in a component properties dialog sometimes caused the drop-down menu to overflow the dialog window.
  • For certain elements the 'element is now focused' blue border indicator was partially obscured or was rendered incorrectly.
  • Pages application
    • When changing page URL slugs on the URL tab in the Pages application, entering slugs longer than the width of the dialog window caused the input to stretch past the browser window.
    • When saving page URL slugs on the URL tab in the Pages application, the Save button now transitions to a disabled state to prevent multiple concurrent requests from being submitted.
    • Page URL slugs and other text longer than the width of the various page property dialogs (Information, URL) now break into multiple lines instead of disappearing past the browser window when longer than the available viewport space.
    • The design and appearance of certain elements in the content tree was updated to better match the admin UI look and feel.
    • When drag and dropping pages, the dragged pages are now hidden from their original position in the content tree instead of showing both at the original position and on the mouse cursor, possibly confusing users.
    • The content tree in the Pages application now better indicates possible placement when dragging and dropping pages. 
  • Drop-down menus now close during a click-away action that targets an iframe with either the Page Builder, Form Builder, or page preview window.
  • The primary action button was not by default focused in interactive dialogs. Now, the primary action is always performed on enter (save, delete, confirm, etc.).

  • The confirmation dialog displayed when changing page templates now uses the same look and feel as other dialog windows in the admin UI.
  • The listing pages context menu, available via (...), was obscured by the listing container in special cases.
  • Implemented responsive drop-down menus that automatically adjust based on viewport and parent element width.
  • The application menu now overlays menus and panels that open from the right side of the interface (e.g., selector dialogs in the Pages application, configuration options in the Forms application) on displays where smaller viewport width causes overlaps. 
  • Fixed the vertical alignment of button labels in the Safari browser.

Xperience Portal

  • The project expiration date displayed on the Dashboard in Xperience Portal incorrectly included the 30 day grace period for license renewals.
  • The Outages application in Xperience Portal only displayed project outage reports starting from the beginning of the month following the project deployment. For example, projects deployed 8/15/2022 could only view reports starting from 9/1/2022.
  • A JavaScript error was logged in the browser console when viewing the hash string salt value (Dashboard Project info section) on displays with certain viewport widths.
  • A wrong type of error page was displayed for Not Found (HTTP 404) and other HTTP errors.
  • The format of the Account created and User added to project email notifications was not correct in case the first name of the user was unknown.
  • The deployments page may not have displayed correctly during an ongoing maintenance.

Hotfix (January 19, 2022)

version 23.0.9

Fixed issues

  • Admin UI customization – Searching using the listing template resulted in an error if a column of the listed object type was named after an SQL reserved keyword (e.g., Key). After applying the hotfix, the system escapes all column names in such queries, allowing search on listing templates to work as expected.

Hotfix (January 12, 2022)

version 23.0.8

Updates and changes

  • Security – The initial permission configuration for the sample Digital Channel Manager role was modified to reflect security best practices. This change only applies to the Dancing Goat and Boilerplate project templates installed from Kentico.Xperience.Templates version 23.0.8 and newer. In existing installations, we strongly recommend making the following change to the Digital Channel Manager role (if present in your project): remove the View permission for the Email Queue application.

Hotfix (January 5, 2022)

version 23.0.7

Fixed issues

  • SendGrid integration – The SendGrid integration failed to send emails with email addresses specified using advanced formats such as "display name" <user@host>. After applying the hotfix, the integration supports all email address formats allowed by the System.Net.mail.MailAddress class.
  • Event log – An error occurred when viewing the details of event log records without a description.

Updates and changes

  • Permissions – Only users with the Administrator role can now change assigned roles via the Users edit a user General tab.

New features

  • Email customization – New EmailMessage.Validate extension method that validates whether properties (From, Recipients, CcRecipients, etc.) of the CMS.EmailEngine.EmailMessage object are set correctly. The method is intended primarily for use when implementing custom email clients.

Hotfix (December 15, 2022)

version 23.0.6

Fixed issues

  • Rich text editor – Hotfix 22.3.1 introduced HTML sanitization of content in the Rich text editor. This sanitization can result in modified or broken HTML code, for example, when adding content via the editor's Code View option. After applying this hotfix, the sanitization additionally allows ID and data-* attributes, as well as href attributes containing mailto links in <a> tags.

Hotfix (December 8, 2022)

version 23.0.5

Fixed issues

Hotfix (December 1, 2022)

version 23.0.4

Fixed issues

  • Permissions – It was possible to modify existing forms via the Form Builder interface (Forms → edit a form → Form Builder tab) without possessing the Update permission for the Forms application. After applying the hotfix, the Update permission is required when making modifications to all forms.

Hotfix (November 24, 2022)

version 23.0.3

Fixed issues

  • Permissions – When adding images from a media library into the content of a Rich text widget in the Page Builder, the Insert image selection dialog didn’t work for users without the Administrator role. After applying the hotfix, media files in the dialog can be viewed, selected and uploaded by users with a role that has sufficient permissions for the Pages application.

  • Admin UI customization – API documentation was missing for the client API that enables developers to work with pages in in modal dialogs (useTemplateDialog()) , which was introduced in hotfix 23.0.1.

Hotfix (November 16, 2022)

version 23.0.2

Fixed issues

  • Permissions – Certain action buttons in the Pages and Content hub applications remained active, even if the user’s role did not have the required Create or Update permissions assigned for the given applications.

  • Permissions – Delete buttons for files in the Media libraries application remained active, even if the user’s role did not have the required Manage media library permission assigned for the application.

  • Field editor – Minor visual issues occurred within the field editor user interface in rare cases.

Hotfix (November 10, 2022)

version 23.0.1

Fixed issues

  • Continuous Deployment – Continuous Deployment didn't include the data of binding object types when running the restore operation.

  • UI form components – If the Object selector UI form component was configured to select exactly one item, it was not possible to clear the selection once an object was selected.

New features

  • Admin UI customization – The hotfix introduces a new useTemplateDialog() hook for the client customization API that enables developers to set the properties of pages displayed within modal dialogs via UIPageLocation(PageLocationEnum.Dialog).

Refresh (November 7, 2022)

version 23.0.0

New features


  • Role-based access control for the Xperience administration – The refresh update introduces a permission model for the Xperience administration. The model handles only permissions for the user interface of the administration application – the visibility of applications, application elements, tabs, and pages. The added functionality consists of the following:

Digital marketing

  • Email management – Editors can now personalize emails created in the Emails applications by adding dynamic text to the content. When sending emails to specific recipients, the system replaces dynamic text with information known about the given recipient (First name, Last name or Email).

Content management

  • Headless API – A headless API for retrieving content items was released as a preview feature. Developers can now retrieve content items from Xperience using HTTP requests and the JSON data format. Check the related documentation to see the limitations related to the preview status of the feature.
  • Media libraries – Developers can now set the encoding quality used when resizing images retrieved from media libraries via a configurable options object. The configuration is provided as part of the implementation within the Kentico.Xperience.ImageProcessing NuGet package.
  • Algolia integration – An external module that allows you to create Algolia search indexes and index content types with the 'Page' feature in the Xperience content tree using a code-first approach. The integration also enables you to provide a search interface on the live site using .NET API, JavaScript API, or the InstantSearch.js JavaScript library. For more information, see the Algolia Search Integration GitHub repository.

Xperience Portal

  • Projects in Xperience Portal can now undergo planned scheduled maintenance. Certain features are unavailable for the duration of the maintenance. The maintenance intervals are planned by Kentico.
  • Uptime statistics for Xperience Portal projects, Deployment API, and deployment regions alongside downtime incidents are now available at status.xperience-portal.com.

Breaking changes

  • During application startup, the system no longer automatically adds services related to session state and cross-origin resource sharing (CORS) to the service collection. Specifically, the IServiceCollection.AddKentico call no longer includes the following:
  • The following dependency of the Kentico.Xperience.WebApp package was updated:
  • The following dependency of the Kentico.Xperience.Core package was updated:

Breaking changes – API

  • The following members were removed from the membership API. There is no provided alternative. 
    • Removed properties:
      • RoleInfo.RoleIsDomain

      • UserRoleInfo.ValidTo

    • Removed constants:

      • RoleName.EVERYONE
      • RoleName.AUTHENTICATED

Breaking changes – Database

  • The following database views were changed or removed:
    • View_CMS_UserRole_Joined was removed.
    • View_CMS_UserRole_MembershipRole_ValidOnly_Joined was removed.

    • The ValidTo column was removed from View_CMS_UserRoleMembershipRole

Updates and changes

  • Forms – Emails that are assigned to the autoresponder of one or more forms can no longer be deleted.
  • The Froala WYSIWYG editor that provides the Rich text editor in Xperience was updated to version 4.0.15. See Froala Editor 4.0.15 for details.
  • User interface – The Properties → Metadata section in the UI of the Pages application was renamed to Information.

Fixed issues


  • UI components

    • Fields in the administration with a selector form component (e.g., Dropdown selector) did not save their value in special scenarios. The problem occurred if the field used a visibility condition, and also had an assigned configurator that dynamically populated the selection options.

    • If the Rich text editor had a custom toolbar configuration with the toolbarInline option disabled, enabling the toolbarSticky option didn't work. The toolbar didn't remain displayed at the top of the editing area when scrolling down in the content.

    • Entering a very long number into the Number input form component caused the value to be converted to scientific notation. After the update, only numbers between -2147483647 and 2147483647 can be entered.
  • Event log – The system's event logging API was not thread-safe, causing, e.g., Parallel.ForEach calls that logged information into the event log to incorrectly terminate with an exception.

Content management

  • Page Builder – Page, Path, Media and Attachment selectors for the Page Builder legacy compatibility mode did not preserve any order of the selected items. After applying the update, the items are stored in the order in which they were selected.
  • Media library
    • WebP images uploaded to media libraries were stored and served with the wrong MIME type, and were not displayed correctly on the website.
    • Getting the URL of a media file using the IMediaFileUrlRetriever.Retrieve API always generated the file's DirectPath URL, even when it was not required or used. When storing media files on Azure storage, this resulted in unnecessary requests to Azure.
    • When resizing images retrieved from media libraries, the image encoding quality was set to 100%, which could cause resized images to be larger in file size than the original. After the update, the default encoding quality is set to 80%.


  • If the form selected in a Form widget was later deleted, the widget's configuration dialog displayed errors.
  • Deleting a form with an enabled autoresponder didn’t remove the internal automation process used to send the autoresponder emails.
  • The autoresponder options in the After form submission panel of the Forms application were not disabled correctly if the form was modified so that it no longer contained a field mapped to the Email contact attribute. The autoresponder options now need to be manually reconfigured if a properly mapped Email field is returned to the form.
  • The Country and State contact attributes were not available for mapping when configuring form fields. After the update, mapping to these attributes is supported for Text and Number fields. Text fields attempt to map country or state code name values, number fields work with country or state IDs.
  • Multiple clicks of a form's submit button in quick succession could cause the system to send multiple autoresponder emails. After the update, clicked submit buttons are disabled until the request is processed.
  • Multiple clicks of action buttons in the options panel of the form administration UI could trigger multiple requests. After the update, a loading button is displayed after a click until the request is processed.

User interface

  • Pages
    • After attempting to save a conflicting URL slug for a page in the Pages application, the resulting error message disappeared immediately.
    • Fixed minor design issues in the Change template dialog in the Pages application, and added a Friendly warning with additional information.
  • Contact groups – Validation error messages in the contact group condition builder were duplicated when an invalid condition was submitted multiple times.
  • Emails – The Preheader field in the Properties of emails was missing a tooltip.
  • Forms
    • Horizontal scrollbars were displayed for fields in the Form Builder interface in certain cases on devices with a small display width.
    • The Form Builder interface displayed checkboxes with incorrect alignment in certain cases for Checkboxes fields.
    • Fields with very long label text were displayed incorrectly in the Form Builder interface.

  • Several minor issues with alignment, font size, spacing and shadows were fixed in the administration interface.

Xperience Portal

  • An error was logged to the browser console when selecting or clearing the checkbox for confirming DNS settings in the Site domains or SendGrid domains applications within Xperience Portal.

Hotfix (October 20, 2022)

version 22.3.2

Fixed issues

  • API – Creating a new media library (MediaLibraryInfo object) in code without HttpContext access resulted in an error. For example, the problem could occur when using the Xperience API in a console application.

  • Code generators – The system's code generator created invalid code for objects (e.g., content types) with fields of the Pages and Media files data types.

  • Object types – An error occurred when using the object selector component with an object type that did not have the displayNameColumn configured in its Type info properties. The error affected fields created in the Field editor with the Object code names data type and form component, as well as code-driven properties decorated by the Object selector UI form component.

Hotfix (October 13, 2022)

version 22.3.1

Fixed issues

  • Infrastructure – Export of the Xperience database to a backup file failed due to changes related to content items (introduced in Refresh 22.3.0). As a result, it was also not possible to deploy applications to the SaaS environment.

  • Security – Administration input fields using the Rich text editor component were vulnerable to reflected XSS attacks. The hotfix ensures proper sanitization.
  • Content hub – After updating the name of a content item in the Content hub application, the administration's breadcrumbs and navigation menu didn’t reflect the new name.
  • Admin UI customization – The client customization framework didn't correctly load files from JavaScript modules built on non-Windows operating systems.
  • User interface – Improved input validation on the Features tab in the Content types application.

New features

  • Xperience Portal – The page displayed after new users finish setting up their Xperience Portal account and password now contains a button redirecting to the portal’s sign-in screen.

Refresh (October 6, 2022)

version 22.3.0

New features

  • Content hub – A new way of working with content was added. It is now possible to create content types (formerly page types) with a field configured to select content items. These linked content items can then be retrieved using the API. You can also manage existing content items in the Content hub application.
  • Email management – When creating emails in the Email templates and Emails applications, editors can specify the following new options:
    • Plain text content – Improves deliverability of emails. Some recipients may prefer plain text emails, and certain email clients only accept plain text.
    • Email preheader – The brief text that recipients see in their inbox after the email sender information and the subject line.
  • Xperience Portal – SaaS deployment uptime monitoring is now available in Xperience Portal. See Uptime monitoring.
  • Administration UI development
  • Forms – The listing in the Forms application contains a new column indicating whether the autoresponder is enabled for each form.
  • Contact groups – When viewing the contacts belonging to a contact group in the Contact groups application, users can now select contacts to open the given profile in the Contact management application.
  • The Text area UI form component for the administration provides new properties that allow configuration of the area's minimum and maximum displayed height (number of rows).

Updates and changes

  • Rich text editor – When registering Rich text editor configurations, a display name needs to be specified for the configuration.
  • Field editor – Updated the names of certain field configuration options to better describe their purpose (Tooltip text and Text below the input).

Fixed issues


  • Running on a time zone with a large UTC offset caused unhandled errors in certain scenarios. For example, such errors could occur when logging event log records or when executing unit tests.
  • Field editor – Values entered into the Default value of fields were not validated in certain cases, and validation messages were displayed incorrectly.
  • Domain aliases of sites were not validated correctly and allowed duplicate domain name values for the same site.
  • The system had a dependency on the deprecated Microsoft.jQuery.Unobtrusive.Ajax package. The Page and Form Builder scripts no longer use the jquery.unobtrusive-ajax.js bundle, and the dependency was removed.
    • The related FormBuilderBundlesOptions.JQueryUnobtrusiveAjaxCustomBundleWebRootPath property in the API is now obsolete.

Content management

  • Content tree-based routing
    • If the page specified in Settings → URLs and SEO → Home page was deleted, the Pages application didn't work and an error occurred.
    • The routing engine was vulnerable to CRLF Injection when performing redirects due to improper encoding of the URL query string.
  • When displaying selected pages in an administration UI form, the Page selector component incorrectly showed the published name of pages, even when a newer version (draft) of the page had a different name.

Digital marketing

  • Forms
    • The After form submission panel in the Forms application became broken and displayed an error if an email selected for the Autoresponder was later deleted.
    • The email selector in the After form submission panel incorrectly remained enabled even if the form didn't contain a field mapped to the Email contact attribute.
  • Emails – Selecting the email name in the administration UI's breadcrumbs incorrectly opened the email preview instead of the content editing view.

User interface

  • The layout of the Form Builder designer area was broken on devices with a small display width.
  • Dialogs and side panels (e.g., the options panel in the Forms application) incorrectly closed after the user performed certain actions outside of the dialog area, for example mouse wheel clicks or right-clicks. After applying the update, dialogs are only closed by primary interactions, i.e., left mouse button clicks.
  • The Icon selector form component was not disabled correctly, e.g., when viewing the editing form of a published or archived page.
  • When creating or editing fields in the Field editor, multiple scrollbars appeared in certain cases.

  • An accessibility warning was logged in the browser console when viewing administration pages containing the Password UI form component (e.g., on the sign-in or change password page).
  • Minor improvements of the administration interface were made, for example increased font size for certain text.

Project templates

  • The sample site created by the Dancing Goat project template contained several broken links to non existing pages.

Hotfix (September 29, 2022)

version 22.2.3

Fixed issues

  • Field editor – It was not possible the configure the Default value and Required status for fields of the following data types: Object code names, Object Guids, Pages, Media files
  • API – The AbstractTableManager.TableExists method returned false when the call terminated with an exception. After applying the hotfix, the method propagates the exception and correctly terminates.

Hotfix (September 22, 2022)

version 22.2.2

Fixed issues

  • Emails – When viewing the details of emails via the Email detail dialog in the Email queue application, labels identifying individual email properties displayed unresolved resource strings instead of the corresponding property names.

  • Domain names and domain aliases – It was not possible to register a domain name or alias starting with the www. prefix. This made it impossible to generate absolute URLs with the www. prefix to content managed by the system, as the URL generation API always prepended the URL with the site's domain name, which resulted in URLs such as  https://mydomain.com/landing . After applying the hotfix, domain names starting with www. are allowed. Moreover, the hotfix fixes an issue that allowed users to register multiple identical domain aliases for a single domain.

Hotfix (September 15, 2022)

version 22.2.1

Fixed issues

  • Emails – The Preview mode for emails in the Emails application was modified to be more resilient against cross-site scripting attacks.

  • Field editor – When defining new fields via the field editor interface, the configuration of the field's assigned UI form component was not persisted correctly in special cases. The problem occurred if the UI form component's configuration options used components with UI page commands. Such options are disabled by default during initial field creation due to certain system limitations. However, the initial save of the field didn't persist other configuration options that were available.

Updates and changes

Refresh (September 8, 2022)

version 22.2.0

New features

  • Introduced a new Modules application with the following functionality:
    • Support for creating and registering object types into the system. Object types contain metadata that describe the properties and behavior of database entities integrated into and leveraging certain Xperience features.

    • Support for extending system object types.
    • Support for entering macro expressions. Until now, macro expressions were used by the system in the background, but were not available to users. Currently, macros are usable when configuring the default values of object type fields via the Modules application.
  • Email management – New Email templates and Emails applications that allow users to prepare and edit the content of emails directly in the Xperience administration. See Emails for more information. Currently, such emails can only be used with form autoresponders.
  • Xperience Portal – Custom site domains and the SendGrid sender domain can now be assigned through Xperience Portal. See Domain names for SaaS deployment and SendGrid integration.
  • Integrations – Xperience offers an external module that integrates with the Disqus comment platform. The module contains a Disqus comments widget that provides the option to add a comment section to any page on your website. Disqus also offers advanced moderation tools, analytics and monetization options. The module is distributed as a NuGet package. For more information and detailed instructions, see the Xperience by Kentico Disqus Widget GitHub repository.
  • New Code editor UI form component for the administration. Provides a text editing area suitable for code, with support for syntax highlighting and line numbers.

Updates and changes

  • The original Emails application in the Xperience administration was renamed to Email queue. The new Emails application is now used to manage the content of emails. See Emails.

Fixed issues


  • After performing a project update, the system didn't correctly detect differences in the minor and hotfix version number of the database and project packages. The application now fails to start and returns an error on startup when such a version difference is detected. You always need to update both project packages and the database when performing an update.

Content management

  • Rich text editor – When using the Code View of the Rich text editor to edit page content in the Pages application, changes were lost after saving the page. After applying the refresh, the editor automatically switches to the default WYSIWYG view after clicking anywhere outside of the editor area, including the page's Save button, and changes are saved correctly.
  • Page Builder – Fixed minor vulnerabilities in the dependencies of Page Builder scripts.

User interface

  • Pages
    • Notifications about unsaved changes were not displayed correctly in the Pages application when attempting to move the page or its parent.
    • Deleting a page while editing another one prevented notifications about unsaved changes from being displayed.
  • Page types
    • After deleting a field in the Field editor within the Page types application, the configuration of the deleted field was incorrectly displayed instead of the values of the next field, which the field editor automatically expands.
    • The label text of the save button in the Field editor within the Page types application was unified to “Save”.
  • Forms – The General or After form submission options panel in the form editing interface was not hidden correctly after clicking into the Form Builder editing area.
  • Contact groups – The object selectors in contact group conditions were misaligned in certain cases.
  • Error messages displayed when attempting to delete an object with existing dependencies did not accurately describe the cause of the problem. For example, such errors occurred when deleting a page type with existing pages in the content tree.
  • Certain locations in the administration displayed unresolved resource string keys instead of the actual text (for example the descriptions of event log records related to page workflow status changes).
  • When working in a dialog within the Xperience administration, notifications and error messages were incorrectly displayed outside of the dialog in certain cases.
  • The explanation text for the Password component was not displayed correctly in some locations.
  • Certain inputs and selectors displayed incorrectly when they contained a very long text value.
  • When navigating between pages in listings within the administration, the screen didn't scroll to the top of the page content.


  • When running the dotnet kentico-xperience-dbmanager CLI command with the --recreate-existing-database parameter, the database configuration was not preserved in certain scenarios (for example for Azure SQL databases).

Hotfix (September 1, 2022)

version 22.1.3

Fixed issues

  • Licensing – A licensing error prevented access to the administration if the cross-site tracking feature was enabled for the application with CrossSiteTrackingOptions configured, and the license key was missing or expired.

  • Rich text editor – For applications running on the domain root (without an application path), URLs of images and links placed into rich text editor content in the Page Builder interface became invalid after saving and publishing the page. Applying the hotfix does not fix existing broken URLs, but allows you to create correct links by re-saving and publishing the affected pages again.

Hotfix (August 26, 2022)

version 22.1.2

Fixed issues

  • Licensing – The administration dashboard didn't work correctly when the license key had expired. As a result, users could not enter a new valid license.

Hotfix (August 19, 2022)

version 22.1.1

Fixed issues

  • Cross-site tracking – Calling the kxt('pagevisit'); function in cross-site tracking scripts generated an error in the browser console if the function’s optional onerror callback was not handled.
  • Infrastructure – The Kentico.Xperience.DbManager.dll library distributed as part of the Kentico.Xperience.DbManager NuGet package was missing a Microsoft Authenticode digital signature.
  • SaaS environment deployment – The Export-DeploymentPackage PowerShell script (provided as part of cloud project templates) created a malformed $StorageAssets directory within the resulting deployment package. The problem occurred for projects where an item in the directory had Copy to Output Directory set to a different value than Do not copy.

    To avoid the described issue for cloud projects created using an older version of the Kentico.Xperience.Templates package , update the package and recreate the project to obtain the newest version of the Export-DeploymentPackage script.

Refresh (August 12, 2022)

version 22.1.0

New features

  • Minimal APIs support – The system now supports application configuration using minimal APIs introduced in .NET 6.

    • Project templates from the Kentico.Xperience.Templates NuGet package were updated – newly created projects leverage the minimal API configuration model by default.

    • The legacy configuration model with separate program entry (Program.cs) and startup files (Startup.cs by default) remains fully supported, but its use is no longer recommended. All documentation and training materials now work with minimal APIs exclusively. To migrate your codebase to the new model, follow Migrate to the new minimal hosting model in ASP.NET Core 6.0 for framework code, and Configure new projects for Xperience-related code.

  • Page templates
    • Page templates can now be configured using custom properties.
    • Pages created using page templates that contain Page Builder content (widgets, sections) can now be saved as Preset templates and reused when creating other pages. Templates prepared by the developers (added via RegisterPageTemplate) are now referred to as Default templates. See Page templates.
    • When changing the Default page template of a page, users now have the option to transfer existing Page Builder content over from the current page, assuming editable areas in both the source and target template use matching identifiers. See the Implement page templates section on Page templates for Page Builder for developer documentation, and the Change templates of existing pages section on Page templates for business documentation.
  • Xperience Portal – The hash string salt value assigned to Xperience Portal projects is now visible in Xperience Portal, under the  Project info section of the project Dashboard. Previously, hash string salts were provided by Kentico alongside Xperience Portal projects using other channels.
  • User interface – The Xperience administration now uses an appropriately-themed dialog window when notifying users about interactive events (e.g., notifications about unsaved changes), instead of each browser's default notification system.

Fixed issues

Content management

  • Pages
    • After a page was moved in the content tree in the Pages application, the right-side workspace was not updated and could incorrectly display outdated information (e.g., a page's URL still reflected the previous position).
    • After discarding changes to a page in the Pages application, certain fields on the Content tab were not reverted to their previous values (not displayed correctly from the last published or archived version of the page).
    • When editing a page's URL slug via Properties in the Pages application, the caption of the save button now reflects the workflow state of the page – Publish change for published pages, and Save change for unpublished or archived pages.
    • When editing a page's URL slug via Properties in the Pages application, the Publish change button could disappear in rare cases.
  • Former URLs – Moving a page via drag-and-drop using the content tree in the Pages application incorrectly created a former URL for the page even when the page's URL was not affected by the move operation (e.g., a reorder within the same section of the tree).

Digital marketing

  • Contact groups – Attempting to close the contact group condition dialog with unsaved changes now displays a warning prompt.
  • Cross-site tracking – The Website name column in the listing of tracked websites under Cross-site tracking → Tracked websites incorrectly displayed the tracked site's code name instead of its display name.
  • Forms – The Form Builder interface could be displayed on different domains via an iframe (assuming certain conditions were met).

User interface

  • Admin UI form components
    • Text inside disabled Text area and Text input UI form components was not visible when using the Safari browser.
    • The asset selector UI form component didn't display the "required" indicator (red asterisk) when the corresponding field was marked as required. 
    • The object selector UI form component didn't reflect the Tooltip and InactiveMessage properties.
    • The URL selector UI form component could under certain circumstances lose focus unexpectedly when manually editing its value.
    • The clickable area of checkbox components in the administration was increased.
  • UI field visibility conditions – The system incorrectly evaluated UI form component visibility conditions that made use of transitive dependencies. In these cases, the system failed to correctly reflect the values of certain fields based on their (in)visibility when evaluating the condition, which could result in incorrect visibility states. For example, assume field dependencies A → B → C, which implies that field C also depends on field A. Setting A to a value that hides B must also hide C (due to transitivity), which was not the case. After applying the fix, complex visibility conditions that depend on hidden fields use either the hidden field's default value (if set) or an empty value.
  • Licensing – License expiration notifications were displayed incorrectly in certain cases.
  • Minor visual issues that could in certain cases appear throughout the administration interface across various browsers (listings and search inputs overflowing on smaller resolutions, incorrect shadows on certain elements, minor layout issues on specific pages, etc.).

Administration client code

  • The BarItemGroup component (@kentico/xperience-admin-components) generated the "Each child in a list should have a unique 'key' prop" warning in the browser console, for example when using the field editor in the Page types application.

Xperience Portal

  • The expiration date of the license key generated via the License key generator application in Xperience Portal can no longer be manually specified. License key expiration is now automatically managed by the portal – all generated keys are set to expire together with the validity of your Xperience subscription.
  • Xperience Portal password reset emails did not contain a password reset link if the user's email address included uppercase characters.
  • In the Xperience Portal Deployments application, the Deploy to drop-down for selecting the target environment was incorrectly enabled even where there was no existing deployment in the source environment.
  • The link to the License Key Generator on the Xperience Portal Dashboard didn't work.


  • If the Continuous Integration or Continuous Deployment command-line tools were run targeting a directory without a repository.config file, the processes got stuck and could only be terminated using a hard exit (Ctrl+C).
  • CI/CD commands returned a non-zero exit code in special cases even if the result was successful.

Project templates

  • When running the Dancing Goat project in Kestrel on Linux environments, accessing certain malformed images caused a complete shut down of the Kestrel hosting process, requiring a full application restart. The affected images were replaced. This change only applies to new projects created after updating the Kentico.Xperience.Templates NuGet package to version 22.1.0 or newer.

Database changes

  • The following database columns were removed. This was only a cleanup on the database level – the columns were no longer used by the system. 

    • CMS_Class table – ClassIsNavigationItem

    • CMS_Class table – ClassIsMenuItemType

    • CMS_Document table – DocumentShowInMenu

Hotfix (August 5, 2022)

version 22.0.4

Fixed issues

  • Cross-site tracking – Adding or revoking consent agreements using the kxt('consentagree', ...); and kxt('consentrevoke', ...); functions in cross-site tracking scripts incorrectly created an anonymous contact when the client’s browser blocked third-party cookies. In these cases, the contact was unnecessary and never contained any data, since tracking is not possible even if the visitor gives consent.

New features

  • Cross-site tracking – Functions in cross-site tracking scripts now provide an optional onerror callback, which allows custom handling for scenarios where cookies are blocked, as well as other error states. See Cross-site tracking .

Hotfix (July 29, 2022)

version 22.0.3

Fixed issues

  • Cross-site tracking
    • Checking the consent status of the current contact using the kxt('consentcontactstatus', ...); call in cross-site tracking scripts incorrectly created a new anonymous contact in cases where the visitor had not given consent to be tracked.
    • When a visitor accepted tracking consent on an external website, and then arrived on the main Xperience site, the system failed to detect the consent and didn’t automatically set an appropriate cookie level for the main site. After applying the hotfix, the cookie level specified during application startup via CrossSiteTrackingOptions is set automatically for tracked visitors from external sites, and the cross-site contact is merged with the contact representing the visitor on the main site.

Hotfix (July 22, 2022)

version 22.0.2

Fixed issues

  • Minor fixed issues without direct customer impact (e.g., improved confirmation message text for the database update CLI command).

Hotfix (July 15, 2022)

version 22.0.1

Fixed issues

  • Cross-site tracking – When using the default configuration, the cross-site tracking scripts attempted to reach a non-existing Kentico.CrossSiteTracking/Logger/LogCrossSiteAnalytics endpoint. This caused failed requests on the tracked site’s pages.

  • Contact groups – The recalculation warning displayed after editing a contact group’s condition behaved incorrectly. In certain cases, clicking the button didn’t immediately display the “loading” status, and the warning remained visible even after recalculation was triggered and successfully finished.

  • Forms – If validation failed for the Email or U.S. phone number fields when submitting a form, the validation error messages were displayed incorrectly (as unresolved resource string keys).

  • Licensing – The administration incorrectly displayed license expiration notifications when using an evaluation license. After applying the hotfix, expiration notifications only appear for full licenses.

  • Project templates – The Privacy page on the Dancing Goat sample site (kentico-xperience-sample-mvc project template) displayed an error if the data protection demo was not enabled in the Sample data generator application. The hotfix does not update existing sites, only new projects created based on the Dancing Goat template.

Xperience by Kentico (July 1, 2022)

version 22.0.0

The initial release of the Xperience by Kentico adopters program.