Release 26.04.28-04

Release: v26.04.22-02 → v26.04.28-04

Caution

Rollback Warning: This release contains an irrevertable change that is non-trivial to rollback from.

• dotAI: LangChain4J custom UI for provider config introduced backend persistence and route changes that cannot be cleanly reverted. (#35445)
• dotAI: Rollback of the LangChain4J integration removes endpoints and persisted config shape introduced earlier in the series. (#35494)

Features & Enhancements

• AI Embeddings: EmbeddingsRunner now carries a ~50-token overlap between consecutive chunks so semantic context survives chunk boundaries. (#35367)

Fixes and Known Issues

• Workflow Wizard: DotWizardService now creates a fresh stream per open() so cancelling a wizard no longer fires queued workflow actions on later, unrelated submissions. (#35423)
• Block Editor: Image wrap-left and wrap-right toolbar icons now match the layout they produce, and the missing block-editor.bubble-menu.image.wrap-left / wrap-right i18n keys are populated so tooltips render correctly. (#35424)
• Block Editor: Bubble-menu superscript and subscript toggles are now mutually exclusive in the legacy edit view. (#35414)
• Block Editor: Category and Tag fields on nested contentlets are now hydrated in StoryBlock responses, with consistent categories output even when no categories are assigned. (#35413)
• Block Editor: Nested contentlet updates now propagate through relationship-chain hydration without throwing JsonParseException on non-JSON _raw defaults. (#35412, #35452)
• Block Editor: StoryBlock JSON parsing now guards against scalar values, isolates per-field failures, and no longer throws Cannot deserialize value of type LinkedHashMap from Integer from /api/content/_search. (#35469)
• Content API: BinaryViewStrategy no longer poisons the contentlet map with emptyMap() for empty binary fields, and Contentlet.getBinary() guards its cast — eliminating ClassCastException / DotDataException: null on related-content responses at depth≥1. (#35283)
• Permissions: RulesAPIImpl.getAllRulesByParent() skips the VIEW Rules permission check when a page has no rules, restoring the ability for non-admin users to copy rule-less pages. (#35404)
• Permissions: PermissionCacheImpl.clearCache() now flushes the short-lived group as well, and role grants/revocations queue a post-commit short-term cache flush so revoked roles take effect immediately. (#35458)
• Workflow: VelocityScriptActionlet now propagates WebKeys.USER onto its mock request so $workflowtool.fire() runs as the triggering user instead of anonymous. (#35459)
• UVE: Radio and checkbox inputs in the quick-edit form are now scoped by field.variable, preventing selections in one field from affecting another. (#35433, #35451)
• Content Types: Field editor dialog now resets DotTextareaContentComponent and recreates the dynamic property component on each new field, eliminating leaked state from a previously saved field. (#35435)
• Key/Value Field: Key control now revalidates when the forbidden-keys map changes, clearing the duplicatedKey error after the conflicting entry is deleted. (#35455)
• Auth: LoginService.changePassword now sends a JSON object body so POST /api/v1/changePassword is no longer rejected with HTTP 415, fixing the Password Recovery flow. (#35440)

Infrastructure & Security

• Icons: Migrated core-web from the deprecated Material Icons font to Material Symbols Outlined (variable font), updating SCSS, JSPs, web components, and the icon picker — net asset increase ~3 MB served lazily with font-display: swap. (#35449)
• Style Editor: Restructured style editor schema handling and removed unused hooks to streamline the codebase ahead of upcoming feature work. (#35355)