You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Analytics: New DotAnalyticsCountPipe standardizes compact/full count formatting across the analytics dashboard, with improved tooltips and ARIA labels on pageview bar charts. (#35744)
Push Publishing: AllPushPublishEndpointsFailureEvent and SinglePushPublishEndpointFailureEvent now carry an optional List<EndpointFailureDetail> payload with HTTP status, FailureCategory (auth/authz/client/server/network/bundle), and a retryable hint — legacy 1-arg constructors preserved for backward compatibility. (#35765)
Content Search: Date and date_time fields in the Content Search portlet now render FROM/TO date pickers that build a Lucene range value, replacing the free-text Lucene input. (#35745)
UVE: Lock/unlock state is now validated across different pageViews behind the FEATURE_FLAG_UVE_TOGGLE_LOCK flag. (#35747)
Workflow API: New GET /api/v1/workflow/contenttypes/schemes endpoint accepts a comma-separated contentTypeIds query parameter and returns workflow schemes grouped by content type. (#35729)
Telemetry: Per-window and lifetime request-cost (token) counters are now published to an external REST collector on the existing 60s monitor tick — gated by REQUEST_COST_PUSH_URL + REQUEST_COST_PUSH_TOKEN, off by default. (#35749)
Security: New EncryptPlainPasswordsJob (Quartz, every 5 minutes) scans user_ for rows with passwordEncrypted = false, hashes the cleartext password via PasswordFactoryProxy, and flips the flag — gated by ENABLE_ENCRYPT_PLAIN_PASSWORDS_JOB (default true). (#35767)
Toolbar: The "Report an Issue" toolbar menu item is now gated behind FEATURE_FLAG_REPORT_ISSUE_ENABLED (default false). (#35759)
VTL Grid Block: Grid block renderer now collapses columns to full-width stacking below 768px via a scoped style block injected once per page. (#35783)
Fixes and Known Issues
OpenSearch: ConfigurableOpenSearchProvider now actually applies the configured SSLContext to the async connection manager, loads trust flags regardless of how TLS was enabled, and skips certificate verification by default via the new OS_TLS_CERT_REQUIRED property (set to true for strict validation). (#35735)
UVE Palette: Content retrieval now passes sorting parameters so palette results display in the expected order. (#35774)
Feature Flags: ConfigurationResource now case-insensitively normalizes boolean feature-flag property values ("True", "FALSE", "1", etc.) to canonical "true"/"false" strings — the frontend === 'true' comparison no longer silently fails for non-lowercase values. (#35769)
Edit Content (Locale Translation): Binary fields are now cleared on both populate and manual translate; HOST_FOLDER and RELATIONSHIP values are preserved during manual translation; relationship items resolve to the target language with the correct DotLanguage object so the language column renders; tags are no longer cleared by the legacy editor's populate flow. (#35738)
dotAI: Example image-model config updated to gpt-image-1; Image Playground response JSON now pretty-prints and wraps without overflowing; EmbeddingContentListener, BulkEmbeddingsRunner, and SearchResource now resolve the host before calling getEmbeddingsAPI() so site-scoped configurations work; search form validates required fields; model dropdown reads from providerConfig.chat.model; missing index now returns 404 with known indexes listed. (#35716)
Velocity: VelocimacroFactory now fails loud when a configured velocimacro.library file cannot be loaded — engine init throws and readiness probes go red until macros are healthy. Opt out with velocimacro.library.fail-on-missing=false. (#35768)
Tomcat: RemoteIpValveinternalProxies regex in setenv.sh now includes CGNAT 100.64.0.0/10 (RFC 6598) used by cloud load balancers, Kubernetes overlay networks, and Tailscale; also fixes a pre-existing brace bug in server.xml that broke Tomcat property resolution. (#35805)
Infrastructure & Security
CI Filters: .github/filters.yaml exclusion patterns refined so language property files under WEB-INF/messages and other path matches are correctly routed to area_backend. (#35779)
Release Tooling: Slack release announcement now includes a QA-coverage section listing PRs whose linked issues lack a recognized QA label (failed, missing, unlinked, external). (#35762)
Test Stability: Template_Resource Postman collection and SiteAPIIT integration test now retry the default-language lookup on cold start to avoid intermittent language_id = -1 FK violations. (#35787)
Test Stability: Workflow_Resource_Tests and GraphQLTests Postman collections now resolve and pass an explicit defaultLanguageId in request bodies that previously fell through to the -1L server default. (#35795)
