You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Content Types: /contenttype/render/id/{idOrVar} now accepts an optional inode query parameter so custom-field templates can resolve contentlet-specific Velocity variables ($inode, $identifier, $lang, $contentlet). (#35830)
Block Editor: Notion-style contextual table editing with per-cell column/row/selection handles, plus accessibility-aware schema additions (caption, aria-label, aria-labelledby, automatic scope on header cells). (#35740)
SDK (Angular): New <dotcms-block-editor-renderer-native> component emits clean semantic HTML (<ul><li><p>…</p></li></ul>) with no wrapper elements between semantic tags; the original renderer is now @deprecated. (#35855)
Field Interceptors: DotFieldInterceptorManager now updates input/textarea values via setFromAngular when present and dispatches input/change events so Angular-controlled fields stay in sync. (#35840)
Content Analytics: Contentlet wrapper <div> (with dotcms-contentlet class and data-dot-* attributes) is now emitted in LIVE mode for traditional pages whenever content tracking is enabled, so the Analytics SDK can record click and impression events with full metadata. (#35832)
Health: New VelocityHealthCheck exposes a readiness signal via /readyz that verifies the Velocity global macro library is registered, so Kubernetes can drain traffic from pods where macros render as literal text. (#35771)
OpenSearch Migration: Adds vendor-neutral OpenSearchExceptionMapper, marks ES-coupled classes with greppable // ES-DECOMMISSION: comments, and removes ES vendor imports from several utility classes. (#35824)
Fixes and Known Issues
Content Types: Editor no longer loses local layout mutations (add/delete/edit/reorder field) when switching tabs — removed the reuseRoute: false flag that was destroying the editor subtree and rehydrating from a stale resolver cache. (#35845)
UVE: Content palette's "Sort by Most Popular" option now sorts descending so the most-used content types appear at the top. (#35851)
UVE: Breadcrumb no longer shows the previous page's title during navigation and now produces a proper clickable /dotAdmin/#/edit-page/content?... link. (#35856)
UVE: Page Scanner now resolves the URL host from the page's site.hostname on traditional pages instead of the admin origin, so reports target the correct host. (#35649)
Block Editor: Block gutter (drag grip + + button) no longer overlaps the table row handle, and editor horizontal padding has been bumped so the gutter stays inside the scroll container. (#35879)
Content Analytics: Closing </div> for the contentlet wrapper is now emitted in LIVE mode whenever tracking is enabled, fixing unbalanced markup that broke impression events on live traditional pages. (#35881)
Infrastructure & Security
Security / Tomcat: Upgrade bundled Apache Tomcat from 9.0.113 to 9.0.118, resolving fourteen published CVEs including the Important-severity EncryptInterceptor padding oracle (CVE-2026-29146) and its bypass (CVE-2026-34486). (#35796)
Frontend Theming: PrimeNG's palette() is now the single source of truth for both PrimeNG design tokens and the legacy --color-palette-* CSS vars; the unused shade-generator dependency was removed and DotUiColorsService was simplified. (#35870)
CI / SDK Release: SDK trunk and manual release workflows now post failure notifications to #log-sdk-libs, handle existing release branches idempotently, and include a direct link to the post-release VERSION-bump PR in success messages. (#35742)
CI / Release QA: Slack release-QA bucket counts now deep-link to the correct job-summary section by targeting the #user-content-<anchor> IDs that GitHub's markdown sanitizer actually renders. (#35842)
CI / Release QA: Corrected swicken GitHub login and added adrianjm-dotCMS in slack-mappings.json so release-QA notifications produce real Slack @-mentions. (#35836)
Docs / OpenSearch: Adds a docker-compose stack running OpenSearch 1.3.x and 3.4.0 side-by-side with auto-provisioned users and roles for ES→OS migration testing. (#35864)
Postman Tests: Workaround scripts in five Postman collections kept tests passing in environments where getDefaultLanguage() returned the LANG__404 sentinel (id=-1); a follow-up consolidation retires these workarounds now that the underlying default-language resolution is fixed. (#35817, #35816, #35818, #35838, #35850)
