Optimizely - update 473

Fixed an issue where you could not delete an organization that had a primary contact ID assigned to it.

Fixed an issue that cleared errors on ViewContext.ModelState when you rendered a partial content (such as  through a content area). For example:

1. Add following line to DefaultPageController.Index method.
   ModelState.AddModelError("AnError", "some error");
2. Put breakpoints in a view that renders a contentarea before and after the contentarea (such as StandardPage/index.cshmtl)
3. Access a page that contained an area item that is rendered with a view such as  https://localhost:5000/en/about-us/
4. In the breakpoint before the rendering of the contentarea, look at ViewContext.ModelState. The error was present in the breakpoint before rendering the content area but Errors was cleared after the rendering of the contentarea.

Fixed an issue that prevented a validation error (The number must be positive.) from displaying until after the page was published. This issue occurred when an inline block had a block type that used a custom validation attribute, so it appeared only during publish but not when a draft was auto saved. 

Fixed an issue that caused an error when application instances were started simultaneously and one of the application instances detected a ContentType or Property was updated by another application. The error prevented the ContentModel change from being applied.

The new Content Type Management UI supports grouping of property data types. To let other products and apps (add-ons) add their property types to such groups, a GroupName property is added to PropertyDefinitionType.

Fixed an issue that caused a "drift" in scheduled job times due to delays employed to reduce risk of resource starvation.

When several jobs have approximately the same scheduled execution time, the scheduler service adds a delay of 10 seconds between each job execution to reduce the risk of resource starvation (for example thread).

However if there are many short-lived jobs that are scheduled with a short time interval then they might "drift" in start time due to this delay; for example, runs every third minute instead of every minute as it was scheduled.

You can configure the delay configurable to define a shorter interval if it suits your jobs better.

Fixed an issue that occurred in the Cleanup job if you set Retention policy to Forever.

Fixed an issue that prevented properties from being saved when you were in MongoDbPermanentStorage mode.

Fixed an issue that prevented you from submitting a form if your session had expired before you went to the next step or submitted the form.

Fixed an issue that prevented you from setting a header for StaticFile.

Added the following option to the Forms section in appsettings.json.

"Forms": {
  "FormsConfigOptions": {
    "StaticFilesHeaders": {
      "Strict-Transport-Security": "max-age=63072000; includeSubDomains; preload"
    }
  } 
}

To test this:

1. Show a page that has a form.
2. Press F12.
3. Open the Network tab.
4. Verify that the  /Util/Episerver.Forms/EpiserverForms.js and /Util/Episerver.Forms/jquery-3.5.1.min.js URLs have a header:

"Strict-Transport-Security": "max-age=63072000; includeSubDomains; preload"

Fixed an issue that occurred after a form was submitted, which duplicated the content of a display message when WorkInNonJSMode = true.

Fixed an issue that prevented you from going to the next step in a form when you set renderingFormUsingDivElement ="true" in appsettings.json.

Fixed an issue that did not display a second form if the first form had Display message after form submission.

Improved security to mitigate a high-severity security vulnerability that might give an attacker access to sensitive data in the application.

Read more at: https://world.optimizely.com/blogs/bien-nguyen/dates/2023/9/vulnerability-in-episerver-googleanalytics--v3-and-v4/