Feedback
Did this article resolve your question/issue?

   

Article

Advisory for Resolving Sitefinity Issues, February 2020

« Go Back

Information

 
TitleAdvisory for Resolving Sitefinity Issues, February 2020
URL NameAdvisory-for-Resolving-Sitefinity-Issues-February-2020
Article Number000155353
EnvironmentProduct: Sitefinity
Version: 9.x, 10.x, 11.x, 12.x
OS: All supported OS versions
Database: All supported Microsoft SQL Server version
Question/Problem Description

The following issues are being resolved in Sitefinity, which could lead to unexpected behavior. 

  • Absolute URLs generate incorrectly 

  • Same-site Cookies changes in browsers 

It is recommended that all Sitefinity users take action to upgrade their websites to the patch, containing a fix for their version. 

Steps to Reproduce
Clarifying Information
  • Absolute URLs generate incorrectly 

In the following scenarios, Links in Sitefinity are not generated properly.  (e.g in Load Balancing scenario, links are generated with the balancer URL balancer.com instead of site.com)

Article  URLs in single site generated with internal URL instead of "www." domain

Article  Cannot edit forms in Multisite when accessing the backend via "www." domain

Article  Multisite: When accessing multisite project remotely via domain, the pages cannot be edited in the new UI

Article  Sitemap: After security patch upgrade, accessing the Sitemap module in the backend throws a Null Reference exception

 

  • Breaking change in Chromium Based browsers now requires SameSite=None cookies to be generated with Secure attribute 

There is a breaking change in how browsers will handle cookies. Browsers will no longer accept cookies with SameSite=None parameter that are not secure. This would create problems regarding Out of the Box OpenIDConnect Authentication provider. 

More info can be found here:

Error Message
Defect Number
Enhancement Number
Cause
Resolution

It is recommended to upgrade to the latest available Progress Sitefinity CMS version that contains the most recent bugfixes and optimizations (including the abovementioned fixes).   
 
The bug fixes for the reported issues are also available in the latest released patch for versions below: 
 
  

Sitefinity version  

Patch Version 

URLs generated incorrectly 

SameSite Cookies 

12.2 

12.2.7226 or later* 

Yes 

Yes 

12.1 

12.1.7130 or later* 

Yes 

Yes 

12.0 

12.0.7034 or later* 

Yes 

Yes 

11.2 

11.2.6935 or later* 

Yes 

Yes 

11.1 

11.1.6829 or later* 

Yes 

Yes 

11.0 

11.0.6740 or later* 

Yes 

Yes 

10.2 

10.2.6652 or later 

Yes 

Yes 

10.1 

10.1.6543 or later* 

Yes 

Not applicable** 

10.0 

10.0.6432 or later* 

Yes 

Not applicable** 

9.2 

9.2.6277 or later* 

Yes 

Not applicable** 

9.1 

9.1.6186 or later* 

Yes 

Not applicable** 



*When upgrading, always make sure to upgrade to the latest available PATCH version as per your Sitefinity version. The last two numbers of the patch show the latest available number for the major version, e.g 12.2.72XX 

 

**Out of the Box OpenID provider is not available for versions prior to 10.2. 

Workaround
Notes
Last Modified Date11/20/2020 6:56 AM
Attachment 
Files
Disclaimer The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information.

Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.