DocumentationAEM as a Cloud ServiceUser Guide

Maintenance Release Notes maintenance-release-notes

Last update: Wed Mar 04 2026 00:00:00 GMT+0000 (Coordinated Universal Time)
  • Applies to:
  • Experience Manager as a Cloud Service

CREATED FOR:

  • Admin

The following section outlines the technical release notes for the maintenance release of Experience Manager as a Cloud Service associated with 2026.2.0 feature activation.

Release 24464 release-24464

Summarized below are the continuous improvements for maintenance release 24464, which was publicly released on February 18, 2026. The previous maintenance release was release 24288.

The 2026.2.0 feature activation provides the full feature set for this maintenance release. See the Experience Manager Releases Roadmap for more information.

Enhancements enhancements-24464

  • AEMARCH-264: Add support for validating conditional requests based on RequestEntity.
  • AEMARCH-269: Expose JavaEE validation APIs for OpenAPI implementations.
  • AEMARCH-276: Provide i18n support through RequestEntity.
  • ASSETS-10995: Set limit on number of assets in download zip.
  • ASSETS-50788: Update Search API to use Asset Metadata GET API.
  • ASSETS-50946: Map request body using Metadata GET API to JCR metadata.
  • ASSETS-55866: Avoid submitting new request for same asset until previous processing is complete.
  • ASSETS-60300: Provide API to retrieve async job context and result.
  • ASSETS-60574: Add support for latest version of Sling API bundle.
  • ASSETS-61049: Continue metadata manager bundle development.
  • ASSETS-61692: Perform semantic search by default in Search Open API.
  • ASSETS-61696: BAM route and MFE wrapper on assets view.
  • ASSETS-61854: Send GenStudio solution in activation/deactivation message.
  • ASSETS-61973: Create API in AEM for managing prompts.
  • ASSETS-62182: Asset Compute event handler for c2pa-manifest rendition.
  • ASSETS-62311: Search regression issues.
  • ASSETS-62413: Add support for customModifier field in every layer in JSON.
  • ASSETS-62432: Merge folder delete API PR.
  • ASSETS-62540: Increase ui-touch-optimized version in quickstart.
  • ASSETS-62622: Handle search mode in MatchQuery.
  • ASSETS-62671: Fix MatchQuery startsWith operator.
  • ASSETS-62780: Add feature toggle for folder API.
  • ASSETS-62988: Hide c2pa manifest rendition from showing in renditions tab.
  • ASSETS-63336: Template syncing from AEM to DM should only happen for dam namespaced metadata.
  • ASSETS-63375: Put asset upload experimental OpenAPIs behind feature toggle.
  • ASSETS-63453: Ensure all users can read omnisearch config.
  • GRANITE-63744: Allow connecting async jobs to sling jobs.
  • GRANITE-64567: Automatically disable semantic search for SKU searches.
  • GUIDES-41187: Add headers for Guides usage.
  • SITES-30452: Content API with ASO - title & description suggestions.
  • SITES-33116: Fix path validation.
  • SITES-34234: Page editor: preserve content tree state.

Fixed Issues fixed-issues-24464

  • ASSETS-43198: Asset expiration notification emails do not respect user language preference.
  • ASSETS-51840: Asset processing improvements.
  • ASSETS-52061: Unable to navigate back after selecting saved search.
  • ASSETS-53155: Asset content improvements.
  • ASSETS-53745: Dynamic Media download flow requires unselecting original asset before choosing web preset.
  • ASSETS-54260: Asset content fixes.
  • ASSETS-54787: Asset content improvements.
  • ASSETS-57391: Asset content updates.
  • ASSETS-59213: cq-dynamicmedia-core depends on deprecated commons-lang library.
  • ASSETS-59214: cq-scene7-imaging depends on deprecated commons-lang library.
  • ASSETS-59546: cq-remotedam-client-core depends on deprecated commons-lang library.
  • ASSETS-59703: cq-dam-core depends on deprecated commons-lang library.
  • ASSETS-59705: cq-dam-handler depends on deprecated commons-lang library.
  • ASSETS-59707: cq-dam-indesign depends on deprecated commons-lang library.
  • ASSETS-59709: cq-scene7-core depends on deprecated commons-lang library.
  • ASSETS-59929: CSV from metadata export breaks when field has newline character.
  • ASSETS-60241: Async move job fails when renaming folder.
  • ASSETS-61134: Remove comparisonVersion tags from pom files.
  • ASSETS-61309: Content Fragment move/copy no longer updates internal references.
  • ASSETS-61730: Redirect to Direct Binary Access should respect asset encoding.
  • ASSETS-62358: Assets report CSV shows corrupted values in content path.
  • ASSETS-62610: Adobe Stock license button disabled in Assets UI.
  • ASSETS-62613: NPE in downloadasset/saveas.
  • ASSETS-62656: Omnisearch AI search indicator incorrectly shown for non-Assets searches.
  • GRANITE-55387: Correcting word enclosed in quotes deletes entire word.
  • GRANITE-61240: RCE via stored XSS in lazycontainer.js.
  • GRANITE-64101: OOTB indexes converted to ES reverted back to Lucene on restart.
  • SITES-24530: Touch target of close/remove buttons in search modal not large enough.
  • SITES-31425: Unlocalized error message in start workflow.

Known Issues known-issues-24464

None.

Deprecated Features and APIs deprecated-24464

Deprecated and removed features and APIs in AEM as a Cloud Service are detailed in the Deprecated and Removed Features and APIs document.

Security Fixes security-24464

AEM as a Cloud Service is dedicated to optimizing your platform’s security and performance. This maintenance release addresses 14 identified vulnerabilities, reinforcing our commitment to robust system protection.

Embedded Technologies embedded-tech-24464

Technology
Version
Link
AEM Oak
1.90.0
Oak 1.90.0 API
AEM SLING API
2.27.6
Apache Sling API 2.27.6 API
AEM HTL
1.4.28-1.4.0
HTML Template Language Specification
Apache HTTP Server
2.4.65
Apache Httpd 2.4.65
AEM Core Components
2.30.4
AEM WCM Core Components
Node.js
14 (default)
Supported Node.js versions

Release 24288 24288

Summarized below are the continuous improvements for maintenance release 24288, which was publicly released on February 4, 2026. The previous maintenance release was release 23963.

The 2026.2.0 feature activation provides the full feature set for this maintenance release. See the Experience Manager Releases Roadmap for more information.

NOTE
Release 24222 has been made private.

Enhancements enhancements-24288

  • CNTBF-604: Create new contentbackflow bundle release.
  • CQ-4361592: Add TypeHint support for project creation and update.
  • CQ-4362198: Latest AEM and Granite package translations.
  • GRANITE-36205: Update internal Oak release version to latest.
  • GRANITE-59211: OPTEL: Added nonce support and self-service configuration.
  • GRANITE-62166: Update migration bundle to reuse migration states from migration tool.
  • GRANITE-62598: Remove redundant property exclude from content package filter.
  • GRANITE-62684: Make client socket timeout configurable through skyline-ops.
  • GRANITE-62702: Replace sling discovery with standalone implementation for online migration.
  • GRANITE-62763: Update Guava deprecation exception list based on ASSETS rotary.
  • GRANITE-62771: Fail Quickstart builds when new deprecated Commons-Lang dependencies are introduced.
  • GRANITE-62987: Update Felix webconsole to version 5.0.18.
  • GRANITE-63339: Improve lease mechanism for Azure migration-state blob.
  • GRANITE-63343: Add support for the latest version of the Sling API bundle in workflow.core.
  • GRANITE-63799: Bump OIDC Authentication Bundle version.
  • GRANITE-63821: Update Quickstart to filevault release fixing JCRVLT-831/JCRVLT-839.
  • GRANITE-63827: Update Quickstart to the latest public release of Oak (1.90.0).
  • GRANITE-63888: Update Quickstart to Jackrabbit 2.22.3.
  • GRANITE-64030: Add keywords and patterns to the allowed list for Expression Language Validator.
  • GRANITE-64050: Allow for hidden conf folders to hide external product functionality.
  • SITES-30452: Content API with ASO - Title and Description Suggestions.
  • SITES-38099: Update testing-model.txt to use higher version of sanity checks.
  • SKYOPS-43616: Migrate Jenkins credentials to Vault in dispatcher repositories.
  • SKYOPS-108584: Bump FACT tool from 0.6.0 to 0.6.10.
  • SKYOPS-115691: Upgrade CORS filter bundle to add Vary Origin header on preflight requests.
  • SKYOPS-123094: Update Apache HTTP components in Quickstart.
  • SKYOPS-123236: Include rep:cugPolicy in the replication package.
  • SKYOPS-123240: Update CRXDE dependencies in Quickstart.
  • SKYOPS-123247: Update Sling XSS bundle in Quickstart.
  • SKYOPS-123250: Update Sling security bundle in Quickstart.
  • SKYOPS-123327: Require Java 21 for the AEM-CS SDK.
  • SKYOPS-125574: Update netcentric AC Tool bundles in Quickstart.
  • SKYOPS-126150: Improve top command for thread dumps generator script.

Fixed Issues fixed-issues-24288

  • FORMS-23687: Fix SSV validation failure when contains rule is used without default value.
  • GRANITE-48472: Localize error when changing password in the Edit User Settings tab.
  • GRANITE-50286: Fix layout issue in the status column of User Management modal.
  • GRANITE-52301: Localize Unable to commit changes to session string in Security Groups.
  • GRANITE-52920: Localize error when creating user in Security Create New User.
  • GRANITE-54654: Localize string in Security Adobe IMS Configurations Check dialog.
  • GRANITE-56371: Fix incorrect data format in Security Trust Store.
  • GRANITE-62717: Upgrade crypto keystore for JSafe password handling with non-ASCII characters.
  • GRANITE-62789: Update messaging-client to support no retries mode on content distribution.
  • GRANITE-62824: Fix NullPointerException when accessing Groups tab in User Editor.
  • GRANITE-63080: Make import of org.slf4j.spi compatible with slf4j 2.x.
  • GRANITE-63210: Update distribution core to fix dispatcher invalidation on publish startup.
  • GRANITE-63293: Fix mandatory pathfield losing the required asterisk after first authoring.
  • GRANITE-63360: Fix wrong information shown when multiple paths are selected.
  • SITES-36242: Narrow down GraphQL execute regex to fix dispatcher filter bypass.
  • SITES-40122: Fix of Edge Delivery integration with content-distribution ImsService.
  • SKYOPS-84379: Use the latest FACT tool for proper feature toggle pickup by RDEs.
  • SKYOPS-121216: Revert update to Jackson 2.20.0 libraries.

AEM Guides guides-24288

  • GUIDES-38198 : When updating an inline MathML equation using the Edit MathML option from the context menu, the updated value is not reflected until the page is refreshed.
  • GUIDES-38276: Unable to remove Version labels from Version history panel in Assets UI.
  • GUIDES-36641: When generating AEM Sites output, the map titles containing keywords and topic titles with <ph> element are not getting included in the published output.
  • GUIDES-37837: When attempting to save a topic or map, the operation may intermittently fail with a Failed to save file error, particularly during intensive asset processing tasks or translation workflows running in the background.
  • GUIDES-27774: The Broken list report is incorrectly including external links, valid keyrefs and keywords that are properly resolved within scope of current map.
NOTE
There is a breaking change in AEM Guides to be aware of: Improved handling for Read only files.

For more information about the new and enhanced features and issues fixed in the release, view the Experience Manager Guides release roadmap.

Known Issues known-issues-24288

  • SITES-40408: GraphQL endpoint returns 404 due to the custom dispatcher rewrite rules.

Deprecated Features and APIs deprecated-24288

  • AEMSRE-2896: Fix customized logmanager configuration handling.
  • GRANITE-62802: Remove deprecated commons-lang dependency from granite.auth.saml.
  • GRANITE-62805: Remove deprecated commons-lang dependency from granite.httpcache.core.
  • GRANITE-62864: Remove deprecated commons-lang dependency from granite.jobs.async.
  • GRANITE-62865: Remove deprecated commons-lang dependency from granite.replication.core.
  • GRANITE-62868: Remove deprecated commons-lang dependency from granite.rest.api.
  • GRANITE-62895: Remove deprecated commons-lang dependency from translation.connector.msft.core.
  • GRANITE-63069: Deprecate com.adobe.granite.httpcache.core.
  • GRANITE-63179: Remove deprecated commons-lang dependency from cq-workflow-impl.
  • GRANITE-63180: Remove deprecated commons.lang export from cq-mailer bundle.
  • SKYOPS-123329: Drop Java 11 support for AEM Ethos deployments and update commons-lang3.
  • SKYOPS-124983: Remove deprecated nashorn.args from AEM startup scripts.

Deprecated and removed features and APIs in AEM as a Cloud Service are detailed in the Deprecated and Removed Features and APIs document.

Security Fixes security-24288

AEM as a Cloud Service is dedicated to optimizing your platform’s security and performance. This maintenance release addresses 10 identified vulnerabilities, reinforcing our commitment to robust system protection.

Embedded Technologies embedded-tech-24288

Technology
Version
Link
AEM Oak
1.90.0
Oak 1.90.0 API
AEM SLING API
2.27.6
Apache Sling API 2.27.6 API
AEM HTL
1.4.28-1.4.0
HTML Template Language Specification
Apache HTTP Server
2.4.65
Apache Httpd 2.4.65
AEM Core Components
2.30.2
AEM WCM Core Components
Node.js
14 (default)
Supported Node.js versions
recommendation-more-help
fbcff2a9-b6fe-4574-b04a-21e75df764ab