The security settings in apps/cae/core/cms-core/cae/cae-spring-security/src/main/resources/com/coremedia/cae/security-services.xml have been changed to also allow double encoded slashes and periods in URLs. This fixes e.g. the redirect after a successful login in Calista demo site.

(CMS-16217)