coremedia.preview.js: Added Note About False Positive SAST Report

coremedia.preview.js might be reported by SAST tools like checkmarx. This is a false positive, the code injection is a central part of the preview integration and can only be performed by postMessage calls of authorized origins (see https://documentation.coremedia.com/cmcc-11/artifacts/2201/webhelp/studio-developer-en/content/SecurityCSP.html ).

(CMS-21402)

Search Query In Download Portal Is Now Escaped

Before the change the search query could contain HTML which was added to the search result without being escaped .

(CMS-21393)

Fixed Links to Categories with Apostrophes in IDs

When rendering a Teaser in a fragment that has pointed to a category in Salesforce with an apostrophe in the ID the Velocity interpreter in Salesforce was crashing during the link building. That was affecting the whole page. Such apostrophes in link parameters will be "escaped".

(CMS-21346)

Fixed a Bug Preventing Preview CAE to Start

Preview CAE did not start due to a cyclic bean dependencies exception reported by spring when es-p13n extension was disabled but the Elastic Social extension es was still active. Reported cycles involved beans of the following types:

The cyclic bean dependencies do no longer exist.

(CMS-20697)