coremedia.preview.js: Added Note About False Positive SAST Report

coremedia.preview.js might be reported by SAST tools like checkmarx. This is a false positive, the code injection is a central part of the preview integration and can only be performed by postMessage calls of authorized origins (see https://documentation.coremedia.com/cmcc-11/artifacts/2201/webhelp/studio-developer-en/content/SecurityCSP.html).

(CMS-21402)

Fixed Links to Categories with Apostrophes in IDs

When rendering a Teaser in a fragment that has pointed to a category in Salesforce with an apostrophe in the ID the Velocity interpreter in Salesforce was crashing during the link building. That was affecting the whole page. Such apostrophes in link parameters will be "escaped".

(CMS-21346)