2025-2026 Optimizely CMS 11 release notes

  • Updated

Follow this article to receive email notifications when new Optimizely Content Management System (CMS 11) packages are available for 2024, 2025, and 2026. Product packages are found on the Optimizely NuGet server

Are you looking for release notes before January 2024? See the Optimizely Release Notes on the Optimizely World site.

You can find prior versions of user guides (2021 and older) and when functionality was released or deprecated at the following locations:

Most recent releases

Date Release Type
April 15, 2026 CMS ConnectForSharepoint 2.4.2 Bug fix
April 10, 2026 CMS major version policy announcement Announcement
February 25, 2026 CMS Core 11.21.5 Bug fix
June 30, 2025 CMS Core 11.21.4 Enhancements and bug fixes
April 22, 2025 CMS Core 11.21.3 Bug fixes
February 11, 2025 CMS UI 11.37.4 Bug fix
February 2, 2025 CMS Azure 11.2.1 Bug fix

CMS 11

CMS major version policy—April 10, 2026

Active Development

All new product development is focused exclusively on the latest major version of CMS. No new functionality will be built for earlier major versions. The current latest version is CMS 13.

Optimizely actively monitors, triages, and fixes severe bugs and security issues for the current major version and one prior major version. The currently maintained versions are CMS 13 and CMS 12.

As part of this policy, Optimizely does not provide ongoing bug monitoring, bug fixes, security monitoring, or patch releases for older major versions (CMS 11 and earlier), except in cases involving severe security vulnerabilities raised by customers/partners. This approach allows Optimizely to continue investing in innovation and the long-term evolution of the platform while balancing the realities of maintaining the older versions of our software.

Support Policy

Optimizely will continue to provide support for all major versions of CMS for existing customers. Our support teams will work with customers to investigate, triage, reproduce, and provide guidance on reported issues, including security-related concerns. While customers may continue operating older versions of CMS, resolution options may vary depending on the age of the version, underlying platform dependencies, and technical feasibility.

CMS 13 represents one of the most significant releases for Optimizely CMS, with major investments in AI-powered capabilities, the new Visual Builder, Embedded DAM, performance improvements, extensibility, and modern developer tooling — all designed to support the next generation of digital experiences. We STRONGLY encourage customers to upgrade to the latest version to take advantage of these advancements.

End of Life

Optimizely does NOT enforce end-of-life through forced upgrades, disabled environments, or removal of access to older versions. Customers may continue using older major versions of CMS based on their business needs and migration timelines.

EPiServer.CMS.Core

11.21.5—February 25, 2026

Bug fix

  • Fixed an issue where you could not upgrade to a higher version due to a package limitation on the transitive Microsoft.Extensions.Options package.

11.21.4—June 30, 2025

Enhancements

A user can embed JavaScript in XhtmlString properties and in uploaded files. Often this is intended, but sometimes it can be malicious.  Through configuration, you can specify the following options for MediaUploadModeXhtmlString, LinkItem and Url when you upload a file with scripts or in other properties.

  • Keep = If the file contains JavaScript, then keep and execute it. If a property has JavaScript, allow it.
  • Remove = If the file contains JavaScript, remove the script before saving the file. If a property has JavaScript, remove it.
  • ThrowException = If the file contains JavaScript, do not upload the file and display an error in the upload dialog box. If a property has JavaScript, display an error.

See Filter JavaScript from properties and files

Bug fixes

  • CMS-36261 – Fixed a timing issue that occurred when there were many content types and simultaneous access to certain types. The issue arose because EagerCompileProxies was called in a background thread, and if there are many ContentTypes, it takes time to generate proxies. During this proxy generation, if someone accessed types using AppDomain.CurrentDomain.GetAssemblies() and subsequently attempted to access those types, an exception was thrown.
  • CMS-28200 – Fixed an issue where indexing failed due to a license check error during serialization.

11.21.3—April 22, 2025

Bug fixes

  • CMS-31794 – Fixed an issue where a vulnerability existed between the SQL client and the SQL server in System.Data.SqlClient NuGet packages. See Microsoft security advisory announcement: https://github.com/dotnet/announcements/issues/292#affected-packages.
  • CMS-28027 – Fixed an issue where, when you clicked Stop Job on a custom long-running scheduled job, the job became stuck in a running state and displayed The job is stopping message.  There was no change upon reloading the page and you could not start or stop the job from that state. Now, the job stops successfully and a message prompts you to refresh the page to see the updated status. 

EPiServer.CMS.UI

11.37.4—February 11, 2025

Bug fix

  • CMS-38861 – Fixed a type issue in the tooltip dialog for installations using sv-SE culture.

EPiServer.Azure

11.2.1—January 7, 2025

Bug fix

  • CMS-38103 – Fixed an issue by restoring two methods, AzureBlobProvider.Initialize() and AzureBlobProvider.Validate(string connectionString, string containerName) to avoid breaking changes.

EPiServer.ConnectForSharePoint

2.4.2—April 15, 2026

Bug fix

  • CMS-51445 – Update the authentication option for SharePoint Online to only allow Modern authentication. Microsoft deprecated cookie-based authentication and Azure ACS app principals. Now, SharePoint Online customers must use Modern (OAuth 2.0) authentication. See Optimizely Connect for SharePoint online.