Adobe Experience Manager 6.0 hot fixes
Adobe Experience Manager 6.0 Service Pack 3 was released on October 22, 2015.


Install all the hot fixes present here on top of the latest available Service Pack 3.

The installation of latest Service pack is recommended that includes security, performance, stability, and key customer fixes and enhancements released since the general availability of Adobe Experience Manager 6.0. 

The direct link to the latest Service Pack (SP 3) on Package Share is

Find the full release notes at

It includes the overview of what the Service Pack contains, the installation instructions, and the list of hot fixes that it replaces.

As you can see, Service Pack 3 includes all hot fixes released previously for 6.0.

Therefore, this page only lists the recommended hot fixes to install on top of SP3, sorted by product module as before.

You can find the old content, which is all recommended hot fixes before the release of Service Pack 3 here.


Most of the hot fixes are accessible through direct links to the Package Share's public section.

You can access the Package Share with a registered user as mentioned here

  • Request the other hot fixes via an AEM Support ticket.
  • Most hot fixes are stand-alone unless specified and can be installed in any order. It can be self-verified by looking at "Details" tab Dependencies element in package share.  
  • At the moment, the release notes of the public hot fixes are only available per request via the AEM Support Portal. Package Share will soon hold them directly.


For 6.0 and earlier, Adobe used to release hot fixes for individual customer issues. Starting with AEM 6.1, Adobe introduced a single delivery model for releasing fixes. Instead of providing individual fixes, Adobe releases regular Cumulative Fix Packs (CFPs), which aggregates multiple fixes into a single package. 


Security vulnerabilities

Date Name Description of fixes
October 28 2015 Hotfix 5238     Security fix in Apache Felix HTTP Jetty bundle
December 15 2015 Hotfix 8364
Java deserialization issues mitigation agent
Feb 02 2016 Hotfix 8673 Security fix container for AEM 6.0
July 19, 2017 Hotfix 17136 Fix for XSS vulnerability in the output generated by HTMLRendererServlet
July 20 2017 Hotfix 17203 Removal of CQ Web Syndication feeds page
July 21, 2017 Hotfix 16617 Fix for MIME type validation when binaries of files are uploaded to AEM
July 21, 2017 Hotfix 16561 Fix for issues with uploading avatar images for LDAP users


To install Hotfix 5238, follow the instructions below :-

  1. Stop AEM
  2. Create the folder crx-quickstart/install/5
  3. Copy the 2 files (org.apache.felix.http.api-2.4.0-R1633120.jar and org.apache.felix.http.jetty-2.4.0-R1633120.jar) contained in the hotfix zip file to the new folder crx-quickstart/install/5
  4. Start AEM

Available Oak Cumulative Fix Packs

Oak 1.0.42

The current recommended Oak version is 1.0.42, while Service Pack 3 includes Oak 1.0.22.

Oak 1.0.42 is available as a stand-alone hot fix, without a dependency on Service Pack 3


Date Name Release notes
May 15, 2018
Hotfix 21649 Oak 1.0.42

The oak-run tool is available on the Maven Central Repository. Leverage the same oak-run version as the oak-core bundle in use.

The crx2oak repository migration tool is available on


To make the best usage of your up-to-date Oak Repository, check carefully the Oak section of our 6.0 performance tuning page, which contains the latest tips around index optimization and efficient repository compaction.


Uninstalling an OCFP is not supported.


Date Name Description of fixes
August 27 2015 Hotfix 7026    

While opening a page Google Chrome reports warning "Synchronous Ajax requests should be avoided, especially while loading the page". For more information, see the release notes.

Note: If you are using AEM forms, install the latest AEM forms add-on package. Contact Adobe support to get the latest package.

Oct 20 2015 Hotfix 7894 Assets are listed very slowly in damadmin
Nov 4 2015 Hotfix 8086 Slow search in CF#


Date Name Fixes
Nov 17 2015 Hotfix 8388 Uploading PDFs with certain encrypted info makes Asset Update workflow stuck


No recommended hot fixes so far on top of SP3.


Adobe recommends to use the latest version available of the Dispatcher.

Find version 4.1.11 available for download at .


Date Name Fixes Dependencies
Oct 27, 2016 Hotfix 12444 Updates resolve an important input validation issue in the WCMDebug filter that can be used in cross-site scripting attacks.

AEM 6.0 SP3

Hotfix 12540

Oct 27, 2016 Hotfix 13297 Resolves an input validation issue that can be used for
cross-site scripting attacks.

AEM 6.0 SP3

Hotfix 10767

July 24, 2017 Hotfix 16005 Fix for dispatcher IP exposed via SurferInfoMgr.  AEM 6.0 SP3


Date Name Fixes
August 8 2014 FeaturePack 4137

S3 Datastore connector on AEM 6.0 OAK.

Version 1.8 available since July 10t 2015.

Jan 28 2016 Hotfix 9029 OSGi Component Leak of Search Predicate components when doing DAM search
Oct 30 2015 Hotfix 8193 Memory thread might be terminated by already unregistered bundles/services
Oct 20 2015 Hotfix 8108 Gibson infinite loop in text extraction for indexing
Feb 02 2016 Hotfix 9156 Version purge fails fast on Pages that were deleted and recreated with javax.jcr.UnsupportedRepositoryOperationException
June 6th Hotfix 9336 JCR Installer paused by package install and never unpaused


Authoring/User interface

The Touch user interface Improvement Pack is included in SP3.

Read carefully our recommendations and best practices around user interface in Adobe Experience Manager 6.0 at

Release notes of the above Update Pack, as well as Touch-Optimized specific fixes in our Service Packs can be found on the same page in the Touch-Optimized user interface Improvements section.

Date Name Description of package
Nov 18 2015 Hotfix 8205 Moving activated and referenced page by drag and drop is not working in siteadmin


Date Name Description of package
Nov 03 2015 Hotfix 8126 RolloutManager: move of manually created Pages unpublishes Page


Date Name Description of package
June 5 2015 Hot fix 6431* Sightly FP 1.1 - AEM 6.1 Sightly scripting engine for AEM 6.0


Dynamic Media

No recommended hot fixes so far on top of SP3.

The Dynamic Media Feature Pack is included in SP3.


Date Name Fixes
August 3, 2016 AEM 6.0 Social Communities Fix Pack *
v1.5.173, 7/27/2016
This fix pack contains the latest set of fixes for the 6.0 release of AEM Social Communities. See the 6.0 documentation.


Adaptive forms

Date Name Fixes
May 5, 2017 Hotfix 2.0.58
January 8, 2016 Hot fix 2.0.56
  • In HTML Workspace, no action is performed on pressing the Submit button. (NPR-9148)
  • Adding/deleting an accordian disables the visibilityExpression of components. (Ref# CQ-77727)
January 8, 2016 Hot fix 2.0.54
  • For repeatable panels of adaptive forms, the short description and long description properties do not work properly. (NPR-8632)
October 30 2015 Hot fix 2.0.52
  • Static text model content goes blank during data prefill. (Ref# CQ-54451) 
September 3 2015 Hot fix 2.0.46
  • Data in the drop-down list gets reordered when adding a new second row. (Ref# CQ-52098)
  • Data merged for a repeatable panel is not available to the initialize scripts. (Ref# CQ-52054)
  • Script execution on adding or removing instances of repeatable panel or row is now optimized. (Ref# CQ-52057)
  • Post call to guideContainer.analyticsconfigparser.json on rendering of an adaptive form, even when analytics is not enabled, is now optimized. (Ref# CQ-51164)
  • Post call to guideContainer.fd.tempstorageprovider.jsp on rendering of an adaptive form, even when the data is not entered, is optimized. (Ref# CQ-51169)
July 24 2015
Hot fix 2.0.32

HTML5 forms

  • Pages in a particular document do not render. (Ref #CQ-49461)
  • The prevText and newText properties do not work properly. (Ref #CQ-49382)

Adaptive forms

  • Localization of multi-valued custom dialog components does not work. (Ref #CQ-47890)
  • Drop-down list component from Adaptive form group does not populate in the preview mode. (Ref #CQ-46318)
June 17 2015 Hot fix 2.0.28
  • Dictionary entries are not created for custom dialog elements. (Ref# LC-3913647)
  • Validation error messages are not translated for user added languages (Ref# LC-3913524)
  • When the adaptive form is rendered in Internet Explorer 9 browser, a
    JavaScript error related to guidelib.js ocuurs. The error causes
    rendering/display issues. (Ref# LC-3913538)
June 3 2015 Hot fix 2.0.20
  • In Internet Explorer 9, the accordian layout does not work properly. (Ref# LC-3912099)
  • The numeric field does not accept 0 as a value. (Ref# LC-3912103, LC-3912460)
  • AEM overlays do not work properly for components and layouts listed in an adaptive form (Ref# LC-3912864)
  • Adaptive forms do not support the change event for the drop-down components. (Ref# LC-3912785)
  • In adaptive forms, the prevText and newText properties are ignored for Text, Numeric, Date, and Drop-down list fields. (Ref# LC-3912457)
March 13 2015
Hot fix 2.0.18
  • Data of nested repeatable panels is not stored in appropriate parent sections of the data xml. (Ref# LC-3911305, LC-3911232)
  • An invalid Data XML is generated for the parent and child repeatable panels (0 and 1 as minOccur and maxOccur). The issue occurs where the bindRef property of Parent and Child repeatable panels points to non-hierarchical XSD schema elements. (Ref# LC-3862520)
  • Support for the Colspan feature is added. (Ref# LC-3911070)


Date Name Fixes
April 27 2015 Hot fix 1005-001
  • Added a new option in LiveCycle administration console to specify the
    XML encoding for Assembler service.  (Ref #LC-3910022)


Date Name Fixes
April 2 2015 Hot fix 1006-002
  • CRX nodes take longer than expected to load in the dialog for adding CRX assets as attachment to an endpoint. (Ref #LC-3911835)
May 25 2015 Hot fix 1010-005
  • Cannot delete categories in admin UI. (Ref #LC-3912139)
  • HTML5 form set capability is now enabled in AEM 6.0 forms FP1. (Ref# LC-3909935)
  • The call to invokestartpoint API with caching off fails from the mobile workspace app. (Ref# LC-3911926)
  • The client SDK has been enhanced to allow its usage within a
    Livecycle server, for invoking another Livecycle server when the target
    service is not installed on the source server.

HTML5 forms

Date Name Fixes
July 24 2015
Hot fix 2.0.32

HTML5 forms

  • Pages in a particular document do not render. (Ref #CQ-49461)
  • The prevText and newText properties do not work properly. (Ref #CQ-49382)

Adaptive forms

  • Localization of multi-valued custom dialog components does not work. (Ref #CQ-47890)
  • Drop-down list component from Adaptive form group does not populate in the preview mode. (Ref #CQ-46318)
February 2 2015 Hot fix 2.0.14
  • Some floating fields do not render when placed in repeatable subforms. (Ref #LC-9868)
  • Some pages do not render when nested and repeatable subforms are split across pages. (Ref #LC-9878)
June 2 2015 Hot fix 2.0.22
  • The RemoveInstance method does not remove associated data on form submission. (Ref# LC-3910543)
  • The Exit event is not called on the first exit from a text field or a drop-down list. (Ref# LC-10153, LC-10152)
  • The border poperty of an object behaves inconsistently for different events. (Ref# LC-3910380)
  • The AddInstance method does not work properly when applied on a parent subform with multiple child subforms. (Ref# LC-3910098)

Rights management

Date Name Fixes
May 7 2015 Hot fix 1009-001

The following APIs are introduced in Rights Management Policy Manager:

  • getPolicySet()
  • createPolicySet()
  • updatePolicySet()
  • getPolicySetIdByPolicySetName()
  • deletePolicySets( )
  • managePolicySetPublishers()
  • managePolicySetVisibleUsersGroups()
  • managePolicySetCoordinators()
  • updateCoordinatorPermission()
May 29 2015 Hot fix 1011-002
  • An error is displayed on AEM forms server when a custom component with SDK JAR files communicates with another AEM forms Rights Management
    server. (Ref# LC-3913205)
  • Internal server error is thrown when enabling or updating a policy with user date validation period. (LC-3913076)

Mobile Workspace

February 12, 2016 Hot fix 2.0.14
  • Claiming a Task in MWS is taking long to download/visible under "MY TASK". (Ref# NPR-9260)
  • Offline service should be able to handle minified file references present in rendered form. (Ref# CQ-72471)

Process management

May 5, 2017 Hot fix 1049-025
  • Securing forms prefill service from unauthorized access through protocols such as 'file://', 'http://', and 'ftp://'. (Ref# NPR-15906)
April 28, 2016 Hot fix 1028-009
  • Search template shows blank page in HTML workspace. (CQ# NPR-9660)
February 29, 2016 Hot fix 1025-006
  • Search templates with a process variables display empty an operator drop-down list. (CQ# NPR-9067)