AEM 6.1 hotfixes


Starting with AEM 6.1 Service Pack 2, Adobe has introduced a single delivery model for releasing fixes. Instead of releasing hot fixes for single issues, Adobe will release a Cumulative Fix Pack (CFP) every month (subject to passing quality checks), which is an aggregator content package for multiple fixes. CFPs primarily include bug fixes but might also include Feature Packs. They have the following advantages over single hotfix releases:

  • Cumulative in nature (for example, CFP 3 contains fixes for CFP2 and CFP1)For more information on CFP and other releases, see Maintenance Release Vehicle.
  • Increased quality assurance
  • Simplified installation (User installs a CFP as a single package that has no dependencies, except for the latest service pack)

The Adobe Experience Manager 6.1 Cumulative Fix Pack is available on the Adobe Package Share and the release notes at



The Adobe Experience Manager 6.1 Service Pack 2 is available on the Adobe Package Share and the release notes under

The installation of the latest Service Pack is highly recommended as it includes security, performance, stability, and key customer fixes and enhancements released since the general availability of Adobe Experience Manager 6.1.  

The hotfixes below should be installed on top of Service Pack 2. The ones with Bold are highly recommended. You can find the old content, which is all recommended hot fixes before the release of Service Pack 2 here.




AEM hotfixes do not benefit from the same level of quality assurance as service packs or product releases, therefore must be always validated first on a staging environment as part of your quality deployment processes.



For details around various cumulative fix packs for the Oak repository, see AEM 6.1 Oak cumulative fix packs.


Adobe recommends that you use the latest Dispatcher version. You could find the latest dispatcher here 


Date Name Fixes Dependencies
Oct 27th, 2016 Hotfix 12444 Updates resolve an important input validation issue in the WCMDebug filter that can be used in cross-site scripting attacks.

AEM 6.1 SP2

Hotfix 12413

Oct 27th, 2016 Hotfix 12817 Resolves an issue that can expose users to cross-site request forgery attacks. AEM 6.1


No hotfix available



  • You can access the Package Share with a registered user as mentioned here
  • Request the non public hotfixes via an AEM Support ticket.
  • Most hotfixes are stand-alone unless specified and can be installed in any order. It can be self-verified by looking at "Details" tab Dependencies element in package share.  
  • At the moment, the release notes of the public hotfixes are only available per request via the AEM Support Portal.



  • If you have custom AEM projects template make sure after installing the Hotfix/Service pack (  that contains project fix) to validate the value of cq:allowedTemplates.
    • To do that Navigate to /content/projects/jcr:content. Edit the value of property cq:allowedTemplates by adding/verfying your respective template.