Chore: Enable New Block Editor by Default

[rjvelazco]

Turn of the New Block Editor by default

This PR fixes: #36254

[github-actions]

🤖 Bedrock Review — deepseek.v3.2

[🟡 Medium] dotCMS/src/main/resources/dotmarketing-config.properties:867 — Removed feature flag FEATURE_FLAG_NEW_BLOCK_EDITOR without a clear migration or fallback plan. This could break existing functionality if the flag was actively used to toggle between old and new editors, leaving no way to revert.

---

_{Run: #27964517364 · tokens: in: 544 · out: 74 · total: 618}

[claude]

Claude finished @rjvelazco's task in 49s —— View job

---

Rollback Safety Analysis

• Read rollback-unsafe categories reference
• Get full PR diff
• Analyze changes against unsafe categories
• Apply appropriate label

---

Analysis

The PR contains two changed files:

1. dotCMS/src/main/resources/dotmarketing-config.properties

• Removes FEATURE_FLAG_NEW_BLOCK_EDITOR=false and replaces it with FEATURE_FLAG_LOCALE_SELECTOR_V2=true
• This is a pure configuration/feature flag change. No database migrations, no Elasticsearch mapping changes, no data model modifications.

2. dotCMS/src/main/webapp/html/portlet/ext/contentlet/edit_contentlet.jsp

• Adds ReleaseInfo.getBuildNumber() to cache-bust block editor static asset URLs (appends ?v=<buildNumber> to CSS/JS script tags)
• This is a pure UI/template change with no data persistence implications.

Verdict: ✅ Safe To Rollback

None of the changes match any unsafe rollback category:

• No runonce database migration tasks
• No Elasticsearch mapping changes
• No content model version bumps
• No DROP/RENAME table or column operations
• No REST/GraphQL API contract changes
• No VTL viewtool contract changes
• No binary storage provider changes
• No OSGi interface modifications

The feature flag removal (FEATURE_FLAG_NEW_BLOCK_EDITOR) and addition (FEATURE_FLAG_LOCALE_SELECTOR_V2) are purely configuration-layer changes. Rolling back to N-1 would simply restore the previous flag values with no data loss or breakage. The cache-busting change in the JSP is equally safe — rolling back reverts to un-versioned asset URLs with no functional impact.

Label added: AI: Safe To Rollback

[github-actions]

🤖 Bedrock Review — qwen.qwen3-next-80b-a3b

New Issues

• 🟠 High: dotCMS/src/main/webapp/html/portlet/ext/contentlet/edit_contentlet.jsp:82 — ReleaseInfo.getBuildNumber() returns a String that is directly concatenated into HTML attributes without escaping. If the build number contains unescaped characters (e.g., &, <, ", '), it can break HTML or enable XSS. Must use org.apache.commons.lang3.StringEscapeUtils.escapeHtml4() or equivalent.

Existing

• 🟡 Medium: dotCMS/src/main/webapp/html/portlet/ext/contentlet/edit_contentlet.jsp:76 — Logger is imported but not used; System.out or unlogged errors may be used elsewhere in this file (not changed by PR, but pre-existing).

Resolved

• ✅ dotCMS/src/main/webapp/html/portlet/ext/contentlet/edit_contentlet.jsp:79-82 — Legacy asset loading removed; replaced with versioned URLs (improves cache behavior, though XSS risk remains).

---

_{Run: #28187498032 · tokens: in: 1702 · out: 274 · total: 1976}