SBM 11.6.1 Hotfix 3 (Dec 2020 Re-Release): After paste email into Rich Text field, the VML code is displayed, some fonts changed to wingding

ID:    P2874
Published:    17 September 2020
Updated:    30 December 2020

Operating System(s)

  • All Windows


  • SBM


IMPORTANT: This hotfix should only be applied on top of SBM 11.6.1. If you are running a different version or if you have already installed a different SBM 11.6.1 hotfix, contact Serena Support.

IMPORTANT: This hotfix is NOT cumulative. If you already have other hotfixes on SBM 11.6.1, contact Serena Support.

The following items were addressed in this hotfix:

  • DEF341991: RTE: Chrom, FF, Edge: After paste text, font is changed to a wingding look
  • DEF341859: RTE: After paste from email, VML tags are displayed as text
  • DEF341786: RTE: After paste from email, VML tags which render images are displayed as text (image is hidden)

Known issues in this hotfix:

  • None



VML (Vector Markup Language) is the code used by most email programs, Microsoft Outlook, and Microsoft Office. Browsers do not natively understand VML. When a browser encounters VML, that browser must decide what to do with the code. Each browser manufacturer has made different decisions in regard to this, resulting in different behavior for each browser. For example, Firefox strips VML content, Chrome and Chromium Edge, keep the VML but ignore it, and IE tries its best to render as many of the VML tags as possible. The decisions made by the browser manufacturers also impact the behavior of the SBM Rich Text fields. In SBM, if you paste an email (for example) into a rich text field in IE, it would look very different than when the same email was pasted into Chrome. Customers were concerned about these differences. There were also concerns about cross-browser behavior and potential vulnerabilities introduced by allowing VML tags to be pasted into SBM. As a result, SBM 11.6 included a change to encode all non-HTML tags. You could see this change by pasting an email into an SBM Rich Text field. Rather than allowing the browser to decide the behavior of the VML, SBM encoded it. As a result, the VML is displayed to the user. Often times, this is a very small VML tag that can be ignored, but sometimes there is a large amount of VML code displayed to the user, making it difficult to read.




This hotfix attempts to override some of the native browsers' behavior while also balancing the vulnerability and usability concerns. It is important to understand that as new versions of browsers are released, the results of SBM's attempts to override native browser behavior may also change.


To unzip and install the hotfix:

  1. Download the attached file.
  2. Double click the .exe
  3. Enter the password "SERENA" in all caps, and follow the wizard to complete the unzip.
  4. After the file is unzipped, follow the instructions in the readme.txt file.


NOTE: This patch was originally released in September 2020, but the fix was hard coded to only address o:p and w:wrap tags. Soon after the release, it became clear that additional tags may also need to be addressed. In this December 2020 release of the same hotfix, the list of tags is now configurable. See readme for details.


Find Answers

Type a question or describe what you are looking for below

My Recent Searches

Welcome kb sso

Additional Assistance

  • Submit a Case Online
  • FAQs