Broadleaf 3.0.11-GA

Released on June 10, 2014

This is the 11th patch release for the Broadleaf Commerce framework since the switch away from the GWT admin starting with Broadleaf 3.0.0-GA. Some of the highlighted features in this release:

Java 8 JVM support

Broadleaf is now fully compatible with the Java 8 JVM, but only up to a Java 7 bytecode level. Fully Java 8 bytecode will not be supported without a Spring 4 upgrade, which we have completed a POC of. You can see and track progress on that upgrade in this pull request on GitHub

Support for Google's Universal Analytics

The GoogleAnalyticsProcessor is now deprecated in favor of the GoogleUniversalAnalyticsProcessor. This processor has the same features as the old Google Analytics processor along with link attribution, display advertising and multiple analytics accounts. Check out the issue report on GitHub

Upgrade to Spring 3.2.9.RELEASE

This is the final feature release in the Spring 3.2 line and is the only Java 8 JVM-compatible Spring 3.2 patch release.

Ability to turn of static asset transformations through URL parameters

In our docs about the asset server we mention that you can manipulate images via URL parameters. For instance, the following URL will rotate an image 90 degrees:

http://localhost:8080/broadleafdemo/cmsstatic/test.jpg?rotate-rotate-amount=90

Since transformed images are cached on the local disk, this can present a security whole as a malicious attacker can send repeated requests to transform images and potentially overload your server hard drive. While the default behavior is to still allow this to occur in the 3.0 and 3.1 lines, we are logging a warning on startup if we detect that this is enabled. We strongly recommend putting the following in your environment properties file:

asset.server.allow.unnamed.image.manipulation=false

The defaults will be changed in 3.2.0-GA to explicitly disable this functionality. Refer to the asset server docs for how to convert your existing url-based image transformations to named operations.

Bugfix for switching cores in standalone Solr 4.4+

We now support 3 URLs for configuring a standalone Solr instance:

solr.url.primary=http://localhost:8983/solr/primary
solr.url.reindex=http://localhost:8983/solr/reindex
solr.url.admin=http://localhost:8983/solr

This enables the following Solr configuration for blSearchService (like from site applicationContext.xml):

<bean id="solrServer" class="org.apache.solr.client.solrj.impl.HttpSolrServer">
    <constructor-arg value="${solr.url.primary}"/>
</bean>
<bean id="solrReindexServer" class="org.apache.solr.client.solrj.impl.HttpSolrServer">
    <constructor-arg value="${solr.url.reindex}"/>
</bean>
<bean id="solrAdminServer" class="org.apache.solr.client.solrj.impl.HttpSolrServer">
    <constructor-arg value="${solr.url.admin}"/>
</bean>

<bean id="blSearchService" class="org.broadleafcommerce.core.search.service.solr.SolrSearchServiceImpl">
    <constructor-arg name="solrServer" ref="${solr.source.primary}" />
    <constructor-arg name="reindexServer" ref="${solr.source.reindex}" />
    <constructor-arg name="adminServer" ref="${solr.source.admin}" />
</bean>

The addition is in the constructor of the SolrSearchServiceImpl bean that allows for an admin URL.

Community Contributions

Part of what makes Broadleaf run is our community involvement. Special thanks to the following people that helped out with contributing pull requests and/or filing and testing defects:

ArloL, mohitxaton, gsugiart, watermelonjuice, mark--liu, loky9000, e-iceman, waltron, abhishekbansal12, ecommapp123.

Broadleaf 3.0.11-GA

Java 8 JVM support

Support for Google's Universal Analytics

Upgrade to Spring 3.2.9.RELEASE

Ability to turn of static asset transformations through URL parameters

Bugfix for switching cores in standalone Solr 4.4+

Community Contributions

Critical Bugs (3)

Major Bugs (15)

Minor Bugs (13)

Features (4)

Enhancements (6)