BroadleafCommerce - 5.0.3-GA

Released on August 24, 2016

This is the 3rd patch release for Broadleaf Commerce 5.0 framework.

An at-a-glance view of the issues that were closed in this release:

Critical Bugs(2)

• Add Instanceof check before casting Media as Status for Non-Enterprise compatibility
• Fixed issue where categories do not appear in a Synced Catalog with Enterprise using the Multi-Tenant module

Major Bugs(6)

• Added Visibility Enum for explicitly hidden fields
• Encode untrusted javascript before insertion using ESAPI
• Fixed structured content service cache on invalidation
• Fix bug that prevented ListGrid filtering
• Added OWASP, ESAPI, HTTPUtilities and Encoder for CRLF neutralization
• Fixed sandboxing around primary media removal

Minor Bugs(11)

• Remove cmsUrlPrefix from thumbnail creation to eliminate Null in static asset source URL
• Fixes Search Facets and excluded Search Facets to update properly after change
• Map the correct set of roles and user details to Admin User
• Add DirectCopyTransformTypes.AUDITABLE_ONLY annotation for community classes
• Fixed translation link not appearing
• Modified listGrid's external links to properly redirect to admin sections if the admin section exists
• Fixed issue where Redactor improperly rendered content for text areas in admin
• Fixed mediaListGrid.html template from breaking for media that is read only for user
• Fixed how IncomingURL regex patterns are wrapped in regex anchors (e.g., "^", "$")
• Added protection against XXE attacks by disallowing DTDs

Enhancements(6)

• Format price/money to correct decimal places.
• Change EntityManager to protected to allow implementors to access it.
• Create AdminAnnotation to control No Value Selected enum option
• Enhanced shop as Guest/Assisted shopping functionality
• Extracted a method for creating a section crumb to be used downstream
• Feature product type

Total Resolved Issues: 24