Broadleaf Commerce 5.2.11-GA
Release date: May 28th, 2019
Overview
This is the 11th patch release for Broadleaf Framework 5.2.x. To upgrade a 5.2.x application to the 5.2.11-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent
to 5.2.11-GA.
New and Noteworthy
Library upgrades
- jQuery to 3.4.1
- Spring social to 1.1.6.RELEASE
JQuery Upgrade
Due to potential XSS vulnerabilities, jQuery was upgraded to latest version which is 3.4.1
(from 2.1.1
). Unfortunately there were no options for upgrade to the latest 2.1.x version as the fixes for XSS vulnerabilities were only made available in the 3.4.0 or above.
NOTE: There are breaking changes introduced in jQuery 3.0. It is recommended to test all pages thoroughly to verify compatibility with jQuery 3. More detailed information can be found here
Using the Spring social
If your current project is using spring social, modify applicationContext-social.xm
and add these lines:
<bean class="org.springframework.social.connect.web.ProviderSignInUtils">
<constructor-arg name="connectionFactoryLocator" ref="connectionFactoryLocator" />
<constructor-arg name="connectionRepository" ref="usersConnectionRepository" />
</bean>
More information on Spring social can be found here
An at-a-glance view of the issues that were closed in this release:
Major Bugs(2)
- Fixed issue where 'Add buttons' were missing in global admin pages.
- Fixes issue where using "After Cart Pricing" option in cartRule causes error if item is out of stock
Minor Bugs(6)
- Fixed js errors in admin pages.
- Fixed Potential XSS vulnerability, antisamy filter doesn't react on javascript in plain string
- Fixed an issue related with
ProductOption
values special character - Fixed issue where saving product with XSS script causes error
- Fixed an issue where deleting a product does not archive the associated skus
- Tuned eager fetching when querying for ChallengeQuestion
Enhancements(4)
- jQuery upgraded to latest version 3.4.1 due to XSS vulnerabilities
- Spring social upgraded to 1.1.6.RELEASE due to security vulnerabilities
- Added
Admin Approver only
role - Added an
EntityIdentifierUtil
class to use Reflection to find the Identifier (@id
) field in an entity bean
Total Resolved Issues: 12