Documentation Home
Changelog

Broadleaf Commerce 5.2.24-GA

Release Date: March 25, 2022

Overview

This is the 24th patch release for Broadleaf Framework 5.2.x. To upgrade a 5.2.x application to the 5.2.24-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent to 5.2.24-GA.

New and Noteworthy

Log4j vulnerability

There is a critical security issue with Log4j2. More info available in our Log4j blog.

Library upgrades

  • Spring -> 4.3.18.RELEASE to 4.3.30.RELEASE
  • Spring Security -> 4.2.17.RELEASE to 4.2.20.RELEASE
  • Spring Boot -> 1.5.15.RELEASE to 1.5.22.RELEASE
  • Hibernate -> 4.1.11.Final to 4.1.12.Final
  • Hibernate Validator-> 5.4.1.Final to 5.4.3.Final
  • Solr -> 5.3.1 to 5.3.2
  • Zookeeper -> 3.4.9 to 3.4.14
  • Quartz -> 2.2.0 to 2.2.3
  • Antisamy -> 1.5.7 to 1.5.13
  • Protobuf -> 3.19.2 to 3.19.4

An at-a-glance view of the issues that were closed in this release:

Major Bugs(2)

  • In MultiTenantCopier, deprecating direct use of list of Matcher classExcludeRegexList for regex evaluations because it is not thread safe. Instead, use the new Pattern Matcher classExcludeRegexPatternList as the list of expressions to exclude.
  • Fixed the issue where filters were not applying on pricelists. Added section crumbs in filterbuilder.js so that they are available in the backend.

Enhancements(3)

  • Prevent duplication of elements in classExcludeRegexPatternList
  • Change admin references to use self provided libraries instead of using 'cdnjs'
  • Update the libraries mentioned above.

Total Resolved Issues: 5