Documentation Home
Changelog

Broadleaf Commerce 6.0.20-GA

Released on October 6, 2023

Overview

This is the 20th patch release for Broadleaf Framework 6.0.x. To upgrade a 6.0.x application to the 6.0.20-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent to 6.0.20-GA.

New and Noteworthy

Library upgrades

  • ESAPI -> 2.3.0.0 to 2.5.2.0
  • Jackson -> 2.13.3 to 2.15.2
  • Lombok -> 1.18.24 to 1.18.30
  • Commons-collections -> 4.1 to 4.4
  • Commons-fileupload -> 1.3.3 to 1.5
  • Commons-codec -> 1.11 to 1.15
  • Imageio-jpeg -> 3.0-rc5 to 3.8.3
  • XMLbeans -> 5.0.0 to 5.1.1
  • Tika-core -> 2.7.0 to 2.9.0
  • Jettison -> 1.1 to 1.5.4
  • Google jsr305-> 1.3.9 to 3.0.1
  • Guava -> 30.1.1 to 32.1.2
  • Protobuf -> 3.19.4 to 3.22.5
  • Jquery-ui.css(*) -> 1.12.1 to 1.13.2
  • Jquery.dataTables.js(*) -> 1.10.22 to 1.13.1
  • Moment-with-locale.js -> 2.10.6 to 2.29.4

(*) If there are references to any js or css files like 'jquery-ui-1.12.1.custom.css' file in header or footer of html, update it to version mentioned above like this 'jquery-ui-1.13.2.custom.css'.

An at-a-glance view of the issues that were closed in this release:

Major Bug(1)

  • Fixed the Insecure Direct Object Reference (IDOR) vulnerability that was reported by preventing a user to use his session to manipulate entities on the other sites in BroadleafAdminRequestProcessor.

Enhancements(2)

  • Updated the libraries mentioned above.
  • Merged bug fixes and enhancements included in 5.2.26-GA and 5.2.27-GA

Total Resolved Issues: 3