Broadleaf Commerce 6.1.3-GA

Released on July 17, 2020

This is the 3rd patch release for Broadleaf Framework 6.1.x. To upgrade a 6.1.x application to the 6.1.3-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent to 6.1.3-GA.

New and Noteworthy

LIBRARY UPGRADES

Following are the various library upgrades that addresses security vulnerabilities

• Commons Beanutils -> from 1.8.3 to 1.9.4
• Google Guava -> from 12.0 to 24.1.1
• jQurey -> from 3.4.1 to 3.5.1
• Spectrum Colorpicker -> from 1.1.1 to 1.8.1
• Modernizr -> from 2.8.2 to 3.6.0

An at-a-glance view of the issues that were closed in this release:

Minor Bugs(1)

• Removed usage of some deprecated methods.

Features(2)

• Added an option to turn off all caching. Set the property jcache.disable.cache=true to completely disable all caching.
• Added the ability to configure cache regions via Java configuration
  • Force usuage of Java declaring when using ehcache with property jcache.create.cache.forceJavaConfig=true
    • If jcache.create.cache.forceJavaConfig=false while using ehcache then Java configuration will only be used if there's no ehcache.xml configuration for that region
  • Create bean of type JCacheRegionConfiguration with bean name equal to the cache region

Enhancements(4)

• Deprecated the SessionFixationProtectionFilter in favor of SessionFixationProtectionStrategy available in spring framework.
• Improved jcache support in order to allow other cache providers to be configured easily.
• Library upgrades mentioned above due to security vulnerabilities.
• Merged bug fixes and enhancements included in 6.0.10-GA

Total Resolved Issues: 7