Broadleaf Commerce 6.1.6-GA

Released on April 13, 2021

This is the 6th patch release for Broadleaf Framework 6.1.x. To upgrade a 6.1.x application to the 6.1.6-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent to 6.1.6-GA.

New and Noteworthy

LIBRARY UPGRADES

Following are the various library upgrades that addresses security vulnerabilities

• Google Guava -> from 24.1.1 to 30.1.1
• Commons Validator -> from 1.5.1 to 1.7

An at-a-glance view of the issues that were closed in this release:

Major Bugs(2)

• Fixed the issue with MVEL where parser failed to parse some specific valid expressions.
• Fixed the issue where Customer data was persisted while validation errors were present.

Minor Bugs(7)

• Fixed the issue with 'Link'/'Unlink' button in the Redactor link which would not enable save button for the entity.
• Added refreshCustomer in CustomerDao and proper logic to refresh customer after changing the address.
• Removed Thymeleaf message syntax #{} in mediaGrid.html when checking for media grid row actions
• Removed the ability to login user by email.
• Removed the Deprecated annotation from method collapsed in AdminGroupPresentation.
• Added sorting of ChildItems in CartOperationRequest to resolve several issues during checkout.
• Fixed the javascript errors which occurs while editing parameters for Scheduled Job.

Enhancements(5)

• Added Hibernate proxy handling while retrieving entity in GenericEntityDaoImpl
• Added post fetch validation and foreign key security check in PersistentMangerImpl
• Updated XssFilter and XssRequestWrapper to make them easier to override.
• Update stripXSS logic to use ESAPI.encoder().encodeForHTML instead of ESAPI.validator(). getValidSafeHTML so that input isn't completely removed.
• Improved logic for building invalid product option error message.
• Merged bug fixes and enhancements included in 6.0.13-GA

Total Resolved Issues: 14