Documentation Home
Changelog

Broadleaf Commerce 6.1.9-GA

Released on October 15, 2021

Overview

This is the 9th patch release for Broadleaf Framework 6.1.x. To upgrade a 6.1.x application to the 6.1.9.5-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent to 6.1.9.5-GA.

Note: Due to critical security issue with Log4J2, we are releasing updates as new patches become available. More info available in our Log4J blog.
6.1.9.1-GA was released with the fix for a critical issue with Solr invalidation.
6.1.9.2-GA was released with Log4J2 upgraded to 2.15.0.
6.1.9.3-GA was released with Log4J2 upgraded to 2.16.0.
6.1.9.4-GA was released with Log4J2 upgraded to 2.17.0 and SolrStarter 2.2.4-GA.
6.1.9.5-GA was released with Log4J2 upgraded to 2.17.1.

New and Noteworthy

New Nexus with 'https' endpoints

We have migrated to a new Nexus server which now supports https. We encourage everyone to update the repository URLs with https endpoints.
To update, replace the URL prefix http://nexus.broadleafcommerce.org/... with https://nexus2.broadleafcommerce.org/....

Library Upgrades

Following are the various library upgrades that addresses security vulnerabilities.

  • SpringBoot 2.1.15-RELEASE --> 2.1.18-RELEASE
  • Spring Security 5.2.11.RELEASE --> 5.2.12.RELEASE
  • Hibernate 5.3.20.Final --> 5.3.23.Final
  • Jquery-ui -> 1.10.2 to 1.12.1
  • Jquery.dataTables -> 1.10.22 to 1.11.2

Note: If you have references to any of the javascript files, please update it to the versions mentioned above. For example if there are references to 'jquery-ui-1.10.2.custom.js' file in header or footer, update it to 'jquery-ui-1.12.1.custom.js'.

Additional Index

Sometimes loading the 'Offer Code Generation' page is slow after a large number of codes are generated. Adding this Index will reduce the load time:

CREATE INDEX BLC_OFFER_CODE_SNDBX_COMP ON BLC_OFFER_CODE(SNDBX_ID,SNDBX_TIER,SNDBX_CATALOG_FLAG);

An at-a-glance view of the issues that were closed in this release:

Major Bugs(3)

  • Fixed the incorrect behaviors of Exploit Protection in the admin.
  • Added a validation for setting cross-sale and up-sale Products so that the recursive relationships cannot be persisted.
  • Removed outdated antisamy-esapi.xml and added Validator.HtmlValidationConfigurationFile=antisamy-myspace.xml in ESAPI properties.

Minor Bugs(2)

  • Partial template file changes were not invalidating the cache. So added extension manager for template cache.
  • Sometimes offer would not apply after former order has been cancelled. So made changes to take the parent orders into account when applying offers.

Enhancements(5)

  • Upgraded some libraries mentioned above.
  • Extracted validation error logging for the PersistenceManagerImpl into separate method.
  • Made BroadleafAdminTypedEntityRequestFilter more extensible by changing all methods to protected.
  • When product list grid is loading, it is also fetching primary Sku media. It is not necessary and causing performance issues. Therefore, added override in AdminProductController to skip fetching of Sku media.
  • Merged bug fixes and enhancements included in 6.0.16-GA

Total Resolved Issues: 10