Documentation Home
Changelog

Broadleaf Commerce 6.2.1-GA

Released on November 17, 2021

This is the 1st patch release for Broadleaf Framework 6.2.x. To upgrade a 6.2.x application to the 6.2.1.6-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent to 6.2.1.6-GA.

Note: Due to critical security issue with Log4J2, various patches were released. More info available in our Log4j blog.
6.2.1.1-GA was released with Log4J2 upgraded to 2.15.0.
6.2.1.2-GA was released with Log4J2 upgraded to 2.16.0 and Solrj to 8.11.0.
6.2.1.3-GA was released with Log4J2 upgraded to 2.17.0 and Solrj to 8.11.1.
6.2.1.4-GA was released with Log4J2 upgraded to 2.17.1 and SolrStarter to 2.3.2-GA.

Note: Due to critical security issue with Spring Framework , we are releasing updates as new patches become available. More info available in our Spring4Shell blog.
6.2.1.5-GA was released with Spring 5.3.18 & Springboot 2.5.12
6.2.1.6-GA was released with Spring 5.3.20, Spring Security 5.6.4 & Springboot 2.6.7

New and Noteworthy

New Nexus with 'https' endpoints

We have migrated to a new Nexus server which now supports https. We encourage everyone to update the repository URLs with https endpoints.
To update, replace the URL prefix http://nexus.broadleafcommerce.org/... with https://nexus2.broadleafcommerce.org/....

Library version upgrades

  • Spring core: Updated to 5.3.11
  • Spring Security: Updated to 5.4.9
  • Spring Boot: Updated to 2.4.11
  • Hibernate Validator: Updated to 6.1.7.Final
  • Jquery-ui: Updated to 1.12.1
  • Jquery.dataTables : Updated to 1.11.2

Note: If you have references to any of the javascript files, please update it to the versions mentioned above. For example if there are references to 'jquery-ui-1.10.2.custom.js' file in header or footer, update it to 'jquery-ui-1.12.1.custom.js'.

Spring upgrade

Because of recent security issues, we encourage everyone to upgrade and verify the version of spring that is being used in the system. It is defined in the pom of the framework but it's easy to override or misconfigure. Therefore, we highly recommend to verify it. Here are few things we encountered in the process of upgrading spring which might be helpful.

  • If spring is not upgrading with this tag <spring.version> in pom, try this <spring-framework.version>.
  • Property spring.resources.add-mappings=false has been renamed to spring.web.resources.add-mappings=false. Update this property name if it's used in your project.
  • Property spring.main.allow-circular-references=true was required to enable circular dependencies. It is added in our 'common.properties' file in the framework, so it might not be required to add in your project. However, keep this in mind if there are startup errors.

An at-a-glance view of the issues that were closed in this release:

Minor Bugs(2)

  • Updated logging level for rounding mode search from 'Error' to 'Info' in PromotableItemFactoryImpl.
  • Removed the lazy fetch annotations from ManyToOne relationships of these classes DiscreteOrderItemImpl, BundleOrderItemImpl & OrderItemImpl because of hibernate errors.

Enhancements(3)

  • Removed the "Deprecated" annotation from tab control parameters of the AdminPresentation
  • Updated few core libs mentioned above.
  • Merged bug fixes and enhancements included in 6.1.9-GA

Total Resolved Issues: 5