Broadleaf Commerce 6.2.2-GA

Released on February 8, 2022

This is the 2nd patch release for Broadleaf Framework 6.2.x. To upgrade a 6.2.x application to the 6.2.2-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent to 6.2.2-GA.

Note: Due to critical security issue with Spring Framework , we are releasing updates as new patches become available. More info available in our Spring4Shell blog.
6.2.2.1-GA was released with Spring 5.3.18 & Springboot 2.5.12

New and Noteworthy

Library version upgrades

• Spring core: Updated to 5.3.15
• Spring Security: Updated to 5.4.10
• Spring Boot: Updated to 2.4.13
• Hibernate : Updated to 5.4.33
• Lombok: Updated to 1.12.1
• Log4j: Updated to 2.17.1
• Protobuf : Updated to 3.19.2

Log4J 1.x no longer supported

With all the recent security concerns with log4j, we are no longer supporting any older versions of log4J. Please update Log4j to 2.17.1 and follow mediation steps mentioned in our Log4j blog.

New property for the paging size

Added the ability to control the paging size for batch queries in RelationshipOverrideUtil.

 relationship.queries.page.size=800

An at-a-glance view of the issues that were closed in this release:

Major Bugs(1)

• In MultiTenantCopier, using classExcludeRegexList or excludeFromCopyRegex is not thread safe so removed those and added classExcludeRegexPatternList and excludeFromCopyRegexPattern.

Minor Bugs(4)

• Removed redundant concurrency protection in CheckoutServiceImpl because there is order blocking in CartStateFilter and we are using DatabaseOrderLockManager.
• Fixed the errors that happen while filtering product addons in product bundles.
• Deprecated SessionOrderLockManager because DatabaseOrderLockManager should be used.
• Added a null check for customerID in CustomerStateRefresher to fix NPE.

Enhancements(2)

• Removed the deprecated Inventory Types NONE and BASIC.
• Merged bug fixes and enhancements included in 6.1.10-GA

Total Resolved Issues: 7