Documentation Home
Changelog

Broadleaf Commerce 6.2.4-GA

Released on November 1, 2022

This is the 4th patch release for Broadleaf Framework 6.2.x. To upgrade a 6.2.x application to the 6.2.4-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent to 6.2.4.1-GA.

Note: The Framework version 6.2.4-GA has Spring security 5.6.6 and does not include the security patch for vulnerability found recently. The Framework version 6.2.4.1-GA is updated with Spring Security 5.6.9 and that is the only difference.

New and Noteworthy

Library version upgrades

Following libraries were upgraded for security:

  • Spring Security : Updated to 5.6.9
  • Jackson : Updated to 2.13.3
  • Lombok : Updated to 1.18.24
  • Protobuf : Updated to 3.19.6
  • SunXml : Updated to 3.0.2
  • Commons fileupload : Updated to 1.4
  • Twelvemonkeys Imageio : Updated to 3.9.3
  • Codehaus Jettison : Updated to 1.5.1
  • License Plugin : Updated to 1.20

An at-a-glance view of the issues that were closed in this release:

Critical Bugs(1)

  • Fixed the issue where orders and other related information were accessible across multiples sites. Order service uses entity manager query to retrieve data which does not apply filters. In order to be able to apply filters, Entity Manager query is no longer used in readOrderById() of OrderDaoImpl.

Major Bugs(2)

  • Fixed the issue where setting "Use in Generate Sku = No" for product option would still generate 1 SKU. Updated generatePermutations() in AdminCatalogServiceImpl.
  • When evaluating countOfferCodeUses() in OfferAuditDaoImpl, Hibernate generates a long query using 'CROSS JOIN', which leads to high CPU usage and/or system hang. Changed the way the query is prepared from the Criteria API to JPQL without using 'CROSS JOIN'.

Minor Bugs(15)

  • Changed the configuration parameters in DefaultEhCacheConfigurationBuilder.
  • Modified read customer by email query to be case insensitive by converting emails to Uppercase in Customer.orm.xml.
  • Added new exclusions to blDirectCopyIgnorePatterns in bl-common-applicationContext.xml which were causing exceptions after stopping applications.
  • Fixed the issue where 'BOGO' offers can be created without specifying a qualifier.
  • Fixed the issue where filtering by name would not work for products with ampersand symbol.
  • Fixed the issue where rule builders would omit the options that were picked before and removed.
  • Fixed the issue where a product with add-ons cannot be added to the cart when their SKU is out of stock.
  • Fixed the issue where findAssignedProductOptionsByProductId() in ProductOptionDaoImpl would return archived SKUs.
  • Fixed some issues with the management of the Inventory after enabling the new feature to track inventory using the default SKU.
  • Fixed the issue where hovering over workflow items in 'My Changes' or 'Approvals' pages would show HTML line instead of 'Display name'.
  • Fixed the issue where products from inactive categories were not being filtered. In SolrSearchServiceImpl added filterProductsBasedOnInactiveCategory().
  • Fixed the issue where the session id keeps dropping during checkout process which leads to 400 bad request or redirects the session back to the shipping billing page.
  • Fixed the issue with URL field in the admin form of a product. Added modifyEntityForm() in AdminProductController tp resolve the inconsistencies with override URL option.
  • Fixed the issue where sometimes access to an entity would be denied after scheduling a deployment. Improved logic in postFetchValidation() of PersistenceManagerImpl to get the correct ID for the entity.
  • Fixed the issue where Product Options were not getting translated values after changing to another locale. Updated populateModelVariables() in ProductOptionDisplayProcessor to correctly update display values.

Enhancements(9)

  • Added logging info in SiteMapServiceImpl
  • Updated antisamy-myspace.xml file for antisamy
  • Changed inner classes and two fields to Protected in ResourcePurgeServiceImpl
  • Added a new method called hasValidationErrors() to Order to support additional validation.
  • Removed Spring Mobile dependency because that project was discontinued without any stable release.
  • Removed Joda time dependency and replaced its references with Java time.
  • Library upgrades mentioned above.
  • Updated copyright dates and headers in all the files and updated BLC dependencies.
  • Merged bug fixes and enhancements included in 6.1.12-GA

Total Resolved Issues: 27