Broadleaf Commerce 6.2.7-GA
Released on June 15, 2023
This is the 7th patch release for Broadleaf Framework 6.2.x. To upgrade a 6.2.x application to the 6.2.7-GA release, it should only require updating the broadleaf-boot-starter-parent to 6.2.7-GA in the parent pom.xml.
New and Noteworthy
Library version upgrades
Following libraries were upgraded:
- Springboot : From 2.7.8 to 2.7.12
- Spring : From 5.3.25 to 5.3.27
- Spring Security : From 5.8.2 to 5.8.3
- Jackson : From 2.14.2 to 2.15.2
- Lombok: From 1.8.24 to 1.8.28
- Groovy : From 2.4.15 to 2.4.21
- Byte-buddy : From 1.10.18 to 1.14.3
- Antisamy : From 1.7.2 to 1.7.3
- ESAPI : From 2.5.1.0 to 2.5.2.0 (properties file also updated)
- Apache httpclient : From 4.5.13 to 4.5.14
- Jettison : From 1.5.3 to 1.5.4
- Guava : From 30.1.1 to 32.0.0
- Protobuf : From 3.19.6 to 3.22.3
Thymeleaf Layout dialect
Official release of springboot uses thymeleaf-layout-dialect from groupId nz.net.ultraq.thymeleaf. In order to sync the dependencies, the framework has been updated with the dependency below.
<dependency>
<groupId>nz.net.ultraq.thymeleaf</groupId>
<artifactId>thymeleaf-layout-dialect</artifactId>
</dependency>
Admin Password validation
A basic Admin Password validation has been added in the framework. This is a very basic validator added as an example which should be replaced or extended as required. The validator bean is blAdminRegexValidator and the property for the regex with default value is:
#Basic regex for admin user passwords
admin.password.regex.validation=[^\\s]{6,}
Blacklisting and Whitelisting file types
There is already a property for blacklisting files extension for asset uploads. This is building on that and adding whitelist feature. Setting the whitelist will ignore blacklist and will only allow the files from whitelist. Here are the properties for these features:
# List of disabled extensions of files to upload, must be comma-separated( jpg, txt, pdf etc.).
# If blank all extensions are available.
disabled.file.extensions=pdf
# List of file extensions that are allowed for upload. Extension determined not only by filename,
# but also library tika is used to check the content(file header) to determine what is this file.
# List as comma-separated extensions(png, jpg, etc)
# if this property is defined, property disabled.file.extensions is ignored
allowed.file.extensions=
An at-a-glance view of the issues that were closed in this release:
Minor Bugs(17)
- Fixed the issue where importing bmp images would cause errors.
- Fixed the issue where product option value translations could go missing in the cart.
- Fixed the issue where filter applied on the listgrid of inventory would reset after modifying inventory.
- Fixed the issue where products set as unavailable would not show proper indication on thumbnail of the product on the storefront site.
- Fixed the issue where string comparator was used to compare 'DisplayOrder' in
OrderItemServiceImplinstead of numerical comparator. - Fixed the issue where cache were not getting cleared properly for categories. Updated
getChildCategoryXrefs()inCategoryImpl. - Fixed the issue where Admin (Redactor) is adding an extra Span. Fixed the caret position in redactor when switching WYSIWYG mode and caret inside style tag.
- Fixed the issue where editing media asset would not work on entity pages. Updated
assetSelector.jsto add generic selector to find the media input. - Fixed the issue where some widgets would throw error. In
listGrid-paginate.jsadded a check if a table is present before trying to calculate size for it. - Fixed the issue where creating boolean product option with two values would throw an error. In
ProductOptionsCustomPersistenceHandlerchanged operator from '>=' to '>'. - Fixed the issue where changing timezone settings would not update the timestamps in some of the entity forms and listgrids. Created
DateProcessorto properly convert and format dates to use as Strings. - Fixed the issue where 'Content Item' changes made in template site would not invalidate cache for all the child sites. Added method to construct all possible cache keys in
SparselyPopulatedQueryExtensionHandler - Fixed the issue where
BroadleafEnumerationTypewould sometimes not display value in the admin. Added logic to show 'value' instead of 'displayValue' if the 'displayValue' is not set. - In
AdminMappingExceptionResolver, stacktrace can added to view which is set by propertyexception.showstacktrace. The logic to show stacktrace was incorrect so reverted the logic. - Updated the purge job to delete entities with the status "NEW". Fixed the issue where entities with child elements were not getting deleted.
- Added a null check in
SolrSearchServiceImplbecause there is possibility thatgetDefaultReference()ofCategoryXrefreturning null. - Fixed the issues with "Include my Changes" checkbox when using 'Preview' feature of the framework. Added
BroadleafIncludeMyChangesResolverand updatedBroadleafRequestProcessorandBroadleafSandBoxResolverImplto utilize the new resolver.
Enhancements(11)
- Upgraded the libraries mentioned above.
- Added whitelist feature for assets which is mentioned above.
- Corrected the logging usage and logging messages in various classes.
- Added a basic admin password validator which is mentioned above.
- Changed the UI of RMA listgrid to match the style of 'Customer history'.
- Removed the usage of
MethodUtils.invokeMethod()from the framework. - Changed modifier from 'private' to 'protected' for
ProductOptionValueDTOclass. - Added 'ehcache' to the list of
blDirectCopyIgnorePatternsin order to exclude it for transformers. - Added tool tip for the headers of the listgrid. If the header is too long for the size of cell, its possible to read the value in the tooltip.
- Added an example of how to add filtration for the SKUs based on some product field. Check
applyInventoryRestictions()inSkuCustomPersistenceHandlerif such filtration is needed. - Merged bug fixes and enhancements included in 6.1.13-GA
Total Resolved Issues: 28