Documentation Home
Changelog

Broadleaf Commerce 6.2.8-GA

Released on September 13, 2023

This is the 8th patch release for Broadleaf Framework 6.2.x. To upgrade a 6.2.x application to the 6.2.8-GA release, it should only require updating the broadleaf-boot-starter-parent to 6.2.8-GA in the parent pom.xml.

New and Noteworthy

Library version upgrades

Following libraries were upgraded:

  • Springboot : From 2.7.12 to 2.7.15
  • Spring : From 5.3.27 to 5.3.29
  • Spring Security : From 5.8.3 to 5.8.6
  • Closure compiler : From v20210505 to v20200830
  • Commons cli: From 1.4 to 1.5.0
  • ImageIO-jpeg: From 3.9.3 to 3.9.4
  • Pngstatic: From 1.6 to 1.7
  • commons-io: From 2.11.0 to 2.13.0
  • Commons codec: From 1.15 to 1.16.0
  • Commons lang: From 3.11 to 3.13.0
  • Javax mail: From 1.4.1 to 1.4.7
  • Xmlbeans: From 5.0.0 to 5.0.3
  • Tika-core: From 2.7.0 to 2.7.9
  • Guava: From 32.0.0 to 32.1.2
  • Protobuf: From 3.22.3 to 3.24.2
  • Xerial snappy-java: From 1.1.8.4 to 1.1.10.1
  • Opencsv: From 5.7.1 to 5.8

Multi-thread solr re-index

In order to improve the performance of the re-indexing of the catalogs, there is now an option to index on multiple threads. Use the property below to enable the new approach. This is set to true by default and setting false will enable multi-thread solr reindex.

## Using multi-thread solr reindex
solr.catalog.useLegacySolrIndexer=false

Utility to change values in Columns

In one of the previous release, maximum size/length of some columns were changed from 5K to 4K in order to support Oracle Database. Even though it was changed in the framework, schemas that have already been built will not be affected. They don't need to change unless you want them to. In such case, we are providing a utility to change the data on the related tables to be under 4K. After which it will be safe to make necessary change in schema.

Here are the instructions to update:

  1. Please make sure you backup the DB.
  2. Find a migration window when no admin users would be updating data. The process might take long time and during that period, nothing should be inserted in the related tables.
  3. The utility is mapped to this controller /admin/changeDetail/update-chunk-size in admin. Run the utility by hitting that URL.
  4. Verify the values have changed for column SHORT_VAL in BLC_SNDBX_WRKFLW_CHG_DTL table and column VALUE in BLC_SNDBX_WRKFLW_CHG_DTL_VAL table, and verify they are not more than 4k chars.
  5. Now you are ready to shrink the column size/length from 5k to 4k. Please consult your DB docs on the best way to shrink the column size/length.

An at-a-glance view of the issues that were closed in this release:

Major Bugs(1)

  • Fixed the Insecure Direct Object Reference (IDOR) vulnerability that was reported by preventing a user to use his session to manipulate entities on the other sites in BroadleafAdminRequestProcessor.

Minor Bugs(17)

  • Fixed various issues with the list grid view for the assets.
  • Fixed the issue with listgrid on catalog selection modal when adding new entity.
  • Fixed the issue where empty rows are visible and can be selected in newly created entities.
  • Fixed the issue where searching for the catalogs using the symbol '%' in the name throws an error.
  • Fixed various issues with decoding and validating URLs with special characters in the admin UI.
  • Fixed the issue where listgrid on Add-ons modal throws an error when duplication feature is enabled.
  • Fixed the issue where applying then removing filters in listgrid of 'Roles' page throws a jquery error.
  • Fixed the issue where Offer and offer code would not be used by the offer engine on standard site when overridden.
  • Fixed the issue where saving roles changes for admin users fails validation. Allow empty value in AdminRegexValidator.
  • Fixed the listgrid on 'My Changes' and 'Audit Report log' page to not show filter for fields that were added manually or can't be filtered with.
  • In createPopulatedInstance() of BasicPersistenceModule, the list of properties were not being sorted correctly so added sort.
  • When adding SKU inventory, it is possible to add SKUs with mismatched inventory type to Inventory location. Added a fix to apply filter which applies based on inventory type.
  • Enhance the error messaging in exceptionWithNonTransformed() of MergePersistenceUnitManager when a class is loaded early preventing it from being transformed.
  • When customer changes password, there is no feedback given in UI regarding the outcome. Added message in the method processChangePassword() of BroadleafChangePasswordController.
  • Updated the property names in GoogleAnalytics4Processor. Replaced all 'googleAnalytics' or 'universalAnalytics' with 'googleAnalytics4'.
  • Replaced the value for Validator.HtmlValidationConfigurationFile in the framework's 'ESAPI.properties' from antisamy-esapi.xml to antisamy-myspace.xml.
  • Downgraded the closure compiler to 'v20200830' because the versions above that includes some major libs like javax which is comes first in classpath and overrides the versions in the framework. Latest release addresses this problem, but it requires newer java to compile.

Enhancements(3)

  • Upgraded the libraries mentioned above.
  • Added SQL query for translation of Product Option Attribute value in ProductOptionDaoImpl instead of iteration through List in order to improve the performance.
  • Added support for the multi-threaded solr re-index which is mentioned above.

Total Resolved Issues: 21