Broadleaf Commerce 7.0.5-GA

Released on June 19, 2025

This is the 5th patch release for Broadleaf Framework 7.0.x. To upgrade a 7.0.x application to the 7.0.5.1-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent to 7.0.5.1-GA.

Note: Minor patch 7.0.5.1-GA was released on 15th August with some libraries upgrade due to security vulnerabilities. No code changes were made beside these library upgrades:

• Solrj: Updated from 9.5.0 to 9.8.1
• ESAPI: Updated from 2.6.2.0 to 2.7.0.0
• Commons-fileupload: Updated from 1.5 to 1.6.0
• Commons-lang3: Updated from 3.17.0 to 3.18.0

Note: Minor patch 7.0.5.2-GA was released on 29th August with some libraries upgrade due to security vulnerabilities. No code changes were made beside these library upgrades:

• Tika-core: Updated from 2.9.2 to 3.2.2
• Jakarta.mail-api: Updated from 2.1.2 to 2.1.4
• Jakarta.mail: Updated from 2.0.2 to 2.0.4
• Tomcat: Updated from 10.1.42 to 10.1.44

New and Noteworthy

Library version upgrades

• Antisamy: Updated from 1.7.7 to 1.7.8
• ESAPI: Updated from 2.6.0.0 to 2.6.2.0
• Tomcat: Updated from 10.1.40 to 10.1.42
• Jackson: Updated from 2.18.2 to 2.19.0
• Lombok: Updated from 1.18.34 to 1.18.38
• Logback: Updated from 1.5.17 to 1.5.18
• Commons-lang3: Updated from 3.16.0 to 3.17.0
• Commons-IO: Updated from 2.15.1 to 2.18.0
• Commons-beanutils: Updated from 1.9.4 to 1.11.0
• Protobuf: Updated from 4.29.3 to 4.30.2

An at-a-glance view of the issues that were closed in this release:

Minor Bugs(3)

• Fixed the issue where building metadata of an extended entity with @OneToMany relations throws NPE.
• Fixed the issues with Read-only permissions. Some entities and information were not showing up for read-only user.
• Fixed the issue where using a special characters on a product name that gets used in an offer will cause an error on the site.

Enhancements(1)

• Updated libraries mentioned above.

Total Resolved Issues: 4