Documentation Home
Changelog

Broadleaf Commerce 7.0.7-GA

Released on May 6, 2025

This is the 7th patch release for Broadleaf Framework 7.0.x. To upgrade a 7.0.x application to the 7.0.7-GA release, it will require updating the boot starter in the parent pom.xml broadleaf-boot-starter-parent to 7.0.7-GA.

New and Noteworthy

New Property

New feature to re-index the Orders by specified date range was introduced in previous version. Some limitations were observed by clients and suggested to use batches. The logic has been updated and it is now using this property solr.reindex.order.batch.size which is set to 1000 by default.

Library version upgrades

Following libraries were updated for security:

  • Spring: Updated from 6.2.11 to 6.2.18
  • Spring Security: Updated from 6.5.9 to 6.5.10
  • Spring Boot: Updated from 3.5.6 to 3.5.14
  • Spring ldap: Updated to 3.3.3 3.3.6
  • Jackson: Updated from 2.20.0 to 2.21.2
  • Lombok: Updated from 1.18.42 to 1.18.44
  • Logback: Updated from 1.5.19 to 1.5.26
  • Zookeeper: Updated from 3.9.4 to 3.9.5
  • Hsql: Updated from 2.7.1 to 2.7.4
  • Commons-collection4: Updated from 4.4 to 4.5.0
  • Commons-IO: Updated from 2.18.0 to 2.20.0
  • Commons-lang3: Updated from 3.19.0 to 3.20.0
  • Commons-logging: Updated from 1.2 to 1.3.5
  • Commons-validator: Updated from 1.10.0 to 1.10.1
  • Jquery-ui: Updated from 1.13.2 to 1.13.3
  • Closure Compiler: Updated from v20180506 to v20240317
  • Protobuf: Updated from 4.32.0 to 4.34.1

An at-a-glance view of the issues that were closed in this release:

Minor Bugs(4)

  • Fixed the issue for the listgrid data alignment when adding a new row to an empty listgrid.
  • Fixed the issue where values for audit fields like "DATE CREATED", "DATE UPDATED" and "UPDATED BY" were sometimes showing incorrect data.
  • Fixed the issue where tooltip text shown while hovering over link were not formatted correctly. Updated EntityFormVariableExpression to decode HTML properly.
  • Fixed the issue with AJAX calls made for Asset audit fields. Updated entityForm.js to strip the image sources from content outside the target tab to prevent broken requests.

Enhancements(8)

  • Updated libraries mentioned above.
  • Updated UrlUtil to use ESAPI validation.
  • Updated StaticAssetStorageServiceImpl to use SHA-256 instead of MD5.
  • Added validation to prevent usage of special characters in offer targeters.
  • Added logic in the class DirectCopyClassTransformer to skip repeated class transformation
  • Added new method readOrdersByDateRangePaginated() for OrderDao to support re-indexing of Orders in batches.
  • Added postAddSubCollectionEntity and postUpdateSubCollectionEntity hooks in the AdminBasicEntityController.
  • Removed 'Commons-lang', 'Commons-collections' and 'Commons-beanutils' completely from the framework in favor of 'Commons-lang3', 'Commons-collections4' and 'Commons-beanutils2'.

Total Resolved Issues: 12