Broadleaf Enterprise 4.3.7-GA

Released on September 13, 2023

This is the 7th patch release for the Broadleaf Enterprise 4.3.x module.

An at-a-glance view of the issues that were closed in this release:

Fixed the Insecure Direct Object Reference (IDOR) vulnerability that was reported. Added additional checks for the sandboxes' relation to admin user during promote operation.

When adding SKU inventory, it is possible to add SKUs with mismatched inventory type to Inventory location. Added a fix to apply filter which applies based on inventory type.
Fixed the issue where empty rows are visible and can be selected in newly created entities.
Fixed the list grid on 'My Changes' and 'Audit report log' page to not show filter for fields that were added manually or can't be filtered with.
Fixed various issues with the list grid view for the assets.
Fixed the issue where some ChangeDetails were not being saved while use Import API.

In order to support Oracle DB, changed a query in SimpleTransitionDaoImpl to get timestamp by calling getDateString() method instead of passing string.
Added a utility to update the DB column lengths related to change details which were changed in a previous release. See framework release notes for detailed information.
Removed the step to reset the inventoryType if 'Track Inventory By Product' feature is deactivated.
Refactored PurgeSandboxClonedEntitiesEventConsumer in order to make it easier to override the methods of the class.
Refactored AdditionStatusResourcePurgeServiceImpl. Changed 'Private' modifiers for several methods to 'Protected' and added an exception message while logging.
Added support for the multi-threaded solr re-index. Check framework release notes for detailed information.

Total Resolved Issues: 12