Elastic Path 8.1.x Release Notes

Learn about changes to Elastic Path Commerce for this release. Fixes since the release are summarized in the changelog.

Changelog

The changelog contains the list of fixes and improvements made to Elastic Path Commerce 8.1 since its release date. To learn how to consume the updates, see Consuming Support Fixes.

• 69e0495e: Removed support for user-name and user-company fields in JWT metadata payload, which was leading to unique constraint errors in PunchOut. (26-Sep-2024)
• a55b1cb0: Fixed issue with Data Sync Webapp where changesets containing base amounts were causing multiple product index notifications to be created and were also holding the base amount objects in memory until the service was restarted. (19-Sep-2024)
• 064cf01c: Upgraded Tomcat version from 9.0.85 to 9.0.90. (11-Sep-2024)
• 8b604088: Build stability improvements. (9-Sep-2024)
• 01a90ab6: Fix for NullPointerException that can occur if looking up a non-existent compound GUID with CategoryLookup#findByCompoundCategoryAndCatalogCodes. (30-Aug-2024)
• 277e87c0: Consolidated all Awaitility dependencies from version 2.0.0 to 3.1.6. (26-Aug-2024)
• 8d675f02: Updated the Log4j configuration for all services to ensure that log file sizes are limited by using a fixed window rolling policy. (26-Aug-2024)
• ccc859e7: Fixed issue where the parentCategoryCodes field is not populated in the SOLR index for linked categories. (25-Aug-2024)
• 3e18001a: Fixed Catalog Syndication cucumber test stability issue. (19-Aug-2024)
• f35cbca7: Fixed issue with SKU selection dialog not allowing users to search after clicking the clear button. (15-Aug-2024)
• d2c91660: Fixed out of memory error that can occur on the Batch Server if database contains a large number of TCUSTOMERCONSENT records. (30-Jul-2024)
• bde5dfc5: Fixed issue where parent-widget-id and widget-type attributes on a table row were not properly set after a table is updated. This could lead to Selenium test issues. (29-Jul-2024)
• 44e6b3fa: Fixed all query strings defined on beans for Catalog Syndication JpaPagingItemReader instances to ensure they have an ORDER BY clause. (25-Jul-2024)
• 19be1b60: Improved Oracle reset-db script to ensure that the tablespace is created automatically. (19-Jul-2024)
• 8cee94c8: Improvements to Operational Insights exception handling when an exception is thrown during cache inspection. (17-Jul-2024)
• c711c8ae: Removed line from com.elasticpath.cmclient.core/plugin.xml that caused the XML to be invalid. (20-Jun-2024)
• 769afe6f: Fixed issue with Commerce Manager initialization that can occur if several initial requests are received concurrently. (18-Jun-2024)
• c764df10: Fixed issue where CouponUsageLimitValidator doesn't properly handle some coupon-related issues. (18-Jun-2024)
• 6406b856: Added exclusion on Spring Framework dependencies within ext-commerce-engine-wrapper to ensure that Spring dependencies aren't accidentally embedded in the bundle. (17-Jun-2024)
• 74f8cbf4: Fixed issue for scenario when multiple customer records have the same username for different stores, the wrong customer record could be selected during authentication. (11-Jun-2024)
• c6ce15cb: Fix for potential race condition around CategoryLookup and CategoryService load tuners which can cause errors about unloaded fields. (10-Jun-2024)
• 08e6890c: Fix for intermittent Selenium test failure "Error forwarding the new session Empty pool of VM for setup". (4-Jun-2024)
• 6edbd733: Fixed intermittent Selenium test failures related to long generated catalog entity names. (4-Jun-2024)
• 9090388e: Fixed intermittent Selenium test failures related to the "Promotion Search With Quotes" test. (2-Jun-2024)
• 49e92ffc: Removed check from Commerce Manager and Batch Server health checks that verifies that search server is reachable. This was causing health checks to fail incorrectly in some circumstances. (29-May-2024)
• 2b5e6b6d: Build stability improvements. (15-May-2024)
• 22b74b3d: Updated activemq-kahadb-store from version 5.14.3 to 5.17.6. (15-May-2024)
• 6a26fcf2: Separated product and product type caching to reduce product cache memory use by 30-60%. (14-May-2024)
• 9ea25524: Upgraded Jetty from 9.4.44.v20210927 to 9.4.54.v20240208 to address CVE-2024-22201, CVE-2023-44487, CVE-2023-36479, CVE-2023-26049, CVE-2023-26048 and CVE-2022-2048. (14-May-2024)
• a95f3ace: Removed duplicate localization property key in email.properties that was causing confusion. (14-May-2024)
• 68335655: Changed ep-test-application dependencies to test scope to ensure that test artifacts don't end up in the compiled WAR files. (29-Apr-2024)
• db01cc18: Migrated fusesource mqtt-client 1.3 to activemq-mqtt 5.17.6 to address CVE-2019-0222. (18-Apr-2024)
• dbaf0d1f: Upgraded hibernate-validator from 6.0.20.Final to 6.2.0.Final to address CVE-2023-1932. (17-Apr-2024)
• bbc3dce5: Fixed exception handling around attribute value types. (15-Apr-2024)
• 14d08a06: Modified default cache TTL for checking promotion updates from 60 minutes to 5 minutes so that promotion changes are reflected more quickly in Cortex. (15-Apr-2024)
• d47c2711: Include all caches in Operational Insights API response, instead of just select caches. (15-Apr-2024)
• 418345db: Fixed several Operational Insights metrics that were broken for customers using PostgreSQL or Oracle. (15-Apr-2024)
• 9e7d21ef: Allow Operational Insights clients to override service response wait time by setting serviceResponseWaitTime query parameter. (12-Apr-2024)
• 554fd6ee: Build stability improvements. (12-Apr-2024)
• b50446a2: Fixed more issues with Helix exception handling where the stack trace can be lost. (10-Apr-2024)
• 304b67b4: Fixed OSGi split package issue for org.apache.commons.fileupload packages. (9-Apr-2024)
• b5fa8b7f: Build stability improvements. (8-Apr-2024)
• 6cd5524e: Excluded htrace-core4 from transient dependencies which contains vulnerable shaded copy of jackson-databind 2.4.0. (5-Apr-2024)
• 9014c30e: Fixed issue with the ActiveMQ console showing an error when accessed on a local developer machine. (25-Mar-2024)
• 93e89b0e: Fixed potential race condition that can cause payment provider configuration property values to be returned as empty. (22-Mar-2024)
• 963126d9: Upgraded esapi from 2.5.2.0 to 2.5.3.1 to address WS-2023-0429. (21-Mar-2024)
• de5e6296: Fixed potential race condition that can cause product/sku/category attribute values to be returned as empty. (18-Mar-2024)
• 2c8e1abc: Fix for Operational Insights "tomcat-*" fields returning values for the health check connector instead of the primary connector. (18-Mar-2024)
• 6908f7fc: Upgraded Tomcat version from 9.0.50 to 9.0.85 to address multiple vulnerabilities. (18-Mar-2024)
• dceb8223: Upgraded javax.el from 3.0.0 to 3.0.4 to address CVE-2021-28170. (18-Mar-2024)
• 7336efbe: Migrated jstl 1.1.2 and 1.2 to taglibs-standard-impl 1.2.3 to address CVE-2015-0254. (12-Mar-2024)
• 11d18652: Fixed intermittent failure in the AccessTokenDtoTransformerTest.testTransformToOAuth2AccessToken unit test. (12-Mar-2024)
• 5bb12a09: Disabled JMX for Cortex and Integration Server in Cucumber tests to avoid port conflicts. (4-Mar-2024)
• 496b0ae2: Removed nekohtml dependency to address CVE-2022-29546, CVE-2022-28366, and CVE-2022-24839. (4-Mar-2024)
• 37b2f6a4: Upgraded fluent-relos-client to version 1.10.45. (4-Mar-2024)
• 677b1dfd: Upgraded Apache Shiro from 1.12.0 to 1.13.0 to address CVE-2023-46749. (27-Feb-2024)
• 746d614e: Upgraded jackson-databind from 2.13.4 to 2.16.1 to address CVE-2022-42003. (26-Feb-2024)
• fab76d3c: Upgraded wiremock from 2.23.2 to 2.27.2 to address CVE-2021-23369. (26-Feb-2024)
• ff443f98: Upgraded commons-net to version 3.9.0 to address CVE-2021-37533. (23-Feb-2024)
• 8e9fded7: Upgraded commons-configuration2 from version 2.1.1 to 2.8.0. (23-Feb-2024)
• 0cd5215b: Upgraded json-path from 2.6.0 to 2.9.0 to address CVE-2023-51074. (22-Feb-2024)
• d110af8f: Upgraded poi from 4.0.1 to 4.1.1 to address CVE-2019-12415. (22-Feb-2024)
• f91aafad: Upgraded antisamy from 1.7.4 to 1.7.5 to address CVE-2024-23635. (21-Feb-2024)
• 84d93f13: Upgrade htmlunit from 3.0.0 to 3.9.0 to address CVE-2023-49093. (19-Feb-2024)
• 0051e7d3: Upgraded htmlunit from 2.70.0 to 3.0.0 to address CVE-2023-26119. (19-Feb-2024)
• 48c032a8: Upgraded logback from version 1.2.10 to 1.2.13 to address vulnerability CVE-2023-6481. (14-Feb-2024)
• 9980d82c: Updated failsafe plugin to use alphabetical ordering instead of default filesystem ordering. (14-Feb-2024)
• ff19d070: Upgraded junit from 4.12 to 4.13.1 to address CVE-2020-15250. (14-Feb-2024)
• df428461: Upgraded ant from 1.7.1 to 1.10.14 to address CVE-2020-11979. (13-Feb-2024)
• c9614faf: Upgraded velocity from version 1.6.2 to 2.3 to address CVE-2020-13936. (13-Feb-2024)
• 1585bcd5: Fixed issue with ESAPI bundle startup after upgrading ESAPI from 2.4.0.0 to 2.5.2.0. (13-Feb-2024)
• fa693618: Upgraded commons-fileupload from 1.4 to 1.5 to address CVE-2023-24998. (13-Feb-2024)
• e8d681cb: Upgraded guava from 31.1-jre to 32.0.1-jre to address CVE-2023-2976. (12-Feb-2024)
• 369e364a: Upgraded jsoup from 1.14.2 to 1.15.3 to address CVE-2022-36033. (12-Feb-2024)
• e4625171: Upgraded jsoup from 1.8.3 to 1.14.2 to address CVE-2021-37714. (12-Feb-2024)
• 54c17875: Upgraded ESAPI from 2.4.0.0 to 2.5.2.0 to address WS-2023-0388. (9-Feb-2024)
• 39c73660: Improved how ClasspathResourceLoader is initialized to prevent a possible memory leak related to Velocity email rendering. (9-Feb-2024)
• ad453fb0: Upgraded protobuf-java from 3.11.0 to 3.16.3 to address CVE-2022-3509 and CVE-2022-3171. (9-Feb-2024)
• d5fef651: Upgraded ESAPI from 2.3.0.0 to 2.4.0.0 to address CVE-2022-28366 and CVE-2022-29546. (8-Feb-2024)
• d5b08154: Upgraded json-smart from 2.4.7 to 2.4.10 to address CVE-2023-1370. (8-Feb-2024)
• d33dcd60: Upgraded json from 20220924 to 20231013 to address CVE-2023-5072. (8-Feb-2024)
• 90741eff: Upgraded xerces from 2.12.0 to 2.12.2 to address CVE-2022-23437. (7-Feb-2024)
• 7792fee6: Upgraded antisamy from 1.6.7 to 1.7.4 to address CVE-2023-43643. (7-Feb-2024)
• cab2c5a1: Upgraded shiro-core from 1.9.1 to 1.12.0 to address CVE-2023-34478. (7-Feb-2024)
• a04e18af: Upgraded xstream from 1.4.19 to 1.4.20 to address CVE-2022-41966. (6-Feb-2024)
• c29beffa: Optimization to eliminate unnecessary TSHOPPINGITEMRECURRINGPRICE queries when a shopping cart is retrieved. (17-Jan-2024)
• 2786bbee: Optimization to eliminate unnecessary queries to update cart item last modified date when a shopping cart is persisted. (12-Jan-2024)
• ae693c0a: Added null check in SolrQueryFactory to avoid NullPointerException if an expected attribute key does not exist. (13-Dec-2023)
• 59bbfbea: Fixed Cucumber tests that fail if test run order is changed. (12-Dec-2023)
• c05faef0: Updated individual-settings.xml to use secure Nexus URLs. (11-Dec-2023)
• 3cc776d6: Fixed issues with Helix exception handling where the stack trace can be lost and the reference number shown to the user doesn't match the logged reference number. (4-Dec-2023)
• 36c57bbf: Fix for NullPointerException that can occur if looking up a non-existent category GUID with CategoryLookup#findByGuid. (24-Nov-2023)
• 07350385: Fix for intermittent failure in "Payment Configuration" tests. (23-Nov-2023)
• a7e4bbad: Upgraded ActiveMQ from version 5.16.4 to 5.16.7 to address CVE-2023-46604. (10-Nov-2023)
• f69ac8db: Fixed an issue where JMS messages are not consumed evenly when multiple load balanced services are deployed. (7-Nov-2023)
• 84ba5738: Added explicit dependencies on data modules in ext-data to ensure that the Maven reactor builds modules in the correct order when doing multi-threaded builds. (19-Oct-2023)
• 39e8f5f2: Optimized the inventory rollup job performance and changed it to run more frequently. (16-Oct-2023)
• 4e8bfad9: Fixed potential NullPointerException when requesting Operational Insights report if no services respond with results. (9-Oct-2023)
• 9e3cfc3e: Prevented new shoppers from being created each time a custom cart is created. (9-Oct-2023)
• de9ad793: Fixed issue with selected disabled radio buttons and checkboxes being invisible on the shopping cart promotion wizard. (9-Oct-2023)
• 9dd1fdea: When accessing the Operational Insights API, the response no longer returns a redirect to a different URL. This behaviour was causing issues for environments with multiple Integration Servers behind a load balancer. (6-Oct-2023)
• 89d99aae: Fixed issues in set-ep-versions.sh script and Maven settings used for builds. (26-Sep-2023)
• 979638e1: Standardized Cucumber test configuration across modules. (24-Sep-2023)
• 4a5b591d: Removed problematic and unnecessary ep-core-cucumber-itests module. (20-Sep-2023)
• b49cb688: Fixed an issue where a large number of queries were being executed to retrieve customer, product, product sku, and category attribute values. (4-Sep-2023)
• 0914fdc5: Fixed bug in verifyDebugMessage method used by Cucumber tests. (29-Aug-2023)
• c3bae059: Fixed several coupon-related named queries that were using the unindexed coupon_code field instead of the indexed coupon_code_upper field, leading to table scans. (24-Aug-2023)
• 69d97ad1: Fixed a potential race condition in CachedSettingsReaderImpl that can cause errors during Cortex startup. (17-Aug-2023)
• 4461adea: Performance improvement for selling context evaluation that replaces the Groovy implementation for a faster Java equivalent. (10-Aug-2023)
• 5b0b3c1f: Changed Cortex database connection pool max size from 150 to 250 to ensure that it matches the default Tomcat max thread pool. (19-Jul-2023)
• 07ef65fa: Removed the failover protocol from the JMS broker URL in accordance with our policy of discouraging use of ActiveMQ high availability mode. (10-Jul-2023)
• 82973de6: Fixed issue with Operational Insights not returning Tomcat metrics in deployed environments. (7-Jul-2023)
• be23b788: Fixed NoClassDefFoundError that can occur when Operational Insights tries to determine cache sizes. (5-Jul-2023)
• 4520665c: Fix for potential "output value too large" error when running changeset PB-8894-CLOB-order-data-oracle-mysql on Oracle. (28-Jun-2023)
• a3d33ef4: Refactored permission strategies to allow them to lookup a specific identifier rather than requiring them to retrieve every permitted identifier for the user. (16-Jun-2023)
• c30dd176: Updated the Account Management data model to make use of closure tables for improved performance. (7-Jun-2023)
• 03f795bc: Ensure that Cortex bundles are always loaded in the correct order to ensure that cache configuration is properly recognized. (30-May-2023)
• 519fe471: Refactored core-changelog-2021-01-data-fields-as-json-clob.xml to make it run 20-30X faster on MySQL and Oracle databases. (12-May-2023)
• 31452770: Fix for java.lang.IllegalStateException: Product futureProduct is not linked to any categories error during search indexing. (21-Apr-2023)
• 98cb17e4: Improved parallelization of Import/Export Cucumber tests to generate directories using a UUID instead of a sequential number to avoid potential conflicts. (5-Mar-2023)
• ae8301cd: Resolved local Cortex startup warning The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". (13-Feb-2023)
• 4d50ee03: Fix to ensure that orders are correctly placed in the "Failed" state if an exception is thrown inside CreateNewOrderCheckoutAction#populateOrder. (9-Feb-2023)
• fa7fe14e: Reduced the amount of logging produced when running Selenium tests. (8-Feb-2023)
• 1d9005b3: Fix for intermittent test failures in PaymentConfigurations Cucumber tests. (7-Feb-2023)
• d6474f25: Fixed issue with changeset list resetting to page one when locking or publishing changesets. (7-Feb-2023)
• bed75900: Modified Product Association export mechanism to significantly improve performance. (6-Feb-2023)
• f0f57846: Fix for intermittent Selenium test failures due to thread safety issues. (6-Feb-2023)
• d2a198fd: Fixed issues with the skuOptions and modifierGroups options in the product type load tuner. (6-Feb-2023)
• 57473e25: Fix for "Device is disposed" error in Commerce Manager. (30-Jan-2023)
• f9a8ac2d: Fix for intermittent failure in "Import Data Policies with existing Data Policies" test. (26-Jan-2023)
• cf23542a: Increased "Remove Abandoned Monitor" timeout for all services. (25-Jan-2023)
• fc4f9b9e: Fix for NoClassDefFoundError: org/slf4j/IMarkerFactory error when the first Cortex request is received. (16-Jan-2023)
• 463afadb: Fixed issue with empty facet name when assigning available facets to a store in Commerce Manager. (9-Jan-2023)
• cd4a89f9: Returned default JMS max active session per connection size back to 25. (16-Dec-2022)
• 05cb407c: Upgraded ehcache-openjpa from version 0.2.0 to 0.2.0-ep1.0 to address potential ConcurrentModificationException. (15-Dec-2022)
• 4c0b2093: Fix for intermittent "Create category in existing category" selenium test failure. (15-Dec-2022)
• 320ac1aa: Upgraded plexus-utils from version 2.0.4 to 3.0.24. (15-Dec-2022)
• cb4f0514: When a data sync failure occurs, the log now contains details about which object failed. (8-Dec-2022)
• e45afb29: Addressed XML parse warning in search server logs during startup on local developer machines. (7-Dec-2022)
• 65ab8377: Modified coupon table to store coupon codes in uppercase so we can do a case insensitive lookups without a table scan. (5-Dec-2022)
• 8f91039e: Addressed api-platform build issue on M1 MacBooks. (5-Dec-2022)
• c2ddc7a7: Fixed content root error appearing in IntelliJ for some modules. (1-Dec-2022)
• 38ca1639: Added caching to the isInCategory method to improve performance of promotions and price lists that are conditional on a product being in a category. (29-Nov-2022)
• fad058db: Performance improvement to avoid loading a full shopping cart when updating the last-modified date. (28-Nov-2022)
• 2597a433: Refactored additional logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging). (28-Nov-2022)
• 6b4d15b4: Upgraded hibernate-validator from version 5.4.3.Final to 6.0.20.Final to address CVE-2020-10693. (25-Nov-2022)
• 0d4deef4: Removed leftover references to customer SOLR index. (25-Nov-2022)
• de4f1354: Fixed an issue where a free item promotion triggered by a coupon was not activated. (24-Nov-2022)
• 939a2861: Improved upgrade performance of the PB-8250 Migrate Data to USERNAME Liquibase changeset on MySQL. (24-Nov-2022)
• 9dbe2195: Upgraded groovy-all from version 2.4.15 to 2.4.21 to address CVE-2020-17521. (23-Nov-2022)
• 75f0c588: Upgraded ESAPI from version 2.1.0.1 to 2.3.0.0 to resolve CVE-2022-23457. (23-Nov-2022)
• 7c1df9e0: Fixed issue with DST cache that is not cleared after failed synchronizations, which can lead to errors in subsequent synchronization attempts. (23-Nov-2022)
• 12b62413: Upgraded spring-security-oauth2 from version 2.3.8.RELEASE to 2.5.2.RELEASE to resolve CVE-2022-22969. (18-Nov-2022)
• 90c65afc: Fix for search server race condition that can prevent indexes from building. (17-Nov-2022)
• e5f74a7e: Fixed SonarQube linter errors in api-platform source. (17-Nov-2022)
• aefdc2d9: Changed log level in PriceListPriceScoreDocComparator to prevent logs from being flooded during search indexing. (15-Nov-2022)
• a8667957: Fixed a Commerce Manager issue where the "Refresh Orders" button on an Account causes the orders list to be cleared instead of reloading the account orders. (14-Nov-2022)
• d651fca2: Fixed NullPointerException that can occur in Commerce Manager when clicking on the Profile Attribute Policies tab of a store. (14-Nov-2022)
• 8146c532: Upgraded httpclient from version 4.5.5 to 4.5.13 to resolve CVE-2020-13956. (11-Nov-2022)
• a9802f32: Upgraded mybatis from version 3.2.3 to 3.5.11 to resolve CVE-2020-26945. (10-Nov-2022)
• 69cf9e02: When checking out a cart that contains a coupon that has run out of uses, block checkout instead of removing the coupon code automatically. (10-Nov-2022)
• 89880513: Fixed potential NullPointerException that can occur when the 7.5.0-decouple-customer-userid-from-email changeset is executed. (10-Nov-2022)
• 9cd15657: Modified EpEmailValidator to accept empty values to be consistent with other validators. (9-Nov-2022)
• 3f189a2b: Upgraded jdom from version 1.1.3 to 2.0.6.1. (8-Nov-2022)
• e397fda3: Upgraded json-path from version 2.4.0 to 2.6.0. (7-Nov-2022)
• c64b3d58: Upgraded json-smart from version 2.4.2 to 2.4.7. (7-Nov-2022)
• 60b8be08: Upgraded xstream version from 1.4.18 to 1.4.19 to address CVE-2021-43859. (4-Nov-2022)
• 5036b5ca: Fixed issues with the 7.6.0-torder-make-cart-order-guids-unique changeset. (4-Nov-2022)
• 488f1c35: Fixed primary key data type on TOUTBOXMESSAGE table to prevent overflow. (3-Nov-2022)
• c5bdbb00: Upgraded camel from version 2.23.4 to 2.25.3 which transitively upgrades woodstox from version 5.1.0 to 5.3.0. (3-Nov-2022)
• d1993af8: Upgraded logback and slf4j versions in api-platform so they match ep-commerce. (31-Oct-2022)
• 9e551de4: Upgraded json library version from 20170516 to 20220924. (31-Oct-2022)
• 38850acb: Enabled application caching in search and integration server. (28-Oct-2022)
• d5e8c6d0: Fixed issue preventing email notifications from being sent when a changeset publish completes. (26-Oct-2022)
• d78d2d73: Corrected invalid JMS connection pool attribute names in context.xml. (26-Oct-2022)
• 5a55bbd2: Fixed issue where the price list drop-down on the product bundle price adjustments tab isn't populated. (25-Oct-2022)
• 80654bc8: Modified Integration Server to use cache configuration specified by ep.external.ehcache.xml.path instead of the embedded ehcache-importexport.xml. (25-Oct-2022)
• ace14f25: Fixed issues with Integration Server that prevented payment plugins from being wired in correctly. (25-Oct-2022)
• 101e6801: Upgraded commons-text from version 1.9 to 1.10 to address CVE-2022-42889. (21-Oct-2022)
• 07ca7eed: Upgraded commons-validator from version 1.6 to 1.7. This allows Cortex to recognize recent new DNS top-level domains when validating email addresses. (19-Oct-2022)
• 884acbd7: Replaced libsass-maven-plugin to resolve build errors on Mac M1 machines. (18-Oct-2022)
• 38c132ca: Fix for ORA-00936: missing expression error that can occur on Oracle when some Liquibase changesets were executed by data population. (18-Oct-2022)
• 9aa2d2b7: Fixed issue where promotions that can apply to multiple cart items but are limited in number would apply the discount correctly but the appliedPromotions resource would show it applying to both. (6-Oct-2022)
• 4eab3e50: Modified Commerce Manager product and category display name localization so that only intentionally specified values are displayed and saved. (6-Oct-2022)
• dd73757e: Upgraded xmlbeans from version 2.4.0 to 3.0.0. (5-Oct-2022)
• cd8dc786: Upgraded xstream from version 1.4.11 to 1.4.18 and ActiveMQ from version 5.16.0 to 5.16.1. (5-Oct-2022)
• 520151cd: Improvement to cart line item promotion allocation to allow code to determine how much of a discount the promotion applied to each line item. (30-Sep-2022)
• 8598d577: Upgraded Guava from version 24.1.1-jre to 31.1-jre. (28-Sep-2022)
• 2a5826af: Upgraded Spring Batch from version 4.0.4 to 4.2.3. (28-Sep-2022)
• 405636d4: Improvements to Selenium test suite run time. (27-Sep-2022)
• 6a94c0d9: Upgraded Logback from version 1.2.3 to 1.2.10. (26-Sep-2022)
• 27963612: Fixed race condition in IndexNotificationProcessor preventing index notifications from being deleted properly. (22-Sep-2022)
• 4c16145d: Removed all Direct Web Remoting library dependencies. (21-Sep-2022)
• 0db0aa50: Fixed issue where promotion date range was being checked using application timezone instead of database timezone. (19-Sep-2022)
• 489a6cd8: Upgraded Spring Core from version 4.3.25.RELEASE to 4.3.30.RELEASE. (15-Sep-2022)
• c782808c: Fixed issue with product not being automatically added to cart by free item promotion action. (14-Sep-2022)
• 396c0895: Avoid inventory lookup during search indexing for stores with isDisplayOutOfStock set to true. (13-Sep-2022)
• c8dee15b: Build stability improvements. (8-Sep-2022)
• ae6260ec: Separated indexing pipelines by type to ensure that long queues in one pipeline doesn't delay indexing in another. (5-Sep-2022)
• e61411e8: Upgraded ActiveMQ to version 5.16.4 which uses Reload4j instead of Log4j to address several security vulnerabilities. (2-Sep-2022)
• cbf6628c: Updated Catalog Syndication projection builder to ensure that projection and projection history records are persisted in separate transactions to prevent deadlocks. (31-Aug-2022)
• 03275dbf: Upgraded antisamy from version 1.5.8 to 1.6.7. (30-Aug-2022)
• e0464ab6: Upgraded Jackson from version 2.12.3 to 2.12.7 to address jackson-databind security vulnerability. (30-Aug-2022)
• e350de14: Removed Product Recommendations job to avoid OptimisticLockingExceptions in the Data Sync Tool. (30-Aug-2022)
• e0d545fa: Disabled an intermittently failing Selenium test. (25-Aug-2022)
• 6e18bc69: Disabled an intermittently failing Selenium test. (25-Aug-2022)
• 98373703: Allow business users to add "not sold separately" products as associations. (24-Aug-2022)
• 24a4d0c5: Fixed a scenario where the Integration Server product lookup cache could be populated with a partially loaded product object, which led to NullPointerExceptions. (21-Aug-2022)
• d7c52a2e: Removed the Top Seller quartz job and corresponding sales count field on products. This job was only intended for use in demos, and was causing optimistic locking errors in the Data Sync Tool. (19-Aug-2022)
• f8d28f04: Increased the size of the fields used to hold catalog syndication content. (17-Aug-2022)
• 54fda3ec: Fixed issue with multiple Cortex OSGi bundles exporting the same package, leading to potential instability at startup. (17-Aug-2022)
• 43da616c: When importing product associations, if an matching product association was hidden or "not sold separately", a new association would be created instead of updating the existing association. (17-Aug-2022)
• b5cc5a7c: Removed duplicate database indexes from the TORDERADDRESS table. (16-Aug-2022)
• 8b642ce6: Upgraded Spring Web from version 4.3.25.RELEASE to 4.3.30.RELEASE. (16-Aug-2022)
• 740ea031: Use embedded web server to reliably serve test mail attachment for Cucumber emailFileAttachments.feature. (7-Aug-2022)
• 6d4bed73: Added several indexes that were missing on Oracle and PostgreSQL databases. (25-Jul-2022)
• d47f3ec8: Refactored most logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging). (25-Jul-2022)
• b4bcbc45: Fixed issue where cart item modifiers on shopping cart child line items cannot be updated. (21-Jul-2022)
• ac8c1f33: Operational Insights is a tool for validating the configuration and health of an Elastic Path Commerce environment. This patch adds an API endpoint to the Integration Server that can be used by the Operational Insights front-end. (21-Jul-2022)
• e82f217e: Modified the coupon service to skip updating coupon usage values for unlimited use coupons to avoid concurrency issues under high load with unlimited public coupons. (20-Jul-2022)
• 38b7d7fc: Disabled checksum validation on the SUP-1020-customer-search-fields-case-insensitive changeset to account for required changes in backports to earlier versions. (19-Jul-2022)
• 10e17bd6: Upgraded JDBC driver to ojdbc8-19.9.0.0 for Oracle 19. (4-Jul-2022)
• e757e7fe: Performance improvement that moves shopping cart, shopping cart line, order, and order line metadata from separate tables into CLOB fields to reduce the required table joins. (4-Jul-2022)
• cf9ade6a: Significantly improved the performance of customer, account, and order searches in Commerce Manager. Also fixes several bugs in these searches and adds support for search by billing and shipping address fields. (23-Jun-2022)
• 745ac707: Upgraded Apache Shiro from 1.3.2 to 1.8.0. (17-Jun-2022)
• 10026d95: Modified Cortex to allow it to continue functioning normally if ActiveMQ is overloaded or offline. (14-Jun-2022)
• c2e5ecc4: Improved thread safety around promotion rule compilation. (25-May-2022)
• e02bf404: Improved messaging in the CM when a reservation fails during order modification. (16-May-2022)
• a5a3241e: Fixed search indexing to allow each index to commit as soon as it is complete instead of waiting for all indexes to complete. (4-May-2022)
• 5b8577be: Fixed an issue where service logs were not being written to the correct location. They are now always written to [user.home]/ep/logs. (29-Apr-2022)
• 363df6e1: Fixed an issue where a customer’s username is sometimes not migrated properly during an upgrade to EPC 8.1. (29-Apr-2022)
• 5e64abfc: Fix for Selenium test failures that can occur in the last week of the year, where that week has one or more days in the next year. (26-Apr-2022)
• 30de9310: Fix for potential NullPointerException while Cortex is validating attribute value data type compliance. (26-Apr-2022)
• 95076ee3: Changed attribute value LONG_TEXT_VALUE field from CLOB to VARCHAR to prevent JPA from making additional database queries for each attribute value. (25-Apr-2022)
• c611cbeb: Modified the I search for an order by number Cucumber expectation to wait until all Outbox messages are consumed to resolve intermittent test failures. (19-Apr-2022)
• 707f12c3: Corrected the password hash for Commerce Manager test users. (13-Apr-2022)
• 3b5d9b00: Extended the expiry date for Commerce Manager test users. (5-Apr-2022)
• 789a6ea6: Inject producer template into RelayOutboxMessageBatchProcessor via Spring instead of @EndpointInject annotation. (1-Apr-2022)
• 956d186f: Restored logging in Commerce Manager after Log4j2 upgrade. (25-Mar-2022)
• 55dbf095: Fixed issues with the re-population of skuOptionsCache which caused the cache to become ineffective after the TTL expires. (25-Mar-2022)
• 7f464679: Upgraded Apache SOLR from version 7.4 to 8.11.1. (17-Mar-2022)
• beffaa34: Fixed the CloudOps for Kubernetes tests for the Payment API external plug-in. The fix included updating the JAR protocol to restrict the instantiation to once per VM. (4-Mar-2022)
• a90150b4: Fixed dependencies on test database projects. (4-Mar-2022)
• 4473a067: Fixed an issue with AbstractPageObject where it would miss a button’s state change, causing test instability. (28-Feb-2022)
• 75e62059: Upgraded Log4j 1.2.17 to Log4j 2.17.1. (28-Feb-2022)
• 69cd27d3: Fix for Cortex 5XX error that can occur when multiple threads retrieve the default cart concurrently. (25-Feb-2022)
• 17172be7: Disabled unnecessary dependency retrieval when exporting through Import/Export API to greatly improve performance. Also fixed DIRECT_ONLY flag in exportconfiguration.xml so it correctly excludes associated products from the product export. (24-Feb-2022)
• ad35af22: Fix for failing email file attachments Cucumber test due to change in place-hold.it URL. (23-Feb-2022)
• 7b8d26a4: Fixed an issue where shoppers were able to access Restricted and Under Construction stores in Cortex. (31-Jan-2022)
• d8cb4304: Fixed an issue where unrelated items were returned when searching for SKUs by SKU code in Commerce Manager. (18-Jan-2022)
• a0be367b: Fixed issue in cli applications where unconsumed output on System.err could cause the application to hang. (13-Jan-2022)
• 4a4931b0: Allow base amounts to be added/edited/deleted without first adding the price list to the changeset. (29-Dec-2021)
• 66bea22e: Upgraded Tomcat to version 9.0.50. (14-Dec-2021)
• 2d123d97: Upgraded Quartz and Servicemix Quartz dependencies to version 2.3.2. (13-Dec-2021)
• 9a80846b: When a promotion can apply to multiple cart line items, this fix ensures that the appliedpromotions resource shows the promotion for all of the applicable line items. (Nov 24, 2021)
• 7f7f29dc: Fixed issue with Cortex showing incorrect pagination results when retrieving recommendations. (Nov 23, 2021)
• f9a557df: Build stability improvements. (Sep 24, 2021)
• 59392909: Improved Commerce Manager performance for catalogs with large volumes of base amounts. (Sep 21, 2021)
• f89b5e22: Implemented deadlock retries to address deadlocks on tables such as under high load. (Sep 14, 2021)
• eecbabff: Fixed an intermittent build failure where the index status was not set as expected. (Sep 15, 2021)
• 0ce94c21: Removed unnecessary duplicate promotions caches and fixed potential thundering herd issue when promotions cache is initially populated. (Sep 2, 2021)
• c55701d8: Fixed the cache for the DynamicAttributeValue. (Aug 30, 2021)
• 15f5de38: Fixed an issue where Limited Use Coupons are automatically added to new orders. (Aug 24, 2021)
• be4ab3e8: 2nd payment capture attempts are not logged / recorded in TORDERPAYMENTS when using an expired tokens (Aug 24, 2021)
• 790d9b89: Performance fix for ShipmentDetailsIdParameterServiceImpl that previously retrieved each shipment in the user’s order history to determine if the shipment resources should be accessible. (Aug 24, 2021)
• 2ce64f13: Updated promotion rule retrieval so that all other rules in the ruleset are not eagerly loaded. (Aug 16, 2021)
• 1b2b2b26: Improved performance in the cart item modifier field validator. (Aug 12, 2021)
• d7089e29: Reduced excess databases queries that were generated for cart and order modifiers. (Aug 10, 2021)
• 0d07b56c: Added support for a Maven option to define how many times to rerun failing tests. (Aug 11, 2021)
• 73d299cd: Fixed a race condition in SolrFacetAdapter that was causing Cortex errors when retrieving faceted offer search results. (Jul 7, 2021)
• 9163dc13: Fixed issues with the _scrollToTableItemWithText function in the ep-test-support.js file that caused intermittent Cucumber test failures. (Jul 6, 2021)
• 17844e9b: Backported the mvnmin.xml file to maintenance releases. (Jun 22, 2021)
• 63c43df5: Improved catalog projection clean-up performance. (Jun 10, 2021)
• 7b84f267: Fixed an error when viewing failed orders. (Jun 9, 2021)
• de545808: Updated Studio to ensure that zoom builder requests are not made until the zoom builder is opened. (May 27, 2021)
• 0f98fe40: Change mobee-test-data and shared-test-data changeset to run on every update and remove *-release-data. (May 26, 2021)
• bd040c6d: Allow groovy-maven artifacts to be downloaded from Maven central and removed duplicate versions. (May 7, 2021)
• 75868e3b: Updated maven.springframework.org with an https protocol. (May 5, 2021)
• 054f3cc0: Removed customer Solr index. (May 3, 2021)
• 532aeb03: Implemented proper initialization of TaxOperationResolvers in the ElasticPathTaxProviderPluginImpl file. (Apr 14, 2021)
• 27b264ae: Fixed the CustomerRepository method calls to enable caching values. (Apr 13, 2021)
• a8dc8e41: Updated product name search with special characters in Commerce Manager. (Apr 1, 2021)
• 181bde5d: Updated the default batch size for the TINDEXNOTIFY table. Previously, the search primary tried to fetch all data from the table. The TINDEXNOTIFY table contains millions of records and was causing resource issues. (Mar 31, 2021)
• fe4c8a36: Fixed CSV Import and Change Set issues. (Mar 25, 2021)
• 65ff750b: Improved LifecycleEventFilter to further reduce events and ensure that different entity classes with the same guid are not treated as duplicates. (Mar 23, 2021)
• 07e08cf5: Commerce Manager now displays orders in the FAILED state. These orders were previously hidden. (11-Mar-2021)
• faa5f78a: Fixed intermittent failures in the Fit tests (Framework for Integrated Test). (26-Feb-2021)
• 57938e42: Fixed an Out of Memory error caused by multiple threads falling through CachingRuleServiceImpl#findChangedStoreRuleBases simultaneously. (17-Feb-2021)
• 89d078d0: Replaced XA with Outbox pattern.. (3-Feb-2021)
• c46f5d76, 659deef1: Fixed deadlocks in the Cortex server instances that occur under very high load or when there is a large number of SKU options and values. The fix detaches the caching instance of SKUOptionValue from its state manager. (3-Feb-2021)
• 95475632: Improved the consistency of validation rules and made it possible to override them. (2-Feb-2021)
• eb086298: Fixed an issue where editing the default shipping address causes it to become the selected shipping address on all active shopping carts. (27-Jan-2021)
• fc252d06: Fixed an issue where Catalog Syndication does not update the values in existing Projections using the import/export tools. The fix includes adding missing domain events and preventing unnecessary events from being emitted. (25-Jan-2021)
• e55fc586: Fixed a failing catalog integration test. (8-Jan-2021)
• 82c2cce7: Improved performance by fixing multiple identical AttributeImpl queries in SubmitOrder. (5-Jan-2021)
• 0747866b: Improved the performance of customer search indexing. (11-Dec-2020)
• 1c66140c: Fixed an issue where the offer lookup fails when the productByUidCache and productUidByGuidCache are out of sync due to cache expiries. (3-Dec-2020)
• ecf0b24b: Fixed issues with JWT Token authentication used by PunchOut. (2-Dec-2020)
• 8c0ceae4: Fixed an issue where prices are missing from the storefront for some customers due to a thread-safety issue in LogicalTreeBuilder. (30-Nov-2020)
• b48ee260: Fixed an issue where running the database upgrade process from 8.0.0 to 8.0.1 could hang. (27-Nov-2020)
• 72309f3b: Added an accountpurchaselist link to account purchases. Commerce Manager now displays the link only for purchases made for an account. (26-Oct-2020)
• a7475923: Improved cart performance by removing unnecessary cart re-pricing calls. (16-Oct-2020)
• d4ebb8fa: Cortex now displays the selectedaccount link on the default profile when the x-ep-shared-account-id header is set. (7-Oct-2020)
• a418f891: Commerce Manager now displays orders created for an account in the account history. Orders were incorrectly showing in the user history. (6-Oct-2020)
• 1659ec3a: Fixed an issue where custom carts were not associated with the account specified in the x-ep-shared-account-id header. (6-Oct-2020)
• 01c25ede: Cortex now sets default cart modifier values properly for new custom account carts. (5-Oct-2020)
• 608968d5: Fixed a 500 error that occurred when trying to view the default profile of a customer that has been updated in Commerce Manager. (5-Oct-2020)
• 57cc539d: Enabled caching for the COMMERCE/SYSTEM/API/enableTrustedTraits setting. (1-Sep-2020)

Changelog Announcements

Refactored core-changelog-2021-01-data-fields-as-json-clob.xml to make it run 20-30X faster on MySQL and Oracle databases

The changesets in the core-changelog-2021-01-data-fields-as-json-clob.xml Liquibase file that are used as part of the EPC 8.1 upgrade have been refactored to allow it to upgrade the schema much more quickly on MySQL and Oracle databases. This was done by taking advantage of the JSON_OBJECTAGG function which serializes JSON within the database. However, this function was only added to MySQL in version 5.7.22, so project teams using MySQL must upgrade to at least MySQL RDS version 5.7.22 or MySQL Aurora version 5.7.mysql_aurora.2.11.2 before applying this patch.

Enabled Application Caching in Search Server and Integration Server

Until now, Application Caching using EhCache was only enabled for Cortex and the Import/Export tool. Now we’ve also enabled application caching for the Search Server and Integration Server. This significantly improves the performance of search indexing, asynchronous checkout operations, and Integration Server APIs.

With the application cache enabled in Search Server, the number of queries required to index the mobee test store was reduced from ~400,000 to ~50,000.

note

This change can cause some services to return dirty reads; in other words, if a cached result is returned then it might be an out-of-date representation of the object. If certain customizations are sensitive to dirty reads, you can reference the non-caching versions by adding nonCaching prefix to the reference in your service bean definition. For example, references to the storeService bean can be changed to nonCachingStoreService. You can also completely disable application caching for a service by setting the -Dnet.sf.ehcache.disabled=true JVM parameter.

For more information, see Application Caching using EhCache.

Significantly improved the performance of customer, account, and order searches in Commerce Manager

When the customer SOLR index was removed, the way that Commerce Manager looks up customer details was refactored to lookup customer and account details in the database instead of using SOLR. However, since many of the search fields need to do case-insensitive searches and/or partial matches, database indexes were not being leveraged effectively. This lead to very slow response times when the database contains a large number of user, account, or order records. The search queries have been updated to effectively use the database indexes, even for lookups that are case-insensitive or prefix (searches for results starting with the specified value).

The tables below show the type of search that is used for each search field.

Searchable user fields:

Field	Search Type
Shared ID	Exact Match
Email	Case Insensitive Match
Username	Case Insensitive Match
First Name	Case Insensitive Prefix Match
Last Name	Case Insensitive Prefix Match
Zip / Postal Code	Case Insensitive Match
Phone Number	Case Insensitive Match
Store	Exact Match

Searchable account fields:

Field	Search Type
Shared ID	Exact Match
Business Name	Case Insensitive Prefix Match
Business Number	Case Insensitive Prefix Match
Phone Number	Case Insensitive Match
Fax Number	Case Insensitive Match
Zip / Postal Code	Case Insensitive Match

Searchable order fields:

Field	Search Type
Order Number	Exact Match
User Shared ID	Case Insensitive Match
User First Name	Case Insensitive Prefix Match
User Last Name	Case Insensitive Prefix Match
User Email	Case Insensitive Match
User Phone Number	Case Insensitive Match
Account Shared ID	Exact Match
Account Business Name	Case Insensitive Prefix Match
Account Business Number	Case Insensitive Prefix Match
Account Phone Number	Case Insensitive Match
Billing Address First Name	Case Insensitive Prefix Match
Billing Address Last Name	Case Insensitive Prefix Match
Billing Address Phone Number	Case Insensitive Match
Billing Address Fax Number	Case Insensitive Match
Billing Address Zip / Postal Code	Case Insensitive Match
Shipping Address First Name	Case Insensitive Prefix Match
Shipping Address Last Name	Case Insensitive Prefix Match
Shipping Address Phone Number	Case Insensitive Match
Shipping Address Fax Number	Case Insensitive Match
Shipping Address Zip / Postal Code	Case Insensitive Match
Order Status	Exact Match
Shipment Status	Exact Match
Store	Exact Match
Product SKU Code	Exact Match
RMA Code	Exact Match

Additionally, the following bugs were fixed:

• The "Account details" fields on the order search tab now works properly (these fields were being ignored).
• The "Shipping zip / postal code" field on the order search tab was actually searching for billing zip/postal code.
• The customer search sort by username was actually sorting by shared ID.
• The progress indicator in the bottom right corner of Commerce Manager now indicates when a search is in progress.

Modified Cortex to allow it to continue functioning normally if ActiveMQ is overloaded or offline

Cortex sends event notifications in a number of circumstances. Before this patch, those event notifications were sent to ActiveMQ in real-time. Therefore, if ActiveMQ was overloaded, Cortex performance would suffer. Furthermore, if ActiveMQ was offline, Cortex operations would fail.

After this change, all Cortex event notifications are recorded in the TOUTBOXMESSAGE table, and relayed to ActiveMQ by a Batch Server job that runs every second. This means that Cortex will continue to function regardless of the state of ActiveMQ, and performance will not be affected. If ActiveMQ is offline temporarily, messages will be relayed from the outbox table once it comes back online.

Note that Cortex still maintains a connection to ActiveMQ so it can listen for Operational Insights requests, so if ActiveMQ is offline, a thread will attempt to reconnect every few seconds. However, this will not affect Cortex operation in any way.

Changed attribute value LONG_TEXT_VALUE field from CLOB to VARCHAR

This patch changes the type of the LONG_TEXT_VALUE field in all attribute value tables (TCATEGORYATTRIBUTEVALUE, TCUSTOMERPROFILEVALUE, TPRODUCTSKUATTRIBUTEVALUE, and TPRODUCTATTRIBUTEVALUE) from CLOB to VARCHAR. This is done to avoid an extra select query on the database for each record returned in these tables. These extra select queries significantly slows performance when retrieving customers, categories, products, and product skus from the database, even when the LONG_TEXT_VALUE field is not populated.

Before deploying this change to production, note the following impacts:

• If any of the tables listed above contain a large amount of data in the LONG_TEXT_VALUE field for any single record, the data population process may fail.
  • For MySQL, the new limit is 20,000 characters.
  • For PostgreSQL, the new limit is 65535 bytes (note that each unicode character can consume between 1 and 4 bytes).
  • For Oracle, the new limit is 32767 bytes (note that each unicode character can consume between 1 and 4 bytes).
• The data population process may take several minutes or hours to execute, depending on the number of records in the tables listed above, database type used, and database size. While data population is running, Cortex operations may fail or be very slow due to database load and database table locks.
• Teams using Oracle must ensure that the MAX_STRING_SIZE parameter is set to EXTENDED before running data population process or it will fail.

For all these reasons, before deploying this change to production, your teams should test the data population process on a snapshot of your production database in a pre-production environment. Verify that the process is able to complete successfully and make note of how long the data population process takes. Also validate the behaviour of Cortex during the data population process; you may need to plan for downtime during this process if the Cortex impact is significant.

For teams using Oracle, follow these instructions to change your database MAX_STRING_SIZE parameter to EXTENDED:

• Oracle instructions
• Amazon RDS instructions

Replace XA with Outbox pattern

In Elastic Path Commerce 7.5.1, XA transaction support was added. This was to ensure the publishing of domain event messages if only the transactions containing these database updates were committed to the database. This guarantee is essential to ensure that Catalog Syndication projections can be kept up-to-date.

This technology added significant complexity and boilerplate code into the Elastic Path Commerce framework. To reduce this complexity, we made the decision to replace XA with the Transactional Outbox pattern. This pattern requires the platform to insert a record into an outbox table in the same transaction as the catalog update. A separate job later reads the outbox records and relays them as the appropriate domain event messages.

The commit includes the following changes:

• Removes all library dependencies on Atomikos.
• Removes ep-jta module.
• Removes XaTransactionTestSupport from all integration tests.
• Removes support for JVM parameter -Dspring.profiles.active=non-xa.
• Removes all XA configuration from each webapp’s context.xml files - including epjndi-xa.
• Adds TOUTBOXMESSAGE table to the database.
• Adds Relay Outbox Messages Quartz job in Batch Server.
• Adds support for JVM parameter -Dspring.profiles.active=disable-domain-events.

Removed Customer Solr index

Elastic Path Commerce uses Solr for fast lookup of records based on advanced search criteria. This includes "DisMax" searches which return relevance-sorted results based on simple search criteria. For example, the Cortex keyword searches use the Product Solr index to find products and SKUs based on a keyword search.

The customer Solr index was only used by Commerce Manager, when searching for customers by specific fields, such as name, address, or phone number. These types of searches can be done just as quickly using SQL queries against indexed database fields.

Due to the fact that customer records are transactional, meaning that the number of records will grow over time as more users interact with the store. This can cause issues due to the size of the Solr index, or if the customer index ever needs to be rebuilt from scratch, which can be very time consuming.

For these reasons, we made the decision to remove the customer Solr index, and re-implement all Commerce Manager search functions as SQL queries. This functionality is seen in the new CustomerCriterionImpl and CustomerSearchCriteria classes in the source.

Upgraded to Log4j 2.x

Log4j 1.2 is an end-of-life product with multiple security vulnerabilities. To address this, we have upgraded to Log4j 2.17.1. This is a major upgrade that could impact your customizations.

While consuming this patch, make sure you follow the Log4j 1.x to 2.x upgrade notes.

8.1.0

Released: August 2020

Release Highlights

Account Management support

This release adds first-class capabilities for Account Management into Cortex and Commerce Manager. This functionality is primarily used by B2B vendors who need to be able to model their customer organizations and configure associates who can transact on behalf of those organizations. The new functionality includes:

• Support for creating customers of type ACCOUNT that represent customer organizations and their departments and regions.
• Ability to configure account-specific customer profile attributes.
• Ability to associate registered users to accounts to indicate that they are permitted to transact on behalf of those accounts.
• Ability to define a deeply nested child account hierarchy for each account to model departments and regions of an organization.
• Ability to define price list assignments and shopping cart promotion conditions that are activated by characteristics of a selected account, such as account segments or shared ID.
• Ability to manage accounts, child accounts, and registered user associations in Commerce Manager and through Import/Export.
• Ability for registered users to retrieve details about the accounts they are associated to in Cortex.
• Ability for registered users to pass a x-ep-account-shared-id header to Cortex to indicate that they would like to transact on behalf of an account.
• Ability for registered users to lookup purchases associated to an account in Cortex.
• Support in the Elastic Path Commerce Reference Store version 4.5.0, which contains all updates necessary for using the store with Elastic Path 8.1.0 and the new Account Management enhancements. For more information, see the react-pwa-reference-storefront repository.

For more information about Account Management functionality in this release, see the Account Management documentation.

note

The embedded Account Management functionality in this release replaces the functionality that was previously provided by the external Account Management Service service. This version of Elastic Path Commerce and all future versions are no longer compatible with the external Account Management Service. JWT tokens generated from that service will not properly authenticate users in Cortex anymore.

Import/Export API

The Integration Server now exposes new REST endpoints at /api/importexport/import and /api/importexport/export. This allows backend services to retrieve data from Elastic Path and insert/update data in Elastic Path using the same Import/Export XML schemas as the data population and Import/Export CLI tools.

For more information about the Import/Export API endpoints, see the Import/Export API documentation.

System Requirements and Compatibility

Elastic Path Commerce 8.1.0 is compatible with the following Elastic Path releases:

Elastic Path Component	Compatibility
Elastic Path CloudOps for Kubernetes	CloudOps for Kubernetes compatibility matrix

New in This Release

In addition to the Release Highlights, this release contains the following updates.

Core Commerce updates

Replaced customer User ID field with Shared ID and Username

The TCUSTOMER.USER_ID field has been removed and replaced with two separate fields:

• TCUSTOMER.SHARED_ID - This field represents a unique identifier for the user or account. This is used as an identifier in all other systems that need to know about the user or account.
• TCUSTOMERAUTHENTICATION.USERNAME - This field represents the username that the registered user uses to login to Cortex. Not all registered users are required to have login credentials.

This change has a number of benefits and allows users to:

• Enforce uniqueness of the shared ID for users and accounts. The user ID field was only guaranteed to be unique for each store.
• Accept an identifier for users and accounts that are imported from other systems without affecting the user’s login username.
• Create registered customers without credentials in cases such as when an external Identity Provider is responsible for authenticating users.

The shared ID value should have the following characteristics:

• The identifier is generated by the first system to know about the user or account. All other systems should accept the shared ID created by that system.
• The value should be immutable so that the connection between systems is not broken by changing it.
• The value should contain no Personally Identifiable Information (PII) so there is no required consent to record it. It doesn’t need to be erased if "right to be forgotten" is invoked.
• A generated shared ID should be unique across multiple systems, such as a GUID.

Optimized the cleanupAnonymousCustomerJob (now purgeAnonymousCustomersBatchJob) batch job

This job is responsible for deleting single-session users (formerly anonymous) customers that have not been updated in more than the number of days defined by COMMERCE/SYSTEM/ANONYMOUSCUSTOMERCLEANUP/maxHistory. Each time this job is executed, it deletes qualifying records in batches of size COMMERCE/SYSTEM/ANONYMOUSCUSTOMERCLEANUP/batchSize until all qualifying records are deleted. This is a change from the old behavior which would cleanup only COMMERCE/SYSTEM/ANONYMOUSCUSTOMERCLEANUP/batchSize records each time the job was executed. This job also executes much more quickly than before and uses less memory.

Optimized the cleanupInactiveCartsJob (now inactiveCartsCleanupJob) batch job

This job is responsible for deleting shopping carts that were marked as INACTIVE when they were checked out and converted into purchases. Each time this job is executed, it deletes qualifying records in batches of size COMMERCE/SYSTEM/ABANDONEDCARTCLEANUP/batchSize until all qualifying records are deleted. This is a change from the old behavior which would cleanup only COMMERCE/SYSTEM/ABANDONEDCARTCLEANUP/batchSize records each time the job was executed. This job also executes much more quickly than before and uses less memory.

Optimized the cleanupExpiredOAuth2TokensJob (now expiredOAuth2TokensCleanupJob) batch job

This job is responsible for deleting expired OAuth tokens. Each time this job is executed, it deletes qualifying records in batches of size COMMERCE/SYSTEM/EXPIREDOAUTHTOKENCLEANUP/batchSize until all qualifying records are deleted. This is a change from the old behavior which would cleanup only COMMERCE/SYSTEM/EXPIREDOAUTHTOKENCLEANUP/batchSize records each time the job was executed. This job also executes much more quickly than before and uses less memory.

Removed the cleanupSessionsJob batch job

This job was responsible for cleaning up TCUSTOMERSESSION records in the database. This table has not been populated since before Elastic Path Commerce 7.1.x, so the table has been removed.

Cortex API updates

Added accounts resource

A new resource called accounts has been added which can be accessed from the default profile. This returns a list of accounts that the logged-in user is associated to. This resource link will only appear for logged-in users.

For more information, see the Accounts Resource.

Added x-ep-account-shared-id header

Cortex now accepts a x-ep-account-shared-id header to indicate that the signed in user is transacting on behalf of an account. The value will only be accepted if:

• The value matches the shared ID value of a customer in the database of type ACCOUNT.
• The account record is not in the disabled state.
• The signed in user is associated to the account.

When this header is specified, the user sees a different set of shopping carts, including the default cart, for each account specified. Any purchases made will be associated to the account instead of to the shopper.

Upgrade Notes

The upgrading Elastic Path guide provides general instructions on upgrading Elastic Path projects.

Core Commerce

• Added CASCADE on DELETE on all foreign key relationships to the following fields: TCUSTOMER.GUID, TCUSTOMER.UIDPK, TSHOPPER.UIDPK. Ensure that any custom tables added with foreign keys to these fields also have cascade delete enabled. Ensure that you remove any code that does explicit deletion from these tables.
• Introduced a non-listening entity manager factory, a factory without lifecycle listeners. This is used by the batch server to boost performance.
• Removed XA support from the batch server.
• The OpenJPA data and query caches are disabled for all XA-dependent applications and tools, such as the integration server, import-export and data synchronization tools. This increases reliability at the expense of a slight performance loss.

Import/Export changes

Available values for usage field of customer profile attributes has changed

When defining customer profile attributes in Import/Export, the usage field previously supported a CustomerProfile value. However, this has now been replaced with the following values:

• UserProfile: This links the attribute to a user (customer).
• AccountProfile: This links the attribute to an account (organization).

An example of this is shown below:

<customerprofile_attributes>
    <attribute>
        <key>CP_PUNCHOUT_CUSTOMER_KEY</key>
        <name><value language="en">PunchOut Customer Key</value></name>
        <usage>UserProfile</usage>
        <type>ShortText</type>
        <multilanguage>false</multilanguage>
        <required>false</required>
        <multivalue>false</multivalue>
        <global>false</global>
    </attribute>
</customerprofile_attributes>

Database Changes

• Removed the USER_ID field and added a SHARED_ID field to TCUSTOMER. Added the USERNAME field to TCUSTOMERAUTHENTICATION. TCUSTOMERAUTHENTICATION.USERNAME is populated from TCUSTOMER.USER_ID during the upgrade. TCUSTOMER.SHARED_ID is populated with TCUSTOMER.STORE.CODE + ":" + TCUSTOMER.USER_ID to avoid duplicates in case the user ID was duplicated between stores.

• Made TCUSTOMER.STORECODE nullable since accounts are not associated to stores.

• Added the PARENT_CUSTOMER_GUID field to TCUSTOMER for allowing accounts to be linked in a hierarchy.

• Added the ACCOUNT_CUSTOMER_UID field to TSHOPPER and TORDER tables for associating these entities to accounts.

• Added the TUSERACCOUNTASSOCIATION table for associating accounts with registered users.

• Removed the TCUSTOMERSESSION table and related domain classes because it was not used. For more information about TCUSTOMERSESSION, see the core-changelog-2020-07-remove-customer-session-artifacts.xml file.

• Removed the TCUSTOMERDELETED table and related domain classes because it was not used. For more information about the table, see the core-changelog-2020-07-remove-tcustomerdeleted-table.xml file.

• Increased the size of the TIMPORTFAULT.ARGS field from 255 characters to 1024 characters.

• Added CASCADE on DELETE on all foreign key relationships to the following fields to allow AnonymousCustomersCleanupJob to be more efficient. For more information, see the core-changelog-2020-06-cleanup-anonymous-customers-job.xml file.

  • TCUSTOMER.GUID
  • TCUSTOMER.UIDPK
  • TSHOPPER.UIDPK

Fixed Issues

Elastic Path Commerce 8.1.0 contains the following fixed issues:

Auditing not working when XA is enabled

The Elastic Path auditing functionality, which populates the TDATACHANGED table whenever database changes are detected, stopped working when XA functionality was added in Elastic Path Commerce 7.5.1. This functionality is now fixed.

Certain CSV import failure records didn’t always fit into the TIMPORTFAULT table

The ARGS field size was increased on the TIMPORTFAULT table so that CSV import failures could be reliably recorded.

The failure dialog for a CSV import would close quickly

When importing through the Commerce Manager CSV import functionality, error messages would appear briefly and then close automatically without giving the user the opportunity to read the error. This issue is now resolved.

Performance issues in tax lookups during checkout

Some changes were made in the ElasticPathTaxCalculator to avoid repeat database lookups for each line item of the order during checkout, resulting in improved checkout performance, especially for large orders.

Data Population tool running out of memory when importing very large data sets

The heap size of the data population tool was increased from 1.5 GB to 2 GB. The FileFilterer class was improved by using streams rather than reading the entire file into memory before processing.

Database transaction timeouts could not be configured differently for each application

The out of the box jta.properties files have been removed and replaced with a single transactions.properties file. Within each webapp, projects can now add a src/main/resources/jta.properties file that overrides the XA transaction properties for that application. For more information about the list of all properties that can be configured, see Atomikos JTA Properties.