Elastic Path 8.2.x Release Notes

Learn about changes to Elastic Path Commerce for this release. Fixes since the release are summarized in the changelog.

Changelog

The changelog contains the list of fixes and improvements made to Elastic Path Commerce 8.2 since its release date. To learn how to consume the updates, see Consuming Support Fixes.

a8ea88a1: Fixed a NullPointerException that can occur when publishing multi-sku products through the Data Sync Webapp. (29-Oct-2024)
c2d633bc: Fixed intermittent failure in Order search for failed order Selenium test. (23-Oct-2024)
55f309ee: Fixed preconditions in core-changelog-2020-08-cleanup-expired-failed-orders-job.xml to avoid potential upgrade error. (9-Oct-2024)
3c5e8a96: Removed support for user-name and user-company fields in JWT metadata payload, which was leading to unique constraint errors in PunchOut. (26-Sep-2024)
4b8bec96: Fixed issue with Data Sync Webapp where changesets containing base amounts were causing multiple product index notifications to be created and were also holding the base amount objects in memory until the service was restarted. (19-Sep-2024)
8a1cbcf0: Refactored the Catalog Syndication builders to use AbstractBatchJob instead of Spring Batch, to address lock wait timeout issues during the build process. (19-Sep-2024)
a0525a5e: Removed the requirement to set the ep.catalog.batch.database.* JVM parameters on the Batch Server for non-MySQL databases. The database type is now detected automatically. (18-Sep-2024)
69d454f6: Fixed issue with Cortex attempting to write logs to a folder based on the build machine home folder instead of the runtime machine home folder. (14-Sep-2024)
b37aed54: Fixed issues with the shopper conditions user interface in Commerce Manager where conditions were sometimes duplicated or could not be removed. (13-Sep-2024)
3993d2ef: Upgraded Tomcat version from 9.0.85 to 9.0.90. (11-Sep-2024)
89df6f54: Build stability improvements. (10-Sep-2024)
6e73cbe6: Fix for NullPointerException that can occur if looking up a non-existent compound GUID with CategoryLookup#findByCompoundCategoryAndCatalogCodes. (30-Aug-2024)
6cd793a0: Consolidated all Awaitility dependencies from version 2.0.0 to 3.1.6. (26-Aug-2024)
1e139ded: Updated the Log4j configuration for all services to ensure that log file sizes are limited by using a fixed window rolling policy. (26-Aug-2024)
afed2a3f: Fixed issue where the parentCategoryCodes field is not populated in the SOLR index for linked categories. (25-Aug-2024)
b5d4404e: Build stability improvements. (20-Aug-2024)
3a415e00: Fixed Catalog Syndication cucumber test stability issue. (19-Aug-2024)
3d579710: Fixed issue with logging of some Catalog Syndication failures. (17-Aug-2024)
6c3239e4: Fixed issue with SKU selection dialog not allowing users to search after clicking the clear button. (15-Aug-2024)
368eaf0b: Added a Liquibase custom change class for adding new setting definitions and setting values. (6-Aug-2024)
01543208: Updated catalog syndication projection rebuild process to better utilize Spring Batch and avoid long database record locks. (31-Jul-2024)
348c61bc: Fixed out of memory error that can occur on the Batch Server if database contains a large number of TCUSTOMERCONSENT records. (30-Jul-2024)
270f1de7: Fixed issue where parent-widget-id and widget-type attributes on a table row were not properly set after a table is updated. This could lead to Selenium test issues. (29-Jul-2024)
4a6cd5a8: Fixed all query strings defined on beans for Catalog Syndication JpaPagingItemReader instances to ensure they have an ORDER BY clause. (25-Jul-2024)
7d615e28: Improved Oracle reset-db script to ensure that the tablespace is created automatically. (19-Jul-2024)
b3d4f3c7: Improvements to Operational Insights exception handling when an exception is thrown during cache inspection. (17-Jul-2024)
ec787f2a: Removed line from com.elasticpath.cmclient.core/plugin.xml that caused the XML to be invalid. (20-Jun-2024)
24bf220a: Fixed issue with Commerce Manager initialization that can occur if several initial requests are received concurrently. (18-Jun-2024)
3caf6858: Fixed issue where CouponUsageLimitValidator doesn't properly handle some coupon-related issues. (17-Jun-2024)
53361410: Added exclusion on Spring Framework dependencies within ext-commerce-engine-wrapper to ensure that Spring dependencies aren't accidentally embedded in the bundle. (17-Jun-2024)
c8f89a1d: Fix for potential race condition around CategoryLookup and CategoryService load tuners which can cause errors about unloaded fields. (10-Jun-2024)
a669a865: Fix to avoid retrying the post capture checkout steps if there is an exception thrown. (10-Jun-2024)
476c41b0: Fixed issue for scenario when multiple customer records have the same username for different stores, the wrong customer record could be selected during authentication. (6-Jun-2024)
30661387: Fix for intermittent Selenium test failure "Error forwarding the new session Empty pool of VM for setup". (4-Jun-2024)
b32f0306: Fixed intermittent Selenium test failures related to long generated catalog entity names. (4-Jun-2024)
c884e005: Fixed intermittent Selenium test failures related to the "Promotion Search With Quotes" test. (2-Jun-2024)
7d0bc1c5: Removed check from Commerce Manager and Batch Server health checks that verifies that search server is reachable. This was causing health checks to fail incorrectly in some circumstances. (29-May-2024)
51e49b1e: Improved H2DataSourceInitializerImpl to prevent H2 database snapshots from being corrupted when multiple tests are run concurrently. (27-May-2024)
e01dad51: Upgraded solr-core from 8.11.1 to 8.11.3 to address CVE-2023-50298, CVE-2023-50291 and CVE-2023-50292 (27-May-2024)
937d8f65: Liquibase fix for "Improved performance of case-insensitive queries involving store code" to convert TSHOPPER.STORECODE to upper case and add foreign key constraint. (23-May-2024)
ce5dc84c: Build stability improvements. (15-May-2024)
b6d87928: Updated activemq-kahadb-store from version 5.14.3 to 5.17.6. (15-May-2024)
91d7b805: Separated product and product type caching to reduce product cache memory use by 30-60%. (14-May-2024)
a05e135f: Upgraded Jetty from 9.4.44.v20210927 to 9.4.54.v20240208 to address CVE-2024-22201, CVE-2023-44487, CVE-2023-36479, CVE-2023-26049, CVE-2023-26048 and CVE-2022-2048. (14-May-2024)
665f0792: Removed duplicate localization property key in email.properties that was causing confusion. (14-May-2024)
c02467fc: Added a check at Search Server startup to delete compiled Drools records if they are invalid due to being compiled with an older version of Drools. (7-May-2024)
c993edd2: Changed ep-test-application dependencies to test scope to ensure that test artifacts don't end up in the compiled WAR files. (29-Apr-2024)
f64cb654: Migrated fusesource mqtt-client 1.3 to activemq-mqtt 5.17.6 to address CVE-2019-0222. (17-Apr-2024)
fa4dc801: Upgraded hibernate-validator from 6.0.20.Final to 6.2.0.Final to address CVE-2023-1932. (17-Apr-2024)
879d5c13: Fixed exception handling around attribute value types. (15-Apr-2024)
8032ffd4: Modified default cache TTL for checking promotion updates from 60 minutes to 5 minutes so that promotion changes are reflected more quickly in Cortex. (15-Apr-2024)
3edc7bd6: Include all caches in Operational Insights API response, instead of just select caches. (15-Apr-2024)
a5d741ea: Fixed several Operational Insights metrics that were broken for customers using PostgreSQL or Oracle. (12-Apr-2024)
bd8d9f19: Allow Operational Insights clients to override service response wait time by setting serviceResponseWaitTime query parameter. (12-Apr-2024)
7d582902: Build stability improvements. (12-Apr-2024)
68a0b8f9: Fixed more issues with Helix exception handling where the stack trace can be lost. (10-Apr-2024)
4ec0bd11: Fixed OSGi split package issue for org.apache.commons.fileupload packages. (9-Apr-2024)
23ddb975: Build stability improvements. (8-Apr-2024)
93856914: Improved exception handing around customer creation logic to ensure that root cause is properly logged. (8-Apr-2024)
dabfbc68: Excluded htrace-core4 from transient dependencies which contains vulnerable shaded copy of jackson-databind 2.4.0. (5-Apr-2024)
6e3127ae: Fixed issue with the ActiveMQ console showing an error when accessed on a local developer machine. (25-Mar-2024)
53ebad74: Fixed potential race condition that can cause payment provider configuration property values to be returned as empty. (22-Mar-2024)
b9897dc0: Upgraded esapi from 2.5.2.0 to 2.5.3.1 to address WS-2023-0429. (20-Mar-2024)
df40e4ee: Fixed potential race condition that can cause product/sku/category attribute values to be returned as empty. (18-Mar-2024)
a3d7d66c: Fix for Operational Insights "tomcat-*" fields returning values for the health check connector instead of the primary connector. (18-Mar-2024)
7a13c68b: Upgraded Tomcat version from 9.0.50 to 9.0.85 to address multiple vulnerabilities. (18-Mar-2024)
ad13f511: Upgraded javax.el from 3.0.0 to 3.0.4 to address CVE-2021-28170. (18-Mar-2024)
bfa870c4: Upgrade Drools from 7.6 to 7.74.1 to address CVE-2022-1415. (12-Mar-2024)
041aa3ce: Migrated jstl 1.1.2 and 1.2 to taglibs-standard-impl 1.2.3 to address CVE-2015-0254. (12-Mar-2024)
2855f648: Fixed intermittent failure in the AccessTokenDtoTransformerTest.testTransformToOAuth2AccessToken unit test. (12-Mar-2024)
ac760ecb: Disabled JMX for Cortex and Integration Server in Cucumber tests to avoid port conflicts. (4-Mar-2024)
d4d2ce7c: Removed nekohtml dependency to address CVE-2022-29546, CVE-2022-28366, and CVE-2022-24839. (1-Mar-2024)
754fe461: Upgraded Apache Shiro from 1.12.0 to 1.13.0 to address CVE-2023-46749. (27-Feb-2024)
ff9ac426: Upgraded wiremock from 2.23.2 to 2.27.2 to address CVE-2021-23369. (26-Feb-2024)
d6ab869c: Upgraded commons-net to version 3.9.0 to address CVE-2021-37533. (26-Feb-2024)
2f99b1f9: Upgraded commons-configuration2 from version 2.1.1 to 2.8.0. (23-Feb-2024)
92cb0a57: Upgraded json-path from 2.6.0 to 2.9.0 to address CVE-2023-51074. (23-Feb-2024)
d30b9120: Fix for race condition that can occur if a user posts multiple requests to the registration form concurrently. This change ensures that only a single authentication record is created in this circumstance. (23-Feb-2024)
70ac9dd2: Fix for issue where Cortex generates two customer authentication records when a customer registers. (22-Feb-2024)
ede8780c: Upgraded poi from 4.0.1 to 4.1.1 to address CVE-2019-12415. (22-Feb-2024)
dbf3ab24: Upgraded antisamy from 1.7.4 to 1.7.5 to address CVE-2024-23635. (21-Feb-2024)
ab9be239: Upgrade htmlunit from 3.0.0 to 3.9.0 to address CVE-2023-49093. (19-Feb-2024)
29aa6093: Upgraded htmlunit from 2.70.0 to 3.0.0 to address CVE-2023-26119. (15-Feb-2024)
b11a03c1: Updated failsafe plugin to use alphabetical ordering instead of default filesystem ordering. (15-Feb-2024)
d2cd8e4a: Upgraded logback from version 1.2.10 to 1.2.13 to address vulnerability CVE-2023-6481. (15-Feb-2024)
0b5788e7: Upgraded junit from 4.12 to 4.13.1 to address CVE-2020-15250. (15-Feb-2024)
46dcfe4e: Upgraded ant from 1.7.1 to 1.10.14 to address CVE-2020-11979. (14-Feb-2024)
f841b187: Upgraded velocity from version 1.6.2 to 2.3 to address CVE-2020-13936. (14-Feb-2024)
1ef930ed: Fixed issue with ESAPI bundle startup after upgrading ESAPI from 2.4.0.0 to 2.5.2.0. (14-Feb-2024)
d81109af: Upgraded commons-fileupload from 1.4 to 1.5 to address CVE-2023-24998. (14-Feb-2024)
0ab51e23: Improved JMS-related test reliability. (13-Feb-2024)
93145baa: Upgraded guava from 31.1-jre to 32.0.1-jre to address CVE-2023-2976. (13-Feb-2024)
afc8020b: Ensure customer username case insensitivity across databases. (13-Feb-2024)
15b84cee: Upgraded jsoup from 1.14.2 to 1.15.3 to address CVE-2022-36033. (13-Feb-2024)
ab13b92e: Upgraded jsoup from 1.8.3 to 1.14.2 to address CVE-2021-37714. (12-Feb-2024)
cd81dc65: Upgraded jackson-databind from 2.13.4 to 2.16.1 to address CVE-2022-42003. (12-Feb-2024)
f686c9e8: Upgraded ESAPI from 2.4.0.0 to 2.5.2.0 to address WS-2023-0388. (12-Feb-2024)
45415eff: Upgraded ESAPI from 2.3.0.0 to 2.4.0.0 to address CVE-2022-28366 and CVE-2022-29546. (9-Feb-2024)
764edbb4: Upgraded antisamy from 1.6.7 to 1.7.4 to address CVE-2023-43643. (9-Feb-2024)
ffb08d53: Improved how ClasspathResourceLoader is initialized to prevent a possible memory leak related to Velocity email rendering. (9-Feb-2024)
fc339073: Upgraded xerces from 2.12.0 to 2.12.2 to address CVE-2022-23437. (8-Feb-2024)
9893095b: Upgraded json-smart from 2.4.7 to 2.4.10 to address CVE-2023-1370. (8-Feb-2024)
f25cb97c: Upgraded protobuf-java from 3.11.0 to 3.16.3 to address CVE-2022-3509 and CVE-2022-3171. (8-Feb-2024)
d76d2526: Upgraded json from 20220924 to 20231013 to address CVE-2023-5072. (7-Feb-2024)
c84ecfdf: Fix to avoid JMX "port in use" conflicts in cargo with multi-threaded builds. (7-Feb-2024)
f4390bc4: Upgraded xstream from 1.4.19 to 1.4.20 to address CVE-2022-41966. (6-Feb-2024)
b9c504fb: Fixed Cortex permission error that can occur if x-ep-account-shared-id header is set when reading accounts associated to the current user. (17-Jan-2024)
a0248003: Optimization to eliminate unnecessary TSHOPPINGITEMRECURRINGPRICE queries when a shopping cart is retrieved. (16-Jan-2024)
5c7d5460: Optimization to eliminate unnecessary queries to update cart item last modified date when a shopping cart is persisted. (12-Jan-2024)
96346969: Added null check in SolrQueryFactory to avoid NullPointerException if an expected attribute key does not exist. (15-Dec-2023)
cc409409: Changed sortattributes link to static instead of conditional to remove unnecessary extra product search when using the offersearch resource. (11-Dec-2023)
960af685: Fixed Cucumber tests that fail if test run order is changed. (11-Dec-2023)
a8ca2ab4: Updated individual-settings.xml to use secure Nexus URLs. (11-Dec-2023)
77645569: Upgraded shiro-core from 1.9.1 to 1.12.0 to address CVE-2023-34478. (4-Dec-2023)
7e1fd360: Fixed issues with Helix exception handling where the stack trace can be lost and the reference number shown to the user doesn't match the logged reference number. (1-Dec-2023)
b1cc98d4: Fixed product lookup cache population bug that can lead to unnecessary database queries. (1-Dec-2023)
2fd6f1b8: Added missing request scoped caching annotations to CustomerSessionRepositoryImpl methods. (29-Nov-2023)
29dfd908: Fixed issue that can cause Query Analyzer to fail if default encoding type is not set to UTF-8. (29-Nov-2023)
5c8429a5: Additional fixes for improved performance of case-insensitive queries involving store code. (29-Nov-2023)
153731bd: Upgraded Jersey version from 2.27 to 2.40 in api-platform to match ep-commerce version. (27-Nov-2023)
0f2a917c: Fix for NullPointerException that can occur if looking up a non-existent category GUID with CategoryLookup#findByGuid. (23-Nov-2023)
5c7f97fd: Fix for intermittent failure in "Payment Configuration" tests. (23-Nov-2023)
a89d64e7: Performance improvement to eliminate duplicate shopper and customer queries when zooming into wishlistmembership link. (20-Nov-2023)
f1eedcd2: Improved performance of case-insensitive queries involving store code. (20-Nov-2023)
948e1945: Upgraded shiro-core from version 1.8.0 to 1.9.1 to address CVE-2022-32532. (17-Nov-2023)
0dcd7ff7: Fix for error that can appear when doing search operations in Commerce Manager if the COMMERCE/SEARCH/boosts system configuration setting is specified. (13-Nov-2023)
61357cb5: Upgraded ActiveMQ from version 5.16.4 to 5.16.7 to address CVE-2023-46604. (10-Nov-2023)
1fbf79d2: Replaced legacy SOLR LRUCache with CaffeineCache. (8-Nov-2023)
9d5bc58e: Fixed a failure in the wishlistmembership resource if a wish list contains the same product sku more than once. (7-Nov-2023)
6a799c6a: Fixed an issue where JMS messages are not consumed evenly when multiple load balanced services are deployed. (7-Nov-2023)
a41e7ae3: Fixed issue with selected disabled radio buttons and checkboxes being invisible on the shopping cart promotion wizard. (6-Oct-2023)
82894597: Fixed potential NullPointerException when requesting Operational Insights report if no services respond with results. (6-Oct-2023)
f75c6207: Added ability to use quotes to request an exact match on each individual word when searching for products and skus in Commerce Manager. (29-Sep-2023)
61630001: Added ability to specify wildcard (*) character when searching for products and skus in Commerce Manager. (28-Sep-2023)
445d6b73: Added Vary header to Cortex response to prevent browser cache issues. (20-Sep-2023)
0d9dac2a: Fixed issue where price list drop-down in Commerce Manager product editor was empty unless user had access to all catalogs. (18-Sep-2023)
ec14511a: Fixed issues in set-ep-versions.sh script and Maven settings used for builds. (18-Sep-2023)
95d5fdbb: Fixed issue where physical product inventory was not properly released if an order failed. (15-Sep-2023)
6da1449d: Added non-null constraint to TCUSTOMERAUTHENTICATION.USERNAME to ensure that invalid customer authentication records are not created. (14-Sep-2023)
237b3240: Standardized Cucumber test configuration across modules. (13-Sep-2023)
28f3e8b9: Removed problematic and unnecessary ep-core-cucumber-itests module. (11-Sep-2023)
2811f2f6: Fix for "Parent cannot be changed on an existing customer record" error when importing customers. (11-Sep-2023)
5bdc409b: Fixed Commerce Manager issue with sorting accounts by business number where duplicate records were appearing. (7-Sep-2023)
0bb099cf: Fixed an issue where a large number of queries were being executed to retrieve customer, product, product sku, and category attribute values. (4-Sep-2023)
7aa51522: Fixed bug in verifyDebugMessage method used by Cucumber tests. (29-Aug-2023)
9075b4f1: Fixed several coupon-related named queries that were using the unindexed coupon_code field instead of the indexed coupon_code_upper field, leading to table scans. (24-Aug-2023)
048964e0: Fixed a potential race condition in CachedSettingsReaderImpl that can cause errors during Cortex startup. (21-Aug-2023)
13edd64b: Performance improvement for selling context evaluation that replaces the Groovy implementation for a faster Java equivalent. (31-Jul-2023)
c9042a4d: Added caching for product association lookups to improve performance. (21-Jul-2023)
c3b974a7: Changed Cortex database connection pool max size from 150 to 250 to ensure that it matches the default Tomcat max thread pool. (19-Jul-2023)
ba99f6be: Fixed issue with editing promotions without shopper conditions that causes a selling context to be created and then immediately deleted in the database. (19-Jul-2023)
57c4ae4a: Added annotations to the code to suppress false positive SonarQube issues. (7-Jul-2023)
8b51eed3: Fixed issue with Operational Insights not returning Tomcat metrics in deployed environments. (7-Jul-2023)
4ebd17fc: Fixed NoClassDefFoundError that can occur when Operational Insights tries to determine cache sizes. (5-Jul-2023)
14bd7126: Added missing implementations for "not matching" and "not containing" selling context tag operators. (30-Jun-2023)
aa755f7c: Fix for potential "output value too large" error when running changeset PB-8894-CLOB-order-data-oracle-mysql on Oracle. (28-Jun-2023)
eba1dbd8: Fixed an issue with Object Auditing where audit records show changes that were not applied with the same old and new value. (26-Jun-2023)
86d26f62: Ensure that Cortex bundles are always loaded in the correct order to ensure that cache configuration is properly recognized. (30-May-2023)
c7fd530e: Added ability for business users to manually set shared ID when creating an account in Commerce Manager. (25-May-2023)
eb3beac8: Fix for encountered unmanaged object error when publishing bundles with sku constituents through DST. (24-May-2023)
fdb61090: Fix for Can't DROP FK_OPAY_ORDER error that can occur when migrating from EPC 7.6 to newer versions. (16-May-2023)
4f4f3381: Refactored core-changelog-2021-01-data-fields-as-json-clob.xml to make it run 20-30X faster on MySQL and Oracle databases. (15-May-2023)
a09e251e: Fix for java.lang.IllegalStateException: Product futureProduct is not linked to any categories error during search indexing. (21-Apr-2023)
51655307: Allow additemstocartform to be used to add items to cart with optional cart item modifiers. (18-Apr-2023)
c6cf692a: Modified how promotion and price list assignment start and end dates are stored to allow queries to easily exclude expired records. (13-Apr-2023)
01a4f4b8: Improved parallelization of Import/Export Cucumber tests to generate directories using a UUID instead of a sequential number to avoid potential conflicts. (5-Mar-2023)
311eee9b: Improved item recommendations lookup strategy. (13-Feb-2023)
e0c4c339: Resolved local Cortex startup warning The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". (10-Feb-2023)
5a4a1f4b: Reduced the amount of logging produced when running Selenium tests. (8-Feb-2023)
b6c1f575: Fix for intermittent test failures in PaymentConfigurations Cucumber tests. (7-Feb-2023)
baaf08e9: Fixed issue with changeset list resetting to page one when locking or publishing changesets. (6-Feb-2023)
4584740c: Fixed incorrect logging of successful / skipped messages in batch jobs after failure. (6-Feb-2023)
d57eff1d: Fix for intermittent Selenium test failures due to thread safety issues. (6-Feb-2023)
09e9eb9a: Fixed issues with the skuOptions and modifierGroups options in the product type load tuner. (31-Jan-2023)
09a38f2c: Fix for "Device is disposed" error in Commerce Manager. (30-Jan-2023)
3c55cbc0: Modified Product Association export mechanism to significantly improve performance. (30-Jan-2023)
19e5cc69: Fix for intermittent failure in "Import Data Policies with existing Data Policies" test. (26-Jan-2023)
83f1ae1d: Increased "Remove Abandoned Monitor" timeout for all services. (25-Jan-2023)
7820f3c1: Fix for potential deadlocks on shopping cart last modified date updates. (24-Jan-2023)
b1b24b85: Fixed ability to run Cucumber integration tests on Windows developer machines. (24-Jan-2023)
ae45712f: Removed the failover protocol from the JMS broker URL in accordance with our policy of discouraging use of ActiveMQ high availability mode. (18-Jan-2023)
83a380af: Fix for NoClassDefFoundError: org/slf4j/IMarkerFactory error when the first Cortex request is received. (18-Jan-2023)
afe0e09b: Fixed incorrect test definitions to use email, not shared ID. (18-Jan-2023)
9446028f: Fixed issue with empty facet name when assigning available facets to a store in Commerce Manager. (9-Jan-2023)
51f86c7c: Wherever an order is marked failed, there should always be a reason added as an order note. (5-Jan-2023)
d9ab9a7d: Returned default JMS max active session per connection size back to 25. (16-Dec-2022)
fe9828b9: Upgraded ehcache-openjpa from version 0.2.0 to 0.2.0-ep1.0 to address potential ConcurrentModificationException. (15-Dec-2022)
16c0e660: Fix for intermittent "Create category in existing category" selenium test failure. (15-Dec-2022)
a6af2ae7: Upgraded mysql-connector-java from version 5.1.44 to 8.0.22. (15-Dec-2022)
d5789649: When a data sync failure occurs, the log now contains details about which object failed. (8-Dec-2022)
0256e20c: Addressed XML parse warning in search server logs during startup on local developer machines. (7-Dec-2022)
a2c0519f: Addressed api-platform build issue on M1 MacBooks. (5-Dec-2022)
883187b6: Modified coupon table to store coupon codes in uppercase so we can do a case insensitive lookups without a table scan. (1-Dec-2022)
f2d5cce8: Fixed content root error appearing in IntelliJ for some modules. (28-Nov-2022)
739cbb5f: Performance improvement to avoid loading a full shopping cart when updating the last-modified date. (28-Nov-2022)
dd96d5fe: Added caching to the isInCategory method to improve performance of promotions and price lists that are conditional on a product being in a category. (28-Nov-2022)
58e60e02: Upgraded hibernate-validator from version 5.4.3.Final to 6.0.20.Final to address CVE-2020-10693. (25-Nov-2022)
d6a85c5b: Removed leftover references to customer SOLR index. (25-Nov-2022)
fa2d823c: When accessing the Operational Insights API, the response no longer returns a redirect to a different URL. This behaviour was causing issues for environments with multiple Integration Servers behind a load balancer. (25-Nov-2022)
9727265c: Fixed an issue where a free item promotion triggered by a coupon was not activated. (24-Nov-2022)
ca05d0cd: Improved upgrade performance of the PB-8250 Migrate Data to USERNAME Liquibase changeset on MySQL. (24-Nov-2022)
f32d0b76: Fix to ensure that orders are correctly placed in the "Failed" state if an exception is thrown inside CreateNewOrderCheckoutAction#populateOrder. (23-Nov-2022)
989f3443: Upgraded groovy-all from version 2.4.15 to 2.4.21 to address CVE-2020-17521. (23-Nov-2022)
e867c18a: Upgraded ESAPI from version 2.1.0.1 to 2.3.0.0 to resolve CVE-2022-23457. (23-Nov-2022)
5cbeeee4: Fixed issue with DST cache that is not cleared after failed synchronizations, which can lead to errors in subsequent synchronization attempts. (18-Nov-2022)
2de1a66d: Fixed error in JWT authentication if token does not contain either sub or account. (18-Nov-2022)
36aa6739: Upgraded spring-security-oauth2 from version 2.3.8.RELEASE to 2.5.2.RELEASE to resolve CVE-2022-22969. (17-Nov-2022)
35b9c11e: Fix for search server race condition that can prevent indexes from building. (17-Nov-2022)
0411b8e5: Fixed SonarQube linter errors in api-platform source. (17-Nov-2022)
e12ebdae: Changed log level in PriceListPriceScoreDocComparator to prevent logs from being flooded during search indexing. (15-Nov-2022)
c6ee3e9c: Removed duplicate "Assign Customer Segments" permission appearing in Commerce Manager. (11-Nov-2022)
8c6b0ed6: Fixed potential NullPointerException that can occur when the 7.5.0-decouple-customer-userid-from-email changeset is executed. (10-Nov-2022)
ec94dbd5: Upgraded httpclient from version 4.5.5 to 4.5.13 to resolve CVE-2020-13956. (10-Nov-2022)
f1f78a69: Upgraded mybatis from version 3.2.3 to 3.5.11 to resolve CVE-2020-26945. (10-Nov-2022)
6aaa28dc: Modified EpEmailValidator to accept empty values to be consistent with other validators. (8-Nov-2022)
74cc3e84: Fixed issue when exporting customers with a customer type filter on Oracle. (8-Nov-2022)
bdeb1f5a: Upgraded json-path from version 2.4.0 to 2.6.0. (8-Nov-2022)
c50abd10: Upgraded json-smart from version 2.4.2 to 2.4.7. (8-Nov-2022)
daf2cc8f: Upgraded jdom from version 1.1.3 to 2.0.6.1. (7-Nov-2022)
239f6fc9: When checking out a cart that contains a coupon that has run out of uses, block checkout instead of removing the coupon code automatically. (7-Nov-2022)
34a8e38d: Upgraded xstream version from 1.4.18 to 1.4.19 to address CVE-2021-43859. (4-Nov-2022)
1dfe75f4: Fixed primary key data type on TOUTBOXMESSAGE table to prevent overflow. (3-Nov-2022)
372a096f: Fix to populate the cart item modifier fields in the OrderSkuDTO object that is passed to payment plugins. (3-Nov-2022)
a1adda5a: Upgraded camel from version 2.23.4 to 2.25.3 which transitively upgrades woodstox from version 5.1.0 to 5.3.0. (3-Nov-2022)
b8eb036b: Upgraded logback and slf4j versions in api-platform so they match ep-commerce. (31-Oct-2022)
bc2ec833: Upgraded json library version from 20170516 to 20220924. (31-Oct-2022)
689fdc2e: Enabled application caching in search and integration server. (31-Oct-2022)
4129524d: Fixed issue preventing email notifications from being sent when a changeset publish completes. (28-Oct-2022)
05e86c28: Corrected invalid JMS connection pool attribute names in context.xml. (28-Oct-2022)
c6252e42: Fix for the 2020-08-remove-gender changeset to ensure that it doesn't unintentionally delete unrelated localized properties. (28-Oct-2022)
3177150a: Fixed issue where the price list drop-down on the product bundle price adjustments tab isn't populated. (27-Oct-2022)
8afe94ff: Modified Integration Server to use cache configuration specified by ep.external.ehcache.xml.path instead of the embedded ehcache-importexport.xml. (27-Oct-2022)
031c98d1: Fixed issues with Integration Server that prevented payment plugins from being wired in correctly. (27-Oct-2022)
8ba66b21: Upgraded commons-text from version 1.9 to 1.10 to address CVE-2022-42889. (26-Oct-2022)
db77beee: Prevented new shoppers from being created each time a custom cart is created. (26-Oct-2022)
cdf37aae: Fixed issue with Utility#waitUntilAllOutboxMessagesConsumed throwing exceptions when Selenium tests were run. (20-Oct-2022)
d6438cfe: Upgraded commons-validator from version 1.6 to 1.7. This allows Cortex to recognize recent new DNS top-level domains when validating email addresses. (19-Oct-2022)
d98471a5: Replaced libsass-maven-plugin to resolve build errors on Mac M1 machines. (18-Oct-2022)
572231cc: Fixed an issue where creating an exchange can result in two payments being collected from the customer. (13-Oct-2022)
75dd78a6: Upgraded xmlbeans from version 2.4.0 to 3.0.0. (7-Oct-2022)
5584cc0e: Modified the Commerce Manager promotion wizard sku and product selection dialogs to avoid showing prices, which can be a performance bottleneck. (6-Oct-2022)
58c9490b: Fixed issue where promotions that can apply to multiple cart items but are limited in number would apply the discount correctly but the appliedPromotions resource would show it applying to both. (5-Oct-2022)
1714a6f5: Upgraded Spring Batch from version 4.0.4 to 4.2.3. (29-Sep-2022)
075799a9: Improvement to cart line item promotion allocation to allow code to determine how much of a discount the promotion applied to each line item. (28-Sep-2022)
8344e8ba: Upgraded Guava from version 24.1.1-jre to 31.1-jre. (28-Sep-2022)
60ffb25d: Improvements to Selenium test suite run time. (27-Sep-2022)
3373a435: Fixed race condition in IndexNotificationProcessor preventing index notifications from being deleted properly. (26-Sep-2022)
81d74f52: Modified Commerce Manager product and category display name localization so that only intentionally specified values are displayed and saved. (26-Sep-2022)
42e602ab: Added Strict Transport Security header to Cortex to ensure that it is always accessed over HTTPS. (23-Sep-2022)
72352fa6: Removed all Direct Web Remoting library dependencies. (22-Sep-2022)
ca5340d4: Upgraded Logback from version 1.2.3 to 1.2.10. (22-Sep-2022)
688c6050: Fixed issue where promotion date range was being checked using application timezone instead of database timezone. (19-Sep-2022)
ed331b9e: Fixed issue with product not being automatically added to cart by free item promotion action. (19-Sep-2022)
f286b24f: Upgraded Spring Core from version 4.3.25.RELEASE to 4.3.30.RELEASE. (15-Sep-2022)
2cdc27df: Fixed issue where Cortex prevented checkout for default shopping carts that were missing cart modifier values. (14-Sep-2022)
2ae8c916: Performance improvement around fetching the 'frequency SKU option' from the database. (13-Sep-2022)
671e590b: Fixed issues with custom sort attributes that used the date data type. (13-Sep-2022)
a72369a5: Added multiple security headers to Cortex responses: Content-Security-Policy, Referrer-Policy, X-Content-Type-Options, X-XSS-Protection. (13-Sep-2022)
0c7feab2: Refactored additional logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging). (8-Sep-2022)
ab4cc7fd: Build stability improvements. (8-Sep-2022)
acbdbf01: Separated indexing pipelines by type to ensure that long queues in one pipeline doesn't delay indexing in another. (5-Sep-2022)
282021fe: Avoid inventory lookup during search indexing for stores with isDisplayOutOfStock set to true. (5-Sep-2022)
ac76a03f: Upgraded plexus-utils from version 2.0.4 to 3.0.24. (2-Sep-2022)
7e4b6541: Replaced the single-threaded taskExecutor used by the blueprint-extender with a configurable ThreadPoolTaskExecutor version. This allows the extender to work in parallel on the bundles resulting in faster Cortex boot time. (2-Sep-2022)
643ebf64: Upgraded antisamy from version 1.5.8 to 1.6.7. (1-Sep-2022)
9301c776: Added HTTP header and Javascript to defend against potential clickjacking attacks on Cortex Studio. (31-Aug-2022)
a180c136: Disabled an intermittently failing Selenium test. (31-Aug-2022)
f3f8a895: Disabled an intermittently failing Selenium test. (31-Aug-2022)
0a95038e: Upgraded Jackson from version 2.12.3 to 2.12.7 to address jackson-databind security vulnerability. (31-Aug-2022)
83eafc7f: Removed productRecommendationJob to avoid OptimisticLockingExceptions in the Data Sync Tool. (30-Aug-2022)
94babc5a: Fixed issue with VersionService that made it unable to determine version for Cortex and Batch Server. (30-Aug-2022)
1119b6e7: Fixed optimistic locking error that would occur when attempting to edit the same system configuration setting more than once in a Commerce Manager session. (19-Aug-2022)
fb2c0a99: Fixed a scenario where the Integration Server product lookup cache could be populated with a partially loaded product object, which led to NullPointerExceptions. (19-Aug-2022)
663e4fb5: Fixed potential cross-site scripting vulnerability in Cortex Studio when adding a custom entry point. (18-Aug-2022)
1b7cd789: Updated the order item detail table in Commerce Manager to allow values to be copied into the clipboard on completed orders. (18-Aug-2022)
69e13e9d: Increased the size of the fields used to hold catalog syndication content. (18-Aug-2022)
3b009977: Removed the Top Seller quartz job and corresponding sales count field on products. This job was only intended for use in demos, and was causing optimistic locking errors in the Data Sync Tool. (17-Aug-2022)
1a12cac2: Updated Catalog Syndication projection builder to ensure that projection and projection history records are persisted in separate transactions to prevent deadlocks. (17-Aug-2022)
ee132f8c: Removed duplicate database indexes from the TORDERADDRESS table. (17-Aug-2022)
f98ab014: Fixed issue with multiple Cortex OSGi bundles exporting the same package, leading to potential instability at startup. (17-Aug-2022)
b9bea4d6: Removed checksum validation from 2021-09-create-FK-indices-for-8.0 changeset due to required changes in earlier versions. (16-Aug-2022)
0060bfc1: Upgraded Spring Web from version 4.3.25.RELEASE to 4.3.30.RELEASE. (16-Aug-2022)
c2d6b3a0: Use embedded web server to reliably serve test mail attachment for Cucumber emailFileAttachments.feature. (7-Aug-2022)
7df9133b: Fixed issue where offer search results can sometimes return the wrong result from the cache due to incorrect hashcode/equals methods on SearchCriteria classes. (29-Jul-2022)
53254c24: Modified the coupon service to skip updating coupon usage values for unlimited use coupons to avoid concurrency issues under high load with unlimited public coupons. (25-Jul-2022)
a9543b43: Added several indexes that were missing on Oracle and PostgreSQL databases. (25-Jul-2022)
3aacc89f: Refactored most logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging). (20-Jul-2022)
664e3a57: Disabled checksum validation on the SUP-1020-customer-search-fields-case-insensitive changeset to account for required changes in backports to earlier versions. (19-Jul-2022)
033b1aaf: Refactored permission strategies to allow them to lookup a specific identifier rather than requiring them to retrieve every permitted identifier for the user. (14-Jul-2022)
ad6d1c53: Extracted portions of changeset 2020-08-purge-expired-failed-orders-job-recreate-FKs-with-cascade-delete into separate changesets that are only executed if the TORDERDATA and TORDERITEMDATA tables exist, since they are removed by another patch. (13-Jul-2022)
711836ad: Fixed hashCode algorithm on SellingContextCacheKey to improve cache efficiency. (8-Jul-2022)
9a2289a3: Increased the number of UIDPK sequence values that are retrieved in a batch for transactional entities to improve record insert performance. (4-Jul-2022)
b2a399f6: Fixed issue where cart item modifiers on shopping cart child line items cannot be updated. (15-Jun-2022)
5f8c8ff4: Performance improvement that moves shopping cart, shopping cart line, order, and order line metadata from separate tables into CLOB fields to reduce the required table joins. (14-Jun-2022)
b263f8bb: Upgraded Apache Shiro from 1.3.2 to 1.8.0. (10-Jun-2022)
7fe5deca: Significantly improved the performance of customer, account, and order searches in Commerce Manager. Also fixes several bugs in these searches and adds support for search by billing and shipping address fields. (10-Jun-2022)
273d3722: Improved thread safety around promotion rule compilation. (25-May-2022)
6729de36: Removed unnecessary event handler that was loading price lists into memory during authentication. (6-May-2022)
8bf2f5dd: Allow business users to add "not sold separately" products as associations. (6-May-2022)
a22d89bb: Fixed search indexing to allow each index to commit as soon as it is complete instead of waiting for all indexes to complete. (4-May-2022)
a9019ed6: Operational Insights is a tool for validating the configuration and health of an Elastic Path Commerce environment. This patch adds an API endpoint to the Integration Server that can be used by the Operational Insights front-end. For more information see Operational Insights. (2-May-2022)
d857545b: Upgraded ActiveMQ to version 5.16.4 which uses Reload4j instead of Log4j to address several security vulnerabilities. (2-May-2022)
22f7c4a0: Fixed an issue where service logs were not being written to the correct location. They are now always written to [user.home]/ep/logs. (29-Apr-2022)
575e82ab: Fixed an issue where a customer’s username is sometimes not migrated properly during an upgrade to EPC 8.1. (29-Apr-2022)
f0369c59: Fix for potential NullPointerException while Cortex is validating attribute value data type compliance. (26-Apr-2022)
a488e0ee: Changed attribute value LONG_TEXT_VALUE field from CLOB to VARCHAR to prevent JPA from making additional database queries for each attribute value. (25-Apr-2022)
504023b8: Fixed an issue with password reset functionality that prevented users from logging in if they did a password change after their password hash was upgraded from SHA-256 to BCrypt. (14-Apr-2022)
790f6756: Extended the expiry date for Commerce Manager test users. (4-Apr-2022)
e516fbbe: Fixed some intermittent Selenium test failures. (1-Apr-2022)
001da763: Inject producer template into RelayOutboxMessageBatchProcessor via Spring instead of @EndpointInject annotation. (30-Mar-2022)
c50910df: Restored logging in Commerce Manager after Log4j2 upgrade. (25-Mar-2022)
72a68ce1: Removed ability for tax plugins to modify an item subtotal to avoid bugs in tax plugin implementations. (23-Mar-2022)
6592f9fb: Added ability to set customer username as a data policy data point so that Personally Identifiable Information (PII) data in that field (usually email address) is removed when consent is revoked. (18-Mar-2022)
7cace0d1: Removed unused TermsAndConditions.feature. (8-Mar-2022)
6fb8fc11: Improves build and test stability. (4-Mar-2022)
444c880a: Modified the keyword search functionality to return all matching product skus instead of the default sku for matching products. (1-Mar-2022)
01a5eb89: Fixed an issue with where it would miss a button’s state change, causing test instability. (23-Feb-2022)
0398f3d5: Disabled unnecessary dependency retrieval when exporting through Import/Export API to greatly improve performance. Also fixed DIRECT_ONLY flag in exportconfiguration.xml so it correctly excludes associated products from the product export. (23-Feb-2022)
62f01018: Fix for failing email file attachments Cucumber test due to change in place-hold.it URL. (23-Feb-2022)
dbf35b11: Added cucumber tests for fixed issue where the Cortex resource returned no results if thex-ep-account-shared-id header was set. (9-Feb-2022)
708f7568: Fixed issues with Liquibase scripts that caused an error during data upgrade. (9-Feb-2022)
cb0fffcb: Fix for purchase lookup form not finding orders that were placed on behalf of the account that is specified in x-ep-account-shared-id. (8-Feb-2022)
8376210c: Upgraded Apache SOLR from version 7.4 to 8.11.1. (7-Feb-2022)
d1e19a72: Fixed an issue where shoppers were able to access Restricted and Under Construction stores in Cortex. (4-Feb-2022)
e11a25c1: Upgraded Log4j 1.2.17 to Log4j 2.17.1. (25-Jan-2022)
023aeafe: Upgraded xstream from 1.4.11 to 1.4.18 and activemq from 5.16.0 to 5.16.1. (21-Jan-2022)
d527e755: Modified Cortex to allow it to continue functioning normally if ActiveMQ is overloaded or offline. (19-Jan-2022)
d92f33af: Fixed an issue where unrelated items were returned when searching for SKUs by SKU code in Commerce Manager. (13-Jan-2022)
3a714fff: Fixed issue in cli applications where unconsumed output on System.err could cause the application to hang. (13-Jan-2022)
80d7ad9c: Allow base amounts to be added/edited/deleted without first adding the price list to the changeset. (29-Dec-2021)
295391c1: Upgraded Tomcat to version 9.0.50. (14-Dec-2021)
5287b7a6: Upgraded Quartz and Servicemix Quartz dependencies to version 2.3.2. (13-Dec-2021)
6625abc8: Fixed issue where the wishlistmemberships Cortex resource returned no results if the x-ep-account-shared-id header was set. (1-Dec-2021)
f965e66d: Improved upgrade performance of liquibase changeset 2020-05-cart-cleanup-jobs-recreate-FKs-with-cascade-delete. (30-Nov-2021)
62644c1b: When a promotion can apply to multiple cart line items, this fix ensures that the appliedpromotions resource shows the promotion for all of the applicable line items. (24-Nov-2021)
e8a9589d: Improved upgrade performance of liquibase changesets: 7.6.0-torder-make-cart-order-guids-unique, 2020-09-convert-customer-passwords-to-bcrypt, 2020-08-flatten-order-sku-tree-for-better-performance, 2020-03-payment-configurations-preserve-all-authorization-codes-as-payment-data, 2020-05-update-accountmanagement-customertype. (Nov 24, 2021)
f92e7843: Fixed issue with Cortex showing incorrect pagination results when retrieving recommendations. (Oct 28, 2021)
9a235c1f: Fixed issues with the re-population of skuOptionsCache which caused the cache to become ineffective after the TTL expires. (Sep 20, 2021)
590dfe25: Improves Commerce Manager performance for catalogs with large volumes of base amounts. (Sep 17, 2021)
0b148528: Fixed an intermittent build failure where the index status was not set as expected. (Sep 15, 2021)
aabe19cb: Fixed the cache for the DynamicAttributeValue. (Sep 1, 2021)
b0b74641: Removed unnecessary duplicate promotions caches and fixed potential thundering herd issue when promotions cache is initially populated. (Aug 31, 2021)
a9cc15ee: Optimized the inventory rollup job performance and changed it to run more frequently. (Aug 24, 2021)
670b34f8: Performance fix for ShipmentDetailsIdParameterServiceImpl that previously retrieved each shipment in the user’s order history to determine if the shipment resources should be accessible. (Aug 23, 2021)
a459f794: Second payment capture attempts are not logged or recorded in TORDERPAYMENTS when using an expired tokens. (Aug 19, 2021)
0af8cab1: Updated promotion rule retrieval so that all other rules in the ruleset are not eagerly loaded. (Aug 15, 2021)
7f477d77: Updated customer domain object so that addresses are no longer eagerly loaded and are only retrieved when needed. (Aug 16, 2021)
ad852669: Improved performance in the cart item modifier field validator. (Aug 12, 2021)
6e22a618: Implemented a deadlock retry to address deadlocks on TORDERNUMBERGENERATOR under a high load. (Jul 14, 2021)
6d858a2e: Fixed a race condition in SolrFacetAdapter that was causing Cortex errors when retrieving faceted offer search results. (Jul 6, 2021)
8ac5a462: Backported the mvnmin.xml file to maintenance releases. (Jun 21, 2021)
8e8957c5: Improved catalog projection clean-up performance. (Jun 9, 2021)
e5878d04: Allow groovy-maven artifacts to be downloaded from Maven central and removed duplicate versions. (May 10, 2021)
dcc90e22: Updated the pom.xml file to allow groovy-maven related artifacts download from Maven central repository and removed duplicate versions. (May 11, 2021)
eb01eef0: Updated maven.springframework.org with an https protocol. (May 10, 2021)
d0446fa7: Removed customer Solr index. (Apr 27, 2021)
c32c9463: Updated the product name search to support special characters in Commerce Manager. (Apr 1, 2021)
31af27bd: Updated the default batch size for the TINDEXNOTIFY table as the search primary tried to fetch all data from the table. The TINDEXNOTIFY table contains millions of records and was causing resource issues. (Mar 29, 2021)
15829005: Updated the AddressRepositoryImpl file to remove an unnecessary PMD.TooManyMethods suppressed warning. (Mar 30, 2021)
019a5ea6: Added an extensibility on the AddressRepositoryImpl and AddressEntity classes, and added the extensibility to the Elastic Path Commerce example. (Mar 31, 2021)
188c7af3: Fixed CSV Import and Change Set issues. (Mar 25, 2021)
b38a78e2: Updated the Buyer roles roles field to be a JSON array of strings. (Mar 18, 2021)
5a957e0e: Created a reference Cortex resource for read-only reference data. (Mar 17, 2021)
21c845b8: Updated the add-associate-form link to be addassociateform to align with standard Cortex naming practices. (11-Mar-2021)

Changelog Announcements

Refactored core-changelog-2021-01-data-fields-as-json-clob.xml to make it run 20-30X faster on MySQL and Oracle databases

The changesets in the core-changelog-2021-01-data-fields-as-json-clob.xml Liquibase file that are used as part of the EPC 8.1 upgrade have been refactored to allow it to upgrade the schema much more quickly on MySQL and Oracle databases. This was done by taking advantage of the JSON_OBJECTAGG function which serializes JSON within the database. However, this function was only added to MySQL in version 5.7.22, so project teams using MySQL must upgrade to at least MySQL RDS version 5.7.22 or MySQL Aurora version 5.7.mysql_aurora.2.11.2 before applying this patch.

Modified how promotion and price list assignment start and end dates are stored to allow queries to easily exclude expired records

The "Time Conditions" editor has been removed from the Shopping Cart promotions wizard and editor. Now the enable and expiration dates for Shopping Cart promotions appear on the summary tab (or first page of the wizard) consistently with catalog promotions.

This patch includes a Liquibase changeset that will migrate existing start and end dates to the new fields.

Enabled Application Caching in Search Server and Integration Server

Until now, Application Caching using EhCache was only enabled for Cortex and the Import/Export tool. Now we’ve also enabled application caching for the Search Server and Integration Server. This significantly improves the performance of search indexing, asynchronous checkout operations, and Integration Server APIs.

With the application cache enabled in Search Server, the number of queries required to index the mobee test store was reduced from ~400,000 to ~50,000.

note

This change can cause some services to return dirty reads; in other words, if a cached result is returned then it might be an out-of-date representation of the object. If certain customizations are sensitive to dirty reads, you can reference the non-caching versions by adding nonCaching prefix to the reference in your service bean definition. For example, references to the storeService bean can be changed to nonCachingStoreService. You can also completely disable application caching for a service by setting the -Dnet.sf.ehcache.disabled=true JVM parameter.

For more information, see Application Caching using EhCache.

Significantly improved the performance of customer, account, and order searches in Commerce Manager

When the customer SOLR index was removed, the way that Commerce Manager looks up customer details was refactored to lookup customer and account details in the database instead of using SOLR. However, since many of the search fields need to do case-insensitive searches and/or partial matches, database indexes were not being leveraged effectively. This lead to very slow response times when the database contains a large number of user, account, or order records. The search queries have been updated to effectively use the database indexes, even for lookups that are case-insensitive or prefix (searches for results starting with the specified value).

The tables below show the type of search that is used for each search field.

Searchable user fields:

Field	Search Type
Shared ID	Exact Match
Email	Case Insensitive Match
Username	Case Insensitive Match
First Name	Case Insensitive Prefix Match
Last Name	Case Insensitive Prefix Match
Zip / Postal Code	Case Insensitive Match
Phone Number	Case Insensitive Match
Store	Exact Match

Searchable account fields:

Field	Search Type
Shared ID	Exact Match
Business Name	Case Insensitive Prefix Match
Business Number	Case Insensitive Prefix Match
Phone Number	Case Insensitive Match
Fax Number	Case Insensitive Match
Zip / Postal Code	Case Insensitive Match

Searchable order fields:

Field	Search Type
Order Number	Exact Match
User Shared ID	Case Insensitive Match
User First Name	Case Insensitive Prefix Match
User Last Name	Case Insensitive Prefix Match
User Email	Case Insensitive Match
User Phone Number	Case Insensitive Match
Account Shared ID	Exact Match
Account Business Name	Case Insensitive Prefix Match
Account Business Number	Case Insensitive Prefix Match
Account Phone Number	Case Insensitive Match
Billing Address First Name	Case Insensitive Prefix Match
Billing Address Last Name	Case Insensitive Prefix Match
Billing Address Phone Number	Case Insensitive Match
Billing Address Fax Number	Case Insensitive Match
Billing Address Zip / Postal Code	Case Insensitive Match
Shipping Address First Name	Case Insensitive Prefix Match
Shipping Address Last Name	Case Insensitive Prefix Match
Shipping Address Phone Number	Case Insensitive Match
Shipping Address Fax Number	Case Insensitive Match
Shipping Address Zip / Postal Code	Case Insensitive Match
Order Status	Exact Match
Shipment Status	Exact Match
Store	Exact Match
Product SKU Code	Exact Match
`RMA` Code	Exact Match

Additionally, the following bugs were fixed:

The "Account details" fields on the order search tab now works properly (these fields were being ignored).
The "Shipping zip / postal code" field on the order search tab was actually searching for billing zip/postal code.
The customer search sort by username was actually sorting by shared ID.
The progress indicator in the bottom right corner of Commerce Manager now indicates when a search is in progress.

Changed attribute value `LONG_TEXT_VALUE` field from `CLOB` to `VARCHAR`

This patch changes the type of the LONG_TEXT_VALUE field in all attribute value tables (TCATEGORYATTRIBUTEVALUE, TCUSTOMERPROFILEVALUE, TPRODUCTSKUATTRIBUTEVALUE, and TPRODUCTATTRIBUTEVALUE) from CLOB to VARCHAR. This is done to avoid an extra select query on the database for each record returned in these tables. These extra select queries significantly slows performance when retrieving customers, categories, products, and product skus from the database, even when the LONG_TEXT_VALUE field is not populated.

Before deploying this change to production, note the following impacts:

If any of the tables listed above contain a large amount of data in the LONG_TEXT_VALUE field for any single record, the data population process may fail.
- For MySQL, the new limit is 20,000 characters.
- For PostgreSQL, the new limit is 65535 bytes (note that each unicode character can consume between 1 and 4 bytes).
- For Oracle, the new limit is 32767 bytes (note that each unicode character can consume between 1 and 4 bytes).
The data population process may take several minutes or hours to execute, depending on the number of records in the tables listed above, database type used, and database size. While data population is running, Cortex operations may fail or be very slow due to database load and database table locks.
Teams using Oracle must ensure that the MAX_STRING_SIZE parameter is set to EXTENDED before running data population process or it will fail.

For all these reasons, before deploying this change to production, your teams should test the data population process on a snapshot of your production database in a pre-production environment. Verify that the process is able to complete successfully and make note of how long the data population process takes. Also validate the behaviour of Cortex during the data population process; you may need to plan for downtime during this process if the Cortex impact is significant.

For teams using Oracle, follow these instructions to change your database MAX_STRING_SIZE parameter to EXTENDED:

Removed Customer Solr index

Elastic Path Commerce uses Solr for fast lookup of records based on advanced search criteria. This includes "DisMax" searches which return relevance-sorted results based on simple search criteria. For example, the Cortex keyword searches use the Product Solr index to find products and SKUs based on a keyword search.

The customer Solr index was only used by Commerce Manager, when searching for customers by specific fields, such as name, address, or phone number. These types of searches can be done just as quickly using SQL queries against indexed database fields.

Due to the fact that customer records are transactional, meaning that the number of records will grow over time as more users interact with the store. This can cause issues due to the size of the Solr index, or if the customer index ever needs to be rebuilt from scratch, which can be very time consuming.

For these reasons, we made the decision to remove the customer Solr index, and re-implement all Commerce Manager search functions as SQL queries. This functionality is seen in the new CustomerCriterionImpl and CustomerSearchCriteria classes in the source.

Modified Cortex to allow it to continue functioning normally if ActiveMQ is overloaded or offline

Cortex sends event notifications in a number of circumstances. Before this patch, those event notifications were sent to ActiveMQ in real-time. Therefore, if ActiveMQ was overloaded, Cortex performance would suffer. Furthermore, if ActiveMQ was offline, Cortex operations would fail.

After this change, all Cortex event notifications are recorded in the TOUTBOXMESSAGE table, and relayed to ActiveMQ by a Batch Server job that runs every second. This means that Cortex will continue to function regardless of the state of ActiveMQ, and performance will not be affected. If ActiveMQ is offline temporarily, messages will be relayed from the outbox table once it comes back online.

Note that Cortex still maintains a connection to ActiveMQ so it can listen for Operational Insights requests, so if ActiveMQ is offline, a thread will attempt to reconnect every few seconds. However, this will not affect Cortex operation in any way.

Upgraded to Log4j 2.x

Log4j 1.2 is an end-of-life product with multiple security vulnerabilities. To address this, we have upgraded to Log4j 2.17.1. This is a major upgrade that could impact your customizations.

While consuming this patch, make sure you follow the Log4j 1.x to 2.x upgrade notes.

`8.2.0`

Released: March 2021

Release Highlights

Account Management

This release focuses on delivering buyer capabilities to enable Buying Organizations to manage their departments, regions, and hierarchy of accounts and buyers from the storefront powered by Cortex.

Ability for Buyers to View and Manage Account Details

Buyers can now modify associated accounts in Cortex. The following aspects of accounts can be modified:

Attributes

Buyers with the MODIFY_ACCOUNTS permission can edit account attributes. This can be done through a PUT operation on the account resource, similar to how profile attributes are modified.

For more information, see Update Account.

Addresses

Buyers with the MODIFY_ACCOUNT_ADDRESSES permission can add, edit, and delete addresses stored on the account. This can be done by following the addresses link on the account resource. The default shipping and billing address for the account can also be selected.

For more information, see Read Addresses from Account.

Payment Instruments

Buyers with the MODIFY_ACCOUNT_PAYMENT_INSTRUMENTS permission can add and delete payment instruments stored on the account. Payment instruments can be added by following the paymentmethods link on the account resource. Existing payment instruments can be viewed and deleted by following the paymentinstruments link on the account resource. The default payment instrument for the account can also be selected.

For more information, see Read Payment Instruments from Account.

Status

Buyers can now view the status of associated accounts in Cortex. A new link named status is available on the account resource.

For more information, see Read Status on Account.

Ability for Buyers to Manage Account User Associations

Buyers with the MODIFY_ACCOUNT_ASSOCIATES permission can add and delete associates on an account. Associates can be viewed by following the associates link on the account resource. Buyers can be added to the account by specifying their email and role in the add-associate-form link. Shoppers must be registered in Cortex before they can be added to an account.

For more information, see Read Associates from Account.

Ability for Buyers to View Child Accounts

Buyers can view child accounts in the account hierarchy. This is done by following the childaccounts link on the account resource. Each child account has the same links as accounts that the buyer is directly associated to.

For more information, see Read Child Accounts from Account.

Ability for Buyers to Choose from Account Addresses and Payment Instruments during Checkout

When a buyer is transacting on behalf of an account, meaning the x-ep-account-shared-id header is specified, the options presented are different. When selecting the cart order billing address, shipping address, and payment instrument, the options are now based on records stored on the account, instead of the records stored on the profile.

note

Currently, when transacting on behalf of an account, the option to add a new address from the cart order will not appear. Buyers with the appropriate permissions can still add addresses to the account through the account resource.

For more information, see Select Order Billing Address, Select Delivery Shipping Address, and Select Order Payment Instrument.

Ability to Define Roles for Buyers

Buyers can now be assigned to Elastic Path roles, representing a grouping of multiple Shiro roles (permissions). Each Shiro role is a granular permission that controls what the buyer can view, create, modify, or delete through the Cortex API. For example, buyers without the READ_PRICES permission cannot access resources that return product prices.

Developers can modify Elastic Path roles, including their assigned Shiro roles through a simple Spring map declaration (roleToPermissionsMap).

Seller admins can define what Elastic Path role buyers will acquire in Commerce Manager. For B2C scenarios, the Store record can define roles for both single-session and registered buyers. For B2B scenarios, the role can be assigned to the user association record on each account. Buyers automatically get the same access role to any child accounts in the hierarchy.

For more information about how roles and permissions work, see Cortex Authorization.

Order Hold Strategies

Order Hold Strategies allows your business to define rules that determine when new purchases should be placed on hold. The following are use cases examples for Order Hold Strategies:

A high fraud score
An issue with downstream fulfillment services
A delayed payment method, such as payment by cheque or Bitcoin

When a cart is checked out, an order record is created, inventory is reserved, and credit card payments are pre-authorized. The Order Hold Strategies are then executed. If one or more of these strategies determines that a hold is required, the order is placed in the ON_HOLD state, and an Order Confirmation email is sent to the customer. The payment will not be captured, and the order will not be sent to fulfillment until all of the holds are resolved.

A configurable seller admin email is notified on a scheduled basis (every 4 hours by default) for each store that contains held orders. The seller admin can then view the held orders along and mark holds as resolved or unresolvable. If all of the holds are resolved, the order proceeds to payment capture and fulfillment. If any of the holds are marked unresolvable, the order is cancelled, and a cancellation email is sent to the shopper.

For more information, see Order Hold Strategies.

Catalog Promotion Selling Context

Seller admins can now define personalized criteria for catalog promotions, allowing more targeted promotions that appear to the shopper even before the shopping cart.

The Selling Context allows promotions to be activated based on characteristics of the shopper. This functionality has been available for use when defining shopping cart promotions in Elastic Path Commerce for many years. Now, the same level of flexibility is available for use on catalog promotions.

Catalog Promotion Selling Context

For more information, see Shopper Segment Rules.

System Requirements and Compatibility

Elastic Path Commerce 8.2.0 is now certified for use with the following technologies:

Technology	Old Certification	New Certification
Amazon Aurora RDS	Aurora v1 (MySQL 5.6)	Aurora v2 (MySQL 5.7)
MySQL	5.7.19	5.7.31
Oracle	12.1	19.0
Zulu JDK	8u202	8u275

Elastic Path Commerce 8.2.0 is compatible with the following Elastic Path releases:

Elastic Path Component	Compatibility
Elastic Path CloudOps for Kubernetes	CloudOps for Kubernetes compatibility matrix

For more information, see Supported Technologies.

New in This Release

In addition to the Release Highlights, this release contains the following updates:

Ability for Seller Admins to Mark Accounts as Suspended

Seller admins have more control over the status of accounts. In addition to the existing ACTIVE and DISABLED options, accounts can now be set to a SUSPENDED state.

For accounts in the ACTIVE state, associated buyers can transact on behalf of the account and checkout. For accounts in the DISABLED state, buyers will not be able to transact on behalf of these accounts. The x-ep-account-shared-id header will not be accepted. For accounts in the SUSPENDED state, associated buyers can transact on behalf of the account, but they will not be permitted to purchase a cart, the purchaseform action will be blocked.

For more information, see Disabling or Suspending an Account record.

`Cache` implementation improvements

In some cases, you want to cache the fact that a key is not present in the database, and differentiate that from the circumstance where the cache has not been populated. To address this, we added a new class called CacheResult that can differentiate between "value not present" and "value is null". Then updated the cache get methods to return a CacheResult object.

Also, the V get(K key, Function<K, V> fallbackLoader) method was updated to prevent the "thundering herd" issue when high-usage cache keys expire. Specifically, the following guarantees are provided:

Threads will only be blocked if there is a cache miss and there is already an evaluation running for an equivalent cache key. Lookups for different cache keys will not be blocked.
Only one evaluation will be executed for a cache miss of a given cache key. There is actually a small chance that this could occur if the evaluation locks map rolls over, but it is highly unlikely.
While a cache miss evaluation is in progress, requests from separate threads for the same cache key will block until evaluation is complete and they will get the cached value after the evaluation completes.

Most calls to CacheResult<V> get(K key) were replaced with calls to V get(K key, Function<K, V> fallbackLoader) to allow caches to take advantage of these guarantees.

Made `refreshStrategy` metadata records required for all setting definitions

The implementation of CachedSettingsReader was changed so that it now throws an exception if a setting definition does not have a corresponding refreshStrategy metadata record. Previously, CachedSettingsReader would fallback to the immediate refresh strategy if not explicitly defined, which led to unexpected performance issues.

Surefire and Failsafe plugin updates

When an exception occurred in unit or integration tests, the stack trace was being truncated by the Surefire and Failsafe plugins. The trimStackTrace setting has now been set to false to prevent this behaviour.

The Surefire and Failsafe plugins were upgraded to version 2.22.2.

Removed some outdated language in alignment with diversity and inclusion commitments

Some parameters that made reference to master were renamed. Also, the CP_GENDER customer profile attribute was removed.

See upgrade notes for more information about both of these changes.

Upgraded shopper and business user password hashing

In Self Managed Commerce 8.1 and earlier, the password hashing algorithm for shoppers was SHA-256, and the password hashing algorithm for business users was SHA-1. Both password hashing algorithms have now been upgraded to BCrypt.

For existing users, the current hash is re-hashed with BCrypt during the database upgrade. When a user signs in, Elastic Path Commerce first tries to match the password with the BCrypt hash. If that fails, it tries again with a BCrypt and SHA-1 or SHA-256 hash. This allows us to upgrade the hashes without losing existing passwords, in accordance with OWASP recommendations.

The BCrypt work factor for shoppers defaults to 8, and the work factor for business users defaults to 10. These can be modified by changing the strength property of the passwordEncoder and cmPasswordEncoder Spring beans, respectively. Note that as the work factor is increased, authentication performance will be reduced.

Added ability to specify filtering when exporting customers through Import/Export

Added the ability to specify queries when exporting customers through the Import/Export CLI or API.

Field	Field Parameters	Sample Query
SharedID	N/A	`FIND Customer WHERE SharedID = 'e27ffe24-1281-4841-bc78-d9006ae7771d'`
CustomerType	N/A	`FIND Customer WHERE CustomerType = ACCOUNT`
LastModifiedDate	N/A	`FIND Customer WHERE LastModifiedDate > '2020-01-01T00:00:00-08:00'`

Improved logging when running data population

Data population now writes separators to the logs for each stage of the data population process, giving better insight into what it is doing.

Improved how Cortex `LINK` permissions are defined

Assume that we have two links contributed by the carts resource to the root: carts and defaultcart. We want defaultcart to appear to all users (PUBLIC) and carts to only appear to logged in users (REGISTERED).

We expect to be able to create a permission.permissions file like this:

relos.role.PUBLIC=LINK:{base.scope}:default;
relos.role.REGISTERED=LINK:{base.scope}:EOL;

However, this caused both links to disappear for all users because Cortex was evaluating links in such a way that only wildcards would work; they weren’t evaluated based on their target URIs. That has now been resolved.

Enhanced `ep-core-tool` to allow Setting Metadata to be updated

The ep-core-tool now supports the following commands:

set-setting-metadata
bulk-set-setting-metadata

These commands allow the ep-core-tool to update the metadata for setting definitions.

Commerce Manager now displays orders in `FAILED` state

Orders in the FAILED state did not previously appear in search results in Commerce Manager.

Address `family-name` and `given-name` fields are now optional

Addresses can be associated to either a shopper profile, or an account. When adding an address to an account, the family-name and given-name fields are usually irrelevant. Therefore, we have modified Elastic Path Commerce so that addresses can be created without these values. These fields are now optional in both Cortex and Commerce Manager.

Added `references` resource in Cortex root

A new link has been added to the Cortex root resource named references. This resource allows us to group links to resources that provide read-only reference data that is required by the client.

Initially, this resource contains two links:

countries
buyerroles

The countries link is a duplicate of the countries link on the root resource. The countries link on the root is now deprecated and may be removed in a future version.

The buyerroles link allows the client to read the list of available roles that can be used when associating a user to an account. For more information about buyerroles, see Read Buyer Roles.

Replaced XA with Outbox pattern

In Elastic Path Commerce 7.5.1, XA transaction support was added. This was to ensure the publishing of domain event messages if and only if the transactions containing these database updates were committed to the database. This guarantee is essential to ensure that Catalog Syndication projections can be kept up-to-date.

This technology added significant complexity and boilerplate code into the Elastic Path Commerce framework. To reduce this complexity, we made the decision to replace XA with the Transactional Outbox pattern. This pattern requires the platform to insert a record into an outbox table in the same transaction as the catalog update. A separate job later reads the outbox records and relays them as the appropriate domain event messages.

The commit includes the following changes:

Removes all library dependencies on Atomikos.
Removes ep-jta module.
Removes XaTransactionTestSupport from all integration tests.
Removes support for JVM parameter -Dspring.profiles.active=non-xa.
Removes all XA configuration from each webapp’s context.xml files - including epjndi-xa.
Adds TOUTBOXMESSAGE table to the database.
Adds Relay Outbox Messages Quartz job in Batch Server.
Adds support for JVM parameter -Dspring.profiles.active=disable-domain-events.

Added Maven Minimal Configuration

Maven Minimal is a developer tool to build large multi-module projects quickly, by building only changed modules. Maven Minimal is currently under development and nearing release.

In anticipation of Maven Minimal’s release, its configuration is included in Elastic Path Commerce.

Fixed Issues

Prevent Cortex error when viewing customer profile

If a customer is edited in Commerce Manager, in some cases a 500 error would occur when viewing the customer profile in Cortex.

Cortex webapp overlays folder added to gitignore

The extensions/cortex/ext-cortex-webapp/overlays/ folder was added to .gitignore to prevent temporary files in that folder from being committed accidentally.

Removed unnecessary cart re-pricing calls

Some unnecessary calls to update pricing during shopping cart retrieval were removed.

Fixed thread safety issue when calculating promotions

A thread safety issue in LogicalTreeBuilder was in some cases causing shopping cart promotions to be evaluated incorrectly.

Messaging in CM when there was a reservation failure during order modification was confusing

Improved messaging on the dialog that appears when modifying an order in Commerce Manager.

Fixed several Liquibase upgrade script issues

Several 7.2.0 Liquibase scripts had very poor performance during upgrades.
The 7.6.0-torder-make-cart-order-guids-unique script missed some order records when making the CART_ORDER_GUID field unique.
The 2020-05-update-accountmanagement-customertype script could throw a No value specified for parameter exception in some circumstances.
The 2020-05-add-accountmanagement-customertype script could hang during an update in some circumstances.
The core-changelog-2020-03-payments.xml script could throw a missing expression exception in some cases.
The core-changelog-2020-06-common-shared-identifier-users-accounts.xml script could throw a duplicate keys found exception in some circumstances.

Improved handling for unpriced items in the cart

Added defensive code to prevent Cortex exceptions when line items in the cart do not have a price. If a line item is missing a price, the line item price and total links will no longer be displayed. At the cart and order levels, the total and tax entities assume that the price of line items without prices is zero. Shipping service level calculations also function normally but assume that the price of line items without prices is zero.

Fixed issue in which Cortex sometimes re-uses shopper record from a different store

Fixed an issue where a user’s shopper record and cart from a different store was retrieved incorrectly.

Ensure that cart modifier values are cleared from default cart after checkout

Cart modifier values are now reset on the default shopping cart whenever the cart is checked out.

Limited use coupon codes could not be removed from cart

Limited-use coupon codes were being automatically re-applied after a customer removed the coupon code.

Removed unnecessary duplicate queries to `TATTRIBUTE` table during checkout

Cortex made multiple unnecessary TATTRIBUTE queries during checkout. This has now been reduced to a single query.

Import/Export imports weren’t updating Catalog Syndication projections

When products were updated using Import/Export, the required domain events were not being published.

Eliminated unnecessary `UIDPK = 0` queries

Applied a fix to OpenJPA to eliminate unnecessary SQL queries that would never return any results because they contain UIDPK = 0 within the where clause.

Fixed exception that could occur when multiple threads request the same shopping cart concurrently

When a shopping cart contains a bundle, and multiple threads request the same shopping cart concurrently, the following exception could occur: com.elasticpath.commons.exception.InvalidProductStructureException: ShoppingItem structure invalid

Optimized the `cleanupFailedOrdersJob` batch job

This job is responsible for deleting failed orders that are more than COMMERCE/SYSTEM/FAILEDORDERCLEANUP/maxHistory days old. Each time this job is executed, it deletes qualifying records in batches of size COMMERCE/SYSTEM/FAILEDORDERCLEANUP/batchSize until all qualifying records are deleted. This is a change from the old behavior which would cleanup only COMMERCE/SYSTEM/FAILEDORDERCLEANUP/batchSize records each time the job was executed. This job also executes much more quickly than before and uses less memory.

Updated several Maven plugins to improve multi-threaded build support

When building ep-commerce source in multi-threaded mode, such as -T 1C, several warnings appear in the logs about plugins that don’t support multi-threading. The following list shows the upgraded Maven plugins to better support multi-threaded builds:

Upgraded gmaven-plugin 1.4 to groovy-maven-plugin 2.1.1.
Upgraded javacc-maven-plugin 2.6 to ph-javacc-maven-plugin 4.1.4.
Upgraded maven-replacer-plugin to 1.5.2.
Added threadSafe=true to ep-core-tool.

Caching bug could cause product to appear as missing in Cortex

In some circumstances, when the productUidCache entry expires before the productUidByGuidCache, Cortex was misinterpreting this situation to mean that the product was not present in the database.

Prevent duplicate domain events from being published

Due to the way that OpenJPA lifecycle events work, there were some circumstances where duplicate domain events were being sent when a record was updated in Import/Export or Commerce Manager. To address this, a LifecycleEventFilter was added that identifies and filters out duplicate lifecycle events in the same thread.

Products without display name in Commerce Manager language do not appear properly in promotions wizard

If a promotion in Commerce Manager has a condition or action that references a Product or SKU that is missing a localized display name it was "invisible". The code now falls back on the product code or SKU code in this circumstance.

Improvement to `offer-price-range` logic when list price is lower than sale price

When a price is configured such that the list price is lower than the sale price, the offer-price-range resource didn’t correctly show the lowest price.

Improved search master customer indexing

Ensure that customer records are only indexed if at least one of the following is true:

Customer type is REGISTERED_USER or ACCOUNT.
Customer type is SINGLE_SESSION_USER and is associated to one or more purchases.

Also removed the use of the TINDEXNOTIFY table for determining which records require re-indexing; the code now relies exclusively on TCUSTOMER.LAST_MODIFIED_DATE.

Fixed several tests that were incorrectly using "week year" instead of "year"

Several tests were using use SimpleDateFormat("YYYY-MM-dd”) instead of SimpleDateFormat("yyyy-MM-dd”). YYYY means "week year", while yyyy means "year". This caused several test failures in the last week of each year.

Fallback payment capture attempts are not recorded

If a payment capture fails, Elastic Path Commerce will try to create a new reservation and charge, but the second charge was not being recorded in the TORDERPAYMENT table.

Shipping address on all active shopping carts is changed when shopper’s default shipping address is updated

If a shopper edits an address that is the default shipping address on their profile, all of that shopper’s active carts were updated to make that the current shipping address. This behaviour has been removed.

Avoid unnecessary validation calls during add-to-cart and checkout

The presence of ADVISE_CREATE in the cart permission.properties was causing the add-to-cart form validation rules to be executed unnecessarily when posting to the add-to-cart form.

Also, inventoryProductSkuValidator was being executed during purchase validation even though the required functionality was already covered by inventoryShoppingItemValidator.

Improved consistency of catalog entity code validation

Different Elastic Path Commerce applications were validating Catalog entity codes differently. For example, Import/Export might allow a catalog code to contain an underscore but Commerce Manager would not.

To address these inconsistencies, CatalogCodeUtil has been added to ep-core which provides information that applications can use to validate the various types of codes. Currently only Commerce Manager has been wired in to use this information.

Extended bundle `permission.properties` not overriding `permission.properties` consistently

Cortex requires that all extension bundles declare their own permission.properties file. Before this fix, Cortex was arbitrarily reading either the out of the box or extension bundle permission.properties file to determine permissions. Now extension bundles are required to specify a permissionsLookupRank value in their wiring modules which Cortex uses to identify the correct permission.properties file.

Upgrade Notes

The upgrading Elastic Path guide provides general instructions on upgrading Elastic Path projects.

Core Commerce

All TSETTINGDEFINITION records now require a corresponding TSETTINGMETADATA record with key refreshStrategy and a value containing the cache refresh strategy. Make sure to add these records for any custom settings or the CachedSettingsReader will throw an exception when the settings are retrieved.
The ep.search.master.url, ep.search.default.url, and ep.search.requires.master properties have been deprecated. These were specifiable either as JVM parameters or in ep.properties. The old parameters are still supported, but we now recommend specifying them using JVM parameters as follows:
- ep.search.master.url should be specified as -Dep.search.primary.url=
- ep.search.default.url should be specified as -Dep.search.replica.url=
- ep.search.requires.master should be specified as -Dep.search.mode=, where the value is set to primary or replica.
The CP_GENDER customer profile attribute was removed. If tracking gender is an important attribute for your business, we recommend creating a new custom profile attribute and creating a Liquibase script to transfer the data to your custom attribute.
The family-name and given-name fields on Addresses have been made optional. If you have any customizations that use addresses, ensure that they can handle null values in these fields.
Many Cortex bundle permission.properties files have been updated to support the new Shiro roles such as CATALOG_BROWSER and BUYER_ADMIN. If your project has overridden any Cortex bundles, make sure to merge your custom permission.properties file with the out of the box version.
Any bundles that extend existing out of the box bundles will require an update to their wiring class to allow Cortex to determine which permission.properties file to use. The out of the box bundles all use a rank of 100, so extended bundles should specify a higher rank, such as 200. If the permissions lookup rank is not specified in the extension bundle, the following exception will be thrown at Cortex startup: java.lang.IllegalArgumentException: Permission lookup for server prices already exists with rank 100 Here is an example of the permissionsLookupRank method that needs to be overridden in the wiring modules:

package com.elasticpath.extensions.rest.extprices.wiring;

import com.elasticpath.rest.resource.prices.wiring.PriceWiring;

import javax.inject.Named;

/**
 * Extended Price wiring.
 */
@Named
public class ExtPriceWiring extends PriceWiring {

    @Override
    protected int permissionsLookupRank() {
        return 200;
    }
}

Database Changes

Added CASCADE on DELETE on all foreign key relationships to the following fields to allow cleanupFailedOrdersJob to be more efficient. For more information, see the core-changelog-2020-08-cleanup-expired-failed-orders-job.xml file.
- TORDER.ORDER_NUMBER
- TORDER.UIDPK
- TORDERPAYMENT.UIDPK
- TAPPLIEDRULE.UIDPK
- TORDERSHIPMENT.UIDPK
- TORDERRETURN.UIDPK
- TORDERSKU.UIDPK
Added ORDER_UID field to TORDERSKU table to allow queries to avoid join to TORDERSHIPMENT.
Added index on TCUSTOMER.AUTHENTICATION_UID.
Renamed apiRefreshStrategy and adminRefreshStrategy values on TSETTINGMETADATA.METADATA_KEY to refreshStrategy.
Added refreshStrategy metadata records to all TSETTINGDEFINITION records.
TCMUSER.PASSWORD values are re-encoded to BCRYPT format.
TCUSTOMERAUTHENTICATION.PASSWORD values are re-encoded to BCRYPT format.
Removed CP_GENDER customer profile attribute.
Added index on TCUSTOMERPROFILEVALUE.CUSTOMER_UID, replacing previous composite index.
Updated COMMERCE/SYSTEM/SEARCH/searchHost context keys from master to primary and default to replica.
Added unique constraint on SHOPPER_UID,DEFAULTCART fields of TSHOPPINGCART and made DEFAULTCART nullable.
Added TOUTBOXMESSAGE table.
Added B2C_AUTHENTICATED_ROLE and B2C_SINGLE_SESSION_ROLE fields to TSTORE table.

Upgraded Libraries

The following libraries were upgraded as part of this release, primarily to address vulnerabilities detected within these libraries.

Library	Change
activemq-broker-5.16.0.jar	Version changed from 5.15.12
activemq-camel-5.16.0.jar	Version changed from 5.15.12
activemq-client-5.16.0.jar	Version changed from 5.15.12
activemq-console-5.16.0.jar	Version changed from 5.15.12
activemq-jms-pool-5.16.0.jar	Version changed from 5.15.12
activemq-kahadb-store-5.16.0.jar	Version changed from 5.15.12
activemq-openwire-legacy-5.16.0.jar	Version changed from 5.15.12
activemq-pool-5.16.0.jar	Version changed from 5.15.12
activemq-spring-5.16.0.jar	Version changed from 5.15.12
activemq-stomp-5.16.0.jar	Version changed from 5.15.12
activemq-web-5.16.0.jar	Version changed from 5.15.12
activemq-web-console-5.16.0.war	Version changed from 5.15.12
checker-qual-2.10.0.jar	Removed
dec-0.1.2.jar	Added
error_prone_annotations-2.3.4.jar	Removed
failureaccess-1.0.1.jar	Removed
guava-28.2-jre.jar	Removed
hawtdispatch-1.11.jar	Added
hawtdispatch-transport-1.11.jar	Added
htmlunit-2.38.0.jar	Added
htmlunit-core-js-2.38.0.jar	Added
htmlunit-cssparser-1.5.0.jar	Added
integration-test-definitions-8.2.0.5657f7cc81.jar	Added
j2objc-annotations-1.3.jar	Removed
jackson-annotations-2.10.2.jar	Removed
jackson-annotations-2.11.2.jar	Version changed from 2.10.3
jackson-core-2.10.2.jar	Removed
jackson-core-2.11.2.jar	Version changed from 2.10.3
jackson-databind-2.11.2.jar	Version changed from 2.10.3
jackson-databind-2.9.10.3.jar	Removed
jackson-databind-2.9.10.4.jar	Version changed from 2.10.2
jackson-dataformat-csv-2.11.2.jar	Version changed from 2.10.2
jackson-datatype-jsr310-2.11.2.jar	Version changed from 2.10.3
jackson-jaxrs-base-2.10.2.jar	Removed
jackson-jaxrs-base-2.11.2.jar	Version changed from 2.10.3
jackson-jaxrs-json-provider-2.10.2.jar	Removed
jackson-jaxrs-json-provider-2.11.2.jar	Version changed from 2.10.3
jansi-1.18.jar	Version changed from 1.8
jetty-client-9.4.27.v20200227.jar	Added
jetty-http-9.4.27.v20200227.jar	Added
jetty-io-9.4.27.v20200227.jar	Added
jetty-xml-9.4.27.v20200227.jar	Added
jsr305-3.0.2.jar	Removed
jstl-1.1.2.jar	Added
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar	Removed
mqtt-client-1.3.jar	Added
mysql-connector-java-8.0.22.jar	Version changed from 5.1.44
neko-htmlunit-2.38.0.jar	Added
openjpa-2.4.0-ep2.3.jar	Version changed from 2.4.0-ep2.1
openjpa-jdbc-2.4.0-ep2.3.jar	Version changed from 2.4.0-ep2.1
openjpa-jest-2.4.0-ep2.3.jar	Version changed from 2.4.0-ep2.1
openjpa-kernel-2.4.0-ep2.3.jar	Version changed from 2.4.0-ep2.1
openjpa-lib-2.4.0-ep2.3.jar	Version changed from 2.4.0-ep2.1
openjpa-persistence-2.4.0-ep2.3.jar	Version changed from 2.4.0-ep2.1
openjpa-persistence-jdbc-2.4.0-ep2.3.jar	Version changed from 2.4.0-ep2.1
org.apache.commons.logging-1.1.1.v201101211721.jar	Removed
org.apache.servicemix.bundles.spring-orm-4.3.25.RELEASE_1.jar	Added
serializer-2.7.2.jar	Added
slf4j-api-1.7.30.jar	Added
slf4j-log4j12-1.7.30.jar	Added
standard-1.1.2.jar	Added
websocket-api-9.4.27.v20200227.jar	Added
websocket-client-9.4.27.v20200227.jar	Added
websocket-common-9.4.27.v20200227.jar	Added
xalan-2.7.2.jar	Added
xbean-spring-4.17.jar	Version changed from 4.16

Changelog

Changelog Announcements

Refactored core-changelog-2021-01-data-fields-as-json-clob.xml to make it run 20-30X faster on MySQL and Oracle databases

Modified how promotion and price list assignment start and end dates are stored to allow queries to easily exclude expired records

Enabled Application Caching in Search Server and Integration Server

note

Significantly improved the performance of customer, account, and order searches in Commerce Manager

Changed attribute value LONG_TEXT_VALUE field from CLOB to VARCHAR

Removed Customer Solr index

Modified Cortex to allow it to continue functioning normally if ActiveMQ is overloaded or offline

Upgraded to Log4j 2.x

8.2.0

Release Highlights

Account Management

Ability for Buyers to View and Manage Account Details

Attributes

Addresses

Payment Instruments

Status

Ability for Buyers to Manage Account User Associations

Ability for Buyers to View Child Accounts

Ability for Buyers to Choose from Account Addresses and Payment Instruments during Checkout

note

Ability to Define Roles for Buyers

Order Hold Strategies

Catalog Promotion Selling Context

System Requirements and Compatibility

New in This Release

Ability for Seller Admins to Mark Accounts as Suspended

Cache implementation improvements

Made refreshStrategy metadata records required for all setting definitions

Surefire and Failsafe plugin updates

Removed some outdated language in alignment with diversity and inclusion commitments

Upgraded shopper and business user password hashing

Added ability to specify filtering when exporting customers through Import/Export

Improved logging when running data population

Improved how Cortex LINK permissions are defined

Enhanced ep-core-tool to allow Setting Metadata to be updated

Commerce Manager now displays orders in FAILED state

Address family-name and given-name fields are now optional

Added references resource in Cortex root

Replaced XA with Outbox pattern

Added Maven Minimal Configuration

Fixed Issues

Prevent Cortex error when viewing customer profile

Cortex webapp overlays folder added to gitignore

Removed unnecessary cart re-pricing calls

Fixed thread safety issue when calculating promotions

Messaging in CM when there was a reservation failure during order modification was confusing

Fixed several Liquibase upgrade script issues

Improved handling for unpriced items in the cart

Fixed issue in which Cortex sometimes re-uses shopper record from a different store

Ensure that cart modifier values are cleared from default cart after checkout

Limited use coupon codes could not be removed from cart

Removed unnecessary duplicate queries to TATTRIBUTE table during checkout

Import/Export imports weren’t updating Catalog Syndication projections

Eliminated unnecessary UIDPK = 0 queries

Fixed exception that could occur when multiple threads request the same shopping cart concurrently

Optimized the cleanupFailedOrdersJob batch job

Updated several Maven plugins to improve multi-threaded build support

Caching bug could cause product to appear as missing in Cortex

Prevent duplicate domain events from being published

Products without display name in Commerce Manager language do not appear properly in promotions wizard

Improvement to offer-price-range logic when list price is lower than sale price

Improved search master customer indexing

Fixed several tests that were incorrectly using "week year" instead of "year"

Fallback payment capture attempts are not recorded

Shipping address on all active shopping carts is changed when shopper’s default shipping address is updated

Avoid unnecessary validation calls during add-to-cart and checkout

Improved consistency of catalog entity code validation

Extended bundle permission.properties not overriding permission.properties consistently

Upgrade Notes

Core Commerce

Database Changes

Upgraded Libraries

Changed attribute value `LONG_TEXT_VALUE` field from `CLOB` to `VARCHAR`

`8.2.0`

`Cache` implementation improvements

Made `refreshStrategy` metadata records required for all setting definitions

Improved how Cortex `LINK` permissions are defined

Enhanced `ep-core-tool` to allow Setting Metadata to be updated

Commerce Manager now displays orders in `FAILED` state

Address `family-name` and `given-name` fields are now optional

Added `references` resource in Cortex root

Removed unnecessary duplicate queries to `TATTRIBUTE` table during checkout

Eliminated unnecessary `UIDPK = 0` queries

Optimized the `cleanupFailedOrdersJob` batch job

Improvement to `offer-price-range` logic when list price is lower than sale price

Extended bundle `permission.properties` not overriding `permission.properties` consistently