Elastic Path 8.2.x Release Notes
Learn about changes to Elastic Path Commerce for this release. Fixes since the release are summarized in the changelog.
Changelog
The changelog contains the list of fixes and improvements made to Elastic Path Commerce 8.2 since its release date. To learn how to consume the updates, see Consuming Support Fixes.
- 77501093: Build stability improvements. (27-Nov-2024)
- a8ea88a1: Fixed a
NullPointerException
that can occur when publishing multi-sku products through the Data Sync Webapp. (29-Oct-2024) - c2d633bc: Fixed intermittent failure in Order search for failed order Selenium test. (23-Oct-2024)
- 55f309ee: Fixed preconditions in
core-changelog-2020-08-cleanup-expired-failed-orders-job.xml
to avoid potential upgrade error. (9-Oct-2024) - 3c5e8a96: Removed support for
user-name
anduser-company
fields in JWT metadata payload, which was leading to unique constraint errors in PunchOut. (26-Sep-2024) - 4b8bec96: Fixed issue with Data Sync Webapp where changesets containing base amounts were causing multiple product index notifications to be created and were also holding the base amount objects in memory until the service was restarted. (19-Sep-2024)
- 8a1cbcf0: Refactored the Catalog Syndication builders to use
AbstractBatchJob
instead of Spring Batch, to address lock wait timeout issues during the build process. (19-Sep-2024) - a0525a5e: Removed the requirement to set the
ep.catalog.batch.database.*
JVM parameters on the Batch Server for non-MySQL databases. The database type is now detected automatically. (18-Sep-2024) - 69d454f6: Fixed issue with Cortex attempting to write logs to a folder based on the build machine home folder instead of the runtime machine home folder. (14-Sep-2024)
- b37aed54: Fixed issues with the shopper conditions user interface in Commerce Manager where conditions were sometimes duplicated or could not be removed. (13-Sep-2024)
- 3993d2ef: Upgraded Tomcat version from 9.0.85 to 9.0.90. (11-Sep-2024)
- 89df6f54: Build stability improvements. (10-Sep-2024)
- 6e73cbe6: Fix for
NullPointerException
that can occur if looking up a non-existent compound GUID withCategoryLookup#findByCompoundCategoryAndCatalogCodes
. (30-Aug-2024) - 6cd793a0: Consolidated all Awaitility dependencies from version 2.0.0 to 3.1.6. (26-Aug-2024)
- 1e139ded: Updated the Log4j configuration for all services to ensure that log file sizes are limited by using a fixed window rolling policy. (26-Aug-2024)
- afed2a3f: Fixed issue where the
parentCategoryCodes
field is not populated in the SOLR index for linked categories. (25-Aug-2024) - b5d4404e: Build stability improvements. (20-Aug-2024)
- 3a415e00: Fixed Catalog Syndication cucumber test stability issue. (19-Aug-2024)
- 3d579710: Fixed issue with logging of some Catalog Syndication failures. (17-Aug-2024)
- 6c3239e4: Fixed issue with SKU selection dialog not allowing users to search after clicking the clear button. (15-Aug-2024)
- 368eaf0b: Added a Liquibase custom change class for adding new setting definitions and setting values. (6-Aug-2024)
- 01543208: Updated catalog syndication projection rebuild process to better utilize Spring Batch and avoid long database record locks. (31-Jul-2024)
- 348c61bc: Fixed out of memory error that can occur on the Batch Server if database contains a large number of
TCUSTOMERCONSENT
records. (30-Jul-2024) - 270f1de7: Fixed issue where
parent-widget-id
andwidget-type
attributes on a table row were not properly set after a table is updated. This could lead to Selenium test issues. (29-Jul-2024) - 4a6cd5a8: Fixed all query strings defined on beans for Catalog Syndication
JpaPagingItemReader
instances to ensure they have anORDER BY
clause. (25-Jul-2024) - 7d615e28: Improved Oracle
reset-db
script to ensure that the tablespace is created automatically. (19-Jul-2024) - b3d4f3c7: Improvements to Operational Insights exception handling when an exception is thrown during cache inspection. (17-Jul-2024)
- ec787f2a: Removed line from
com.elasticpath.cmclient.core/plugin.xml
that caused the XML to be invalid. (20-Jun-2024) - 24bf220a: Fixed issue with Commerce Manager initialization that can occur if several initial requests are received concurrently. (18-Jun-2024)
- 3caf6858: Fixed issue where
CouponUsageLimitValidator
doesn't properly handle some coupon-related issues. (17-Jun-2024) - 53361410: Added exclusion on Spring Framework dependencies within
ext-commerce-engine-wrapper
to ensure that Spring dependencies aren't accidentally embedded in the bundle. (17-Jun-2024) - c8f89a1d: Fix for potential race condition around
CategoryLookup
andCategoryService
load tuners which can cause errors about unloaded fields. (10-Jun-2024) - a669a865: Fix to avoid retrying the post capture checkout steps if there is an exception thrown. (10-Jun-2024)
- 476c41b0: Fixed issue for scenario when multiple customer records have the same username for different stores, the wrong customer record could be selected during authentication. (6-Jun-2024)
- 30661387: Fix for intermittent Selenium test failure "Error forwarding the new session Empty pool of VM for setup". (4-Jun-2024)
- b32f0306: Fixed intermittent Selenium test failures related to long generated catalog entity names. (4-Jun-2024)
- c884e005: Fixed intermittent Selenium test failures related to the "Promotion Search With Quotes" test. (2-Jun-2024)
- 7d0bc1c5: Removed check from Commerce Manager and Batch Server health checks that verifies that search server is reachable. This was causing health checks to fail incorrectly in some circumstances. (29-May-2024)
- 51e49b1e: Improved
H2DataSourceInitializerImpl
to prevent H2 database snapshots from being corrupted when multiple tests are run concurrently. (27-May-2024) - e01dad51: Upgraded solr-core from 8.11.1 to 8.11.3 to address CVE-2023-50298, CVE-2023-50291 and CVE-2023-50292 (27-May-2024)
- 937d8f65: Liquibase fix for "Improved performance of case-insensitive queries involving store code" to convert
TSHOPPER.STORECODE
to upper case and add foreign key constraint. (23-May-2024) - ce5dc84c: Build stability improvements. (15-May-2024)
- b6d87928: Updated activemq-kahadb-store from version 5.14.3 to 5.17.6. (15-May-2024)
- 91d7b805: Separated product and product type caching to reduce product cache memory use by 30-60%. (14-May-2024)
- a05e135f: Upgraded Jetty from 9.4.44.v20210927 to 9.4.54.v20240208 to address CVE-2024-22201, CVE-2023-44487, CVE-2023-36479, CVE-2023-26049, CVE-2023-26048 and CVE-2022-2048. (14-May-2024)
- 665f0792: Removed duplicate localization property key in
email.properties
that was causing confusion. (14-May-2024) - c02467fc: Added a check at Search Server startup to delete compiled Drools records if they are invalid due to being compiled with an older version of Drools. (7-May-2024)
- c993edd2: Changed
ep-test-application
dependencies to test scope to ensure that test artifacts don't end up in the compiled WAR files. (29-Apr-2024) - f64cb654: Migrated fusesource mqtt-client 1.3 to activemq-mqtt 5.17.6 to address CVE-2019-0222. (17-Apr-2024)
- fa4dc801: Upgraded hibernate-validator from 6.0.20.Final to 6.2.0.Final to address CVE-2023-1932. (17-Apr-2024)
- 879d5c13: Fixed exception handling around attribute value types. (15-Apr-2024)
- 8032ffd4: Modified default cache TTL for checking promotion updates from 60 minutes to 5 minutes so that promotion changes are reflected more quickly in Cortex. (15-Apr-2024)
- 3edc7bd6: Include all caches in Operational Insights API response, instead of just select caches. (15-Apr-2024)
- a5d741ea: Fixed several Operational Insights metrics that were broken for customers using PostgreSQL or Oracle. (12-Apr-2024)
- bd8d9f19: Allow Operational Insights clients to override service response wait time by setting
serviceResponseWaitTime
query parameter. (12-Apr-2024) - 7d582902: Build stability improvements. (12-Apr-2024)
- 68a0b8f9: Fixed more issues with Helix exception handling where the stack trace can be lost. (10-Apr-2024)
- 4ec0bd11: Fixed OSGi split package issue for
org.apache.commons.fileupload
packages. (9-Apr-2024) - 23ddb975: Build stability improvements. (8-Apr-2024)
- 93856914: Improved exception handing around customer creation logic to ensure that root cause is properly logged. (8-Apr-2024)
- dabfbc68: Excluded htrace-core4 from transient dependencies which contains vulnerable shaded copy of jackson-databind 2.4.0. (5-Apr-2024)
- 6e3127ae: Fixed issue with the ActiveMQ console showing an error when accessed on a local developer machine. (25-Mar-2024)
- 53ebad74: Fixed potential race condition that can cause payment provider configuration property values to be returned as empty. (22-Mar-2024)
- b9897dc0: Upgraded esapi from 2.5.2.0 to 2.5.3.1 to address WS-2023-0429. (20-Mar-2024)
- df40e4ee: Fixed potential race condition that can cause product/sku/category attribute values to be returned as empty. (18-Mar-2024)
- a3d7d66c: Fix for Operational Insights "tomcat-*" fields returning values for the health check connector instead of the primary connector. (18-Mar-2024)
- 7a13c68b: Upgraded Tomcat version from 9.0.50 to 9.0.85 to address multiple vulnerabilities. (18-Mar-2024)
- ad13f511: Upgraded javax.el from 3.0.0 to 3.0.4 to address CVE-2021-28170. (18-Mar-2024)
- bfa870c4: Upgrade Drools from 7.6 to 7.74.1 to address CVE-2022-1415. (12-Mar-2024)
- 041aa3ce: Migrated jstl 1.1.2 and 1.2 to taglibs-standard-impl 1.2.3 to address CVE-2015-0254. (12-Mar-2024)
- 2855f648: Fixed intermittent failure in the
AccessTokenDtoTransformerTest.testTransformToOAuth2AccessToken
unit test. (12-Mar-2024) - ac760ecb: Disabled JMX for Cortex and Integration Server in Cucumber tests to avoid port conflicts. (4-Mar-2024)
- d4d2ce7c: Removed nekohtml dependency to address CVE-2022-29546, CVE-2022-28366, and CVE-2022-24839. (1-Mar-2024)
- 754fe461: Upgraded Apache Shiro from 1.12.0 to 1.13.0 to address CVE-2023-46749. (27-Feb-2024)
- ff9ac426: Upgraded wiremock from 2.23.2 to 2.27.2 to address CVE-2021-23369. (26-Feb-2024)
- d6ab869c: Upgraded commons-net to version 3.9.0 to address CVE-2021-37533. (26-Feb-2024)
- 2f99b1f9: Upgraded commons-configuration2 from version 2.1.1 to 2.8.0. (23-Feb-2024)
- 92cb0a57: Upgraded json-path from 2.6.0 to 2.9.0 to address CVE-2023-51074. (23-Feb-2024)
- d30b9120: Fix for race condition that can occur if a user posts multiple requests to the registration form concurrently. This change ensures that only a single authentication record is created in this circumstance. (23-Feb-2024)
- 70ac9dd2: Fix for issue where Cortex generates two customer authentication records when a customer registers. (22-Feb-2024)
- ede8780c: Upgraded poi from 4.0.1 to 4.1.1 to address CVE-2019-12415. (22-Feb-2024)
- dbf3ab24: Upgraded antisamy from 1.7.4 to 1.7.5 to address CVE-2024-23635. (21-Feb-2024)
- ab9be239: Upgrade htmlunit from 3.0.0 to 3.9.0 to address CVE-2023-49093. (19-Feb-2024)
- 29aa6093: Upgraded htmlunit from 2.70.0 to 3.0.0 to address CVE-2023-26119. (15-Feb-2024)
- b11a03c1: Updated failsafe plugin to use alphabetical ordering instead of default filesystem ordering. (15-Feb-2024)
- d2cd8e4a: Upgraded logback from version 1.2.10 to 1.2.13 to address vulnerability CVE-2023-6481. (15-Feb-2024)
- 0b5788e7: Upgraded junit from 4.12 to 4.13.1 to address CVE-2020-15250. (15-Feb-2024)
- 46dcfe4e: Upgraded ant from 1.7.1 to 1.10.14 to address CVE-2020-11979. (14-Feb-2024)
- f841b187: Upgraded velocity from version 1.6.2 to 2.3 to address CVE-2020-13936. (14-Feb-2024)
- 1ef930ed: Fixed issue with ESAPI bundle startup after upgrading ESAPI from 2.4.0.0 to 2.5.2.0. (14-Feb-2024)
- d81109af: Upgraded commons-fileupload from 1.4 to 1.5 to address CVE-2023-24998. (14-Feb-2024)
- 0ab51e23: Improved JMS-related test reliability. (13-Feb-2024)
- 93145baa: Upgraded guava from 31.1-jre to 32.0.1-jre to address CVE-2023-2976. (13-Feb-2024)
- afc8020b: Ensure customer username case insensitivity across databases. (13-Feb-2024)
- 15b84cee: Upgraded jsoup from 1.14.2 to 1.15.3 to address CVE-2022-36033. (13-Feb-2024)
- ab13b92e: Upgraded jsoup from 1.8.3 to 1.14.2 to address CVE-2021-37714. (12-Feb-2024)
- cd81dc65: Upgraded jackson-databind from 2.13.4 to 2.16.1 to address CVE-2022-42003. (12-Feb-2024)
- f686c9e8: Upgraded ESAPI from 2.4.0.0 to 2.5.2.0 to address WS-2023-0388. (12-Feb-2024)
- 45415eff: Upgraded ESAPI from 2.3.0.0 to 2.4.0.0 to address CVE-2022-28366 and CVE-2022-29546. (9-Feb-2024)
- 764edbb4: Upgraded antisamy from 1.6.7 to 1.7.4 to address CVE-2023-43643. (9-Feb-2024)
- ffb08d53: Improved how
ClasspathResourceLoader
is initialized to prevent a possible memory leak related to Velocity email rendering. (9-Feb-2024) - fc339073: Upgraded xerces from 2.12.0 to 2.12.2 to address CVE-2022-23437. (8-Feb-2024)
- 9893095b: Upgraded json-smart from 2.4.7 to 2.4.10 to address CVE-2023-1370. (8-Feb-2024)
- f25cb97c: Upgraded protobuf-java from 3.11.0 to 3.16.3 to address CVE-2022-3509 and CVE-2022-3171. (8-Feb-2024)
- d76d2526: Upgraded json from 20220924 to 20231013 to address CVE-2023-5072. (7-Feb-2024)
- c84ecfdf: Fix to avoid JMX "port in use" conflicts in cargo with multi-threaded builds. (7-Feb-2024)
- f4390bc4: Upgraded xstream from 1.4.19 to 1.4.20 to address CVE-2022-41966. (6-Feb-2024)
- b9c504fb: Fixed Cortex permission error that can occur if
x-ep-account-shared-id
header is set when reading accounts associated to the current user. (17-Jan-2024) - a0248003: Optimization to eliminate unnecessary
TSHOPPINGITEMRECURRINGPRICE
queries when a shopping cart is retrieved. (16-Jan-2024) - 5c7d5460: Optimization to eliminate unnecessary queries to update cart item last modified date when a shopping cart is persisted. (12-Jan-2024)
- 96346969: Added null check in
SolrQueryFactory
to avoidNullPointerException
if an expected attribute key does not exist. (15-Dec-2023) - cc409409: Changed
sortattributes
link to static instead of conditional to remove unnecessary extra product search when using theoffersearch
resource. (11-Dec-2023) - 960af685: Fixed Cucumber tests that fail if test run order is changed. (11-Dec-2023)
- a8ca2ab4: Updated
individual-settings.xml
to use secure Nexus URLs. (11-Dec-2023) - 77645569: Upgraded shiro-core from 1.9.1 to 1.12.0 to address CVE-2023-34478. (4-Dec-2023)
- 7e1fd360: Fixed issues with Helix exception handling where the stack trace can be lost and the reference number shown to the user doesn't match the logged reference number. (1-Dec-2023)
- b1cc98d4: Fixed product lookup cache population bug that can lead to unnecessary database queries. (1-Dec-2023)
- 2fd6f1b8: Added missing request scoped caching annotations to
CustomerSessionRepositoryImpl
methods. (29-Nov-2023) - 29dfd908: Fixed issue that can cause Query Analyzer to fail if default encoding type is not set to
UTF-8
. (29-Nov-2023) - 5c8429a5: Additional fixes for improved performance of case-insensitive queries involving store code. (29-Nov-2023)
- 153731bd: Upgraded Jersey version from 2.27 to 2.40 in
api-platform
to matchep-commerce
version. (27-Nov-2023) - 0f2a917c: Fix for
NullPointerException
that can occur if looking up a non-existent category GUID withCategoryLookup#findByGuid
. (23-Nov-2023) - 5c7f97fd: Fix for intermittent failure in "Payment Configuration" tests. (23-Nov-2023)
- a89d64e7: Performance improvement to eliminate duplicate shopper and customer queries when zooming into
wishlistmembership
link. (20-Nov-2023) - f1eedcd2: Improved performance of case-insensitive queries involving store code. (20-Nov-2023)
- 948e1945: Upgraded shiro-core from version 1.8.0 to 1.9.1 to address CVE-2022-32532. (17-Nov-2023)
- 0dcd7ff7: Fix for error that can appear when doing search operations in Commerce Manager if the
COMMERCE/SEARCH/boosts
system configuration setting is specified. (13-Nov-2023) - 61357cb5: Upgraded ActiveMQ from version 5.16.4 to 5.16.7 to address CVE-2023-46604. (10-Nov-2023)
- 1fbf79d2: Replaced legacy SOLR
LRUCache
withCaffeineCache
. (8-Nov-2023) - 9d5bc58e: Fixed a failure in the
wishlistmembership
resource if a wish list contains the same product sku more than once. (7-Nov-2023) - 6a799c6a: Fixed an issue where JMS messages are not consumed evenly when multiple load balanced services are deployed. (7-Nov-2023)
- a41e7ae3: Fixed issue with selected disabled radio buttons and checkboxes being invisible on the shopping cart promotion wizard. (6-Oct-2023)
- 82894597: Fixed potential
NullPointerException
when requesting Operational Insights report if no services respond with results. (6-Oct-2023) - f75c6207: Added ability to use quotes to request an exact match on each individual word when searching for products and skus in Commerce Manager. (29-Sep-2023)
- 61630001: Added ability to specify wildcard (*) character when searching for products and skus in Commerce Manager. (28-Sep-2023)
- 445d6b73: Added
Vary
header to Cortex response to prevent browser cache issues. (20-Sep-2023) - 0d9dac2a: Fixed issue where price list drop-down in Commerce Manager product editor was empty unless user had access to all catalogs. (18-Sep-2023)
- ec14511a: Fixed issues in
set-ep-versions.sh
script and Maven settings used for builds. (18-Sep-2023) - 95d5fdbb: Fixed issue where physical product inventory was not properly released if an order failed. (15-Sep-2023)
- 6da1449d: Added non-null constraint to
TCUSTOMERAUTHENTICATION.USERNAME
to ensure that invalid customer authentication records are not created. (14-Sep-2023) - 237b3240: Standardized Cucumber test configuration across modules. (13-Sep-2023)
- 28f3e8b9: Removed problematic and unnecessary
ep-core-cucumber-itests
module. (11-Sep-2023) - 2811f2f6: Fix for "Parent cannot be changed on an existing customer record" error when importing customers. (11-Sep-2023)
- 5bdc409b: Fixed Commerce Manager issue with sorting accounts by business number where duplicate records were appearing. (7-Sep-2023)
- 0bb099cf: Fixed an issue where a large number of queries were being executed to retrieve customer, product, product sku, and category attribute values. (4-Sep-2023)
- 7aa51522: Fixed bug in
verifyDebugMessage
method used by Cucumber tests. (29-Aug-2023) - 9075b4f1: Fixed several coupon-related named queries that were using the unindexed
coupon_code
field instead of the indexedcoupon_code_upper
field, leading to table scans. (24-Aug-2023) - 048964e0: Fixed a potential race condition in
CachedSettingsReaderImpl
that can cause errors during Cortex startup. (21-Aug-2023) - 13edd64b: Performance improvement for selling context evaluation that replaces the Groovy implementation for a faster Java equivalent. (31-Jul-2023)
- c9042a4d: Added caching for product association lookups to improve performance. (21-Jul-2023)
- c3b974a7: Changed Cortex database connection pool max size from 150 to 250 to ensure that it matches the default Tomcat max thread pool. (19-Jul-2023)
- ba99f6be: Fixed issue with editing promotions without shopper conditions that causes a selling context to be created and then immediately deleted in the database. (19-Jul-2023)
- 57c4ae4a: Added annotations to the code to suppress false positive SonarQube issues. (7-Jul-2023)
- 8b51eed3: Fixed issue with Operational Insights not returning Tomcat metrics in deployed environments. (7-Jul-2023)
- 4ebd17fc: Fixed
NoClassDefFoundError
that can occur when Operational Insights tries to determine cache sizes. (5-Jul-2023) - 14bd7126: Added missing implementations for "not matching" and "not containing" selling context tag operators. (30-Jun-2023)
- aa755f7c: Fix for potential "output value too large" error when running changeset
PB-8894-CLOB-order-data-oracle-mysql
on Oracle. (28-Jun-2023) - eba1dbd8: Fixed an issue with Object Auditing where audit records show changes that were not applied with the same old and new value. (26-Jun-2023)
- 86d26f62: Ensure that Cortex bundles are always loaded in the correct order to ensure that cache configuration is properly recognized. (30-May-2023)
- c7fd530e: Added ability for business users to manually set shared ID when creating an account in Commerce Manager. (25-May-2023)
- eb3beac8: Fix for
encountered unmanaged object
error when publishing bundles with sku constituents through DST. (24-May-2023) - fdb61090: Fix for
Can't DROP FK_OPAY_ORDER
error that can occur when migrating from EPC 7.6 to newer versions. (16-May-2023) - 4f4f3381: Refactored
core-changelog-2021-01-data-fields-as-json-clob.xml
to make it run 20-30X faster on MySQL and Oracle databases. (15-May-2023) - a09e251e: Fix for
java.lang.IllegalStateException: Product futureProduct is not linked to any categories
error during search indexing. (21-Apr-2023) - 51655307: Allow
additemstocartform
to be used to add items to cart with optional cart item modifiers. (18-Apr-2023) - c6cf692a: Modified how promotion and price list assignment start and end dates are stored to allow queries to easily exclude expired records. (13-Apr-2023)
- 01a4f4b8: Improved parallelization of Import/Export Cucumber tests to generate directories using a UUID instead of a sequential number to avoid potential conflicts. (5-Mar-2023)
- 311eee9b: Improved item recommendations lookup strategy. (13-Feb-2023)
- e0c4c339: Resolved local Cortex startup warning
The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or ""
. (10-Feb-2023) - 5a4a1f4b: Reduced the amount of logging produced when running Selenium tests. (8-Feb-2023)
- b6c1f575: Fix for intermittent test failures in
PaymentConfigurations
Cucumber tests. (7-Feb-2023) - baaf08e9: Fixed issue with changeset list resetting to page one when locking or publishing changesets. (6-Feb-2023)
- 4584740c: Fixed incorrect logging of successful / skipped messages in batch jobs after failure. (6-Feb-2023)
- d57eff1d: Fix for intermittent Selenium test failures due to thread safety issues. (6-Feb-2023)
- 09e9eb9a: Fixed issues with the
skuOptions
andmodifierGroups
options in the product type load tuner. (31-Jan-2023) - 09a38f2c: Fix for "Device is disposed" error in Commerce Manager. (30-Jan-2023)
- 3c55cbc0: Modified Product Association export mechanism to significantly improve performance. (30-Jan-2023)
- 19e5cc69: Fix for intermittent failure in "Import Data Policies with existing Data Policies" test. (26-Jan-2023)
- 83f1ae1d: Increased "Remove Abandoned Monitor" timeout for all services. (25-Jan-2023)
- 7820f3c1: Fix for potential deadlocks on shopping cart last modified date updates. (24-Jan-2023)
- b1b24b85: Fixed ability to run Cucumber integration tests on Windows developer machines. (24-Jan-2023)
- ae45712f: Removed the failover protocol from the JMS broker URL in accordance with our policy of discouraging use of ActiveMQ high availability mode. (18-Jan-2023)
- 83a380af: Fix for
NoClassDefFoundError: org/slf4j/IMarkerFactory
error when the first Cortex request is received. (18-Jan-2023) - afe0e09b: Fixed incorrect test definitions to use email, not shared ID. (18-Jan-2023)
- 9446028f: Fixed issue with empty facet name when assigning available facets to a store in Commerce Manager. (9-Jan-2023)
- 51f86c7c: Wherever an order is marked failed, there should always be a reason added as an order note. (5-Jan-2023)
- d9ab9a7d: Returned default JMS max active session per connection size back to 25. (16-Dec-2022)
- fe9828b9: Upgraded
ehcache-openjpa
from version 0.2.0 to 0.2.0-ep1.0 to address potentialConcurrentModificationException
. (15-Dec-2022) - 16c0e660: Fix for intermittent "Create category in existing category" selenium test failure. (15-Dec-2022)
- a6af2ae7: Upgraded
mysql-connector-java
from version 5.1.44 to 8.0.22. (15-Dec-2022) - d5789649: When a data sync failure occurs, the log now contains details about which object failed. (8-Dec-2022)
- 0256e20c: Addressed XML parse warning in search server logs during startup on local developer machines. (7-Dec-2022)
- a2c0519f: Addressed
api-platform
build issue on M1 MacBooks. (5-Dec-2022) - 883187b6: Modified coupon table to store coupon codes in uppercase so we can do a case insensitive lookups without a table scan. (1-Dec-2022)
- f2d5cce8: Fixed content root error appearing in IntelliJ for some modules. (28-Nov-2022)
- 739cbb5f: Performance improvement to avoid loading a full shopping cart when updating the last-modified date. (28-Nov-2022)
- dd96d5fe: Added caching to the
isInCategory
method to improve performance of promotions and price lists that are conditional on a product being in a category. (28-Nov-2022) - 58e60e02: Upgraded
hibernate-validator
from version 5.4.3.Final to 6.0.20.Final to address CVE-2020-10693. (25-Nov-2022) - d6a85c5b: Removed leftover references to customer SOLR index. (25-Nov-2022)
- fa2d823c: When accessing the Operational Insights API, the response no longer returns a redirect to a different URL. This behaviour was causing issues for environments with multiple Integration Servers behind a load balancer. (25-Nov-2022)
- 9727265c: Fixed an issue where a free item promotion triggered by a coupon was not activated. (24-Nov-2022)
- ca05d0cd: Improved upgrade performance of the
PB-8250 Migrate Data to USERNAME Liquibase
changeset on MySQL. (24-Nov-2022) - f32d0b76: Fix to ensure that orders are correctly placed in the "Failed" state if an exception is thrown inside
CreateNewOrderCheckoutAction#populateOrder
. (23-Nov-2022) - 989f3443: Upgraded
groovy-all
from version 2.4.15 to 2.4.21 to address CVE-2020-17521. (23-Nov-2022) - e867c18a: Upgraded
ESAPI
from version 2.1.0.1 to 2.3.0.0 to resolve CVE-2022-23457. (23-Nov-2022) - 5cbeeee4: Fixed issue with DST cache that is not cleared after failed synchronizations, which can lead to errors in subsequent synchronization attempts. (18-Nov-2022)
- 2de1a66d: Fixed error in JWT authentication if token does not contain either sub or account. (18-Nov-2022)
- 36aa6739: Upgraded
spring-security-oauth2
from version 2.3.8.RELEASE to 2.5.2.RELEASE to resolve CVE-2022-22969. (17-Nov-2022) - 35b9c11e: Fix for search server race condition that can prevent indexes from building. (17-Nov-2022)
- 0411b8e5: Fixed SonarQube linter errors in
api-platform
source. (17-Nov-2022) - e12ebdae: Changed log level in
PriceListPriceScoreDocComparator
to prevent logs from being flooded during search indexing. (15-Nov-2022) - c6ee3e9c: Removed duplicate "Assign Customer Segments" permission appearing in Commerce Manager. (11-Nov-2022)
- 8c6b0ed6: Fixed potential
NullPointerException
that can occur when the7.5.0-decouple-customer-userid-from-email changeset
is executed. (10-Nov-2022) - ec94dbd5: Upgraded
httpclient
from version 4.5.5 to 4.5.13 to resolve CVE-2020-13956. (10-Nov-2022) - f1f78a69: Upgraded
mybatis
from version 3.2.3 to 3.5.11 to resolve CVE-2020-26945. (10-Nov-2022) - 6aaa28dc: Modified
EpEmailValidator
to accept empty values to be consistent with other validators. (8-Nov-2022) - 74cc3e84: Fixed issue when exporting customers with a customer type filter on Oracle. (8-Nov-2022)
- bdeb1f5a: Upgraded
json-path
from version 2.4.0 to 2.6.0. (8-Nov-2022) - c50abd10: Upgraded
json-smart
from version 2.4.2 to 2.4.7. (8-Nov-2022) - daf2cc8f: Upgraded
jdom
from version 1.1.3 to 2.0.6.1. (7-Nov-2022) - 239f6fc9: When checking out a cart that contains a coupon that has run out of uses, block checkout instead of removing the coupon code automatically. (7-Nov-2022)
- 34a8e38d: Upgraded
xstream
version from 1.4.18 to 1.4.19 to address CVE-2021-43859. (4-Nov-2022) - 1dfe75f4: Fixed primary key data type on
TOUTBOXMESSAGE
table to prevent overflow. (3-Nov-2022) - 372a096f: Fix to populate the cart item modifier fields in the
OrderSkuDTO
object that is passed to payment plugins. (3-Nov-2022) - a1adda5a: Upgraded
camel
from version 2.23.4 to 2.25.3 which transitively upgradeswoodstox
from version 5.1.0 to 5.3.0. (3-Nov-2022) - b8eb036b: Upgraded
logback
andslf4j
versions inapi-platform
so they matchep-commerce
. (31-Oct-2022) - bc2ec833: Upgraded
json
library version from 20170516 to 20220924. (31-Oct-2022) - 689fdc2e: Enabled application caching in search and integration server. (31-Oct-2022)
- 4129524d: Fixed issue preventing email notifications from being sent when a changeset publish completes. (28-Oct-2022)
- 05e86c28: Corrected invalid JMS connection pool attribute names in
context.xml
. (28-Oct-2022) - c6252e42: Fix for the
2020-08-remove-gender
changeset to ensure that it doesn't unintentionally delete unrelated localized properties. (28-Oct-2022) - 3177150a: Fixed issue where the price list drop-down on the product bundle price adjustments tab isn't populated. (27-Oct-2022)
- 8afe94ff: Modified Integration Server to use cache configuration specified by
ep.external.ehcache.xml.path
instead of the embeddedehcache-importexport.xml
. (27-Oct-2022) - 031c98d1: Fixed issues with Integration Server that prevented payment plugins from being wired in correctly. (27-Oct-2022)
- 8ba66b21: Upgraded
commons-text
from version 1.9 to 1.10 to address CVE-2022-42889. (26-Oct-2022) - db77beee: Prevented new shoppers from being created each time a custom cart is created. (26-Oct-2022)
- cdf37aae: Fixed issue with
Utility#waitUntilAllOutboxMessagesConsumed
throwing exceptions when Selenium tests were run. (20-Oct-2022) - d6438cfe: Upgraded
commons-validator
from version 1.6 to 1.7. This allows Cortex to recognize recent new DNS top-level domains when validating email addresses. (19-Oct-2022) - d98471a5: Replaced
libsass-maven-plugin
to resolve build errors on Mac M1 machines. (18-Oct-2022) - 572231cc: Fixed an issue where creating an exchange can result in two payments being collected from the customer. (13-Oct-2022)
- 75dd78a6: Upgraded
xmlbeans
from version 2.4.0 to 3.0.0. (7-Oct-2022) - 5584cc0e: Modified the Commerce Manager promotion wizard sku and product selection dialogs to avoid showing prices, which can be a performance bottleneck. (6-Oct-2022)
- 58c9490b: Fixed issue where promotions that can apply to multiple cart items but are limited in number would apply the discount correctly but the
appliedPromotions
resource would show it applying to both. (5-Oct-2022) - 1714a6f5: Upgraded Spring Batch from version 4.0.4 to 4.2.3. (29-Sep-2022)
- 075799a9: Improvement to cart line item promotion allocation to allow code to determine how much of a discount the promotion applied to each line item. (28-Sep-2022)
- 8344e8ba: Upgraded Guava from version 24.1.1-jre to 31.1-jre. (28-Sep-2022)
- 60ffb25d: Improvements to Selenium test suite run time. (27-Sep-2022)
- 3373a435: Fixed race condition in
IndexNotificationProcessor
preventing index notifications from being deleted properly. (26-Sep-2022) - 81d74f52: Modified Commerce Manager product and category display name localization so that only intentionally specified values are displayed and saved. (26-Sep-2022)
- 42e602ab: Added Strict Transport Security header to Cortex to ensure that it is always accessed over HTTPS. (23-Sep-2022)
- 72352fa6: Removed all Direct Web Remoting library dependencies. (22-Sep-2022)
- ca5340d4: Upgraded Logback from version 1.2.3 to 1.2.10. (22-Sep-2022)
- 688c6050: Fixed issue where promotion date range was being checked using application timezone instead of database timezone. (19-Sep-2022)
- ed331b9e: Fixed issue with product not being automatically added to cart by free item promotion action. (19-Sep-2022)
- f286b24f: Upgraded Spring Core from version 4.3.25.RELEASE to 4.3.30.RELEASE. (15-Sep-2022)
- 2cdc27df: Fixed issue where Cortex prevented checkout for default shopping carts that were missing cart modifier values. (14-Sep-2022)
- 2ae8c916: Performance improvement around fetching the 'frequency SKU option' from the database. (13-Sep-2022)
- 671e590b: Fixed issues with custom sort attributes that used the date data type. (13-Sep-2022)
- a72369a5: Added multiple security headers to Cortex responses:
Content-Security-Policy
,Referrer-Policy
,X-Content-Type-Options
,X-XSS-Protection
. (13-Sep-2022) - 0c7feab2: Refactored additional logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging). (8-Sep-2022)
- ab4cc7fd: Build stability improvements. (8-Sep-2022)
- acbdbf01: Separated indexing pipelines by type to ensure that long queues in one pipeline doesn't delay indexing in another. (5-Sep-2022)
- 282021fe: Avoid inventory lookup during search indexing for stores with isDisplayOutOfStock set to true. (5-Sep-2022)
- ac76a03f: Upgraded plexus-utils from version 2.0.4 to 3.0.24. (2-Sep-2022)
- 7e4b6541: Replaced the single-threaded
taskExecutor
used by theblueprint-extender
with a configurableThreadPoolTaskExecutor
version. This allows the extender to work in parallel on the bundles resulting in faster Cortex boot time. (2-Sep-2022) - 643ebf64: Upgraded antisamy from version 1.5.8 to 1.6.7. (1-Sep-2022)
- 9301c776: Added HTTP header and Javascript to defend against potential clickjacking attacks on Cortex Studio. (31-Aug-2022)
- a180c136: Disabled an intermittently failing Selenium test. (31-Aug-2022)
- f3f8a895: Disabled an intermittently failing Selenium test. (31-Aug-2022)
- 0a95038e: Upgraded Jackson from version 2.12.3 to 2.12.7 to address jackson-databind security vulnerability. (31-Aug-2022)
- 83eafc7f: Removed productRecommendationJob to avoid
OptimisticLockingException
s in the Data Sync Tool. (30-Aug-2022) - 94babc5a: Fixed issue with VersionService that made it unable to determine version for Cortex and Batch Server. (30-Aug-2022)
- 1119b6e7: Fixed optimistic locking error that would occur when attempting to edit the same system configuration setting more than once in a Commerce Manager session. (19-Aug-2022)
- fb2c0a99: Fixed a scenario where the Integration Server product lookup cache could be populated with a partially loaded product object, which led to NullPointerExceptions. (19-Aug-2022)
- 663e4fb5: Fixed potential cross-site scripting vulnerability in Cortex Studio when adding a custom entry point. (18-Aug-2022)
- 1b7cd789: Updated the order item detail table in Commerce Manager to allow values to be copied into the clipboard on completed orders. (18-Aug-2022)
- 69e13e9d: Increased the size of the fields used to hold catalog syndication content. (18-Aug-2022)
- 3b009977: Removed the Top Seller quartz job and corresponding sales count field on products. This job was only intended for use in demos, and was causing optimistic locking errors in the Data Sync Tool. (17-Aug-2022)
- 1a12cac2: Updated Catalog Syndication projection builder to ensure that projection and projection history records are persisted in separate transactions to prevent deadlocks. (17-Aug-2022)
- ee132f8c: Removed duplicate database indexes from the
TORDERADDRESS
table. (17-Aug-2022) - f98ab014: Fixed issue with multiple Cortex OSGi bundles exporting the same package, leading to potential instability at startup. (17-Aug-2022)
- b9bea4d6: Removed checksum validation from
2021-09-create-FK-indices-for-8.0
changeset due to required changes in earlier versions. (16-Aug-2022) - 0060bfc1: Upgraded Spring Web from version 4.3.25.RELEASE to 4.3.30.RELEASE. (16-Aug-2022)
- c2d6b3a0: Use embedded web server to reliably serve test mail attachment for Cucumber
emailFileAttachments.feature
. (7-Aug-2022) - 7df9133b: Fixed issue where offer search results can sometimes return the wrong result from the cache due to incorrect hashcode/equals methods on
SearchCriteria
classes. (29-Jul-2022) - 53254c24: Modified the coupon service to skip updating coupon usage values for unlimited use coupons to avoid concurrency issues under high load with unlimited public coupons. (25-Jul-2022)
- a9543b43: Added several indexes that were missing on Oracle and PostgreSQL databases. (25-Jul-2022)
- 3aacc89f: Refactored most logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging). (20-Jul-2022)
- 664e3a57: Disabled checksum validation on the
SUP-1020-customer-search-fields-case-insensitive
changeset to account for required changes in backports to earlier versions. (19-Jul-2022) - 033b1aaf: Refactored permission strategies to allow them to lookup a specific identifier rather than requiring them to retrieve every permitted identifier for the user. (14-Jul-2022)
- ad6d1c53: Extracted portions of changeset
2020-08-purge-expired-failed-orders-job-recreate-FKs-with-cascade-delete
into separate changesets that are only executed if theTORDERDATA
andTORDERITEMDATA
tables exist, since they are removed by another patch. (13-Jul-2022) - 711836ad: Fixed hashCode algorithm on
SellingContextCacheKey
to improve cache efficiency. (8-Jul-2022) - 9a2289a3: Increased the number of
UIDPK
sequence values that are retrieved in a batch for transactional entities to improve record insert performance. (4-Jul-2022) - b2a399f6: Fixed issue where cart item modifiers on shopping cart child line items cannot be updated. (15-Jun-2022)
- 5f8c8ff4: Performance improvement that moves shopping cart, shopping cart line, order, and order line metadata from separate tables into
CLOB
fields to reduce the required table joins. (14-Jun-2022) - b263f8bb: Upgraded Apache Shiro from 1.3.2 to 1.8.0. (10-Jun-2022)
- 7fe5deca: Significantly improved the performance of customer, account, and order searches in Commerce Manager. Also fixes several bugs in these searches and adds support for search by billing and shipping address fields. (10-Jun-2022)
- 273d3722: Improved thread safety around promotion rule compilation. (25-May-2022)
- 6729de36: Removed unnecessary event handler that was loading price lists into memory during authentication. (6-May-2022)
- 8bf2f5dd: Allow business users to add "not sold separately" products as associations. (6-May-2022)
- a22d89bb: Fixed search indexing to allow each index to commit as soon as it is complete instead of waiting for all indexes to complete. (4-May-2022)
- a9019ed6: Operational Insights is a tool for validating the configuration and health of an Elastic Path Commerce environment. This patch adds an API endpoint to the Integration Server that can be used by the Operational Insights front-end. For more information see Operational Insights. (2-May-2022)
- d857545b: Upgraded ActiveMQ to version 5.16.4 which uses Reload4j instead of Log4j to address several security vulnerabilities. (2-May-2022)
- 22f7c4a0: Fixed an issue where service logs were not being written to the correct location. They are now always written to
[user.home]/ep/logs
. (29-Apr-2022) - 575e82ab: Fixed an issue where a customer’s username is sometimes not migrated properly during an upgrade to EPC 8.1. (29-Apr-2022)
- f0369c59: Fix for potential
NullPointerException
while Cortex is validating attribute value data type compliance. (26-Apr-2022) - a488e0ee: Changed attribute value
LONG_TEXT_VALUE
field fromCLOB
toVARCHAR
to prevent JPA from making additional database queries for each attribute value. (25-Apr-2022) - 504023b8: Fixed an issue with password reset functionality that prevented users from logging in if they did a password change after their password hash was upgraded from
SHA-256
to BCrypt. (14-Apr-2022) - 790f6756: Extended the expiry date for Commerce Manager test users. (4-Apr-2022)
- e516fbbe: Fixed some intermittent Selenium test failures. (1-Apr-2022)
- 001da763: Inject producer template into
RelayOutboxMessageBatchProcessor
via Spring instead of@EndpointInject
annotation. (30-Mar-2022) - c50910df: Restored logging in Commerce Manager after Log4j2 upgrade. (25-Mar-2022)
- 72a68ce1: Removed ability for tax plugins to modify an item subtotal to avoid bugs in tax plugin implementations. (23-Mar-2022)
- 6592f9fb: Added ability to set customer username as a data policy data point so that Personally Identifiable Information (PII) data in that field (usually email address) is removed when consent is revoked. (18-Mar-2022)
- 7cace0d1: Removed unused
TermsAndConditions.feature
. (8-Mar-2022) - 6fb8fc11: Improves build and test stability. (4-Mar-2022)
- 444c880a: Modified the keyword search functionality to return all matching product skus instead of the default sku for matching products. (1-Mar-2022)
- 01a5eb89: Fixed an issue with where it would miss a button’s state change, causing test instability. (23-Feb-2022)
- 0398f3d5: Disabled unnecessary dependency retrieval when exporting through Import/Export API to greatly improve performance. Also fixed
DIRECT_ONLY
flag inexportconfiguration.xml
so it correctly excludes associated products from the product export. (23-Feb-2022) - 62f01018: Fix for failing email file attachments Cucumber test due to change in
place-hold.it
URL. (23-Feb-2022) - dbf35b11: Added cucumber tests for fixed issue where the Cortex resource returned no results if the
x-ep-account-shared-id
header was set. (9-Feb-2022) - 708f7568: Fixed issues with Liquibase scripts that caused an error during data upgrade. (9-Feb-2022)
- cb0fffcb: Fix for purchase lookup form not finding orders that were placed on behalf of the account that is specified in
x-ep-account-shared-id
. (8-Feb-2022) - 8376210c: Upgraded Apache SOLR from version 7.4 to 8.11.1. (7-Feb-2022)
- d1e19a72: Fixed an issue where shoppers were able to access Restricted and Under Construction stores in Cortex. (4-Feb-2022)
- e11a25c1: Upgraded Log4j 1.2.17 to Log4j 2.17.1. (25-Jan-2022)
- 023aeafe: Upgraded xstream from 1.4.11 to 1.4.18 and activemq from 5.16.0 to 5.16.1. (21-Jan-2022)
- d527e755: Modified Cortex to allow it to continue functioning normally if ActiveMQ is overloaded or offline. (19-Jan-2022)
- d92f33af: Fixed an issue where unrelated items were returned when searching for SKUs by SKU code in Commerce Manager. (13-Jan-2022)
- 3a714fff: Fixed issue in cli applications where unconsumed output on
System.err
could cause the application to hang. (13-Jan-2022) - 80d7ad9c: Allow base amounts to be added/edited/deleted without first adding the price list to the changeset. (29-Dec-2021)
- 295391c1: Upgraded Tomcat to version 9.0.50. (14-Dec-2021)
- 5287b7a6: Upgraded Quartz and Servicemix Quartz dependencies to version 2.3.2. (13-Dec-2021)
- 6625abc8: Fixed issue where the
wishlistmemberships
Cortex resource returned no results if thex-ep-account-shared-id
header was set. (1-Dec-2021) - f965e66d: Improved upgrade performance of liquibase changeset
2020-05-cart-cleanup-jobs-recreate-FKs-with-cascade-delete
. (30-Nov-2021) - 62644c1b: When a promotion can apply to multiple cart line items, this fix ensures that the
appliedpromotions
resource shows the promotion for all of the applicable line items. (24-Nov-2021) - e8a9589d: Improved upgrade performance of liquibase changesets:
7.6.0-torder-make-cart-order-guids-unique
,2020-09-convert-customer-passwords-to-bcrypt
,2020-08-flatten-order-sku-tree-for-better-performance
,2020-03-payment-configurations-preserve-all-authorization-codes-as-payment-data
,2020-05-update-accountmanagement-customertype
. (Nov 24, 2021) - f92e7843: Fixed issue with Cortex showing incorrect pagination results when retrieving recommendations. (Oct 28, 2021)
- 9a235c1f: Fixed issues with the re-population of
skuOptionsCache
which caused the cache to become ineffective after the TTL expires. (Sep 20, 2021) - 590dfe25: Improves Commerce Manager performance for catalogs with large volumes of base amounts. (Sep 17, 2021)
- 0b148528: Fixed an intermittent build failure where the index status was not set as expected. (Sep 15, 2021)
- aabe19cb: Fixed the cache for the
DynamicAttributeValue
. (Sep 1, 2021) - b0b74641: Removed unnecessary duplicate promotions caches and fixed potential thundering herd issue when promotions cache is initially populated. (Aug 31, 2021)
- a9cc15ee: Optimized the inventory rollup job performance and changed it to run more frequently. (Aug 24, 2021)
- 670b34f8: Performance fix for
ShipmentDetailsIdParameterServiceImpl
that previously retrieved each shipment in the user’s order history to determine if theshipment
resources should be accessible. (Aug 23, 2021) - a459f794: Second payment capture attempts are not logged or recorded in
TORDERPAYMENTS
when using an expired tokens. (Aug 19, 2021) - 0af8cab1: Updated promotion rule retrieval so that all other rules in the ruleset are not eagerly loaded. (Aug 15, 2021)
- 7f477d77: Updated customer domain object so that addresses are no longer eagerly loaded and are only retrieved when needed. (Aug 16, 2021)
- ad852669: Improved performance in the cart item modifier field validator. (Aug 12, 2021)
- 6e22a618: Implemented a deadlock retry to address deadlocks on
TORDERNUMBERGENERATOR
under a high load. (Jul 14, 2021) - 6d858a2e: Fixed a race condition in
SolrFacetAdapter
that was causing Cortex errors when retrieving faceted offer search results. (Jul 6, 2021) - 8ac5a462: Backported the
mvnmin.xml
file to maintenance releases. (Jun 21, 2021) - 8e8957c5: Improved catalog projection clean-up performance. (Jun 9, 2021)
- e5878d04: Allow groovy-maven artifacts to be downloaded from Maven central and removed duplicate versions. (May 10, 2021)
- dcc90e22: Updated the
pom.xml
file to allow groovy-maven related artifacts download from Maven central repository and removed duplicate versions. (May 11, 2021) - eb01eef0: Updated
maven.springframework.org
with anhttps
protocol. (May 10, 2021) - d0446fa7: Removed customer Solr index. (Apr 27, 2021)
- c32c9463: Updated the product name search to support special characters in Commerce Manager. (Apr 1, 2021)
- 31af27bd: Updated the default batch size for the
TINDEXNOTIFY
table as the search primary tried to fetch all data from the table. TheTINDEXNOTIFY
table contains millions of records and was causing resource issues. (Mar 29, 2021) - 15829005: Updated the
AddressRepositoryImpl
file to remove an unnecessaryPMD.TooManyMethods
suppressed warning. (Mar 30, 2021) - 019a5ea6: Added an extensibility on the
AddressRepositoryImpl
andAddressEntity
classes, and added the extensibility to the Elastic Path Commerce example. (Mar 31, 2021) - 188c7af3: Fixed CSV Import and Change Set issues. (Mar 25, 2021)
- b38a78e2: Updated the Buyer roles
roles
field to be a JSON array of strings. (Mar 18, 2021) - 5a957e0e: Created a reference Cortex resource for read-only reference data. (Mar 17, 2021)
- 21c845b8: Updated the
add-associate-form
link to beaddassociateform
to align with standard Cortex naming practices. (11-Mar-2021)
Changelog Announcements
Refactored core-changelog-2021-01-data-fields-as-json-clob.xml to make it run 20-30X faster on MySQL and Oracle databases
The changesets in the core-changelog-2021-01-data-fields-as-json-clob.xml
Liquibase file that are used as part of the EPC 8.1 upgrade have been refactored to allow it to upgrade the schema much more quickly on MySQL and Oracle databases. This was done by taking advantage of the JSON_OBJECTAGG
function which serializes JSON within the database. However, this function was only added to MySQL in version 5.7.22, so project teams using MySQL must upgrade to at least MySQL RDS version 5.7.22 or MySQL Aurora version 5.7.mysql_aurora.2.11.2 before applying this patch.
Modified how promotion and price list assignment start and end dates are stored to allow queries to easily exclude expired records
The "Time Conditions" editor has been removed from the Shopping Cart promotions wizard and editor. Now the enable and expiration dates for Shopping Cart promotions appear on the summary tab (or first page of the wizard) consistently with catalog promotions.
This patch includes a Liquibase changeset that will migrate existing start and end dates to the new fields.
Enabled Application Caching in Search Server and Integration Server
Until now, Application Caching using EhCache was only enabled for Cortex and the Import/Export tool. Now we’ve also enabled application caching for the Search Server and Integration Server. This significantly improves the performance of search indexing, asynchronous checkout operations, and Integration Server APIs.
With the application cache enabled in Search Server, the number of queries required to index the mobee
test store was reduced from ~400,000 to ~50,000.
note
This change can cause some services to return dirty reads; in other words, if a cached result is returned then it might be an out-of-date representation of the object. If certain customizations are sensitive to dirty reads, you can reference the non-caching versions by adding nonCaching
prefix to the reference in your service bean definition. For example, references to the storeService
bean can be changed to nonCachingStoreService
. You can also completely disable application caching for a service by setting the -Dnet.sf.ehcache.disabled=true
JVM parameter.
For more information, see Application Caching using EhCache.
Significantly improved the performance of customer, account, and order searches in Commerce Manager
When the customer SOLR index was removed, the way that Commerce Manager looks up customer details was refactored to lookup customer and account details in the database instead of using SOLR. However, since many of the search fields need to do case-insensitive searches and/or partial matches, database indexes were not being leveraged effectively. This lead to very slow response times when the database contains a large number of user, account, or order records. The search queries have been updated to effectively use the database indexes, even for lookups that are case-insensitive or prefix (searches for results starting with the specified value).
The tables below show the type of search that is used for each search field.
Searchable user fields:
Field | Search Type |
---|---|
Shared ID | Exact Match |
Case Insensitive Match | |
Username | Case Insensitive Match |
First Name | Case Insensitive Prefix Match |
Last Name | Case Insensitive Prefix Match |
Zip / Postal Code | Case Insensitive Match |
Phone Number | Case Insensitive Match |
Store | Exact Match |
Searchable account fields:
Field | Search Type |
---|---|
Shared ID | Exact Match |
Business Name | Case Insensitive Prefix Match |
Business Number | Case Insensitive Prefix Match |
Phone Number | Case Insensitive Match |
Fax Number | Case Insensitive Match |
Zip / Postal Code | Case Insensitive Match |
Searchable order fields:
Field | Search Type |
---|---|
Order Number | Exact Match |
User Shared ID | Case Insensitive Match |
User First Name | Case Insensitive Prefix Match |
User Last Name | Case Insensitive Prefix Match |
User Email | Case Insensitive Match |
User Phone Number | Case Insensitive Match |
Account Shared ID | Exact Match |
Account Business Name | Case Insensitive Prefix Match |
Account Business Number | Case Insensitive Prefix Match |
Account Phone Number | Case Insensitive Match |
Billing Address First Name | Case Insensitive Prefix Match |
Billing Address Last Name | Case Insensitive Prefix Match |
Billing Address Phone Number | Case Insensitive Match |
Billing Address Fax Number | Case Insensitive Match |
Billing Address Zip / Postal Code | Case Insensitive Match |
Shipping Address First Name | Case Insensitive Prefix Match |
Shipping Address Last Name | Case Insensitive Prefix Match |
Shipping Address Phone Number | Case Insensitive Match |
Shipping Address Fax Number | Case Insensitive Match |
Shipping Address Zip / Postal Code | Case Insensitive Match |
Order Status | Exact Match |
Shipment Status | Exact Match |
Store | Exact Match |
Product SKU Code | Exact Match |
RMA Code | Exact Match |
Additionally, the following bugs were fixed:
- The "Account details" fields on the order search tab now works properly (these fields were being ignored).
- The "Shipping zip / postal code" field on the order search tab was actually searching for billing zip/postal code.
- The customer search sort by username was actually sorting by shared ID.
- The progress indicator in the bottom right corner of Commerce Manager now indicates when a search is in progress.
LONG_TEXT_VALUE
field from CLOB
to VARCHAR
Changed attribute value This patch changes the type of the LONG_TEXT_VALUE
field in all attribute value tables (TCATEGORYATTRIBUTEVALUE
, TCUSTOMERPROFILEVALUE
, TPRODUCTSKUATTRIBUTEVALUE
, and TPRODUCTATTRIBUTEVALUE
) from CLOB
to VARCHAR
. This is done to avoid an extra select query on the database for each record returned in these tables. These extra select queries significantly slows performance when retrieving customers, categories, products, and product skus from the database, even when the LONG_TEXT_VALUE
field is not populated.
Before deploying this change to production, note the following impacts:
- If any of the tables listed above contain a large amount of data in the
LONG_TEXT_VALUE
field for any single record, the data population process may fail.- For MySQL, the new limit is 20,000 characters.
- For PostgreSQL, the new limit is 65535 bytes (note that each unicode character can consume between 1 and 4 bytes).
- For Oracle, the new limit is 32767 bytes (note that each unicode character can consume between 1 and 4 bytes).
- The data population process may take several minutes or hours to execute, depending on the number of records in the tables listed above, database type used, and database size. While data population is running, Cortex operations may fail or be very slow due to database load and database table locks.
- Teams using Oracle must ensure that the
MAX_STRING_SIZE
parameter is set toEXTENDED
before running data population process or it will fail.
For all these reasons, before deploying this change to production, your teams should test the data population process on a snapshot of your production database in a pre-production environment. Verify that the process is able to complete successfully and make note of how long the data population process takes. Also validate the behaviour of Cortex during the data population process; you may need to plan for downtime during this process if the Cortex impact is significant.
For teams using Oracle, follow these instructions to change your database MAX_STRING_SIZE
parameter to EXTENDED
:
Removed Customer Solr index
Elastic Path Commerce uses Solr for fast lookup of records based on advanced search criteria. This includes "DisMax" searches which return relevance-sorted results based on simple search criteria. For example, the Cortex keyword searches use the Product Solr index to find products and SKUs based on a keyword search.
The customer Solr index was only used by Commerce Manager, when searching for customers by specific fields, such as name, address, or phone number. These types of searches can be done just as quickly using SQL queries against indexed database fields.
Due to the fact that customer records are transactional, meaning that the number of records will grow over time as more users interact with the store. This can cause issues due to the size of the Solr index, or if the customer index ever needs to be rebuilt from scratch, which can be very time consuming.
For these reasons, we made the decision to remove the customer Solr index, and re-implement all Commerce Manager search functions as SQL queries. This functionality is seen in the new CustomerCriterionImpl
and CustomerSearchCriteria
classes in the source.
Modified Cortex to allow it to continue functioning normally if ActiveMQ is overloaded or offline
Cortex sends event notifications in a number of circumstances. Before this patch, those event notifications were sent to ActiveMQ in real-time. Therefore, if ActiveMQ was overloaded, Cortex performance would suffer. Furthermore, if ActiveMQ was offline, Cortex operations would fail.
After this change, all Cortex event notifications are recorded in the TOUTBOXMESSAGE
table, and relayed to ActiveMQ by a Batch Server job that runs every second. This means that Cortex will continue to function regardless of the state of ActiveMQ, and performance will not be affected. If ActiveMQ is offline temporarily, messages will be relayed from the outbox table once it comes back online.
Note that Cortex still maintains a connection to ActiveMQ so it can listen for Operational Insights requests, so if ActiveMQ is offline, a thread will attempt to reconnect every few seconds. However, this will not affect Cortex operation in any way.
Upgraded to Log4j 2.x
Log4j 1.2 is an end-of-life product with multiple security vulnerabilities. To address this, we have upgraded to Log4j 2.17.1. This is a major upgrade that could impact your customizations.
While consuming this patch, make sure you follow the Log4j 1.x to 2.x upgrade notes.
8.2.0
Released: March 2021
Release Highlights
Account Management
This release focuses on delivering buyer capabilities to enable Buying Organizations to manage their departments, regions, and hierarchy of accounts and buyers from the storefront powered by Cortex.
Ability for Buyers to View and Manage Account Details
Buyers can now modify associated accounts in Cortex. The following aspects of accounts can be modified:
Attributes
Buyers with the MODIFY_ACCOUNTS
permission can edit account attributes. This can be done through a PUT
operation on the account
resource, similar to how profile attributes are modified.
For more information, see Update Account.
Addresses
Buyers with the MODIFY_ACCOUNT_ADDRESSES
permission can add, edit, and delete addresses stored on the account. This can be done by following the addresses
link on the account
resource. The default shipping and billing address for the account can also be selected.
For more information, see Read Addresses from Account.
Payment Instruments
Buyers with the MODIFY_ACCOUNT_PAYMENT_INSTRUMENTS
permission can add and delete payment instruments stored on the account. Payment instruments can be added by following the paymentmethods
link on the account
resource. Existing payment instruments can be viewed and deleted by following the paymentinstruments
link on the account
resource. The default payment instrument for the account can also be selected.
For more information, see Read Payment Instruments from Account.
Status
Buyers can now view the status of associated accounts in Cortex. A new link named status
is available on the account resource.
For more information, see Read Status on Account.
Ability for Buyers to Manage Account User Associations
Buyers with the MODIFY_ACCOUNT_ASSOCIATES
permission can add and delete associates on an account. Associates can be viewed by following the associates
link on the account
resource. Buyers can be added to the account by specifying their email and role in the add-associate-form
link. Shoppers must be registered in Cortex before they can be added to an account.
For more information, see Read Associates from Account.
Ability for Buyers to View Child Accounts
Buyers can view child accounts in the account hierarchy. This is done by following the childaccounts
link on the account
resource. Each child account has the same links as accounts that the buyer is directly associated to.
For more information, see Read Child Accounts from Account.
Ability for Buyers to Choose from Account Addresses and Payment Instruments during Checkout
When a buyer is transacting on behalf of an account, meaning the x-ep-account-shared-id
header is specified, the options presented are different. When selecting the cart order billing address, shipping address, and payment instrument, the options are now based on records stored on the account, instead of the records stored on the profile.
note
Currently, when transacting on behalf of an account, the option to add a new address from the cart order will not appear. Buyers with the appropriate permissions can still add addresses to the account through the account resource.
For more information, see Select Order Billing Address, Select Delivery Shipping Address, and Select Order Payment Instrument.
Ability to Define Roles for Buyers
Buyers can now be assigned to Elastic Path roles, representing a grouping of multiple Shiro roles (permissions). Each Shiro role is a granular permission that controls what the buyer can view, create, modify, or delete through the Cortex API. For example, buyers without the READ_PRICES
permission cannot access resources that return product prices.
Developers can modify Elastic Path roles, including their assigned Shiro roles through a simple Spring map declaration (roleToPermissionsMap
).
Seller admins can define what Elastic Path role buyers will acquire in Commerce Manager. For B2C scenarios, the Store record can define roles for both single-session and registered buyers. For B2B scenarios, the role can be assigned to the user association record on each account. Buyers automatically get the same access role to any child accounts in the hierarchy.
For more information about how roles and permissions work, see Cortex Authorization.
Order Hold Strategies
Order Hold Strategies allows your business to define rules that determine when new purchases should be placed on hold. The following are use cases examples for Order Hold Strategies:
- A high fraud score
- An issue with downstream fulfillment services
- A delayed payment method, such as payment by cheque or Bitcoin
When a cart is checked out, an order record is created, inventory is reserved, and credit card payments are pre-authorized. The Order Hold Strategies are then executed. If one or more of these strategies determines that a hold is required, the order is placed in the ON_HOLD
state, and an Order Confirmation email is sent to the customer. The payment will not be captured, and the order will not be sent to fulfillment until all of the holds are resolved.
A configurable seller admin email is notified on a scheduled basis (every 4 hours by default) for each store that contains held orders. The seller admin can then view the held orders along and mark holds as resolved or unresolvable. If all of the holds are resolved, the order proceeds to payment capture and fulfillment. If any of the holds are marked unresolvable, the order is cancelled, and a cancellation email is sent to the shopper.
For more information, see Order Hold Strategies.
Catalog Promotion Selling Context
Seller admins can now define personalized criteria for catalog promotions, allowing more targeted promotions that appear to the shopper even before the shopping cart.
The Selling Context allows promotions to be activated based on characteristics of the shopper. This functionality has been available for use when defining shopping cart promotions in Elastic Path Commerce for many years. Now, the same level of flexibility is available for use on catalog promotions.
For more information, see Shopper Segment Rules.
System Requirements and Compatibility
Elastic Path Commerce 8.2.0
is now certified for use with the following technologies:
Technology | Old Certification | New Certification |
---|---|---|
Amazon Aurora RDS | Aurora v1 (MySQL 5.6) | Aurora v2 (MySQL 5.7) |
MySQL | 5.7.19 | 5.7.31 |
Oracle | 12.1 | 19.0 |
Zulu JDK | 8u202 | 8u275 |
Elastic Path Commerce 8.2.0
is compatible with the following Elastic Path releases:
Elastic Path Component | Compatibility |
---|---|
Elastic Path CloudOps for Kubernetes | CloudOps for Kubernetes compatibility matrix |
For more information, see Supported Technologies.
New in This Release
In addition to the Release Highlights, this release contains the following updates:
Ability for Seller Admins to Mark Accounts as Suspended
Seller admins have more control over the status of accounts. In addition to the existing ACTIVE
and DISABLED
options, accounts can now be set to a SUSPENDED
state.
For accounts in the ACTIVE
state, associated buyers can transact on behalf of the account and checkout. For accounts in the DISABLED
state, buyers will not be able to transact on behalf of these accounts. The x-ep-account-shared-id
header will not be accepted. For accounts in the SUSPENDED
state, associated buyers can transact on behalf of the account, but they will not be permitted to purchase a cart, the purchaseform
action will be blocked.
For more information, see Disabling or Suspending an Account record.
Cache
implementation improvements
In some cases, you want to cache the fact that a key is not present in the database, and differentiate that from the circumstance where the cache has not been populated. To address this, we added a new class called CacheResult
that can differentiate between "value not present" and "value is null". Then updated the cache get
methods to return a CacheResult
object.
Also, the V get(K key, Function<K, V> fallbackLoader)
method was updated to prevent the "thundering herd" issue when high-usage cache keys expire. Specifically, the following guarantees are provided:
Threads will only be blocked if there is a cache miss and there is already an evaluation running for an equivalent cache key. Lookups for different cache keys will not be blocked.
Only one evaluation will be executed for a cache miss of a given cache key. There is actually a small chance that this could occur if the evaluation locks map rolls over, but it is highly unlikely.
While a cache miss evaluation is in progress, requests from separate threads for the same cache key will block until evaluation is complete and they will get the cached value after the evaluation completes.
Most calls to CacheResult<V> get(K key)
were replaced with calls to V get(K key, Function<K, V> fallbackLoader)
to allow caches to take advantage of these guarantees.
refreshStrategy
metadata records required for all setting definitions
Made The implementation of CachedSettingsReader
was changed so that it now throws an exception if a setting definition does not have a corresponding refreshStrategy
metadata record. Previously, CachedSettingsReader
would fallback to the immediate
refresh strategy if not explicitly defined, which led to unexpected performance issues.
Surefire and Failsafe plugin updates
When an exception occurred in unit or integration tests, the stack trace was being truncated by the Surefire and Failsafe plugins. The trimStackTrace
setting has now been set to false to prevent this behaviour.
The Surefire and Failsafe plugins were upgraded to version 2.22.2.
Removed some outdated language in alignment with diversity and inclusion commitments
Some parameters that made reference to master
were renamed. Also, the CP_GENDER
customer profile attribute was removed.
See upgrade notes for more information about both of these changes.
Upgraded shopper and business user password hashing
In Self Managed Commerce 8.1 and earlier, the password hashing algorithm for shoppers was SHA-256
, and the password hashing algorithm for business users was SHA-1
. Both password hashing algorithms have now been upgraded to BCrypt.
For existing users, the current hash is re-hashed with BCrypt during the database upgrade. When a user signs in, Elastic Path Commerce first tries to match the password with the BCrypt hash. If that fails, it tries again with a BCrypt and SHA-1
or SHA-256
hash. This allows us to upgrade the hashes without losing existing passwords, in accordance with OWASP
recommendations.
The BCrypt work factor for shoppers defaults to 8, and the work factor for business users defaults to 10. These can be modified by changing the strength
property of the passwordEncoder
and cmPasswordEncoder
Spring beans, respectively. Note that as the work factor is increased, authentication performance will be reduced.
Added ability to specify filtering when exporting customers through Import/Export
Added the ability to specify queries when exporting customers through the Import/Export CLI or API.
Field | Field Parameters | Sample Query |
---|---|---|
SharedID | N/A | FIND Customer WHERE SharedID = 'e27ffe24-1281-4841-bc78-d9006ae7771d' |
CustomerType | N/A | FIND Customer WHERE CustomerType = ACCOUNT |
LastModifiedDate | N/A | FIND Customer WHERE LastModifiedDate > '2020-01-01T00:00:00-08:00' |
Improved logging when running data population
Data population now writes separators to the logs for each stage of the data population process, giving better insight into what it is doing.
LINK
permissions are defined
Improved how Cortex Assume that we have two links contributed by the carts resource to the root: carts
and defaultcart
. We want defaultcart
to appear to all users (PUBLIC
) and carts
to only appear to logged in users (REGISTERED
).
We expect to be able to create a permission.permissions file like this:
relos.role.PUBLIC=LINK:{base.scope}:default;
relos.role.REGISTERED=LINK:{base.scope}:EOL;
However, this caused both links to disappear for all users because Cortex was evaluating links in such a way that only wildcards would work; they weren’t evaluated based on their target URIs. That has now been resolved.
ep-core-tool
to allow Setting Metadata to be updated
Enhanced The ep-core-tool
now supports the following commands:
set-setting-metadata
bulk-set-setting-metadata
These commands allow the ep-core-tool
to update the metadata for setting definitions.
FAILED
state
Commerce Manager now displays orders in Orders in the FAILED
state did not previously appear in search results in Commerce Manager.
family-name
and given-name
fields are now optional
Address Addresses can be associated to either a shopper profile, or an account. When adding an address to an account, the family-name
and given-name
fields are usually irrelevant. Therefore, we have modified Elastic Path Commerce so that addresses can be created without these values. These fields are now optional in both Cortex and Commerce Manager.
references
resource in Cortex root
Added A new link has been added to the Cortex root resource named references
. This resource allows us to group links to resources that provide read-only reference data that is required by the client.
Initially, this resource contains two links:
countries
buyerroles
The countries
link is a duplicate of the countries
link on the root resource. The countries
link on the root is now deprecated and may be removed in a future version.
The buyerroles
link allows the client to read the list of available roles that can be used when associating a user to an account. For more information about buyerroles
, see Read Buyer Roles.
Replaced XA with Outbox pattern
In Elastic Path Commerce 7.5.1, XA transaction support was added. This was to ensure the publishing of domain event messages if and only if the transactions containing these database updates were committed to the database. This guarantee is essential to ensure that Catalog Syndication projections can be kept up-to-date.
This technology added significant complexity and boilerplate code into the Elastic Path Commerce framework. To reduce this complexity, we made the decision to replace XA with the Transactional Outbox pattern. This pattern requires the platform to insert a record into an outbox table in the same transaction as the catalog update. A separate job later reads the outbox records and relays them as the appropriate domain event messages.
The commit includes the following changes:
- Removes all library dependencies on Atomikos.
- Removes
ep-jta
module. - Removes
XaTransactionTestSupport
from all integration tests. - Removes support for
JVM
parameter-Dspring.profiles.active=non-xa
. - Removes all XA configuration from each webapp’s
context.xml
files - includingepjndi-xa
. - Adds
TOUTBOXMESSAGE
table to the database. - Adds
Relay Outbox Messages
Quartz job in Batch Server. - Adds support for
JVM
parameter-Dspring.profiles.active=disable-domain-events
.
Added Maven Minimal Configuration
Maven Minimal is a developer tool to build large multi-module projects quickly, by building only changed modules. Maven Minimal is currently under development and nearing release.
In anticipation of Maven Minimal’s release, its configuration is included in Elastic Path Commerce.
Fixed Issues
Prevent Cortex error when viewing customer profile
If a customer is edited in Commerce Manager, in some cases a 500 error
would occur when viewing the customer profile in Cortex.
Cortex webapp overlays folder added to gitignore
The extensions/cortex/ext-cortex-webapp/overlays/
folder was added to .gitignore to prevent temporary files in that folder from being committed accidentally.
Removed unnecessary cart re-pricing calls
Some unnecessary calls to update pricing during shopping cart retrieval were removed.
Fixed thread safety issue when calculating promotions
A thread safety issue in LogicalTreeBuilder
was in some cases causing shopping cart promotions to be evaluated incorrectly.
Messaging in CM when there was a reservation failure during order modification was confusing
Improved messaging on the dialog that appears when modifying an order in Commerce Manager.
Fixed several Liquibase upgrade script issues
- Several
7.2.0
Liquibase scripts had very poor performance during upgrades. - The
7.6.0-torder-make-cart-order-guids-unique
script missed some order records when making the CART_ORDER_GUID field unique. - The
2020-05-update-accountmanagement-customertype
script could throw aNo value specified for parameter
exception in some circumstances. - The
2020-05-add-accountmanagement-customertype
script could hang during an update in some circumstances. - The
core-changelog-2020-03-payments.xml
script could throw amissing expression
exception in some cases. - The
core-changelog-2020-06-common-shared-identifier-users-accounts.xml
script could throw aduplicate keys found
exception in some circumstances.
Improved handling for unpriced items in the cart
Added defensive code to prevent Cortex exceptions when line items in the cart do not have a price. If a line item is missing a price, the line item price
and total
links will no longer be displayed. At the cart and order levels, the total
and tax
entities assume that the price of line items without prices is zero. Shipping service level calculations also function normally but assume that the price of line items without prices is zero.
Fixed issue in which Cortex sometimes re-uses shopper record from a different store
Fixed an issue where a user’s shopper record and cart from a different store was retrieved incorrectly.
Ensure that cart modifier values are cleared from default cart after checkout
Cart modifier values are now reset on the default shopping cart whenever the cart is checked out.
Limited use coupon codes could not be removed from cart
Limited-use coupon codes were being automatically re-applied after a customer removed the coupon code.
TATTRIBUTE
table during checkout
Removed unnecessary duplicate queries to Cortex made multiple unnecessary TATTRIBUTE
queries during checkout. This has now been reduced to a single query.
Import/Export imports weren’t updating Catalog Syndication projections
When products were updated using Import/Export, the required domain events were not being published.
UIDPK = 0
queries
Eliminated unnecessary Applied a fix to OpenJPA to eliminate unnecessary SQL queries that would never return any results because they contain UIDPK = 0
within the where clause.
Fixed exception that could occur when multiple threads request the same shopping cart concurrently
When a shopping cart contains a bundle, and multiple threads request the same shopping cart concurrently, the following exception could occur: com.elasticpath.commons.exception.InvalidProductStructureException: ShoppingItem structure invalid
cleanupFailedOrdersJob
batch job
Optimized the This job is responsible for deleting failed orders that are more than COMMERCE/SYSTEM/FAILEDORDERCLEANUP/maxHistory
days old. Each time this job is executed, it deletes qualifying records in batches of size COMMERCE/SYSTEM/FAILEDORDERCLEANUP/batchSize
until all qualifying records are deleted. This is a change from the old behavior which would cleanup only COMMERCE/SYSTEM/FAILEDORDERCLEANUP/batchSize
records each time the job was executed. This job also executes much more quickly than before and uses less memory.
Updated several Maven plugins to improve multi-threaded build support
When building ep-commerce
source in multi-threaded mode, such as -T 1C
, several warnings appear in the logs about plugins that don’t support multi-threading. The following list shows the upgraded Maven plugins to better support multi-threaded builds:
- Upgraded
gmaven-plugin
1.4 togroovy-maven-plugin
2.1.1. - Upgraded
javacc-maven-plugin
2.6 toph-javacc-maven-plugin
4.1.4. - Upgraded
maven-replacer-plugin
to 1.5.2. - Added
threadSafe=true
toep-core-tool
.
Caching bug could cause product to appear as missing in Cortex
In some circumstances, when the productUidCache
entry expires before the productUidByGuidCache
, Cortex was misinterpreting this situation to mean that the product was not present in the database.
Prevent duplicate domain events from being published
Due to the way that OpenJPA lifecycle events work, there were some circumstances where duplicate domain events were being sent when a record was updated in Import/Export or Commerce Manager. To address this, a LifecycleEventFilter
was added that identifies and filters out duplicate lifecycle events in the same thread.
Products without display name in Commerce Manager language do not appear properly in promotions wizard
If a promotion in Commerce Manager has a condition or action that references a Product or SKU that is missing a localized display name it was "invisible". The code now falls back on the product code or SKU code in this circumstance.
offer-price-range
logic when list price is lower than sale price
Improvement to When a price is configured such that the list price is lower than the sale price, the offer-price-range
resource didn’t correctly show the lowest price.
Improved search master customer indexing
Ensure that customer records are only indexed if at least one of the following is true:
- Customer type is
REGISTERED_USER
orACCOUNT
. - Customer type is
SINGLE_SESSION_USER
and is associated to one or more purchases.
Also removed the use of the TINDEXNOTIFY
table for determining which records require re-indexing; the code now relies exclusively on TCUSTOMER.LAST_MODIFIED_DATE
.
Fixed several tests that were incorrectly using "week year" instead of "year"
Several tests were using use SimpleDateFormat("YYYY-MM-dd”)
instead of SimpleDateFormat("yyyy-MM-dd”)
. YYYY
means "week year", while yyyy
means "year". This caused several test failures in the last week of each year.
Fallback payment capture attempts are not recorded
If a payment capture fails, Elastic Path Commerce will try to create a new reservation and charge, but the second charge was not being recorded in the TORDERPAYMENT
table.
Shipping address on all active shopping carts is changed when shopper’s default shipping address is updated
If a shopper edits an address that is the default shipping address on their profile, all of that shopper’s active carts were updated to make that the current shipping address. This behaviour has been removed.
Avoid unnecessary validation calls during add-to-cart and checkout
The presence of ADVISE_CREATE
in the cart permission.properties
was causing the add-to-cart form validation rules to be executed unnecessarily when posting to the add-to-cart form.
Also, inventoryProductSkuValidator
was being executed during purchase validation even though the required functionality was already covered by inventoryShoppingItemValidator
.
Improved consistency of catalog entity code validation
Different Elastic Path Commerce applications were validating Catalog entity codes differently. For example, Import/Export might allow a catalog code to contain an underscore but Commerce Manager would not.
To address these inconsistencies, CatalogCodeUtil
has been added to ep-core which provides information that applications can use to validate the various types of codes. Currently only Commerce Manager has been wired in to use this information.
permission.properties
not overriding permission.properties
consistently
Extended bundle Cortex requires that all extension bundles declare their own permission.properties
file. Before this fix, Cortex was arbitrarily reading either the out of the box or extension bundle permission.properties
file to determine permissions. Now extension bundles are required to specify a permissionsLookupRank
value in their wiring modules which Cortex uses to identify the correct permission.properties
file.
Upgrade Notes
The upgrading Elastic Path guide provides general instructions on upgrading Elastic Path projects.
Core Commerce
All
TSETTINGDEFINITION
records now require a correspondingTSETTINGMETADATA
record with keyrefreshStrategy
and a value containing the cache refresh strategy. Make sure to add these records for any custom settings or theCachedSettingsReader
will throw an exception when the settings are retrieved.The
ep.search.master.url
,ep.search.default.url
, andep.search.requires.master
properties have been deprecated. These were specifiable either asJVM
parameters or inep.properties
. The old parameters are still supported, but we now recommend specifying them usingJVM
parameters as follows:ep.search.master.url
should be specified as-Dep.search.primary.url=
ep.search.default.url
should be specified as-Dep.search.replica.url=
ep.search.requires.master
should be specified as-Dep.search.mode=
, where the value is set toprimary
orreplica
.
The
CP_GENDER
customer profile attribute was removed. If tracking gender is an important attribute for your business, we recommend creating a new custom profile attribute and creating a Liquibase script to transfer the data to your custom attribute.The
family-name
andgiven-name
fields on Addresses have been made optional. If you have any customizations that use addresses, ensure that they can handle null values in these fields.Many Cortex bundle
permission.properties
files have been updated to support the new Shiro roles such asCATALOG_BROWSER
andBUYER_ADMIN
. If your project has overridden any Cortex bundles, make sure to merge your custompermission.properties
file with the out of the box version.Any bundles that extend existing out of the box bundles will require an update to their wiring class to allow Cortex to determine which
permission.properties
file to use. The out of the box bundles all use a rank of100
, so extended bundles should specify a higher rank, such as200
. If the permissions lookup rank is not specified in the extension bundle, the following exception will be thrown at Cortex startup:java.lang.IllegalArgumentException: Permission lookup for server prices already exists with rank 100
Here is an example of thepermissionsLookupRank
method that needs to be overridden in the wiring modules:
package com.elasticpath.extensions.rest.extprices.wiring;
import com.elasticpath.rest.resource.prices.wiring.PriceWiring;
import javax.inject.Named;
/**
* Extended Price wiring.
*/
@Named
public class ExtPriceWiring extends PriceWiring {
@Override
protected int permissionsLookupRank() {
return 200;
}
}
Database Changes
- Added
CASCADE
onDELETE
on all foreign key relationships to the following fields to allowcleanupFailedOrdersJob
to be more efficient. For more information, see thecore-changelog-2020-08-cleanup-expired-failed-orders-job.xml
file.TORDER.ORDER_NUMBER
TORDER.UIDPK
TORDERPAYMENT.UIDPK
TAPPLIEDRULE.UIDPK
TORDERSHIPMENT.UIDPK
TORDERRETURN.UIDPK
TORDERSKU.UIDPK
- Added
ORDER_UID
field toTORDERSKU
table to allow queries to avoid join toTORDERSHIPMENT
. - Added index on
TCUSTOMER.AUTHENTICATION_UID
. - Renamed
apiRefreshStrategy
andadminRefreshStrategy
values onTSETTINGMETADATA.METADATA_KEY
torefreshStrategy
. - Added
refreshStrategy
metadata records to allTSETTINGDEFINITION
records. TCMUSER.PASSWORD
values are re-encoded toBCRYPT
format.TCUSTOMERAUTHENTICATION.PASSWORD
values are re-encoded toBCRYPT
format.- Removed
CP_GENDER
customer profile attribute. - Added index on
TCUSTOMERPROFILEVALUE.CUSTOMER_UID
, replacing previous composite index. - Updated
COMMERCE/SYSTEM/SEARCH/searchHost
context keys frommaster
toprimary
anddefault
toreplica
. - Added unique constraint on
SHOPPER_UID,DEFAULTCART
fields ofTSHOPPINGCART
and madeDEFAULTCART
nullable. - Added
TOUTBOXMESSAGE
table. - Added
B2C_AUTHENTICATED_ROLE
andB2C_SINGLE_SESSION_ROLE
fields toTSTORE
table.
Upgraded Libraries
The following libraries were upgraded as part of this release, primarily to address vulnerabilities detected within these libraries.
Library | Change |
---|---|
activemq-broker-5.16.0.jar | Version changed from 5.15.12 |
activemq-camel-5.16.0.jar | Version changed from 5.15.12 |
activemq-client-5.16.0.jar | Version changed from 5.15.12 |
activemq-console-5.16.0.jar | Version changed from 5.15.12 |
activemq-jms-pool-5.16.0.jar | Version changed from 5.15.12 |
activemq-kahadb-store-5.16.0.jar | Version changed from 5.15.12 |
activemq-openwire-legacy-5.16.0.jar | Version changed from 5.15.12 |
activemq-pool-5.16.0.jar | Version changed from 5.15.12 |
activemq-spring-5.16.0.jar | Version changed from 5.15.12 |
activemq-stomp-5.16.0.jar | Version changed from 5.15.12 |
activemq-web-5.16.0.jar | Version changed from 5.15.12 |
activemq-web-console-5.16.0.war | Version changed from 5.15.12 |
checker-qual-2.10.0.jar | Removed |
dec-0.1.2.jar | Added |
error_prone_annotations-2.3.4.jar | Removed |
failureaccess-1.0.1.jar | Removed |
guava-28.2-jre.jar | Removed |
hawtdispatch-1.11.jar | Added |
hawtdispatch-transport-1.11.jar | Added |
htmlunit-2.38.0.jar | Added |
htmlunit-core-js-2.38.0.jar | Added |
htmlunit-cssparser-1.5.0.jar | Added |
integration-test-definitions-8.2.0.5657f7cc81.jar | Added |
j2objc-annotations-1.3.jar | Removed |
jackson-annotations-2.10.2.jar | Removed |
jackson-annotations-2.11.2.jar | Version changed from 2.10.3 |
jackson-core-2.10.2.jar | Removed |
jackson-core-2.11.2.jar | Version changed from 2.10.3 |
jackson-databind-2.11.2.jar | Version changed from 2.10.3 |
jackson-databind-2.9.10.3.jar | Removed |
jackson-databind-2.9.10.4.jar | Version changed from 2.10.2 |
jackson-dataformat-csv-2.11.2.jar | Version changed from 2.10.2 |
jackson-datatype-jsr310-2.11.2.jar | Version changed from 2.10.3 |
jackson-jaxrs-base-2.10.2.jar | Removed |
jackson-jaxrs-base-2.11.2.jar | Version changed from 2.10.3 |
jackson-jaxrs-json-provider-2.10.2.jar | Removed |
jackson-jaxrs-json-provider-2.11.2.jar | Version changed from 2.10.3 |
jansi-1.18.jar | Version changed from 1.8 |
jetty-client-9.4.27.v20200227.jar | Added |
jetty-http-9.4.27.v20200227.jar | Added |
jetty-io-9.4.27.v20200227.jar | Added |
jetty-xml-9.4.27.v20200227.jar | Added |
jsr305-3.0.2.jar | Removed |
jstl-1.1.2.jar | Added |
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar | Removed |
mqtt-client-1.3.jar | Added |
mysql-connector-java-8.0.22.jar | Version changed from 5.1.44 |
neko-htmlunit-2.38.0.jar | Added |
openjpa-2.4.0-ep2.3.jar | Version changed from 2.4.0-ep2.1 |
openjpa-jdbc-2.4.0-ep2.3.jar | Version changed from 2.4.0-ep2.1 |
openjpa-jest-2.4.0-ep2.3.jar | Version changed from 2.4.0-ep2.1 |
openjpa-kernel-2.4.0-ep2.3.jar | Version changed from 2.4.0-ep2.1 |
openjpa-lib-2.4.0-ep2.3.jar | Version changed from 2.4.0-ep2.1 |
openjpa-persistence-2.4.0-ep2.3.jar | Version changed from 2.4.0-ep2.1 |
openjpa-persistence-jdbc-2.4.0-ep2.3.jar | Version changed from 2.4.0-ep2.1 |
org.apache.commons.logging-1.1.1.v201101211721.jar | Removed |
org.apache.servicemix.bundles.spring-orm-4.3.25.RELEASE_1.jar | Added |
serializer-2.7.2.jar | Added |
slf4j-api-1.7.30.jar | Added |
slf4j-log4j12-1.7.30.jar | Added |
standard-1.1.2.jar | Added |
websocket-api-9.4.27.v20200227.jar | Added |
websocket-client-9.4.27.v20200227.jar | Added |
websocket-common-9.4.27.v20200227.jar | Added |
xalan-2.7.2.jar | Added |
xbean-spring-4.17.jar | Version changed from 4.16 |