Elastic Path Commerce 8.4.x Release Notes
Learn about changes to Elastic Path Commerce for this release. Fixes since the release are summarized in the changelog.
Changelog
The changelog contains the list of fixes and improvements made to Elastic Path Commerce 8.4 since its release date. To learn how to consume the updates, see Consuming Support Fixes.
- d9fac170: Changed the way that
SkuOptionValue
is associated withProductSkuOptionValue
, using a lazy load approach instead of the Eager Field Post Load Strategy, to prevent possible "context has been closed" exceptions. (12-Dec-2024) - 17d83cd7: Fixed Core Request-Scoped Caching to ensure that retrievals with different load tuners or fetch groups are cached separately. (10-Dec-2024)
- 786337df: Upgraded Tomcat version from 9.0.85 to 9.0.97. (9-Dec-2024)
- 8e1f3e78: Added a new
getAttributeValueByKey
method to all Extension Point Framework entities with attributes for use with non-localized attribute values. (8-Dec-2024) - e07ecbf8: Upgraded esapi from 2.5.3.1 to 2.5.4.0 (6-Dec-2024)
- 8c49175b: Added comments above
api-platform.version
andep-xpf-spi.version
properties inbill-of-materials/pom.xml
to reduce merge conflicts. (4-Dec-2024) - b3a18427: Upgraded Quartz from version 2.3.2 to 2.4.0 to address CVE-2023-39017. (4-Dec-2024)
- 90c57322: Fixed issue with
ProductDaoImpl#findUidBySkuCode
that can cause OpenJPA to read all product skus from the database in rare circumstances. (3-Dec-2024) - 5203908a: Fixed intermittent failure in Selenium tests due to problems verifying that a user interface element contains the expected value. (2-Dec-2024)
- 03679e5c: Fixed
NullPointerException
in Cortex whenep.log.level=TRACE
is enabled. (29-Nov-2024) - 242a4d61: Fixed intermittent failure in Selenium tests due to problems obtaining focus on a user interface element. (28-Nov-2024)
- bbed1a58: Build stability improvements. (27-Nov-2024)
- fa891913: Upgraded commons-io from version 2.8.0 to 2.14.0 to address CVE-2024-47554. (26-Nov-2024)
- a540a73d: Fixed intermittent failure in Selenium tests due to problems typing into text boxes. (25-Nov-2024)
- cb0a95e8: Fixed Import/Export to ensure that the necessary product search indexes are rebuilt when base amounts are updated. (22-Nov-2024)
- 8aee6e2a: Improved order hold resolution error handling to ensure that order holds don't get stuck in a pending state. (20-Nov-2024)
- c7d44cd1: Modified
extensions.json
requirements so that just the identifier and enabled flag can be specified; all other fields are now optional. (19-Nov-2024) - 63185442: Refactored
ProductAssociationQueryBuilder
to useJPQLQueryBuilder
and optimized generated query for determining product associations. (15-Nov-2024) - c8fb64ba: Added new
X-Ep-Follow-Location-Status
header to indicate the status of the second resource whenfollowLocation
is used. (15-Nov-2024) - 9100d036: Changed root link expectations in Cucumber tests to prevent failures if new resources are added. (14-Nov-2024)
- 1047f90d: Fixed Cortex structured message response when purchase form is submitted with validation errors. (12-Nov-2024)
- 03f424ab: Fixed query error that occurs in MySQL when the anonymous customer cleanup job is executed. (12-Nov-2024)
- 1ebce7d4: Fixed cart subtotal applied promotions to ensure it only returns the applied 'best of' promotion. (1-Nov-2024)
- 33fa9fee: Fixed error handling for shipping option determination so that the actual underlying error is reported rather than a
NullPointerException
. (31-Oct-2024) - cdfbcdcf: Fixed a
NullPointerException
that can occur when publishing multi-sku products through the Data Sync Webapp. (29-Oct-2024) - 0466942c: Upgraded Wiremock from version 2.27.2 to 2.35.1. (16-Oct-2024)
- 7015d488: Fixed Spring circular dependency that was causing
NullPointerException
s during Integration Server startup. (10-Oct-2024) - 64ebb9d6: Fixed preconditions in
core-changelog-2020-08-cleanup-expired-failed-orders-job.xml
to avoid potential upgrade error. (3-Oct-2024) - 06a7f06d: Removed support for
user-name
anduser-company
fields in JWT metadata payload, which was leading to unique constraint errors in PunchOut. (26-Sep-2024) - 293b8828: Fixed issue with Data Sync Webapp where changesets containing base amounts were causing multiple product index notifications to be created and were also holding the base amount objects in memory until the service was restarted. (19-Sep-2024)
- 4fa8a5e4: Fixed issue with Cortex attempting to write logs to a folder based on the build machine home folder instead of the runtime machine home folder. (13-Sep-2024)
- fb87b2cb: Refactored the Catalog Syndication builders to use
AbstractBatchJob
instead of Spring Batch, to address lock wait timeout issues during the build process. (13-Sep-2024) - 3ddfd603: Fixed issues with the shopper conditions user interface in Commerce Manager where conditions were sometimes duplicated or could not be removed. (13-Sep-2024)
- d74cbd0b: Upgraded Tomcat version from 9.0.85 to 9.0.90. (12-Sep-2024)
- 251ef7a8: Build stability improvements. (10-Sep-2024)
- 64ac220e: Coloured logging now disabled by default, only enabled for local development deployments. (2-Sep-2024)
- 7615e569: Fixed duplicate entry error that appears when editing tax values in Commerce Manager. (29-Aug-2024)
- 04348009: Fixed Cortex keyword search functionality so it correctly reads the
COMMERCE/SEARCH/*
system configuration settings. (29-Aug-2024) - 28c94697: Fix for
NullPointerException
that can occur if looking up a non-existent compound GUID withCategoryLookup#findByCompoundCategoryAndCatalogCodes
. (29-Aug-2024) - 4a30569e: Fix for
NullPointerException
that can occur ifRuleService#findByRuleGuid
is called with a non-existent guid. (28-Aug-2024) - 5111709c: Removed unused setting definitions:
COMMERCE/SEARCH/minimumResultsThreshold
,COMMERCE/SEARCH/maximumResultsThreshold
,COMMERCE/SEARCH/maximumSuggestionsPerWord
, andCOMMERCE/SEARCH/accuracy
. (27-Aug-2024) - 616e50e8: Consolidated all Awaitility dependencies from version 2.0.0 to 3.1.6. (26-Aug-2024)
- f1ee2a4e: Updated the Log4j configuration for all services to ensure that log file sizes are limited by using a fixed window rolling policy. (25-Aug-2024)
- bfa813fc: Fixed issue where the
parentCategoryCodes
field was not populated in the SOLR index for linked categories. (21-Aug-2024) - 7880eb86: Fixed issue with logging of some Catalog Syndication failures. (19-Aug-2024)
- 25e78f29: Fixed Catalog Syndication cucumber test stability issue. (17-Aug-2024)
- 70ea53cc: Fixed issue with SKU selection dialog not allowing users to search after clicking the clear button. (15-Aug-2024)
- 11d02401: Build stability improvements. (14-Aug-2024)
- f6a9ceb6: Fixed intermittent failure in Order search for failed order Selenium test. (6-Aug-2024)
- 8e3d5f62: Removed checksum validation from
core-changelog-2024-07-expired-data-point-values-job
changeset due to required changes in earlier versions. (2-Aug-2024) - 79896b90: Improved warning
Setting retrieval strategy {} threw an exception
to ensure that full stack trace is logged. (30-Jul-2024) - 63afea16: Fixed issue where
parent-widget-id
andwidget-type
attributes on a table row were not properly set after a table is updated. This could lead to Selenium test issues. (26-Jul-2024) - 4f1316cb: Fixed all query strings defined on beans for Catalog Syndication
JpaPagingItemReader
instances to ensure they have anORDER BY
clause. (24-Jul-2024) - bbc5c1dd: Fixed issue where importing entities doesn't properly invalidate the application cache in some circumstances. (24-Jul-2024)
- fe064863: Fixed out of memory error that can occur on the Batch Server if database contains a large number of
TCUSTOMERCONSENT
records. (23-Jul-2024) - 40fb053d: Improved Oracle
reset-db
script to ensure that the tablespace is created automatically. (18-Jul-2024) - 9f2ec0b8: Enhanced Operational Insights to ensure that Integration Server waits for all service reports to be received before the report is generated. (18-Jul-2024)
- 914ae96f: Removed line from
com.elasticpath.cmclient.core/plugin.xml
that caused the XML to be invalid. (20-Jun-2024) - 7b1afe8a: Updated all Camel routes to extend
CRSCEnabledRouteBuilder
so they properly evict the Core Request-Scoped Cache and avoid dirty reads. (19-Jun-2024) - 56a36935: Added exclusion on Spring Framework dependencies within
ext-commerce-engine-wrapper
to ensure that Spring dependencies aren't accidentally embedded in the bundle. (17-Jun-2024) - ddfd31bc: Fixed issue where
CouponUsageLimitValidator
doesn't properly handle some coupon-related issues. (14-Jun-2024) - f0264ca4: Fixed issue with Commerce Manager initialization that can occur if several initial requests are received concurrently. (14-Jun-2024)
- e0dca1bb: Added database index on
name
andstate_code
fields of theTCHANGESET
table to address performance issue in the Automated Imports Accelerator. (12-Jun-2024) - ff44d644: Fix for potential race condition around
CategoryLookup
andCategoryService
load tuners which can cause errors about unloaded fields. (10-Jun-2024) - 9e91e504: Fix to avoid retrying the post capture checkout steps if there is an exception thrown. (7-Jun-2024)
- 254fe970: Fixed issue for scenario when multiple customer records have the same username for different stores, the wrong customer record could be selected during authentication. (6-Jun-2024)
- e766ca3c: Fixed issue where the Cortex health checks may read the internal health check URL using the wrong Tomcat connector, which can cause the health checks to show Cortex as healthy before startup completes. (4-Jun-2024)
- 1c07dbc7: Fix for intermittent Selenium test failure "Error forwarding the new session Empty pool of VM for setup". (4-Jun-2024)
- 86841ba8: Fixed intermittent Selenium test failures related to long generated catalog entity names. (4-Jun-2024)
- c3d70511: Fixed intermittent Selenium test failures related to the "Promotion Search With Quotes" test. (31-May-2024)
- e82d2b3b: Removed the logic that allowed cached tax calculation for a shopping cart to be reused when checking out, which was unnecessarily complex and was causing a possible issue where tax calculation failures could occur. (30-May-2024)
- bca17711: Improved
H2DataSourceInitializerImpl
to prevent H2 database snapshots from being corrupted when multiple tests are run concurrently. (28-May-2024) - e6ee5a8b: Removed check from Commerce Manager and Batch Server health checks that verifies that search server is reachable. This was causing health checks to fail incorrectly in some circumstances. (28-May-2024)
- 74f34df0: Upgraded solr-core from 8.11.1 to 8.11.3 to address CVE-2023-50298, CVE-2023-50291 and CVE-2023-50292 (27-May-2024)
- 59e805a2: Changed "Less shipment discount" on Commerce Manager shipment summary to always appear as black. (24-May-2024)
- de482808: Liquibase fix for "Improved performance of case-insensitive queries involving store code" to convert
TSHOPPER.STORECODE
to upper case and add foreign key constraint. (22-May-2024) - a45e42f6: Fixed anonymous customer cleanup job failure that occurs if customer has wish list items. (22-May-2024)
- 47e18111: Updated logic to prevent customer store code from changing when they log into a linked store. (22-May-2024)
- f0879624: Build stability improvements. (15-May-2024)
- b0a81373: Updated activemq-kahadb-store from version 5.14.3 to 5.17.6. (15-May-2024)
- 0f023ccd: Separated product and product type caching to reduce product cache memory use by 30-60%. (14-May-2024)
- 1687977b: Upgraded Jetty from 9.4.44.v20210927 to 9.4.54.v20240208 to address CVE-2024-22201, CVE-2023-44487, CVE-2023-36479, CVE-2023-26049, CVE-2023-26048 and CVE-2022-2048. (14-May-2024)
- a9385d98: Removed duplicate localization property key in
email.properties
that was causing confusion. (14-May-2024) - 023141ae: Added a check at Search Server startup to delete compiled Drools records if they are invalid due to being compiled with an older version of Drools. (6-May-2024)
- ecb820c1: Fixed
NullPointerException
that can occur if attempting to save a sku option value usingSkuOptionService#add(SkuOptionValue)
. (5-May-2024) - ce5b8dcd: Updated PostgreSQL
reset-db
behaviour to avoid dropping the user and all related objects, and allow multiple schemas to be created on the same database. (2-May-2024) - a37ea053: Changed
ep-test-application
dependencies to test scope to ensure that test artifacts don't end up in the compiled WAR files. (29-Apr-2024) - 899cb414: Refactored
core-changelog-2021-01-data-fields-as-json-clob.xml
to make it run 20-30X faster on PostgreSQL databases. (26-Apr-2024) - 0fd32ab9: Fixed issue with reset-db operation on PostgreSQL if
epdb.schemaname
is set to a value with uppercase characters. (26-Apr-2024) - 13d73495: Fix to ensure that services connect to the correct PostgreSQL schema when a non-public schema is used. (26-Apr-2024)
- d0de788f: Migrated fusesource mqtt-client 1.3 to activemq-mqtt 5.17.6 to address CVE-2019-0222. (17-Apr-2024)
- 45552367: Upgraded hibernate-validator from 6.0.20.Final to 6.2.0.Final to address CVE-2023-1932. (17-Apr-2024)
- d5dafd32: Fixed issue with promotion rules never executing in Cortex if the compiled rules don't exist in the database on the first attempt to load them. (15-Apr-2024)
- aa7da634: Fixed exception handling around attribute value types. (15-Apr-2024)
- c4a9bcef: Build stability improvements. (12-Apr-2024)
- 3500fe1f: Modified default cache TTL for checking promotion updates from 60 minutes to 5 minutes so that promotion changes are reflected more quickly in Cortex. (12-Apr-2024)
- deda3ed4: Fixed fuzzy search functionality in Cortex item and offer keyword search. (11-Apr-2024)
- 628089bf: Added missing field types to SOLR sku schema to prevent exceptions that can cause a performance bottleneck during indexing. (10-Apr-2024)
- 7de51992: Fixed more issues with Helix exception handling where the stack trace can be lost. (10-Apr-2024)
- dc29f8c2: Fixed OSGi split package issue for
org.apache.commons.fileupload
packages. (9-Apr-2024) - 5a907f48: Build stability improvements. (8-Apr-2024)
- 83ebcbae: Added a 60-second cache around inventory lookups done by Cortex during
add-to-cart
operations andavailability
requests. The final inventory lookup at checkout is not cached. (5-Apr-2024) - 74a70bbc: Improved exception handing around customer creation logic to ensure that root cause is properly logged. (5-Apr-2024)
- 662b6187: Fixed Commerce Manager issue where scroll bar doesn't appear as expected after adding new promotion conditions or actions. (5-Apr-2024)
- fb571068: Excluded htrace-core4 from transient dependencies which contains vulnerable shaded copy of jackson-databind 2.4.0. (4-Apr-2024)
- 741e119f: Fixed issue with the ActiveMQ console showing an error when accessed on a local developer machine. (25-Mar-2024)
- ddd9d179: Modified PostgreSQL functionality to use
epdb.schemaname
parameter for schema name instead of using the default public schema name. (25-Mar-2024) - a651d73f: Additional performance improvement to avoid creating unnecessary shopper records when the
x-ep-account-shared-id
header is set in Cortex. (22-Mar-2024) - cb9dfbd7: Fixed potential race condition that can cause payment provider configuration property values to be returned as empty. (21-Mar-2024)
- f90147cb: Upgraded esapi from 2.5.2.0 to 2.5.3.1 to address WS-2023-0429. (20-Mar-2024)
- d3d1e69e: Performance improvement to avoid creating unnecessary shopper and shopping cart records when the
x-ep-account-shared-id
header is set in Cortex. (20-Mar-2024) - a25a01b2: Fix to allow orders in the
CREATED
state to be cancelled. (20-Mar-2024) - 1d58b063: Fixed potential race condition that can cause product/sku/category attribute values to be returned as empty. (18-Mar-2024)
- 6acc0149: Upgraded Tomcat version from 9.0.50 to 9.0.85 to address multiple vulnerabilities. (18-Mar-2024)
- dee2bbff: Upgraded javax.el from 3.0.0 to 3.0.4 to address CVE-2021-28170. (14-Mar-2024)
- 52197b94: Fixed issue where a selling context condition that uses "not matching" or "not containing" incorrectly evaluated to false if the key was not present in the tagset. (13-Mar-2024)
- 8bb22c1a: If order hold resolution fails due to a locked order, process will now retry automatically. (13-Mar-2024)
- 8761aa2c: Fixed issue with the
ext-cm-libs
bundle being unable to accessep-settings
classes. (12-Mar-2024) - cbb71b34: Upgraded postgresql from 42.4.3 to 42.4.4 to address CVE-2024-1597. (12-Mar-2024)
- 7f3683b3: Upgrade Drools from 7.6 to 7.74.1 to address CVE-2022-1415. (7-Mar-2024)
- ad771627: Migrated jstl 1.1.2 and 1.2 to taglibs-standard-impl 1.2.3 to address CVE-2015-0254. (7-Mar-2024)
- 8ab23294: Fix to prevent inventory lookup for all skus in a multi-sku product when checking inventory for a single sku. (7-Mar-2024)
- ab07794f: Fixed intermittent failure in the
AccessTokenDtoTransformerTest.testTransformToOAuth2AccessToken
unit test. (6-Mar-2024) - 10337607: Refactored
InventoryFlowServiceImpl
so that product skus are passed as parameters and unnecessary database lookups can be avoided. (5-Mar-2024) - e86b5b0e: Removed nekohtml dependency to address CVE-2022-29546, CVE-2022-28366, and CVE-2022-24839. (1-Mar-2024)
- 68b926df: Disabled JMX for Cortex and Integration Server in Cucumber tests to avoid port conflicts. (1-Mar-2024)
- 55fafc80: Upgraded Apache Shiro from 1.12.0 to 1.13.0 to address CVE-2023-46749. (27-Feb-2024)
- 6172a5ab: Upgraded json-path from 2.6.0 to 2.9.0 to address CVE-2023-51074. (22-Feb-2024)
- 230acb87: Upgraded poi from 4.0.1 to 4.1.1 to address CVE-2019-12415. (21-Feb-2024)
- 7b154c38: Upgraded antisamy from 1.7.4 to 1.7.5 to address CVE-2024-23635. (21-Feb-2024)
- 8fc7eeaa: Upgraded wiremock from 2.23.2 to 2.27.2 to address CVE-2021-23369. (19-Feb-2024)
- 9c9bfb68: Upgraded commons-net to version 3.9.0 to address CVE-2021-37533. (19-Feb-2024)
- bb856c54: Upgraded commons-configuration2 from version 2.1.1 to 2.8.0. (19-Feb-2024)
- 164a7186: Upgrade htmlunit from 3.0.0 to 3.9.0 to address CVE-2023-49093. (15-Feb-2024)
- 7255ae6b: Upgraded htmlunit from 2.70.0 to 3.0.0 to address CVE-2023-26119. (15-Feb-2024)
- 65dd08ae: Updated failsafe plugin to use alphabetical ordering instead of default filesystem ordering. (13-Feb-2024)
- 8bdbdb97: Upgraded logback from version 1.2.10 to 1.2.13 to address vulnerability CVE-2023-6481. (12-Feb-2024)
- 18062f81: Upgraded ant from 1.7.1 to 1.10.14 to address CVE-2020-11979. (12-Feb-2024)
- 7583b84d: Upgraded junit from 4.12 to 4.13.1 to address CVE-2020-15250. (12-Feb-2024)
- 347cc0a8: Upgraded postgresql from 42.4.1 to 42.4.3 to address CVE-2022-41946. (12-Feb-2024)
- f79220d3: Upgraded postgresql from 42.3.3 to 42.4.1 to address CVE-2022-31197. (9-Feb-2024)
- a8ab13df: Improved JMS-related test reliability. (8-Feb-2024)
- 419dd8e5: Removed
ops-spec.json
so that the CloudOps fallbackops-spec.json
will be used. (8-Feb-2024) - 614d6f56: Upgraded xerces from 2.12.0 to 2.12.2 to address CVE-2022-23437. (7-Feb-2024)
- 01f5a7f7: Fix for race condition that can occur if a user posts multiple requests to the registration form concurrently. This change ensures that only a single authentication record is created in this circumstance. (7-Feb-2024)
- cd1d892d: Upgraded jsoup from 1.14.2 to 1.15.3 to address CVE-2022-36033. (7-Feb-2024)
- ec8abc80: Upgraded protobuf-java from 3.11.0 to 3.16.3 to address CVE-2022-3509 and CVE-2022-3171. (7-Feb-2024)
- 5d0d8219: Upgraded jsoup from 1.8.3 to 1.14.2 to address CVE-2021-37714. (7-Feb-2024)
- 0a463159: Fix to avoid JMX "port in use" conflicts in cargo with multi-threaded builds. (7-Feb-2024)
- bfe3c581: Upgraded mysql-connector-java from 8.0.30 to 8.2.0 to address vulnerability CVE-2023-22102. (6-Feb-2024)
- f5a95416: Modified quoted search behaviour to match on the complete phrase when searching for products and skus in Commerce Manager. (29-Jan-2024)
- 25b85f93: Upgraded antisamy from 1.6.7 to 1.7.4 to address CVE-2023-43643. (29-Jan-2024)
- e71a586e: Upgraded jackson-databind from 2.13.4 to 2.16.1 to address CVE-2022-42003. (26-Jan-2024)
- 2d4f447e: Resolved "Unable to find [appName]" error during Cortex startup. (26-Jan-2024)
- b2c24cb9: Remove dependency on
ext-commerce-engine-wrapper
bundle fromep-jms
bundle to prevent possible bidirectional dependency. (17-Jan-2024) - 8dee502b: Optimization to eliminate unnecessary TSHOPPINGITEMRECURRINGPRICE queries when a shopping cart is retrieved. (16-Jan-2024)
- 5376d1d9: Optimization to eliminate unnecessary queries to update cart item last modified date when a shopping cart is persisted. (11-Jan-2024)
- 4fd826c4: Fixed issue with ESAPI bundle startup after upgrading ESAPI from 2.4.0.0 to 2.5.2.0. (9-Jan-2024)
- b1d88989: Changed
sortattributes
link to static instead of conditional to remove unnecessary extra product search when using theoffersearch
resource. (12-Dec-2023) - fbf76cf4: Added null check in
SolrQueryFactory
to avoidNullPointerException
if an expected attribute key does not exist. (11-Dec-2023) - 073624a4: Fixed Cucumber tests that fail if test run order is changed. (11-Dec-2023)
- 7c8eafbf: Updated
individual-settings.xml
to use secure Nexus URLs. (11-Dec-2023) - b471112a: Upgraded ESAPI from 2.4.0.0 to 2.5.2.0 to address WS-2023-0388. (7-Dec-2023)
- 43bfb47c: Upgraded shiro-core from 1.9.1 to 1.12.0 to address CVE-2023-34478. (1-Dec-2023)
- 39c9fb26: Fixed product lookup cache population bug that can lead to unnecessary database queries. (29-Nov-2023)
- c51788ab: Fixed issues with Helix exception handling where the stack trace can be lost and the reference number shown to the user doesn't match the logged reference number. (29-Nov-2023)
- 90a974aa: Fixed Cortex permission error that can occur if
x-ep-account-shared-id
header is set when reading accounts associated to the current user. (29-Nov-2023) - 286382de: Fixed issue that can cause Query Analyzer to fail if default encoding type is not set to
UTF-8
. (27-Nov-2023) - b5a31794: Upgraded Jersey version from 2.27 to 2.40 in
api-platform
to matchep-commerce
version. (24-Nov-2023) - a93b3c4a: Upgraded ESAPI from 2.3.0.0 to 2.4.0.0 to address CVE-2022-28366 and CVE-2022-29546. (23-Nov-2023)
- b3cfcc98: Fix for
NullPointerException
that can occur if looking up a non-existent category GUID withCategoryLookup#findByGuid
. (23-Nov-2023) - 68267091: Upgraded guava from 31.1-jre to 32.0.1-jre to address CVE-2023-2976. (22-Nov-2023)
- bf057b9f: Fix for intermittent failure in "Payment Configuration" tests. (21-Nov-2023)
- eeb9f4ae: Added non-null constraint on customer authentication username field. (20-Nov-2023)
- 66f95350: Fixed Cortex server error that occurs when reading applied promotions on a shopping cart where one or more line items has no price. (20-Nov-2023)
- fb9b2999: Performance improvement to eliminate duplicate shopper and customer queries when zooming into
wishlistmembership
link. (17-Nov-2023) - 24b25405: Removed reference to spring-security-oauth2 in
ext-cortex-webapp
pom.xml
. (17-Nov-2023) - df171005: Upgraded pf4j from 3.6.0 to 3.10.0 to address CVE-2023-40828. (15-Nov-2023)
- 793e97f4: Fix for error that can appear when doing search operations in Commerce Manager if the
COMMERCE/SEARCH/boosts
system configuration setting is specified. (10-Nov-2023) - cd4701d3: Updated catalog syndication projection rebuild process to better utilize Spring Batch and avoid long database record locks. (9-Nov-2023)
- d3059141: Replaced legacy SOLR
LRUCache
withCaffeineCache
. (8-Nov-2023) - 28d6acda: Upgraded json from 20220924 to 20231013 to address CVE-2023-5072. (8-Nov-2023)
- 3c7df5fe: Upgraded velocity from version 1.6.2 to 2.3 to address CVE-2020-13936. (8-Nov-2023)
- a2575a69: Upgraded ActiveMQ from 5.16.4 to 5.16.7 to address CVE-2023-46604 (8-Nov-2023)
- 2a4e6ce2: Improved how
ClasspathResourceLoader
is initialized to prevent a possible memory leak related to Velocity email rendering. (8-Nov-2023) - 58ffdce1: Fixed a failure in the
wishlistmembership
resource if a wish list contains the same product sku more than once. (8-Nov-2023) - c3ad5f57: Upgraded shiro-core from version 1.8.0 to 1.9.1 to address CVE-2022-32532. (7-Nov-2023)
- 08c3cbe8: Modified the handling of email localized property values so that properties that are explicitly set to empty string result in an empty string being used as the value. (7-Nov-2023)
- 9cb7fab9: Upgraded jackson-databind from 2.12.7 to 2.13.4. (7-Nov-2023)
- 6fc85581: Modified the behaviour of data cleanup jobs to process at most X records per scheduled execution. The value of X is defined by the associated
COMMERCE/SYSTEM/{batch job name}/batchsize
system configuration setting. (7-Nov-2023) - 72b28cdd: Upgraded commons-fileupload from 1.4 to 1.5 to address CVE-2023-24998. (6-Nov-2023)
- aead58c2: Upgraded json-smart from 2.4.7 to 2.4.10 to address CVE-2023-1370. (6-Nov-2023)
- 63261447: Upgraded xstream from 1.4.19 to 1.4.20 to address CVE-2022-41966. (6-Nov-2023)
- 97977f00: Fixed issue with PostgreSQL initialization scripts to ensure that they don't attempt to drop and recreate high-privilege user. (16-Oct-2023)
- 9965f09d: Fixed PostgreSQL initialization scripts so that they work properly when a low-privilege database user is specified in the
data.population.username
data population parameter. (16-Oct-2023) - 970f80f1: Fixed issue with selected disabled radio buttons and checkboxes being invisible on the shopping cart promotion wizard. (6-Oct-2023)
- 2274b653: Fixed issue where buyer admins can see customers from other stores when associating buyers to an account. (6-Oct-2023)
- e77cde68: Added an expiry to all messages sent to ActiveMQ to ensure that the message broker file system is not filled up with unconsumed messages. (2-Oct-2023)
- 2efcf827: Added ability to use quotes to request an exact match on each individual word when searching for products and skus in Commerce Manager. (28-Sep-2023)
- f26b7c52: Added a Liquibase custom change class for adding new setting definitions and setting values. (27-Sep-2023)
- 5929a39d: Fixed issue with customer CSV imports still treating shared ID as case-sensitive. (26-Sep-2023)
- b53a7c0f: Fix for localization issue on gift certificate emails. (26-Sep-2023)
- 7dc36fc2: Removed unnecessary smallint type alteration in the PostgreSQL initialization scripts. (18-Sep-2023)
- cb64145a: Added
Vary
header to Cortex response to prevent browser cache issues. (18-Sep-2023) - 1c9f5fdb: Fixed issue where price list drop-down in Commerce Manager product editor was empty unless user had access to all catalogs. (15-Sep-2023)
- 957d0590: Fix for health check failure that occurs when running behind a load balancer. (14-Sep-2023)
- c476c0c7: Fixed issue where physical product inventory was not properly released if an order failed. (13-Sep-2023)
- fabf5874: Fix for Operational Insights "tomcat-*" fields returning values for the health check connector instead of the primary connector. (13-Sep-2023)
- 4a9b63ac: Fixed issues in
set-ep-versions.sh
script and Maven settings used for builds. (12-Sep-2023) - 32bae214: Fixed issue with offer price range not including bundle price adjustments. (11-Sep-2023)
- 9ff72ab5: Added non-null constraint to
TCUSTOMERAUTHENTICATION.USERNAME
to ensure that invalid customer authentication records are not created. (11-Sep-2023) - f5c2c0a1: Fix for "Parent cannot be changed on an existing customer record" error when importing customers. (11-Sep-2023)
- 48f41875: Fixed Commerce Manager issue with sorting accounts by business number where duplicate records were appearing. (7-Sep-2023)
- e944f8e5: Improved Liquibase changeset
2023-06-build-status-unique-index
to ensure that duplicate records are cleaned up before adding the unique constraint. (6-Sep-2023) - 89270495: Fixed an issue where a large number of queries were being executed to retrieve customer, product, product sku, and category attribute values. (4-Sep-2023)
- ad8f32e6: Fixed Cortex memory leak that can occur if a resource repeatedly throws exceptions. (4-Sep-2023)
- 4422a3d1: Added
ops-spec.json
file to describe external dependency requirements for this version of EPC. Correction to previous commit. (31-Aug-2023) - e2540720: Fix for logged Correlation ID value that is incorrect for requests to OAuth endpoints. (31-Aug-2023)
- 1e4131b7: Modified the "items in shopping cart" promotion conditions to ignore cart items that were added by promotions. (25-Aug-2023)
- d536a46c: Added
ops-spec.json
file to describe external dependency requirements for this version of EPC. (25-Aug-2023) - 2d55824c: Fixed bug in
verifyDebugMessage
method used by Cucumber tests. (24-Aug-2023) - 4e2fe696: Fixed several coupon-related named queries that were using the unindexed
coupon_code
field instead of the indexedcoupon_code_upper
field, leading to table scans. (24-Aug-2023) - 455cae0a: Fixed a potential race condition in
CachedSettingsReaderImpl
that can cause errors during Cortex startup. (16-Aug-2023) - 22543793: Standardized Cucumber test configuration across modules. (10-Aug-2023)
- c39e8974: Performance improvement for selling context evaluation that replaces the Groovy implementation for a faster Java equivalent. (28-Jul-2023)
- a7e4218c: Fixed an issue where a
NullPointerException
can occur when deleting a cart line item that triggered a free item promotion. (27-Jul-2023) - b5f38b25: Added caching for product association lookups to improve performance. (20-Jul-2023)
- f5f03491: Changed Cortex database connection pool max size from 150 to 250 to ensure that it matches the default Tomcat max thread pool. (19-Jul-2023)
- 9c8bf2ea: List of classes defined in
auditableClasses
now ensures that subclasses are also audited. (14-Jul-2023) - f647b125: Added unique constraint on
TINDEXBUILDSTATUS.INDEX_TYPE
to prevent search indexing errors due to invalid record duplication. (10-Jul-2023) - 1e16e03d: Added annotations to the code to suppress false positive SonarQube issues. (7-Jul-2023)
- 1440c274: Fixed issue where order context is not updated properly after being persisted by the order holds checkout action. (4-Jul-2023)
- a20d6b08: Fixed issue with Operational Insights not returning Tomcat metrics in deployed environments. (3-Jul-2023)
- 1a0b99af: Improvements to Operational Insights exception handling when an exception is thrown during cache inspection. (30-Jun-2023)
- 00881fa5: Added missing implementations for "not matching" and "not containing" selling context tag operators. (29-Jun-2023)
- c4715de6: Fix for potential "output value too large" error when running changeset
PB-8894-CLOB-order-data-oracle-mysql
on Oracle. (28-Jun-2023) - e649b476: Fixed an issue with Object Auditing where audit records show changes that were not applied with the same old and new value. (26-Jun-2023)
- 5e8cdd76: Fixed issue with editing promotions without shopper conditions that causes a selling context to be created and then immediately deleted in the database. (26-Jun-2023)
- 723832d5: Updated Cortex to automatically remove a bundle from the cart if it no longer matches the catalog definition of the bundle constituents. (16-Jun-2023)
- 0b6d7744: Fix for issue where a
NullPointerException
can occur when updating the quantity for a shopping cart line item with children. (16-Jun-2023) - 5a740ab6: Changed
serviceResponseWaitTime
query parameter to optional for Operational Insights REST API. (15-Jun-2023) - c6732398: Fixed
NoClassDefFoundError
that can occur when Operational Insights tries to determine cache sizes. (7-Jun-2023) - cd1361ce: Allow Operational Insights clients to override service response wait time by setting
serviceResponseWaitTime
query parameter. (7-Jun-2023) - 410081d5: Added ability to specify wildcard (*) character when searching for products and skus in Commerce Manager. (31-May-2023)
- 4f67a6ea: Added ability for business users to manually set shared ID when creating an account in Commerce Manager. (24-May-2023)
- 7ef0d45d: Fix for
encountered unmanaged object
error when publishing bundles with sku constituents through DST. (22-May-2023) - dd5b4e0f: Fix for broken backwards compatibility in Tax Calculation Extension Point. (22-May-2023)
- 4d537c96: Added missing indexes to
TLOCALIZEDPROPERTIES
table to improve performance. (19-May-2023) - 1350d7fe: Ensure that Cortex bundles are always loaded in the correct order to ensure that cache configuration is properly recognized. (19-May-2023)
- 122f2256: Added Import/Export validation check to prevent adding a category with a parent assigned to itself. (18-May-2023)
- a0cfe9fa: Refactored
core-changelog-2021-01-data-fields-as-json-clob.xml
to make it run 20-30X faster on MySQL and Oracle databases. (16-May-2023) - 7dbdd2bf: Fix for "invalid number" error that occurs on Oracle in the
2020-08-flatten-order-sku-tree-for-better-performance
changeset. (16-May-2023) - 3866f147: Refactored several EPC 8.0 upgrade Liquibase changesets to better handle large order volumes in the database. (8-May-2023)
- 75fb393e: Fix for
Can't DROP FK_OPAY_ORDER
error that can occur when migrating from EPC 7.6 to newer versions. (8-May-2023) - db675554: Fixed issue in which cart item modifiers are lost on dependent cart line items if the parent line item is updated. (27-Apr-2023)
- b6a4d18b: Fixed issue where shopping cart line items with children are not properly migrated when a customer logs in. (26-Apr-2023)
- 8ac3927c: Fixed store selector support in Tax Calculator extension point. (24-Apr-2023)
- 549fe0c3: Fix for
java.lang.IllegalStateException: Product futureProduct is not linked to any categories
error during search indexing. (21-Apr-2023) - 7e166c5e: Allow
additemstocartform
to be used to add items to cart with optional cart item modifiers. (18-Apr-2023) - b2ff2e14: Improvements to JWT token error logging and ensure that errors are returned as structured error messages. (18-Apr-2023)
- 1b174264: Avoid running
JWTTokenStrategy
when Authorization header contains an OAuth access token to improve performance. (17-Apr-2023) - fda4cdd6: Avoid loading OAuth token from the database during logout operations to improve performance. (17-Apr-2023)
- e877f8fc: Upgraded bootstrap from 3.3.5 to 3.4.1 and jQuery from 1.11.3 to 3.5.1 to address potential cross-site scripting vulnerabilities in Cortex Studio. (12-Apr-2023)
- eff3ac49: Modified how promotion and price list assignment start and end dates are stored to allow queries to easily exclude expired records. (4-Apr-2023)
- 827d2800: Fixed several Operational Insights metrics that were broken for customers using PostgreSQL. (28-Mar-2023)
- b75907e5: Improved Operational Insights error handling when hardware metrics calls generate a
NoClassDefFoundError
. (20-Mar-2023) - cbf513ee: Fixed potential
NullPointerException
when requesting Operational Insights report if no services respond with results. (20-Mar-2023) - 88b40814: Improved parallelization of Import/Export Cucumber tests to generate directories using a UUID instead of a sequential number to avoid potential conflicts. (5-Mar-2023)
- 2d9aa0e9: Performance improvement which replaces full product lookup with simple query when only product sku guid to product sku code conversion is needed. (14-Feb-2023)
- 5c033334: Resolved local Cortex startup warning
The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or ""
. (9-Feb-2023) - 7910c054: Reduced the amount of logging produced when running Selenium tests. (8-Feb-2023)
- 5acbde0a: Fix for intermittent test failures in
PaymentConfigurations
Cucumber tests. (8-Feb-2023) - 531d90e0: Fixed issue with changeset list resetting to page one when locking or publishing changesets. (7-Feb-2023)
- 5e090d91: Fixed issue where a free item is not automatically removed if the promotion becomes ineligible. (7-Feb-2023)
- 65a2ee95: Added
@SupportsMultiplePartialCharges
annotation that allows payment plugins to indicate if the payment gateway supports multiple partial captures against a single pre-auth. (7-Feb-2023) - 97b24cf8: Added support for
quartz.timezone
JVM parameter in Batch Server to define the timezone used by Quartz jobs. (7-Feb-2023) - 068b1dac: Added support for
format=nolinks
query parameter in Cortex to prevent unnecessary conditional link evaluation. (6-Feb-2023) - fa0b2439: Fix for intermittent Selenium test failures due to thread safety issues. (30-Jan-2023)
- 1c0ab0ea: Fixed issues with the
skuOptions
andmodifierGroups
options in the product type load tuner. (27-Jan-2023) - 68311c24: Fix for "Device is disposed" error in Commerce Manager. (26-Jan-2023)
- a3565152: Fix for intermittent failure in "Import Data Policies with existing Data Policies" test. (26-Jan-2023)
- ef88b929: Fix SonarQube issues introduced by the Tax Calculator extension point. (25-Jan-2023)
- f53c1a76: Fix for potential deadlocks on shopping cart last modified date updates. (24-Jan-2023)
- a1c4573b: Fixed ability to run Cucumber integration tests on Windows developer machines. (24-Jan-2023)
- a87a3c1e: Modified Product Association export mechanism to significantly improve performance. (17-Jan-2023)
- d5035ba6: Fix for
NoClassDefFoundError: org/slf4j/IMarkerFactory
error when the first Cortex request is received. (17-Jan-2023) - 58321249: Added additional address data point fields and a new
CUSTOMER_ALL_ADDRESSES
data point location for data protection. (16-Jan-2023) - ab9ab14e: Fixed issue with empty facet name when assigning available facets to a store in Commerce Manager. (10-Jan-2023)
- e83b4834: Fixed incorrect logging of successful / skipped messages in batch jobs after failure. (9-Jan-2023)
- 4ba0e874: Fixed
NullPointerException
that can occur when updating a shopping cart line item quantity if the line item has a non-bundle-constituent child. (9-Jan-2023) - 1ea05359: Wherever an order is marked failed, there should always be a reason added as an order note. (5-Jan-2023)
- a7023d48: Returned default JMS max active session per connection size back to 25. (16-Dec-2022)
- 5e5626fc: Upgraded
ehcache-openjpa
from version 0.2.0 to 0.2.0-ep1.0 to address potentialConcurrentModificationException
. (15-Dec-2022) - d5586a3a: Removed problematic and unnecessary
ep-core-cucumber-itests
module. (15-Dec-2022) - 3e23abbd: Fix for intermittent "Create category in existing category" selenium test failure. (15-Dec-2022)
- 0466e9e2: Refactored
TaxCalculatorXPFBridge
so it adheres to best practices. (8-Dec-2022) - bf20745d: Addressed XML parse warning in search server logs during startup on local developer machines. (7-Dec-2022)
- 3dfa3560: Limited orders list to 25 on customer record in Commerce Manager to prevent slowness when accessing that tab for customers with many orders. (6-Dec-2022)
- 9b9df078: Addressed
api-platform
build issue on M1 MacBooks. (5-Dec-2022) - d42065eb: Include all caches in Operational Insights API response, instead of just select caches. (29-Nov-2022)
- 17e2fd98: Upgraded
hibernate-validator
from version 5.4.3.Final to 6.0.20.Final to address CVE-2020-10693. (25-Nov-2022) - 6fa45112: Added caching to the
isInCategory
method to improve performance of promotions and price lists that are conditional on a product being in a category. (25-Nov-2022) - 977f88b9: Added caching of payment provider configurations to improve performance. (24-Nov-2022)
- f090f119: Upgraded
groovy-all
from version 2.4.15 to 2.4.21 to address CVE-2020-17521. (23-Nov-2022) - e238fff6: Fixed an issue where a free item promotion triggered by a coupon was not activated. (23-Nov-2022)
- 37263ca5: Fixed error in JWT authentication if token does not contain either sub or account. (16-Nov-2022)
- ffbc03e2: Upgraded
ESAPI
from version 2.1.0.1 to 2.3.0.0 to resolve CVE-2022-23457. (15-Nov-2022) - 1fbc1f37: Fix for search server race condition that can prevent indexes from building. (15-Nov-2022)
- 0df22379: Changed log level in
PriceListPriceScoreDocComparator
to prevent logs from being flooded during search indexing. (15-Nov-2022) - 379fed99: Removed duplicate "Assign Customer Segments" permission appearing in Commerce Manager. (14-Nov-2022)
- 04004932: Upgraded
httpclient
from version 4.5.5 to 4.5.13 to resolve CVE-2020-13956. (11-Nov-2022) - 4305e9c4: Upgraded
mybatis
from version 3.2.3 to 3.5.11 to resolve CVE-2020-26945. (10-Nov-2022) - d42b5d95: Upgraded
spring-security-oauth2
from 2.3.8.RELEASE to 2.5.2.RELEASE to resolve CVE-2022-22969. (10-Nov-2022) - f9f98925: Modified
EpEmailValidator
to accept empty values to be consistent with other validators. (8-Nov-2022) - 9208c034: Upgraded
json-path
from version 2.4.0 to 2.6.0. (7-Nov-2022) - e6ef87a6: Upgraded
jdom
from version 1.1.3 to 2.0.6.1. (7-Nov-2022) - 6ec94a6a: Fix to populate the cart item modifier fields in the
OrderSkuDTO
object that is passed to payment plugins. (3-Nov-2022) - 4cb673a0: When checking out a cart that contains a coupon that has run out of uses, block checkout instead of removing the coupon code automatically. (31-Oct-2022)
- b37bae0c: Upgraded
xstream
version from 1.4.18 to 1.4.19 to address CVE-2021-43859. (31-Oct-2022) - 0c6b1472: Upgraded
mysql-connector-java
version from 8.0.25 to 8.0.30. (31-Oct-2022) - 4745dbd0: Upgraded
json
library version from 20170516 to 20220924. (28-Oct-2022) - 2d58ed72: Added a timeout on Helix resource operations to ensure that stuck threads are released. Timeout defaults to 30 secs but can be overridden with
relos.prototype.operation.timeout
JVM parameter. (27-Oct-2022) - 5485b8df: Returned default JMS connection pool size back to 25. (27-Oct-2022)
- 4908ca6b: Fixed issue preventing email notifications from being sent when a changeset publish completes. (25-Oct-2022)
- eda7c53a: Upgraded
commons-text
from version 1.9 to 1.10 to address CVE-2022-42889. (24-Oct-2022) - 24f966c5: Upgraded
logback
andslf4j
versions inapi-platform
so they matchep-commerce
. (21-Oct-2022) - aa352e18: Fixed issue where cart item modifier fields were sometimes immutable, preventing customizations from modifying them. (20-Oct-2022)
- 7c52313a: Replaced
libsass-maven-plugin
to resolve build errors on Mac M1 machines. (19-Oct-2022) - a64b23ef: Upgraded
commons-validator
from version 1.6 to 1.7. This allows Cortex to recognize recent new DNS top-level domains when validating email addresses. (18-Oct-2022) - d750c7eb: Changed customer shared ID to be case insensitive on PostgreSQL and Oracle to match MySQL behaviour. (17-Oct-2022)
- fd625832: Added a
customData
map to all Extension Point Framework entity and context classes to allow project teams to pass custom data through these classes with limited code changes. (14-Oct-2022) - beb65dca: Removed
UPPER
from all queries involving store code. (7-Oct-2022) - 43dd05df: Removed the failover protocol from the JMS broker URL in accordance with our policy of discouraging use of ActiveMQ high availability mode. (6-Oct-2022)
- c3a28994: Modified Commerce Manager product and category display name localization so that only intentionally specified values are displayed and saved. (5-Oct-2022)
- a6eb6621: Improved performance of case-insensitive queries involving store code. (5-Oct-2022)
- 1d6aa8bc: Modified Oracle connection defaults so it uses service names instead of SIDs and supports PDBs. (4-Oct-2022)
- 9d442ff1: Improvements to Selenium test suite run time. (27-Sep-2022)
- 04c91f77: Fixed an issue where a promotion is returned in
appliedPromotions
to more line items than expected. (26-Sep-2022) - 7bb5d9cd: Removed all Direct Web Remoting library dependencies. (21-Sep-2022)
- 5c3ec7b7: When importing a product with localized attribute values that already exist, attempting to set a more specific attribute value locale incorrectly updated the "broader" locale value. (21-Sep-2022)
- e65c1dd6: Updated Maven Minimal configuration so that changes to
ext-cm-libs
trigger the correct subprojects. (20-Sep-2022) - e5741972: Fixed issue with product not being automatically added to cart by free item promotion action. (19-Sep-2022)
- cad0ebfe: Fixed issue where promotion date range was being checked using application timezone instead of database timezone. (16-Sep-2022)
- 9413b995: Build stability improvements. (8-Sep-2022)
- 6ee848d7: Refactored additional logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging). (7-Sep-2022)
- fbfc1a2c: Corrected the location of the
purchase-order-plugin
in the Integration webapppom.xml
. (2-Sep-2022) - 5ca6be6d: Separated indexing pipelines by type to ensure that long queues in one pipeline doesn't delay indexing in another. (1-Sep-2022)
- 1bd450f5: Upgraded antisamy from version 1.5.8 to 1.6.7. (30-Aug-2022)
- e735dc0a: Upgraded Jackson from version 2.12.3 to 2.12.7 to address jackson-databind security vulnerability. (25-Aug-2022)
- ccb253b2: Disabled an intermittently failing Selenium test. (24-Aug-2022)
- 849d7eeb: Disabled an intermittently failing Selenium test. (24-Aug-2022)
- d1163749: Upgraded guava from version 24.1.1-jre to 31.1-jre. (22-Aug-2022)
- 6a4e37e5: Removed duplicate database indexes from the
TORDERADDRESS
table. (18-Aug-2022) - 0673d053: Removed Product Recommendations job to avoid
OptimisticLockingException
s in DST. (18-Aug-2022) - d2db7aae: Removed checksum validation from
2021-09-create-FK-indices-for-8.0
changeset due to required changes in earlier versions. (18-Aug-2022) - ccfa7ba1: Fixed content root error appearing in IntelliJ for some modules. (17-Aug-2022)
- a2fc287c: Fixed issue with payment framework charges that could cause a successful operation to be treated as a failure, and retried. (17-Aug-2022)
- 72f5a1f0: Updated Catalog Syndication projection builder to ensure that projection and projection history records are persisted in separate transactions to prevent deadlocks. (16-Aug-2022)
- d25730d1: Replaced the single-threaded
taskExecutor
used by theblueprint-extender
with a configurableThreadPoolTaskExecutor
version. This allows the extender to work in parallel on the bundles resulting in faster Cortex boot time. (7-Aug-2022) - bceec926: Reduce maximum default product cache size to avoid out of memory issues with larger catalogs. (5-Aug-2022)
- 3fc54097: Use embedded web server to reliably serve test mail attachment for Cucumber
emailFileAttachments.feature
. (5-Aug-2022) - 35b32938: Disabled checksum validation on the
SUP-1020-customer-search-fields-case-insensitive
changeset to account for required changes in backports to earlier versions. (19-Jul-2022) - a6b5707f: Changed
DBSettingValueRetrievalStrategy
so dependencies are more explicit to prevent failures if extensions create a circular dependency. (13-Jul-2022) - e18d3f39: Extracted portions of changeset
2020-08-purge-expired-failed-orders-job-recreate-FKs-with-cascade-delete
into separate changesets that are only executed if theTORDERDATA
andTORDERITEMDATA
tables exist, since they are removed by another patch. (12-Jul-2022)
Changelog Announcements
Refactored core-changelog-2021-01-data-fields-as-json-clob.xml to make it run 20-30X faster on MySQL and Oracle databases
The changesets in the core-changelog-2021-01-data-fields-as-json-clob.xml
Liquibase file that are used as part of the EPC 8.1 upgrade have been refactored to allow it to upgrade the schema much more quickly on MySQL and Oracle databases. This was done by taking advantage of the JSON_OBJECTAGG
function which serializes JSON within the database. However, this function was only added to MySQL in version 5.7.22, so project teams using MySQL must upgrade to at least MySQL RDS version 5.7.22 or MySQL Aurora version 5.7.mysql_aurora.2.11.2 before applying this patch.
Modified how promotion and price list assignment start and end dates are stored to allow queries to easily exclude expired records
The "Time Conditions" editor has been removed from the Shopping Cart promotions wizard and editor. Now the enable and expiration dates for Shopping Cart promotions appear on the summary tab (or first page of the wizard) consistently with catalog promotions.
This patch includes a Liquibase changeset that will migrate existing start and end dates to the new fields.
8.4.0
Released: July 2022
Release highlights
Correlation ID Support
We now support the ability to pass an identifier to our Cortex and Integration Server APIs, which will be included in all logs related to that request. The correlation ID will also flow through to all corresponding asynchronous tasks.
For example, if a correlation ID is passed to the Cortex request that initiates a purchase, all asynchronous checkout events that are executed on the Integration Server will also have the same correlation ID. The correlation ID is exchanged between these services as part of the domain event message that is sent through JMS.
Both Cortex and the Integration Server REST APIs will accept an x-correlation-id
header as part of the requests. If present, the correlation ID will appear in the fourth log column, as shown in the example below:
2022-05-17T13:23:41,051-02:30 | INFO | EP-Integration | correlationIdTest | Camel (ep-order-email-handler) thread #31 - JmsConsumer[Consumer.orderCancelledEmailHandler.VirtualTopic.ep.orders] | org.apache.camel.processor.interceptor.Tracer.log(CamelLogger.java:159) | Test log message
Extensions can also access the correlation ID if it needs to be passed to downstream services.
For more information, see X-Correlation-Id and Extension Point Framework Correlation ID.
Payment instrument data cleanup jobs
Three new data cleanup jobs have been created to remove old and unused payment instruments from the database.
cleanupOrphanedOrderPaymentGuidsJob
searches for order payment records on orders older than a configured age, and sets the payment instrument GUID reference to null (UPDATE TORDERPAYMENT SET PAYMENT_INSTRUMENT_GUID = null WHERE UIDPK IN <list>
). This reference is only used for showing the "display name" (usually last 4 digits of the card number) when viewing order history in Commerce Manager. This job runs once per day at midnight, if enabled. This job is configured by the following system configuration settings:
COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/enable
controls whether this job is enabled. Defaults to false.COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/maxHistory
controls how many days old an order should be before its order payment references to payment instruments should be cleared. Defaults to 365.COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/batchSize
controls the maximum number of records that should be processed in each job execution.
cleanupOrphanedOrderPaymentInstrumentsJob
deletes order payment instrument records on orders older than a configured age (DELETE TORDERPAYMENTINSTRUMENT WHERE UIDPK IN <list>
). These records are only needed for operations that require doing a payment reservation using the existing payment method, such as order modification. This job runs once per day at midnight, if enabled. This job is configured by the following system configuration settings:
COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/enable
controls whether this job is enabled. Defaults to false.COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/maxHistory
controls how many days old an order should be before its order payment references to payment instruments should be cleared. Defaults to 365.COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/batchSize
controls the maximum number of records that should be processed in each job execution.
cleanupOrphanedPaymentInstrumentsJob
deletes payment instrument records that are orphaned (have no incoming references from TORDERPAYMENTINSTRUMENT
, TORDERPAYMENT
, TCARTORDERPAYMENTINSTRUMENT
, and TCUSTOMERPAYMENTINSTRUMENT
). This job runs once per day at midnight, and is always enabled. This job is configured by the following system configuration settings:
COMMERCE/SYSTEM/PAYMENTINSTRUMENTCLEANUP/batchSize
controls the maximum number of records that should be processed in each job execution.
Changeset data cleanup job
A new cleanup job has been created to cleanup old changesets from an author environment.
cleanupChangesetsJob
deletes changesets that are in the FINALIZED
state and published more than a configured number of days ago. This job runs once per day at midnight, if enabled. This job is configured by the following system configuration settings:
COMMERCE/SYSTEM/CHANGESETCLEANUP/enable
controls whether this job is enabled. Defaults to false.COMMERCE/SYSTEM/CHANGESETCLEANUP/maxHistory
controls the minimum number of days to consider a changeset since it was published. Defaults to 60.COMMERCE/SYSTEM/CHANGESETCLEANUP/batchSize
controls the maximum number of records that should be processed in each job execution.
Core request-scoped caching
Currently, Elastic Path Commerce employs two major caching approaches:
- Long-term: Application Caching using EhCache
- Short-term: Cortex Request-Scoped Caching
While both caches solve the major bottleneck related to excessive database calls, the major challenge of handling transactional entities (e.g. carts, orders, shoppers etc) still exists.
To solve this issue, a new request-scoped cache has been developed to cache JPA named query execution. This cache is enabled in Cortex, Search Server, and Integration Server. Entries in the cache only last for the duration of a "request", usually meaning a single API request. For that reason, it has a small memory footprint, and adds no risk of "dirty reads" after database modifications.
This cache has been named Core Request-Scoped Caching or CRSC
for short. For more information, see Core Request-Scoped Caching.
Enabled Application Caching in Search Server and Integration Server
Until now, Application Caching using EhCache was only enabled for Cortex and the Import/Export tool. Now we’ve also enabled application caching for the Search Server and Integration Server. This significantly improves the performance of search indexing, asynchronous checkout operations, and Integration Server APIs.
With the application cache enabled in Search Server, the number of queries required to index the mobee
test store was reduced from ~400,000 to ~50,000.
note
This change can cause some services to return dirty reads; in other words, if a cached result is returned then it might be an out-of-date representation of the object. If certain customizations are sensitive to dirty reads, you can reference the non-caching versions by adding nonCaching
prefix to the reference in your service bean definition. For example, references to the storeService
bean can be changed to nonCachingStoreService
. You can also completely disable application caching for a service by setting the -Dnet.sf.ehcache.disabled=true
JVM parameter.
For more information, see Application Caching using EhCache.
System requirements and compatibility
Elastic Path Commerce 8.4.0
is compatible with the following Elastic Path releases:
Elastic Path Component | Compatibility |
---|---|
Extension Point Framework | Extension Point Framework compatibility matrix |
CloudOps for Kubernetes | CloudOps for Kubernetes compatibility matrix |
For more information, see Supported Technologies.
New in this release
In addition to the Release Highlights, this release contains the following updates:
Allow Batch Server to determine database type automatically
In prior versions, the Spring Batch framework used within the Batch Server required that the following JVM parameters be specified if using any database engine except MySQL:
-Dep.catalog.batch.database.create.script=
-Dep.catalog.batch.database.drop.script=
Now these JVM parameters are no longer required, and the Batch Server will determine the database type automatically.
dependentelement
for modifier fields
The modifier group importer now supports When importing modifier groups through Import/Export, there was no way to remove existing modifier fields from an existing modifier group.
To support this, the importconfiguration.xml
used by the Import/Export API, the Import/Export CLI, and data population now allows a dependentelement
to be defined for the MODIFIERGROUP
importer, as in the following example:
<importer type="MODIFIERGROUP">
<importstrategy>INSERT_OR_UPDATE</importstrategy>
<dependentelements>
<dependentelement type="MODIFIER_FIELDS">CLEAR_COLLECTION</dependentelement>
</dependentelements>
</importer>
If not specified, the behaviour defaults to RETAIN_COLLECTION
, which is the same as the old behaviour. The Import/Export API has now been configured to use the CLEAR_COLLECTION
behaviour.
Added "identifier" Cortex link on user profile
The user profile resource now contains a new identifier
link that returns the shared ID of the currently logged-in user. This works the same way as the existing identifier
link on accounts.
Added security headers to Cortex responses
We have added several new headers to Cortex responses to improve security, in line with the recommendations provided by the Open Web Application Security Project Secure Headers Project.
Content-Security-Policy: default-src 'none'
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
For more information, see Cortex Response Headers.
Added new fields to Operational Insights API response
Some additional values to the Operational Insights API response, as shown below:
Added
configuration-->service-->operating-system-->os-lang
. This represents the Operating System default language. If this value is notUTF-8
, then Elastic Path services will have problems when reading certain files from the classpath.Added
configuration-->service-->jvm-->jvm-charset
. This represents the JVM default character set. If this value is not something ending with.UTF-8
, then Cortex will report severe symlink errors during startup.Added
commerce-ticker
. This is only contained in the response by adding azoom=commerce-ticker
query parameter to the request. It contains deteails that can be used for showing near-realtime metrics about purchases, grouped by store and currency. Example response:"commerce-ticker": { "last-minute": [ { "store-code": "MOBEE", "order-count": 1, "booked-revenue": 23.44, "currency-code": "CAD" } ], "since-midnight": [ { "store-code": "MOBEE", "order-count": 3, "booked-revenue": 174.1, "currency-code": "CAD" }, { "store-code": "KOBEE", "order-count": 1, "booked-revenue": 12.16, "currency-code": "CAD" } ] }
For more information, see Operational Insights API.
Refactored permission parameter strategy classes to improve Cortex authorization performance
The previous permission parameter strategy implementations needed to retrieve every possible identifier that a user is permitted to access so that Shiro knows if a user is an "owner". However, since Shiro is actually only validating a single resource with a known identifier, we have modified the implementation so that Cortex now passes the requested identifier to each permission parameter strategy, allowing for significantly more performant implementations.
Previously, permission parameter strategies extended AbstractCollectionValueStrategy
, which required implementing this method:
Collection<String> getParameterValues(PrincipalCollection principals);
Implementations of this method could only access the scope and user ID from the PrincipalCollection
, and would then need to return a collection of all identifiers that the user is allowed to access. This list could be quite large for scenarios like the purchases that a user has placed. Note that this approach is still supported, but the method above has been marked as deprecated.
As of Elastic Path Commerce 8.4, permission parameter strategies should extend AbstractOptimizedCollectionValueStrategy
, which requires implementing this method:
String getParameterValue(PrincipalCollection principals, String encodedResourceIdToVerify);
Implementations of this method need to decode the encodedResourceIdToVerify
, verify that the user is permitted to access the identified entity, and then return the URI-encoded identifier if permitted, or missing
if not. The code sample below shows an example of how this might be done:
@Override
protected String getParameterValue(final PrincipalCollection principals, final String encodedOrderNumberToVerify) {
String scope = PrincipalsUtil.getScope(principals);
final IdentifierTransformer<Identifier> identifierTransformer = identifierTransformerProvider.forUriPart(PurchaseIdentifier.PURCHASE_ID);
String orderNumberToVerify = decodeResourceId(identifierTransformer, encodedOrderNumberToVerify);
return repository.get()
.resourceExists(StringIdentifier.of(scope), orderNumberToVerify)
.map(resolvedPurchaseIdentifier -> identifierTransformer.identifierToUri(resolvedPurchaseIdentifier.getPurchaseId()))
.blockingGet();
}
Note that the repository class makes calls to the PermissionSupportRepositoryImpl
class for determining if a user is permitted to access a particular entity. The getResourceId
method returns the missing
string if access is denied.
Purchase order payment plugin now available by default
Elastic Path Commerce has had a dormant Purchase Order payment plugin in the source since version 8.0, but it was difficult to wire into the platform. This payment plugin is now wired in by default, and can be enabled by adding a payment configuration record through Commerce Manager or Import/Export, and associating it to one or more stores.
This payment plugin allows shoppers to place orders using a payment method that only requires a purchase order number to be specified.
Item keyword search functionality improved
Previously, when searching for items (product skus) using the keyword search functionality, Cortex would use the Product index for searching, and would only return a single result per-product: The default SKU. We have now changed this functionality so that Cortex searches for items using the product SKU index, and returns all matching SKUs.
For example, assume we have a catalog with a single product as follows:
- Product
Aliens Movie
, with attributeRuntime: 120
- SKU
Aliens DVD
, with attributeMedia: DVD
(Default SKU) - SKU
Aliens LaserDisc
, with attributeMedia: LaserDisc
- SKU
Before this change, searching for Aliens Movie
or 120
would return a single result: Aliens DVD
. Searching for "LaserDisc" would (confusingly) return Aliens DVD
.
After this change, searching for Aliens Movie
or 120
returns two results: Aliens DVD
and Aliens LaserDisc
. Searching for LaserDisc
now returns Aliens LaserDisc
.
Note that these changes do not affect the offer (product) keyword search in any way. So if you prefer to have a single result per-product in your search result, we recommend using the offer keyword search instead of the item keyword search.
Added a new JMX method to return a list of all loaded Extension Point Framework plugins
A new attribute has been added to the XPFPluginFactory
JMX object named AllLoadedPluginIDs
. This returns the plugin IDs for all external plugins that are currently loaded into the service.
For more information, see Get All Loaded External Plugins.
Updated all services to use a consistent logging format for console and file output
There were many problems with our old logging configuration:
- Formats were inconsistent between services (i.e. Search vs Cortex).
- Formats were inconsistent between
CONSOLE
andFILE
output. - File format was split into two lines.
- Format was hard to parse by log aggregators due to a lack of consistent field separators.
- Some fields were duplicated or unnecessary.
The new format outputs the following columns (FILE
and CONSOLE
log output will be consistent):
- Date/time
- Log level
- Service name
- Correlation ID
- Thread name
- Class/method/line
- Message
Example output:
2022-07-12T09:24:58,360-07:00 | INFO | EP-Cortex | CorrelationID | EclipseGeminiBlueprintExtenderThread-1 | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Cortex REST Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO | EP-CM | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Commerce Manager Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO | EP-Search | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Search Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO | EP-Integration | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Integration Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO | EP-Batch | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Batch Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO | EP-DataSync | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Data Sync Web Application 8.3.1 by Elastic Path Software, Inc
Added support for multiple JDBC driver JARs in the deployment package
It is now possible to easily define multiple JDBC driver JARs at build time for inclusion in the deployment package that is used when deploying Elastic Path Commerce.
For more information, see Deployment package JDBC drivers.
Significantly improved the performance of customer, account, and order searches in Commerce Manager
When the customer SOLR index was removed, the way that Commerce Manager looks up customer details was refactored to lookup customer and account details in the database instead of using SOLR. However, since many of the search fields need to do case-insensitive searches and/or partial matches, database indexes were not being leveraged effectively. This lead to very slow response times when the database contains a large number of user, account, or order records. The search queries have been updated to effectively use the database indexes, even for lookups that are case-insensitive or prefix (searches for results starting with the specified value).
The tables below show the type of search that is used for each search field.
Searchable user fields:
Field | Search Type |
---|---|
Shared ID | Exact Match |
Case Insensitive Match | |
Username | Case Insensitive Match |
First Name | Case Insensitive Prefix Match |
Last Name | Case Insensitive Prefix Match |
Zip / Postal Code | Case Insensitive Match |
Phone Number | Case Insensitive Match |
Store | Exact Match |
Searchable account fields:
Field | Search Type |
---|---|
Shared ID | Exact Match |
Business Name | Case Insensitive Prefix Match |
Business Number | Case Insensitive Prefix Match |
Phone Number | Case Insensitive Match |
Fax Number | Case Insensitive Match |
Zip / Postal Code | Case Insensitive Match |
Searchable order fields:
Field | Search Type |
---|---|
Order Number | Exact Match |
User Shared ID | Case Insensitive Match |
User First Name | Case Insensitive Prefix Match |
User Last Name | Case Insensitive Prefix Match |
User Email | Case Insensitive Match |
User Phone Number | Case Insensitive Match |
Account Shared ID | Exact Match |
Account Business Name | Case Insensitive Prefix Match |
Account Business Number | Case Insensitive Prefix Match |
Account Phone Number | Case Insensitive Match |
Billing Address First Name | Case Insensitive Prefix Match |
Billing Address Last Name | Case Insensitive Prefix Match |
Billing Address Phone Number | Case Insensitive Match |
Billing Address Fax Number | Case Insensitive Match |
Billing Address Zip / Postal Code | Case Insensitive Match |
Shipping Address First Name | Case Insensitive Prefix Match |
Shipping Address Last Name | Case Insensitive Prefix Match |
Shipping Address Phone Number | Case Insensitive Match |
Shipping Address Fax Number | Case Insensitive Match |
Shipping Address Zip / Postal Code | Case Insensitive Match |
Order Status | Exact Match |
Shipment Status | Exact Match |
Store | Exact Match |
Product SKU Code | Exact Match |
RMA Code | Exact Match |
Additionally, the following bugs were fixed:
- The "Account details" fields on the order search tab now works properly (these fields were being ignored).
- The "Shipping zip / postal code" field on the order search tab was actually searching for billing zip/postal code.
- The customer search sort by username was actually sorting by shared ID.
- The progress indicator in the bottom right corner of Commerce Manager now indicates when a search is in progress.
Fixed Issues
Stability/Correctness
- Extended expiry date for test Commerce Manager passwords to correct test failures.
- Fix for purchase lookup form not finding orders that were placed on behalf of the account that is specified in
x-ep-account-shared-id
. - Fixed issue where service logs were not being written to the correct location. They are now always written to
[user.home]/ep/logs
. - Fixed issue where adding a dependency within an embedded extension on any bean that has a direct or transitive
settings:setting
dependency caused a circular dependency. - Fixed a potential
LinkageError
when external Extension Point Framework plugin attempted to useSLF4j
logging classes. - Fixed multiple issues when retrieving setting definition values:
- When retrieving a value for a
Boolean
setting definition, if the value was missing it would be returned asfalse
instead of throwing an exception. - When retrieving a context-specific value for a setting definitions using the
immediate
cache refresh strategy, the framework did not fall back to the default value if the context key was missing.
- When retrieving a value for a
XPFEntityUtil#getAttributeValueByKey
threw aNullPointerException
instead of returningOptional.empty
if an attribute value wasn’t found for the passed locale.- Modified Cortex to allow it to continue functioning normally if ActiveMQ is overloaded or offline.
- Refactored most logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging).
- Fixed issue where Cortex prevented checkout for default shopping carts that were missing cart modifier values.
- When a Data Sync Tool failure occurs, the log now contains details about which object failed.
- Fixed issue where JMX still showed an Extension Point Framework plugin as loaded after it is unloaded dynamically.
- Improved the
SETTING_VALUE_RETRIEVAL
Extension Point so that if an extension throws an exception, any subsequent extensions will still be invoked. - If attempting to unload an Extension Point Framework plugin that does not exist, a meaningful error is now returned instead of a
NullPointerException
. - Fixed issue where an Extension Point Framework extension class without any
@XPFAnnotation
could not be assigned to an extension point using theextensions.json
file. - Fixed issue with the pricing engine not properly differentiating between product codes and sku codes when searching for base amounts. If a product and a product sku have the same code, then without this fix the pricing engine might incorrectly return the price for the wrong base amount.
- Fixed an issue where domain event messages were not being published for domain classes that were extended. The
DomainEventTypeFactoryImpl
class evaluates which domain event type should be published based on the entity class being persisted. Now as long as the extended domain class is assignable to the specified class, the domain events will work normally. - Fixed issue where users with the same username in different upper/lowercase are treated as separate users in PostgreSQL.
- When accessing the Operational Insights API, the response no longer returns a redirect to a different URL. The redirect was causing issues for environments with multiple Integration Servers behind a load balancer.
- Fixed issues with custom sort attributes that used the date data type.
- Updated the order item detail table in Commerce Manager to allow values to be copied into the clipboard on completed orders.
- Fixed optimistic locking error that would occur when attempting to edit the same system configuration setting more than once in a Commerce Manager session.
- Updated promotion rule caching to prevent a potential thundering herd issue under high load.
- Modified the coupon service to skip updating coupon usage values for unlimited use coupons to avoid concurrency issues under high load with unlimited public coupons.
- Fixed issue where offer search results can sometimes return the wrong result from the cache due to incorrect hashcode/equals methods on
SearchCriteria
classes. - Fixed an issue where creating an exchange can result in two payments being collected from the customer.
- Increased the size of the fields used to hold catalog syndication content.
- Fixed issue with multiple Cortex OSGi bundles exporting the same package, leading to potential instability at startup.
- Improved thread safety around promotion rule compilation.
- Added
ResetAbandonedTimer
JDBC interceptor and increased remove abandoned timeout on the Tomcat JDBC Connection Pool to prevent "Connection has already been closed" errors. - Fixed issue where cart item modifiers on shopping cart child line items cannot be updated.
- Fixed issue where if there is a bundle in the cart with children, and the bundle cart item modifier is modified, the cart item modifier values on all child items are lost.
- When a promotion can apply to multiple cart line items, this fix ensures that the
appliedpromotions
resource shows the promotion for all of the applicable line items. - Enabled Checkstyle and PMD for
liquibase-extensions
module. - Fixed issue with DST cache that is not cleared after failed synchronizations, which can lead to errors in subsequent synchronization attempts.
- Fixed potential
NullPointerException
during Batch server startup, caused by the way that configuration settings were wired into some batch job classes. - Refactored
TaxCalculationResultImpl
to improve consistency around how it is initialized. - Fixed boolean datatype for the "deleted" column of the
TCATALOGHISTORY
table (in PostgreSQL). - Modified
I search for an order by number
Cucumber expectation to wait until all Outbox messages are consumed to resolve intermittent test failures. - Removed duplicate
DataPopulationMojoRunner
class in extensions module. - Modified
RelayOutboxMessageBatchProcessor
to inject the producer template via Spring instead of@EndpointInject
annotation to improve reliability. - Improved the exception message logged when an extension class fails to startup by logging the name of the extension class that failed.
- Allow super users to move changeset objects to changesets created by other users.
- Allow business users to add "not sold separately" products as associations.
- Fixed a scenario where the Integration Server product lookup cache could be populated with a partially loaded product object, which led to
NullPointerException
s. - Fixed intermittent failure in
OrderHoldStrategyXPFBridgeImplTest#testEvaluateOrderHoldsWithDefaultExtensions
integration test. - Fixed intermittent failure in
XPFExtensionLookupImplTest.testGetMultipleExtensionsTimeLogging
unit test. - Fixed intermittent failure in
InsightsServiceImplTest#testConvertLocalDateTimeToDBDate
unit test. - Fixed race condition in
IndexNotificationProcessor
preventing index notifications from being deleted properly. - Added ability to set customer username as a data policy data point so that Personally-Identifiable Information data in that field (usually email address) is removed when consent is revoked.
- Removed the Top Seller quartz job and corresponding sales count field on products. This job was only intended for use in demos, and was causing optimistic locking errors in the Data Sync Tool.
- Updated Commerce Manager to allow base amounts to be added/edited/deleted without first adding the price list to the changeset.
- Fixed issue where the
wishlistmemberships
Cortex resource returned no results if thex-ep-account-shared-id
header was set. - Fixed issue where deployment package module would fail to build if the project version contained the string
data
orschema
. - Reduced the amount of unnecessary logging produced when running Cucumber tests.
- Resolved
Cannot resolve plugin org.eclipse.m2e:lifecycle-mapping:1.0.0
warning when loading code in IntelliJ. - Fixed issue with extension point proxy that could cause a
ClassCastException
if an extension is extended. - All P2 repository URLs pointing to
http://download.eclipse.org
have been be updated tohttps://download.eclipse.org
. - Removed unused .gitignore files.
- Fix for failing email file attachments Cucumber test due to change in
place-hold.it
URL.
Import/Export
- Fixed issue where exporting a specific store using the filter query in the Import/Export API would export all associated stores instead of just the requested store. For example,
https://[INTEGRATION_BASE_URL]>/api/importexport/export?query=FIND Store WHERE StoreCode = 'mobee'&type=Store
should only export themobee
store. - Disabled unnecessary dependency retrieval when exporting products through Import/Export API to greatly improve performance. Also fixed
DIRECT_ONLY
flag inexportconfiguration.xml
so it correctly excludes associated products from the product export. - Fixed error when importing promotion condition rules: The content of element
conditions
is not complete.
Performance
- Performance improvement to ensure that if
StoreProductService#wrapProduct
is invoked on a wrapped product, that it isn’t double wrapped. - Performance improvement for the Cortex shopping cart link on cart order, which was retrieving a fully loaded cart order when only the shopping cart guid was required.
- Performance improvement for the
isItemPurchaseable
method that was unnecessarily retrieving the shopping cart GUID. - Performance improvement to avoid loading the entire cart order when only the shopping cart GUID is needed.
- Modified the Commerce Manager promotion wizard sku and product selection dialogs to avoid showing prices, which can be a performance bottleneck.
- Performance improvements for tax lookups when using Elastic Path tax tables with a large number of tax regions and values.
- Fixed a performance issue where shopping cart validators were executed twice at checkout.
- Fixed performance inefficiency when importing price lists through Import/Export if the
BASE_AMOUNTS
dependent element is set toCLEAR_COLLECTION
. - Fixed search indexing to allow each index to commit as soon as it is complete instead of waiting for all indexes to complete.
- Modified coupon table to store coupon codes in uppercase so we can do a case-insensitive lookups without a table scan.
- Changed attribute value
LONG_TEXT_VALUE
field fromCLOB
toVARCHAR
to prevent JPA from making additional database queries for each attribute value. - Improved the
CatalogPromotionMonitor
to ensure that products aren’t re-indexed immediately after a full build completes. - Avoid inventory lookup during search indexing for stores with
isDisplayOutOfStock
set to true. - Increased the number of primary key sequence values that are retrieved in a batch for additional transactional entities to improve record insert performance.
- Removed unnecessary event handler that was loading price lists into memory during authentication.
Liquibase Changesets
- Improved upgrade performance of the
PB-8250 Migrate Data to USERNAME
Liquibase changeset on MySQL. - Fix for the
2020-08-remove-gender
changeset to ensure that it doesn’t unintentionally delete unrelated localized properties. - Significantly improved performance of the
2020-05-update-accountmanagement-customertype
Liquibase changeset. - Fixed multiple issues with Liquibase changesets in
core-changelog-2020-03-payments.xml
which could cause errors during a database upgrade. - Improved upgrade performance of Liquibase changesets:
7.6.0-torder-make-cart-order-guids-unique
,2020-09-convert-customer-passwords-to-bcrypt
,2020-08-flatten-order-sku-tree-*
,2020-03-payment-configurations-*
,2020-05-update-accountmanagement-customertype
. - Improved upgrade performance of the
PopulateCustomerType
custom Liquibase data migration task. - Improved upgrade performance of the
UpdateDuplicateOrders
custom Liquibase data migration task. - Improved upgrade performance of the
PurgeDanglingCartOrders
custom Liquibase data migration task. - Added preconditions to ensure that PostgreSQL-specific changesets aren’t executed after migrating from MySQL or Oracle to PostgreSQL.
- Renamed the
ROLE_CODE
field in several tables to better reflect what it actually contains.
Security & Dependency Upgrades
- Fixed potential cross-site scripting vulnerability in Cortex Studio when adding a custom entry point.
- Added HTTP header and Javascript to defend against potential clickjacking attacks on Cortex Studio.
- Upgraded all code to use Apache Commons Collections 4 packages instead of Apache Commons Collections 3.
- Upgraded Apache OpenJPA from version 2.4 to 3.2.
- Upgraded Plexus utils from version 2.0.4 to 3.0.24.
- Upgraded Apache SOLR from version 7.4 to 8.11.1.
- Upgraded Apache Shiro from version 1.3.2 to 1.8.0.
- Upgraded Liquibase from version 3.10.3 to 4.8.0.
- Upgraded Apache Spring Batch from version 4.0.4 to 4.2.3.
- Upgraded ActiveMQ to version 5.16.4 which uses Reload4j instead of Log4j to address several security vulnerabilities.
- Upgraded PostgreSQL JDBC driver from version 42.2.23 to 42.3.3.
- Upgraded Logback from version 1.2.3 to 1.2.10.
- Upgraded Log4j2 from version 2.13.3 to 2.17.1.
Upgrade notes
The upgrading Elastic Path guide provides general instructions on upgrading Elastic Path projects.
Core classes now use SLF4j logging classes instead of Log4j
Since Cortex uses Logback, and other services use Log4j for logging, we should be using SLF4j as a common interface to access either logging implementation. Most Elastic Path Commerce code has now been modified to use SLF4j classes instead of Log4j classes. If Log4j classes are used, then those logs may not appear in Cortex. Therefore we recommend that any logging done in extension code should also be migrated to SLF4j, as in the following example:
Extension code using Commons Collections 3 classes need to be upgraded to Commons Collections 4
Some Apache Commons Collections 3 dependencies have been removed. Therefore any extension code using org.apache.commons.collections.*
imports will need to be changed to use org.apache.commons.collections4.*
instead.
Core request-scoped caching
The important thing to consider for extensions is that the core request-scoped cache is properly invalidated.
In Cortex this is done by CRSCSupportRequestListener#requestDestroyed
. Since this is invoked by a Servlet filter, it should work properly with all extensions.
In Search Server this is done by AbstractIndexServiceImpl#buildIndexJobRunner
and AbstractIndexingStage.LogWrappedIndexingTask#run
. Make sure that any search extensions extend these abstract classes.
In Integration Server this is done by CRSCEnabledRouteBuilder
. Make sure that any custom Camel routes extend this class instead of RouteBuilder
.
LONG_TEXT_VALUE
field from CLOB
to VARCHAR
Changed attribute value This fix changes the type of the LONG_TEXT_VALUE
field in all attribute value tables (TCATEGORYATTRIBUTEVALUE
, TCUSTOMERPROFILEVALUE
, TPRODUCTSKUATTRIBUTEVALUE
, and TPRODUCTATTRIBUTEVALUE
) from CLOB
to VARCHAR
. This is done to avoid an extra select query on the database for each record returned in these tables. These extra select queries significantly slows performance when retrieving customers, categories, products, and product skus from the database, even when the LONG_TEXT_VALUE
field is not populated.
Before deploying this change to production, note the following impacts:
- If any of the tables listed above contain a large amount of data in the
LONG_TEXT_VALUE
field for any single record, the data population process may fail.- For MySQL, the new limit is 20,000 characters.
- For PostgreSQL, the new limit is 65535 bytes (note that each unicode character can consume between 1 and 4 bytes).
- For Oracle, the new limit is 32767 bytes (note that each unicode character can consume between 1 and 4 bytes).
- The data population process may take several minutes or hours to execute, depending on the number of records in the tables listed above, database type used, and database size. While data population is running, Cortex operations may fail or be very slow due to database load and database table locks.
- Teams using Oracle must ensure that the
MAX_STRING_SIZE
parameter is set toEXTENDED
before running data population process or it will fail.
For all these reasons, before deploying this change to production, your teams should test the data population process on a snapshot of your production database in a pre-production environment. Verify that the process is able to complete successfully and make note of how long the data population process takes. Also validate the behaviour of Cortex during the data population process; you may need to plan for downtime during this process if the Cortex impact is significant.
For teams using Oracle, follow these instructions to change your database MAX_STRING_SIZE
parameter to EXTENDED
:
Modified logging format
Due to the changes to the logging formats (both CONSOLE
and FILE
), if you have any log aggregation tools that parse the log output, they will need to be updated.
Tax Calculation plugins
Any custom Tax Calculation plugins will need to be migrated from the old plugin approach to the new Extension Point Framework approach. Guidance on how to migrate can be found here.
Database changes
- Deleted unused
TSETTINGDEFINITION
records:COMMERCE/SYSTEM/INVENTORY/inventoryStrategy
COMMERCE/SYSTEM/encryptionKey
- Dropped tables related to Top Seller functionality:
TTOPSELLER
TTOPSELLERPRODUCTS
- Dropped
TPRODUCT.SALES_COUNT
field. - Deleted Top Seller
TSETTINGDEFINITION
record:COMMERCE/SYSTEM/CATALOG/catalogTopSellerCount
. - Renamed
TRULE.ROLECODE
field toTRULE.GUID
. - Renamed
TAPPLIEDRULE.RULE_CODE
field toTAPPLIEDRULE.RULE_CODE_CHECKSUM
. - Renamed
TCOUPONCONFIG.RULECODE
field toTCOUPONCONFIG.RULE_GUID
. - Added an index on the
TTAXREGION.REGION_NAME
field. - Added a unique index on the composite of the
TAX_REGION_UID
andTAX_CODE_UID
fields inTTAXVALUE
. Also changed these fields to be non-nullable. - Inserted records into
TINDEXNOTIFY
table to trigger a rebuild of all indexes after the upgrade from SOLR 7.4.x to 8.11.x. - Converted the following field types from
CLOB
toVARCHAR
:TCATEGORYATTRIBUTEVALUE.LONG_TEXT_VALUE
TCUSTOMERPROFILEVALUE.LONG_TEXT_VALUE
TPRODUCTSKUATTRIBUTEVALUE.LONG_TEXT_VALUE
TPRODUCTATTRIBUTEVALUE.LONG_TEXT_VALUE
- Changed field type of
TCATALOGHISTORY.DELETED
fromTINYINT
toBOOLEAN
(PostgreSQL only). - Increased the size of the
TCATALOGPROJECTIONS.CONTENT
andTCATALOGHISTORY.CONTENT
fields. - Added
LAST_MODIFIED_DATE
field toTCHANGESET
table. - Changed the foreign key between
TOBJECTGROUPMEMBER
andTOBJECTMETADATA
to cascade on delete. - Changed the foreign key between
TCHANGESET
andTOBJECTGROUPMEMBER
to cascade on delete. - Changed the foreign key between
TCHANGESET
andTCHANGESETUSER
to cascade on delete. - Changed the foreign key between
TORDERPAYMENT
andTPAYMENTINSTRUMENT
to cascade on delete. - Changed the foreign key between
TCARTORDERPAYMENTINSTRUMENT
andTPAYMENTINSTRUMENT
to cascade on delete. - Changed the foreign key between
TCUSTOMERPAYMENTINSTRUMENT
andTPAYMENTINSTRUMENT
to cascade on delete. - Changed the foreign key between
TPAYMENTINSTRUMENT
andTPAYMENTINSTRUMENTDATA
to cascade on delete. - Inserted
TSETTINGDEFINITION
records for the new cleanup jobs:COMMERCE/SYSTEM/CHANGESETCLEANUP/batchSize
COMMERCE/SYSTEM/CHANGESETCLEANUP/maxHistory
COMMERCE/SYSTEM/CHANGESETCLEANUP/enable
COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/batchSize
COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/maxHistory
COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/enable
COMMERCE/SYSTEM/PAYMENTINSTRUMENTCLEANUP/batchSize
- Added
PAYMENT_PROVIDER_CONFIG_GUID
field toTORDERPAYMENT
table. - Added indexes on:
TORDERADDRESS.FIRST_NAME
TORDERADDRESS.LAST_NAME
TORDERADDRESS.PHONE_NUMBER
TORDERADDRESS.FAX_NUMBER
TORDERADDRESS.ZIP_POSTAL_CODE
- Added
COUPONCODE_UPPER
field and index toTCOUPON
. - Added
USERNAME_UPPER
field and index toTCUSTOMERAUTHENTICATION
. - Changed
TBASEAMOUNT
index from a composite onPRICE_LIST_GUID
andOBJECT_GUID
, to a composite onPRICE_LIST_GUID
,OBJECT_GUID
, andOBJECT_TYPE
. - Updated
COMMERCE/SYSTEM/SEARCH/searchHost
setting definition to useapplication
cache strategy.
Upgraded libraries
The following libraries are upgraded as part of this release, primarily to address vulnerabilities detected within these libraries:
Library | Change |
---|---|
aopalliance-repackaged-2.5.0-b42.jar | Removed |
commons-daemon-1.2.4.jar | Removed |
commons-io-2.11.0.jar | Removed |
commons-lang-2.3.jar | Added |
commons-lang3-3.12.0.jar | Removed |
commons-logging-1.2.jar | Removed |
commons-net-3.5.jar | Added |
drools-persistence-api-7.6.0.Final.jar | Removed |
drools-persistence-jpa-7.6.0.Final.jar | Removed |
esapi-osgi-bundle-2.1.0.1.jar | Removed |
gemini-blueprint-extender-2.1.0.RELEASE.jar | Removed |
geronimo-annotation_1.0_spec-1.1.1.jar | Removed |
geronimo-jacc_1.1_spec-1.0.2.jar | Removed |
geronimo-jpa_2.0_spec-1.1.jar | Removed |
geronimo-jpa_2.2_spec-1.1.jar | Added |
hadoop-annotations-3.2.2.jar | Added |
hadoop-auth-3.2.2.jar | Added |
hadoop-common-3.2.2.jar | Added |
hawtbuf-1.11.jar | Removed |
hawtbuf-proto-1.11.jar | Removed |
HdrHistogram-2.1.11.jar | Added |
hk2-api-2.5.0-b42.jar | Removed |
hk2-locator-2.5.0-b42.jar | Removed |
hk2-utils-2.5.0-b42.jar | Removed |
jasypt-1.9.3.jar | Removed |
java-uuid-generator-3.1.5.jar | Removed |
javax.inject-2.5.0-b42.jar | Removed |
javax.xml.rpc_1.1.0.v201209140446.jar | Removed |
javax.xml.soap_1.2.0.v201005080501.jar | Removed |
jbpm-audit-7.6.0.Final.jar | Removed |
jbpm-flow-7.6.0.Final.jar | Removed |
jbpm-human-task-core-7.6.0.Final.jar | Removed |
jbpm-human-task-workitems-7.6.0.Final.jar | Removed |
jbpm-persistence-api-7.6.0.Final.jar | Removed |
jbpm-persistence-jpa-7.6.0.Final.jar | Removed |
jbpm-query-jpa-7.6.0.Final.jar | Removed |
jbpm-runtime-manager-7.6.0.Final.jar | Removed |
jcl-over-slf4j-1.7.25.jar | Removed |
jdk.tools-1.8.jar | Added |
jdom2-2.0.6.jar | Removed |
jersey-client-2.27.jar | Removed |
jersey-common-2.27.jar | Removed |
jersey-container-servlet-2.27.jar | Removed |
jersey-container-servlet-core-2.27.jar | Removed |
jersey-hk2-2.27.jar | Removed |
jersey-media-jaxb-2.27.jar | Removed |
jersey-media-multipart-2.27.jar | Removed |
jersey-server-2.27.jar | Removed |
jul-to-slf4j-1.7.25.jar | Removed |
LatencyUtils-2.0.3.jar | Added |
liquibase-core-4.8.0.jar | Version changed from 3.10.3 |
log4j-over-slf4j-1.7.25.jar | Removed |
logback-classic-1.2.10.jar | Version changed from 1.2.3 |
logback-core-1.2.10.jar | Version changed from 1.2.3 |
micrometer-core-1.3.9.jar | Added |
mimepull-1.9.6.jar | Removed |
objenesis-2.1.jar | Added |
ojdbc8-19.9.0.0.jar | Removed |
openjpa-3.2.2-ep1.0.jar | Version changed from 2.4.0-ep2.4 |
org.apache.axis_1.4.0.v201411182030.jar | Removed |
org.apache.batik.css_1.8.0.v20170214-1941.jar | Removed |
org.apache.batik.ext.awt_1.6.0.v201011041432.jar | Added |
org.apache.batik.util_1.8.0.v20170214-1941.jar | Removed |
org.apache.batik.util.gui_1.8.0.v20170214-1941.jar | Removed |
org.apache.commons.discovery_0.2.0.v201004190315.jar | Removed |
org.apache.commons.logging-1.1.1.v201101211721.jar | Removed |
org.apache.felix.configadmin-1.8.16.jar | Removed |
org.apache.felix.eventadmin-1.4.10.jar | Removed |
org.apache.felix.fileinstall-3.6.4.jar | Removed |
org.apache.felix.framework-5.6.10.jar | Removed |
org.apache.felix.http.api-3.0.0.jar | Removed |
org.apache.felix.http.bridge-4.0.2.jar | Removed |
org.apache.felix.http.proxy-3.0.2.jar | Removed |
org.apache.felix.http.servlet-api-1.1.2.jar | Removed |
org.apache.felix.inventory-1.0.6.jar | Removed |
org.apache.felix.metatype-1.1.6.jar | Removed |
org.apache.felix.scr-2.0.14.jar | Removed |
org.apache.felix.webconsole.plugins.ds-2.0.8.jar | Removed |
org.apache.felix.webconsole.plugins.event-1.1.8.jar | Removed |
org.apache.felix.webconsole.plugins.memoryusage-1.0.8.jar | Removed |
org.apache.felix.webconsole.plugins.packageadmin-1.0.4.jar | Removed |
org.apache.lucene.core_6.1.0.v20170814-1820.jar | Added |
org.apache.lucene.core_7.1.0.v20171214-1510.jar | Removed |
org.apache.servicemix.bundles.commons-collections-3.2.1_3.jar | Removed |
org.apache.servicemix.bundles.josql-1.5_5.jar | Removed |
org.apache.servicemix.bundles.quartz-2.3.2_1.jar | Removed |
org.apache.servicemix.bundles.spring-context-support-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-jdbc-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-jms-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-orm-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-security-config-4.2.4.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-security-core-4.2.13.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-security-web-4.2.4.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-tx-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-web-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-webmvc-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.xstream-1.4.18_1.jar | Removed |
org.eclipse.birt_4.7.0.v201706222054.jar | Removed |
org.eclipse.birt.chart.device.pdf-4.7.0.v201706222054.jar | Added |
org.eclipse.birt.report.data.oda.excel-4.7.0.v201706222054.jar | Added |
org.eclipse.birt.report.data.oda.jdbc_4.7.0.v201706222054.jar | Removed |
org.eclipse.birt.report.data.oda.sampledb_4.7.0.v201706222054.jar | Removed |
org.eclipse.birt.report.designer.editor.xml.wtp_4.7.0.v201706222054.jar | Removed |
org.eclipse.birt.report.engine-4.7.0.v201706222054.jar | Added |
org.eclipse.birt.report.viewer-4.7.0.v201706222054.jar | Added |
org.eclipse.core.contenttype_3.7.0.v20180426-1644.jar | Removed |
org.eclipse.core.expressions_3.6.100.v20180426-1644.jar | Removed |
org.eclipse.core.filesystem_1.7.100.v20180304-1102.jar | Removed |
org.eclipse.core.jobs_3.10.0.v20180427-1454.jar | Removed |
org.eclipse.core.resources_3.13.0.v20180512-1138.jar | Removed |
org.eclipse.core.runtime_3.14.0.v20180417-0825.jar | Removed |
org.eclipse.datatools.connectivity.oda.feature_1.14.100.201802212225.jar | Removed |
org.eclipse.equinox.app_1.3.500.v20171221-2204.jar | Removed |
org.eclipse.equinox.common_3.10.0.v20180412-1130.jar | Removed |
org.eclipse.equinox.preferences_3.7.100.v20180510-1129.jar | Removed |
org.eclipse.equinox.registry_3.8.0.v20180426-1327.jar | Removed |
org.eclipse.equinox.security_1.2.400.v20171221-2204.jar | Removed |
org.eclipse.equinox.simpleconfigurator.manipulator_2.1.0.v20180103-0918-4.8.0.jar | Removed |
org.eclipse.equinox.simpleconfigurator.manipulator-2.1.0.jar | Added |
org.eclipse.help_3.8.100.v20180512-1136.jar | Removed |
org.eclipse.osgi_3.13.0.v20180409-1500-4.8.0.jar | Removed |
org.eclipse.osgi_3.13.0.v20180409-1500.jar | Removed |
org.eclipse.osgi-3.13.0.jar | Added |
org.eclipse.osgi.services_3.7.0.v20180223-1712.jar | Removed |
org.eclipse.osgi.util_3.5.0.v20180219-1511-4.8.0.jar | Removed |
org.eclipse.osgi.util_3.5.0.v20180219-1511.jar | Removed |
org.eclipse.osgi.util-3.5.0.jar | Added |
org.eclipse.sisu.inject-0.3.3.jar | Removed |
org.eclipse.update.configurator_3.4.0.v20180512-1141-4.8.0.jar | Removed |
org.eclipse.update.configurator-3.4.0.jar | Added |
org.eclipse.wst.common.fproj_3.7.1.v201711202234.jar | Removed |
org.osgi.service.log-1.3.0.jar | Removed |
org.w3c.sac_1.3.0.v201706222054.jar | Removed |
osgi-over-slf4j-1.7.25.jar | Removed |
osgi-resource-locator-1.0.3.jar | Removed |
postgresql-42.3.3.jar | Version changed from 42.2.23 |
slf4j-ext-1.7.32.jar | Version changed from 1.7.26 |
spring-batch-core-4.2.3.RELEASE.jar | Version changed from 4.0.4.RELEASE |
spring-batch-infrastructure-4.2.3.RELEASE.jar | Version changed from 4.0.4.RELEASE |
spring-retry-1.2.5.RELEASE.jar | Version changed from 1.2.4.RELEASE |
spring-security-oauth2-bundle-2.3.3.RELEASE.jar | Removed |
uk.co.spudsoft.birt.emitters.excel-4.7.0.v201706222054.jar | Added |
velocity-engine-core-2.3.jar | Removed |
xbean-asm9-shaded-4.20.jar | Added |
xbean-spring-4.18.jar | Removed |