Elastic Path Commerce 8.4.x Release Notes
Learn about changes to Elastic Path Commerce for this release. Fixes since the release are summarized in the changelog.
Changelog
The changelog contains the list of fixes and improvements made to Elastic Path Commerce 8.4 since its release date. To learn how to consume the updates, see Consuming Support Fixes.
- b75907e5: Improved Operational Insights error handling when hardware metrics calls generate a
NoClassDefFoundError
. (20-Mar-2023) - cbf513ee: Fixed potential
NullPointerException
when requesting Operational Insights report if no services respond with results. (20-Mar-2023) - 88b40814: Improved parallelization of Import/Export Cucumber tests to generate directories using a UUID instead of a sequential number to avoid potential conflicts. (5-Mar-2023)
- 2d9aa0e9: Performance improvement which replaces full product lookup with simple query when only product sku guid to product sku code conversion is needed. (14-Feb-2023)
- 5c033334: Resolved local Cortex startup warning
The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or ""
. (9-Feb-2023) - 7910c054: Reduced the amount of logging produced when running Selenium tests. (8-Feb-2023)
- 5acbde0a: Fix for intermittent test failures in
PaymentConfigurations
Cucumber tests. (8-Feb-2023) - 531d90e0: Fixed issue with changeset list resetting to page one when locking or publishing changesets. (7-Feb-2023)
- 5e090d91: Fixed issue where a free item is not automatically removed if the promotion becomes ineligible. (7-Feb-2023)
- 65a2ee95: Added
@SupportsMultiplePartialCharges
annotation that allows payment plugins to indicate if the payment gateway supports multiple partial captures against a single pre-auth. (7-Feb-2023) - 97b24cf8: Added support for
quartz.timezone
JVM parameter in Batch Server to define the timezone used by Quartz jobs. (7-Feb-2023) - 068b1dac: Added support for
format=nolinks
query parameter in Cortex to prevent unnecessary conditional link evaluation. (6-Feb-2023) - fa0b2439: Fix for intermittent Selenium test failures due to thread safety issues. (30-Jan-2023)
- 1c0ab0ea: Fixed issues with the
skuOptions
andmodifierGroups
options in the product type load tuner. (27-Jan-2023) - 68311c24: Fix for "Device is disposed" error in Commerce Manager. (26-Jan-2023)
- a3565152: Fix for intermittent failure in "Import Data Policies with existing Data Policies" test. (26-Jan-2023)
- ef88b929: Fix SonarQube issues introduced by the Tax Calculator extension point. (25-Jan-2023)
- f53c1a76: Fix for potential deadlocks on shopping cart last modified date updates. (24-Jan-2023)
- a1c4573b: Fixed ability to run Cucumber integration tests on Windows developer machines. (24-Jan-2023)
- a87a3c1e: Modified Product Association export mechanism to significantly improve performance. (17-Jan-2023)
- d5035ba6: Fix for
NoClassDefFoundError: org/slf4j/IMarkerFactory
error when the first Cortex request is received. (17-Jan-2023) - 58321249: Added additional address data point fields and a new
CUSTOMER_ALL_ADDRESSES
data point location for data protection. (16-Jan-2023) - ab9ab14e: Fixed issue with empty facet name when assigning available facets to a store in Commerce Manager. (10-Jan-2023)
- e83b4834: Fixed incorrect logging of successful / skipped messages in batch jobs after failure. (9-Jan-2023)
- 4ba0e874: Fixed
NullPointerException
that can occur when updating a shopping cart line item quantity if the line item has a non-bundle-constituent child. (9-Jan-2023) - 1ea05359: Wherever an order is marked failed, there should always be a reason added as an order note. (5-Jan-2023)
- a7023d48: Returned default JMS max active session per connection size back to 25. (16-Dec-2022)
- 5e5626fc: Upgraded
ehcache-openjpa
from version 0.2.0 to 0.2.0-ep1.0 to address potentialConcurrentModificationException
. (15-Dec-2022) - d5586a3a: Removed problematic and unnecessary
ep-core-cucumber-itests
module. (15-Dec-2022) - 3e23abbd: Fix for intermittent "Create category in existing category" selenium test failure. (15-Dec-2022)
- 0466e9e2: Refactored
TaxCalculatorXPFBridge
so it adheres to best practices. (8-Dec-2022) - bf20745d: Addressed XML parse warning in search server logs during startup on local developer machines. (7-Dec-2022)
- 3dfa3560: Limited orders list to 25 on customer record in Commerce Manager to prevent slowness when accessing that tab for customers with many orders. (6-Dec-2022)
- 9b9df078: Addressed
api-platform
build issue on M1 MacBooks. (5-Dec-2022) - d42065eb: Include all caches in Operational Insights API response, instead of just select caches. (29-Nov-2022)
- 17e2fd98: Upgraded
hibernate-validator
from version 5.4.3.Final to 6.0.20.Final to address CVE-2020-10693. (25-Nov-2022) - 6fa45112: Added caching to the
isInCategory
method to improve performance of promotions and price lists that are conditional on a product being in a category. (25-Nov-2022) - 977f88b9: Added caching of payment provider configurations to improve performance. (24-Nov-2022)
- f090f119: Upgraded
groovy-all
from version 2.4.15 to 2.4.21 to address CVE-2020-17521. (23-Nov-2022) - e238fff6: Fixed an issue where a free item promotion triggered by a coupon was not activated. (23-Nov-2022)
- 37263ca5: Fixed error in JWT authentication if token does not contain either sub or account. (16-Nov-2022)
- ffbc03e2: Upgraded
ESAPI
from version 2.1.0.1 to 2.3.0.0 to resolve CVE-2022-23457. (15-Nov-2022) - 1fbc1f37: Fix for search server race condition that can prevent indexes from building. (15-Nov-2022)
- 0df22379: Changed log level in
PriceListPriceScoreDocComparator
to prevent logs from being flooded during search indexing. (15-Nov-2022) - 379fed99: Removed duplicate "Assign Customer Segments" permission appearing in Commerce Manager. (14-Nov-2022)
- 04004932: Upgraded
httpclient
from version 4.5.5 to 4.5.13 to resolve CVE-2020-13956. (11-Nov-2022) - 4305e9c4: Upgraded
mybatis
from version 3.2.3 to 3.5.11 to resolve CVE-2020-26945. (10-Nov-2022) - d42b5d95: Upgraded
spring-security-oauth2
from 2.3.8.RELEASE to 2.5.2.RELEASE to resolve CVE-2022-22969. (10-Nov-2022) - f9f98925: Modified
EpEmailValidator
to accept empty values to be consistent with other validators. (8-Nov-2022) - 9208c034: Upgraded
json-path
from version 2.4.0 to 2.6.0. (7-Nov-2022) - e6ef87a6: Upgraded
jdom
from version 1.1.3 to 2.0.6.1. (7-Nov-2022) - 6ec94a6a: Fix to populate the cart item modifier fields in the
OrderSkuDTO
object that is passed to payment plugins. (3-Nov-2022) - 4cb673a0: When checking out a cart that contains a coupon that has run out of uses, block checkout instead of removing the coupon code automatically. (31-Oct-2022)
- b37bae0c: Upgraded
xstream
version from 1.4.18 to 1.4.19 to address CVE-2021-43859. (31-Oct-2022) - 0c6b1472: Upgraded
mysql-connector-java
version from 8.0.25 to 8.0.30. (31-Oct-2022) - 4745dbd0: Upgraded
json
library version from 20170516 to 20220924. (28-Oct-2022) - 2d58ed72: Added a timeout on Helix resource operations to ensure that stuck threads are released. Timeout defaults to 30 secs but can be overridden with
relos.prototype.operation.timeout
JVM parameter. (27-Oct-2022) - 5485b8df: Returned default JMS connection pool size back to 25. (27-Oct-2022)
- 4908ca6b: Fixed issue preventing email notifications from being sent when a changeset publish completes. (25-Oct-2022)
- eda7c53a: Upgraded
commons-text
from version 1.9 to 1.10 to address CVE-2022-42889. (24-Oct-2022) - 24f966c5: Upgraded
logback
andslf4j
versions inapi-platform
so they matchep-commerce
. (21-Oct-2022) - aa352e18: Fixed issue where cart item modifier fields were sometimes immutable, preventing customizations from modifying them. (20-Oct-2022)
- 7c52313a: Replaced
libsass-maven-plugin
to resolve build errors on Mac M1 machines. (19-Oct-2022) - a64b23ef: Upgraded
commons-validator
from version 1.6 to 1.7. This allows Cortex to recognize recent new DNS top-level domains when validating email addresses. (18-Oct-2022) - d750c7eb: Changed customer shared ID to be case insensitive on PostgreSQL and Oracle to match MySQL behaviour. (17-Oct-2022)
- fd625832: Added a
customData
map to all Extension Point Framework entity and context classes to allow project teams to pass custom data through these classes with limited code changes. (14-Oct-2022) - beb65dca: Removed
UPPER
from all queries involving store code. (7-Oct-2022) - 43dd05df: Removed the failover protocol from the JMS broker URL in accordance with our policy of discouraging use of ActiveMQ high availability mode. (6-Oct-2022)
- c3a28994: Modified Commerce Manager product and category display name localization so that only intentionally specified values are displayed and saved. (5-Oct-2022)
- a6eb6621: Improved performance of case-insensitive queries involving store code. (5-Oct-2022)
- 1d6aa8bc: Modified Oracle connection defaults so it uses service names instead of SIDs and supports PDBs. (4-Oct-2022)
- 9d442ff1: Improvements to Selenium test suite run time. (27-Sep-2022)
- 04c91f77: Fixed an issue where a promotion is returned in
appliedPromotions
to more line items than expected. (26-Sep-2022) - 7bb5d9cd: Removed all Direct Web Remoting library dependencies. (21-Sep-2022)
- 5c3ec7b7: When importing a product with localized attribute values that already exist, attempting to set a more specific attribute value locale incorrectly updated the "broader" locale value. (21-Sep-2022)
- e65c1dd6: Updated Maven Minimal configuration so that changes to
ext-cm-libs
trigger the correct subprojects. (20-Sep-2022) - e5741972: Fixed issue with product not being automatically added to cart by free item promotion action. (19-Sep-2022)
- cad0ebfe: Fixed issue where promotion date range was being checked using application timezone instead of database timezone. (16-Sep-2022)
- 9413b995: Build stability improvements. (8-Sep-2022)
- 6ee848d7: Refactored additional logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging). (7-Sep-2022)
- fbfc1a2c: Corrected the location of the
purchase-order-plugin
in the Integration webapppom.xml
. (2-Sep-2022) - 5ca6be6d: Separated indexing pipelines by type to ensure that long queues in one pipeline doesn't delay indexing in another. (1-Sep-2022)
- 1bd450f5: Upgraded antisamy from version 1.5.8 to 1.6.7. (30-Aug-2022)
- e735dc0a: Upgraded Jackson from version 2.12.3 to 2.12.7 to address jackson-databind security vulnerability. (25-Aug-2022)
- ccb253b2: Disabled an intermittently failing Selenium test. (24-Aug-2022)
- 849d7eeb: Disabled an intermittently failing Selenium test. (24-Aug-2022)
- d1163749: Upgraded guava from version 24.1.1-jre to 31.1-jre. (22-Aug-2022)
- 6a4e37e5: Removed duplicate database indexes from the
TORDERADDRESS
table. (18-Aug-2022) - 0673d053: Removed Product Recommendations job to avoid
OptimisticLockingException
s in DST. (18-Aug-2022) - d2db7aae: Removed checksum validation from
2021-09-create-FK-indices-for-8.0
changeset due to required changes in earlier versions. (18-Aug-2022) - ccfa7ba1: Fixed content root error appearing in IntelliJ for some modules. (17-Aug-2022)
- a2fc287c: Fixed issue with payment framework charges that could cause a successful operation to be treated as a failure, and retried. (17-Aug-2022)
- 72f5a1f0: Updated Catalog Syndication projection builder to ensure that projection and projection history records are persisted in separate transactions to prevent deadlocks. (16-Aug-2022)
- d25730d1: Replaced the single-threaded
taskExecutor
used by theblueprint-extender
with a configurableThreadPoolTaskExecutor
version. This allows the extender to work in parallel on the bundles resulting in faster Cortex boot time. (7-Aug-2022) - bceec926: Reduce maximum default product cache size to avoid out of memory issues with larger catalogs. (5-Aug-2022)
- 3fc54097: Use embedded web server to reliably serve test mail attachment for Cucumber
emailFileAttachments.feature
. (5-Aug-2022) - 35b32938: Disabled checksum validation on the
SUP-1020-customer-search-fields-case-insensitive
changeset to account for required changes in backports to earlier versions. (19-Jul-2022) - a6b5707f: Changed
DBSettingValueRetrievalStrategy
so dependencies are more explicit to prevent failures if extensions create a circular dependency. (13-Jul-2022) - e18d3f39: Extracted portions of changeset
2020-08-purge-expired-failed-orders-job-recreate-FKs-with-cascade-delete
into separate changesets that are only executed if theTORDERDATA
andTORDERITEMDATA
tables exist, since they are removed by another patch. (12-Jul-2022)
8.4.0
Released: July 2022
Release highlights
Correlation ID Support
We now support the ability to pass an identifier to our Cortex and Integration Server APIs, which will be included in all logs related to that request. The correlation ID will also flow through to all corresponding asynchronous tasks.
For example, if a correlation ID is passed to the Cortex request that initiates a purchase, all asynchronous checkout events that are executed on the Integration Server will also have the same correlation ID. The correlation ID is exchanged between these services as part of the domain event message that is sent through JMS.
Both Cortex and the Integration Server REST APIs will accept an x-correlation-id
header as part of the requests. If present, the correlation ID will appear in the fourth log column, as shown in the example below:
2022-05-17T13:23:41,051-02:30 | INFO | EP-Integration | correlationIdTest | Camel (ep-order-email-handler) thread #31 - JmsConsumer[Consumer.orderCancelledEmailHandler.VirtualTopic.ep.orders] | org.apache.camel.processor.interceptor.Tracer.log(CamelLogger.java:159) | Test log message
Extensions can also access the correlation ID if it needs to be passed to downstream services.
For more information, see X-Correlation-Id and Extension Point Framework Correlation ID.
Payment instrument data cleanup jobs
Three new data cleanup jobs have been created to remove old and unused payment instruments from the database.
cleanupOrphanedOrderPaymentGuidsJob
searches for order payment records on orders older than a configured age, and sets the payment instrument GUID reference to null (UPDATE TORDERPAYMENT SET PAYMENT_INSTRUMENT_GUID = null WHERE UIDPK IN <list>
). This reference is only used for showing the "display name" (usually last 4 digits of the card number) when viewing order history in Commerce Manager. This job runs once per day at midnight, if enabled. This job is configured by the following system configuration settings:
COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/enable
controls whether this job is enabled. Defaults to false.COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/maxHistory
controls how many days old an order should be before its order payment references to payment instruments should be cleared. Defaults to 365.COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/batchSize
controls the maximum number of records that should be processed in each job execution.
cleanupOrphanedOrderPaymentInstrumentsJob
deletes order payment instrument records on orders older than a configured age (DELETE TORDERPAYMENTINSTRUMENT WHERE UIDPK IN <list>
). These records are only needed for operations that require doing a payment reservation using the existing payment method, such as order modification. This job runs once per day at midnight, if enabled. This job is configured by the following system configuration settings:
COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/enable
controls whether this job is enabled. Defaults to false.COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/maxHistory
controls how many days old an order should be before its order payment references to payment instruments should be cleared. Defaults to 365.COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/batchSize
controls the maximum number of records that should be processed in each job execution.
cleanupOrphanedPaymentInstrumentsJob
deletes payment instrument records that are orphaned (have no incoming references from TORDERPAYMENTINSTRUMENT
, TORDERPAYMENT
, TCARTORDERPAYMENTINSTRUMENT
, and TCUSTOMERPAYMENTINSTRUMENT
). This job runs once per day at midnight, and is always enabled. This job is configured by the following system configuration settings:
COMMERCE/SYSTEM/PAYMENTINSTRUMENTCLEANUP/batchSize
controls the maximum number of records that should be processed in each job execution.
Changeset data cleanup job
A new cleanup job has been created to cleanup old changesets from an author environment.
cleanupChangesetsJob
deletes changesets that are in the FINALIZED
state and published more than a configured number of days ago. This job runs once per day at midnight, if enabled. This job is configured by the following system configuration settings:
COMMERCE/SYSTEM/CHANGESETCLEANUP/enable
controls whether this job is enabled. Defaults to false.COMMERCE/SYSTEM/CHANGESETCLEANUP/maxHistory
controls the minimum number of days to consider a changeset since it was published. Defaults to 60.COMMERCE/SYSTEM/CHANGESETCLEANUP/batchSize
controls the maximum number of records that should be processed in each job execution.
Core request-scoped caching
Currently, Elastic Path Commerce employs two major caching approaches:
- Long-term: Application Caching using EhCache
- Short-term: Cortex Request-Scoped Caching
While both caches solve the major bottleneck related to excessive database calls, the major challenge of handling transactional entities (e.g. carts, orders, shoppers etc) still exists.
To solve this issue, a new request-scoped cache has been developed to cache JPA named query execution. This cache is enabled in Cortex, Search Server, and Integration Server. Entries in the cache only last for the duration of a "request", usually meaning a single API request. For that reason, it has a small memory footprint, and adds no risk of "dirty reads" after database modifications.
This cache has been named Core Request-Scoped Caching or CRSC
for short. For more information, see Core Request-Scoped Caching.
Enabled Application Caching in Search Server and Integration Server
Until now, Application Caching using EhCache was only enabled for Cortex and the Import/Export tool. Now we’ve also enabled application caching for the Search Server and Integration Server. This significantly improves the performance of search indexing, asynchronous checkout operations, and Integration Server APIs.
With the application cache enabled in Search Server, the number of queries required to index the mobee
test store was reduced from ~400,000 to ~50,000.
note
This change can cause some services to return dirty reads; in other words, if a cached result is returned then it might be an out-of-date representation of the object. If certain customizations are sensitive to dirty reads, you can reference the non-caching versions by adding nonCaching
prefix to the reference in your service bean definition. For example, references to the storeService
bean can be changed to nonCachingStoreService
. You can also completely disable application caching for a service by setting the -Dnet.sf.ehcache.disabled=true
JVM parameter.
For more information, see Application Caching using EhCache.
System requirements and compatibility
Elastic Path Commerce 8.4.0
is compatible with the following Elastic Path releases:
Elastic Path Component | Compatibility |
---|---|
Extension Point Framework | Extension Point Framework compatibility matrix |
CloudOps for Kubernetes | CloudOps for Kubernetes compatibility matrix |
For more information, see Supported Technologies.
New in this release
In addition to the Release Highlights, this release contains the following updates:
Allow Batch Server to determine database type automatically
In prior versions, the Spring Batch framework used within the Batch Server required that the following JVM parameters be specified if using any database engine except MySQL:
-Dep.catalog.batch.database.create.script=
-Dep.catalog.batch.database.drop.script=
Now these JVM parameters are no longer required, and the Batch Server will determine the database type automatically.
dependentelement
for modifier fields
The modifier group importer now supports When importing modifier groups through Import/Export, there was no way to remove existing modifier fields from an existing modifier group.
To support this, the importconfiguration.xml
used by the Import/Export API, the Import/Export CLI, and data population now allows a dependentelement
to be defined for the MODIFIERGROUP
importer, as in the following example:
<importer type="MODIFIERGROUP">
<importstrategy>INSERT_OR_UPDATE</importstrategy>
<dependentelements>
<dependentelement type="MODIFIER_FIELDS">CLEAR_COLLECTION</dependentelement>
</dependentelements>
</importer>
If not specified, the behaviour defaults to RETAIN_COLLECTION
, which is the same as the old behaviour. The Import/Export API has now been configured to use the CLEAR_COLLECTION
behaviour.
Added "identifier" Cortex link on user profile
The user profile resource now contains a new identifier
link that returns the shared ID of the currently logged-in user. This works the same way as the existing identifier
link on accounts.
Added security headers to Cortex responses
We have added several new headers to Cortex responses to improve security, in line with the recommendations provided by the Open Web Application Security Project Secure Headers Project.
Content-Security-Policy: default-src 'none'
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
For more information, see Cortex Response Headers.
Added new fields to Operational Insights API response
Some additional values to the Operational Insights API response, as shown below:
Added
configuration-->service-->operating-system-->os-lang
. This represents the Operating System default language. If this value is notUTF-8
, then Elastic Path services will have problems when reading certain files from the classpath.Added
configuration-->service-->jvm-->jvm-charset
. This represents the JVM default character set. If this value is not something ending with.UTF-8
, then Cortex will report severe symlink errors during startup.Added
commerce-ticker
. This is only contained in the response by adding azoom=commerce-ticker
query parameter to the request. It contains deteails that can be used for showing near-realtime metrics about purchases, grouped by store and currency. Example response:"commerce-ticker": { "last-minute": [ { "store-code": "MOBEE", "order-count": 1, "booked-revenue": 23.44, "currency-code": "CAD" } ], "since-midnight": [ { "store-code": "MOBEE", "order-count": 3, "booked-revenue": 174.1, "currency-code": "CAD" }, { "store-code": "KOBEE", "order-count": 1, "booked-revenue": 12.16, "currency-code": "CAD" } ] }
For more information, see Operational Insights API.
Refactored permission parameter strategy classes to improve Cortex authorization performance
The previous permission parameter strategy implementations needed to retrieve every possible identifier that a user is permitted to access so that Shiro knows if a user is an "owner". However, since Shiro is actually only validating a single resource with a known identifier, we have modified the implementation so that Cortex now passes the requested identifier to each permission parameter strategy, allowing for significantly more performant implementations.
Previously, permission parameter strategies extended AbstractCollectionValueStrategy
, which required implementing this method:
Collection<String> getParameterValues(PrincipalCollection principals);
Implementations of this method could only access the scope and user ID from the PrincipalCollection
, and would then need to return a collection of all identifiers that the user is allowed to access. This list could be quite large for scenarios like the purchases that a user has placed. Note that this approach is still supported, but the method above has been marked as deprecated.
As of Elastic Path Commerce 8.4, permission parameter strategies should extend AbstractOptimizedCollectionValueStrategy
, which requires implementing this method:
String getParameterValue(PrincipalCollection principals, String encodedResourceIdToVerify);
Implementations of this method need to decode the encodedResourceIdToVerify
, verify that the user is permitted to access the identified entity, and then return the URI-encoded identifier if permitted, or missing
if not. The code sample below shows an example of how this might be done:
@Override
protected String getParameterValue(final PrincipalCollection principals, final String encodedOrderNumberToVerify) {
String scope = PrincipalsUtil.getScope(principals);
final IdentifierTransformer<Identifier> identifierTransformer = identifierTransformerProvider.forUriPart(PurchaseIdentifier.PURCHASE_ID);
String orderNumberToVerify = decodeResourceId(identifierTransformer, encodedOrderNumberToVerify);
return repository.get()
.resourceExists(StringIdentifier.of(scope), orderNumberToVerify)
.map(resolvedPurchaseIdentifier -> identifierTransformer.identifierToUri(resolvedPurchaseIdentifier.getPurchaseId()))
.blockingGet();
}
Note that the repository class makes calls to the PermissionSupportRepositoryImpl
class for determining if a user is permitted to access a particular entity. The getResourceId
method returns the missing
string if access is denied.
Purchase order payment plugin now available by default
Elastic Path Commerce has had a dormant Purchase Order payment plugin in the source since version 8.0, but it was difficult to wire into the platform. This payment plugin is now wired in by default, and can be enabled by adding a payment configuration record through Commerce Manager or Import/Export, and associating it to one or more stores.
This payment plugin allows shoppers to place orders using a payment method that only requires a purchase order number to be specified.
Item keyword search functionality improved
Previously, when searching for items (product skus) using the keyword search functionality, Cortex would use the Product index for searching, and would only return a single result per-product: The default SKU. We have now changed this functionality so that Cortex searches for items using the product SKU index, and returns all matching SKUs.
For example, assume we have a catalog with a single product as follows:
- Product
Aliens Movie
, with attributeRuntime: 120
- SKU
Aliens DVD
, with attributeMedia: DVD
(Default SKU) - SKU
Aliens LaserDisc
, with attributeMedia: LaserDisc
- SKU
Before this change, searching for Aliens Movie
or 120
would return a single result: Aliens DVD
. Searching for "LaserDisc" would (confusingly) return Aliens DVD
.
After this change, searching for Aliens Movie
or 120
returns two results: Aliens DVD
and Aliens LaserDisc
. Searching for LaserDisc
now returns Aliens LaserDisc
.
Note that these changes do not affect the offer (product) keyword search in any way. So if you prefer to have a single result per-product in your search result, we recommend using the offer keyword search instead of the item keyword search.
Added a new JMX method to return a list of all loaded Extension Point Framework plugins
A new attribute has been added to the XPFPluginFactory
JMX object named AllLoadedPluginIDs
. This returns the plugin IDs for all external plugins that are currently loaded into the service.
For more information, see Get All Loaded External Plugins.
Updated all services to use a consistent logging format for console and file output
There were many problems with our old logging configuration:
- Formats were inconsistent between services (i.e. Search vs Cortex).
- Formats were inconsistent between
CONSOLE
andFILE
output. - File format was split into two lines.
- Format was hard to parse by log aggregators due to a lack of consistent field separators.
- Some fields were duplicated or unnecessary.
The new format outputs the following columns (FILE
and CONSOLE
log output will be consistent):
- Date/time
- Log level
- Service name
- Correlation ID
- Thread name
- Class/method/line
- Message
Example output:
2022-07-12T09:24:58,360-07:00 | INFO | EP-Cortex | CorrelationID | EclipseGeminiBlueprintExtenderThread-1 | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Cortex REST Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO | EP-CM | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Commerce Manager Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO | EP-Search | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Search Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO | EP-Integration | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Integration Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO | EP-Batch | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Batch Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO | EP-DataSync | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Data Sync Web Application 8.3.1 by Elastic Path Software, Inc
Added support for multiple JDBC driver JARs in the deployment package
It is now possible to easily define multiple JDBC driver JARs at build time for inclusion in the deployment package that is used when deploying Elastic Path Commerce.
For more information, see Deployment package JDBC drivers.
Significantly improved the performance of customer, account, and order searches in Commerce Manager
When the customer SOLR index was removed, the way that Commerce Manager looks up customer details was refactored to lookup customer and account details in the database instead of using SOLR. However, since many of the search fields need to do case-insensitive searches and/or partial matches, database indexes were not being leveraged effectively. This lead to very slow response times when the database contains a large number of user, account, or order records. The search queries have been updated to effectively use the database indexes, even for lookups that are case-insensitive or prefix (searches for results starting with the specified value).
The tables below show the type of search that is used for each search field.
Searchable user fields:
Field | Search Type |
---|---|
Shared ID | Exact Match |
Case Insensitive Match | |
Username | Case Insensitive Match |
First Name | Case Insensitive Prefix Match |
Last Name | Case Insensitive Prefix Match |
Zip / Postal Code | Case Insensitive Match |
Phone Number | Case Insensitive Match |
Store | Exact Match |
Searchable account fields:
Field | Search Type |
---|---|
Shared ID | Exact Match |
Business Name | Case Insensitive Prefix Match |
Business Number | Case Insensitive Prefix Match |
Phone Number | Case Insensitive Match |
Fax Number | Case Insensitive Match |
Zip / Postal Code | Case Insensitive Match |
Searchable order fields:
Field | Search Type |
---|---|
Order Number | Exact Match |
User Shared ID | Case Insensitive Match |
User First Name | Case Insensitive Prefix Match |
User Last Name | Case Insensitive Prefix Match |
User Email | Case Insensitive Match |
User Phone Number | Case Insensitive Match |
Account Shared ID | Exact Match |
Account Business Name | Case Insensitive Prefix Match |
Account Business Number | Case Insensitive Prefix Match |
Account Phone Number | Case Insensitive Match |
Billing Address First Name | Case Insensitive Prefix Match |
Billing Address Last Name | Case Insensitive Prefix Match |
Billing Address Phone Number | Case Insensitive Match |
Billing Address Fax Number | Case Insensitive Match |
Billing Address Zip / Postal Code | Case Insensitive Match |
Shipping Address First Name | Case Insensitive Prefix Match |
Shipping Address Last Name | Case Insensitive Prefix Match |
Shipping Address Phone Number | Case Insensitive Match |
Shipping Address Fax Number | Case Insensitive Match |
Shipping Address Zip / Postal Code | Case Insensitive Match |
Order Status | Exact Match |
Shipment Status | Exact Match |
Store | Exact Match |
Product SKU Code | Exact Match |
RMA Code | Exact Match |
Additionally, the following bugs were fixed:
- The "Account details" fields on the order search tab now works properly (these fields were being ignored).
- The "Shipping zip / postal code" field on the order search tab was actually searching for billing zip/postal code.
- The customer search sort by username was actually sorting by shared ID.
- The progress indicator in the bottom right corner of Commerce Manager now indicates when a search is in progress.
Fixed Issues
Stability/Correctness
- Extended expiry date for test Commerce Manager passwords to correct test failures.
- Fix for purchase lookup form not finding orders that were placed on behalf of the account that is specified in
x-ep-account-shared-id
. - Fixed issue where service logs were not being written to the correct location. They are now always written to
[user.home]/ep/logs
. - Fixed issue where adding a dependency within an embedded extension on any bean that has a direct or transitive
settings:setting
dependency caused a circular dependency. - Fixed a potential
LinkageError
when external Extension Point Framework plugin attempted to useSLF4j
logging classes. - Fixed multiple issues when retrieving setting definition values:
- When retrieving a value for a
Boolean
setting definition, if the value was missing it would be returned asfalse
instead of throwing an exception. - When retrieving a context-specific value for a setting definitions using the
immediate
cache refresh strategy, the framework did not fall back to the default value if the context key was missing.
- When retrieving a value for a
XPFEntityUtil#getAttributeValueByKey
threw aNullPointerException
instead of returningOptional.empty
if an attribute value wasn’t found for the passed locale.- Modified Cortex to allow it to continue functioning normally if ActiveMQ is overloaded or offline.
- Refactored most logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging).
- Fixed issue where Cortex prevented checkout for default shopping carts that were missing cart modifier values.
- When a Data Sync Tool failure occurs, the log now contains details about which object failed.
- Fixed issue where JMX still showed an Extension Point Framework plugin as loaded after it is unloaded dynamically.
- Improved the
SETTING_VALUE_RETRIEVAL
Extension Point so that if an extension throws an exception, any subsequent extensions will still be invoked. - If attempting to unload an Extension Point Framework plugin that does not exist, a meaningful error is now returned instead of a
NullPointerException
. - Fixed issue where an Extension Point Framework extension class without any
@XPFAnnotation
could not be assigned to an extension point using theextensions.json
file. - Fixed issue with the pricing engine not properly differentiating between product codes and sku codes when searching for base amounts. If a product and a product sku have the same code, then without this fix the pricing engine might incorrectly return the price for the wrong base amount.
- Fixed an issue where domain event messages were not being published for domain classes that were extended. The
DomainEventTypeFactoryImpl
class evaluates which domain event type should be published based on the entity class being persisted. Now as long as the extended domain class is assignable to the specified class, the domain events will work normally. - Fixed issue where users with the same username in different upper/lowercase are treated as separate users in PostgreSQL.
- When accessing the Operational Insights API, the response no longer returns a redirect to a different URL. The redirect was causing issues for environments with multiple Integration Servers behind a load balancer.
- Fixed issues with custom sort attributes that used the date data type.
- Updated the order item detail table in Commerce Manager to allow values to be copied into the clipboard on completed orders.
- Fixed optimistic locking error that would occur when attempting to edit the same system configuration setting more than once in a Commerce Manager session.
- Updated promotion rule caching to prevent a potential thundering herd issue under high load.
- Modified the coupon service to skip updating coupon usage values for unlimited use coupons to avoid concurrency issues under high load with unlimited public coupons.
- Fixed issue where offer search results can sometimes return the wrong result from the cache due to incorrect hashcode/equals methods on
SearchCriteria
classes. - Fixed an issue where creating an exchange can result in two payments being collected from the customer.
- Increased the size of the fields used to hold catalog syndication content.
- Fixed issue with multiple Cortex OSGi bundles exporting the same package, leading to potential instability at startup.
- Improved thread safety around promotion rule compilation.
- Added
ResetAbandonedTimer
JDBC interceptor and increased remove abandoned timeout on the Tomcat JDBC Connection Pool to prevent "Connection has already been closed" errors. - Fixed issue where cart item modifiers on shopping cart child line items cannot be updated.
- Fixed issue where if there is a bundle in the cart with children, and the bundle cart item modifier is modified, the cart item modifier values on all child items are lost.
- When a promotion can apply to multiple cart line items, this fix ensures that the
appliedpromotions
resource shows the promotion for all of the applicable line items. - Enabled Checkstyle and PMD for
liquibase-extensions
module. - Fixed issue with DST cache that is not cleared after failed synchronizations, which can lead to errors in subsequent synchronization attempts.
- Fixed potential
NullPointerException
during Batch server startup, caused by the way that configuration settings were wired into some batch job classes. - Refactored
TaxCalculationResultImpl
to improve consistency around how it is initialized. - Fixed boolean datatype for the "deleted" column of the
TCATALOGHISTORY
table (in PostgreSQL). - Modified
I search for an order by number
Cucumber expectation to wait until all Outbox messages are consumed to resolve intermittent test failures. - Removed duplicate
DataPopulationMojoRunner
class in extensions module. - Modified
RelayOutboxMessageBatchProcessor
to inject the producer template via Spring instead of@EndpointInject
annotation to improve reliability. - Improved the exception message logged when an extension class fails to startup by logging the name of the extension class that failed.
- Allow super users to move changeset objects to changesets created by other users.
- Allow business users to add "not sold separately" products as associations.
- Fixed a scenario where the Integration Server product lookup cache could be populated with a partially loaded product object, which lead to
NullPointerException
s. - Fixed intermittent failure in
OrderHoldStrategyXPFBridgeImplTest#testEvaluateOrderHoldsWithDefaultExtensions
integration test. - Fixed intermittent failure in
XPFExtensionLookupImplTest.testGetMultipleExtensionsTimeLogging
unit test. - Fixed intermittent failure in
InsightsServiceImplTest#testConvertLocalDateTimeToDBDate
unit test. - Fixed race condition in
IndexNotificationProcessor
preventing index notifications from being deleted properly. - Added ability to set customer username as a data policy data point so that Personally-Identifiable Information data in that field (usually email address) is removed when consent is revoked.
- Removed the Top Seller quartz job and corresponding sales count field on products. This job was only intended for use in demos, and was causing optimistic locking errors in the Data Sync Tool.
- Updated Commerce Manager to allow base amounts to be added/edited/deleted without first adding the price list to the changeset.
- Fixed issue where the
wishlistmemberships
Cortex resource returned no results if thex-ep-account-shared-id
header was set. - Fixed issue where deployment package module would fail to build if the project version contained the string
data
orschema
. - Reduced the amount of unnecessary logging produced when running Cucumber tests.
- Resolved
Cannot resolve plugin org.eclipse.m2e:lifecycle-mapping:1.0.0
warning when loading code in IntelliJ. - Fixed issue with extension point proxy that could cause a
ClassCastException
if an extension is extended. - All P2 repository URLs pointing to
http://download.eclipse.org
have been be updated tohttps://download.eclipse.org
. - Removed unused .gitignore files.
- Fix for failing email file attachments Cucumber test due to change in
place-hold.it
URL.
Import/Export
- Fixed issue where exporting a specific store using the filter query in the Import/Export API would export all associated stores instead of just the requested store. For example,
https://[INTEGRATION_BASE_URL]>/api/importexport/export?query=FIND Store WHERE StoreCode = 'mobee'&type=Store
should only export themobee
store. - Disabled unnecessary dependency retrieval when exporting products through Import/Export API to greatly improve performance. Also fixed
DIRECT_ONLY
flag inexportconfiguration.xml
so it correctly excludes associated products from the product export. - Fixed error when importing promotion condition rules: The content of element
conditions
is not complete.
Performance
- Performance improvement to ensure that if
StoreProductService#wrapProduct
is invoked on a wrapped product, that it isn’t double wrapped. - Performance improvement for the Cortex shopping cart link on cart order, which was retrieving a fully loaded cart order when only the shopping cart guid was required.
- Performance improvement for the
isItemPurchaseable
method that was unnecessarily retrieving the shopping cart GUID. - Performance improvement to avoid loading the entire cart order when only the shopping cart GUID is needed.
- Modified the Commerce Manager promotion wizard sku and product selection dialogs to avoid showing prices, which can be a performance bottleneck.
- Performance improvements for tax lookups when using Elastic Path tax tables with a large number of tax regions and values.
- Fixed a performance issue where shopping cart validators were executed twice at checkout.
- Fixed performance inefficiency when importing price lists through Import/Export if the
BASE_AMOUNTS
dependent element is set toCLEAR_COLLECTION
. - Fixed search indexing to allow each index to commit as soon as it is complete instead of waiting for all indexes to complete.
- Modified coupon table to store coupon codes in uppercase so we can do a case-insensitive lookups without a table scan.
- Changed attribute value
LONG_TEXT_VALUE
field fromCLOB
toVARCHAR
to prevent JPA from making additional database queries for each attribute value. - Improved the
CatalogPromotionMonitor
to ensure that products aren’t re-indexed immediately after a full build completes. - Avoid inventory lookup during search indexing for stores with
isDisplayOutOfStock
set to true. - Increased the number of primary key sequence values that are retrieved in a batch for additional transactional entities to improve record insert performance.
- Removed unnecessary event handler that was loading price lists into memory during authentication.
Liquibase Changesets
- Improved upgrade performance of the
PB-8250 Migrate Data to USERNAME
Liquibase changeset on MySQL. - Fix for the
2020-08-remove-gender
changeset to ensure that it doesn’t unintentionally delete unrelated localized properties. - Significantly improved performance of the
2020-05-update-accountmanagement-customertype
Liquibase changeset. - Fixed multiple issues with Liquibase changesets in
core-changelog-2020-03-payments.xml
which could cause errors during a database upgrade. - Improved upgrade performance of Liquibase changesets:
7.6.0-torder-make-cart-order-guids-unique
,2020-09-convert-customer-passwords-to-bcrypt
,2020-08-flatten-order-sku-tree-*
,2020-03-payment-configurations-*
,2020-05-update-accountmanagement-customertype
. - Improved upgrade performance of the
PopulateCustomerType
custom Liquibase data migration task. - Improved upgrade performance of the
UpdateDuplicateOrders
custom Liquibase data migration task. - Improved upgrade performance of the
PurgeDanglingCartOrders
custom Liquibase data migration task. - Added preconditions to ensure that PostgreSQL-specific changesets aren’t executed after migrating from MySQL or Oracle to PostgreSQL.
- Renamed the
ROLE_CODE
field in several tables to better reflect what it actually contains.
Security & Dependency Upgrades
- Fixed potential cross-site scripting vulnerability in Cortex Studio when adding a custom entry point.
- Added HTTP header and Javascript to defend against potential clickjacking attacks on Cortex Studio.
- Upgraded all code to use Apache Commons Collections 4 packages instead of Apache Commons Collections 3.
- Upgraded Apache OpenJPA from version 2.4 to 3.2.
- Upgraded Plexus utils from version 2.0.4 to 3.0.24.
- Upgraded Apache SOLR from version 7.4 to 8.11.1.
- Upgraded Apache Shiro from version 1.3.2 to 1.8.0.
- Upgraded Liquibase from version 3.10.3 to 4.8.0.
- Upgraded Apache Spring Batch from version 4.0.4 to 4.2.3.
- Upgraded ActiveMQ to version 5.16.4 which uses Reload4j instead of Log4j to address several security vulnerabilities.
- Upgraded PostgreSQL JDBC driver from version 42.2.23 to 42.3.3.
- Upgraded Logback from version 1.2.3 to 1.2.10.
- Upgraded Log4j2 from version 2.13.3 to 2.17.1.
Upgrade notes
The upgrading Elastic Path guide provides general instructions on upgrading Elastic Path projects.
Core classes now use SLF4j logging classes instead of Log4j
Since Cortex uses Logback, and other services use Log4j for logging, we should be using SLF4j as a common interface to access either logging implementation. Most Elastic Path Commerce code has now been modified to use SLF4j classes instead of Log4j classes. If Log4j classes are used, then those logs may not appear in Cortex. Therefore we recommend that any logging done in extension code should also be migrated to SLF4j, as in the following example:
Extension code using Commons Collections 3 classes need to be upgraded to Commons Collections 4
Some Apache Commons Collections 3 dependencies have been removed. Therefore any extension code using org.apache.commons.collections.*
imports will need to be changed to use org.apache.commons.collections4.*
instead.
Core request-scoped caching
The important thing to consider for extensions is that the core request-scoped cache is properly invalidated.
In Cortex this is done by CRSCSupportRequestListener#requestDestroyed
. Since this is invoked by a Servlet filter, it should work properly with all extensions.
In Search Server this is done by AbstractIndexServiceImpl#buildIndexJobRunner
and AbstractIndexingStage.LogWrappedIndexingTask#run
. Make sure that any search extensions extend these abstract classes.
In Integration Server this is done by CRSCEnabledRouteBuilder
. Make sure that any custom Camel routes extend this class instead of RouteBuilder
.
LONG_TEXT_VALUE
field from CLOB
to VARCHAR
Changed attribute value This fix changes the type of the LONG_TEXT_VALUE
field in all attribute value tables (TCATEGORYATTRIBUTEVALUE
, TCUSTOMERPROFILEVALUE
, TPRODUCTSKUATTRIBUTEVALUE
, and TPRODUCTATTRIBUTEVALUE
) from CLOB
to VARCHAR
. This is done to avoid an extra select query on the database for each record returned in these tables. These extra select queries significantly slows performance when retrieving customers, categories, products, and product skus from the database, even when the LONG_TEXT_VALUE
field is not populated.
Before deploying this change to production, note the following impacts:
- If any of the tables listed above contain a large amount of data in the
LONG_TEXT_VALUE
field for any single record, the data population process may fail.- For MySQL, the new limit is 20,000 characters.
- For PostgreSQL, the new limit is 65535 bytes (note that each unicode character can consume between 1 and 4 bytes).
- For Oracle, the new limit is 32767 bytes (note that each unicode character can consume between 1 and 4 bytes).
- The data population process may take several minutes or hours to execute, depending on the number of records in the tables listed above, database type used, and database size. While data population is running, Cortex operations may fail or be very slow due to database load and database table locks.
- Teams using Oracle must ensure that the
MAX_STRING_SIZE
parameter is set toEXTENDED
before running data population process or it will fail.
For all these reasons, before deploying this change to production, your teams should test the data population process on a snapshot of your production database in a pre-production environment. Verify that the process is able to complete successfully and make note of how long the data population process takes. Also validate the behaviour of Cortex during the data population process; you may need to plan for downtime during this process if the Cortex impact is significant.
For teams using Oracle, follow these instructions to change your database MAX_STRING_SIZE
parameter to EXTENDED
:
Modified logging format
Due to the changes to the logging formats (both CONSOLE
and FILE
), if you have any log aggregation tools that parse the log output, they will need to be updated.
Tax Calculation plugins
Any custom Tax Calculation plugins will need to be migrated from the old plugin approach to the new Extension Point Framework approach. Guidance on how to migrate can be found here.
Database changes
- Deleted unused
TSETTINGDEFINITION
records:COMMERCE/SYSTEM/INVENTORY/inventoryStrategy
COMMERCE/SYSTEM/encryptionKey
- Dropped tables related to Top Seller functionality:
TTOPSELLER
TTOPSELLERPRODUCTS
- Dropped
TPRODUCT.SALES_COUNT
field. - Deleted Top Seller
TSETTINGDEFINITION
record:COMMERCE/SYSTEM/CATALOG/catalogTopSellerCount
. - Renamed
TRULE.ROLECODE
field toTRULE.GUID
. - Renamed
TAPPLIEDRULE.RULE_CODE
field toTAPPLIEDRULE.RULE_CODE_CHECKSUM
. - Renamed
TCOUPONCONFIG.RULECODE
field toTCOUPONCONFIG.RULE_GUID
. - Added an index on the
TTAXREGION.REGION_NAME
field. - Added a unique index on the composite of the
TAX_REGION_UID
andTAX_CODE_UID
fields inTTAXVALUE
. Also changed these fields to be non-nullable. - Inserted records into
TINDEXNOTIFY
table to trigger a rebuild of all indexes after the upgrade from SOLR 7.4.x to 8.11.x. - Converted the following field types from
CLOB
toVARCHAR
:TCATEGORYATTRIBUTEVALUE.LONG_TEXT_VALUE
TCUSTOMERPROFILEVALUE.LONG_TEXT_VALUE
TPRODUCTSKUATTRIBUTEVALUE.LONG_TEXT_VALUE
TPRODUCTATTRIBUTEVALUE.LONG_TEXT_VALUE
- Changed field type of
TCATALOGHISTORY.DELETED
fromTINYINT
toBOOLEAN
(PostgreSQL only). - Increased the size of the
TCATALOGPROJECTIONS.CONTENT
andTCATALOGHISTORY.CONTENT
fields. - Added
LAST_MODIFIED_DATE
field toTCHANGESET
table. - Changed the foreign key between
TOBJECTGROUPMEMBER
andTOBJECTMETADATA
to cascade on delete. - Changed the foreign key between
TCHANGESET
andTOBJECTGROUPMEMBER
to cascade on delete. - Changed the foreign key between
TCHANGESET
andTCHANGESETUSER
to cascade on delete. - Changed the foreign key between
TORDERPAYMENT
andTPAYMENTINSTRUMENT
to cascade on delete. - Changed the foreign key between
TCARTORDERPAYMENTINSTRUMENT
andTPAYMENTINSTRUMENT
to cascade on delete. - Changed the foreign key between
TCUSTOMERPAYMENTINSTRUMENT
andTPAYMENTINSTRUMENT
to cascade on delete. - Changed the foreign key between
TPAYMENTINSTRUMENT
andTPAYMENTINSTRUMENTDATA
to cascade on delete. - Inserted
TSETTINGDEFINITION
records for the new cleanup jobs:COMMERCE/SYSTEM/CHANGESETCLEANUP/batchSize
COMMERCE/SYSTEM/CHANGESETCLEANUP/maxHistory
COMMERCE/SYSTEM/CHANGESETCLEANUP/enable
COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/batchSize
COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/maxHistory
COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/enable
COMMERCE/SYSTEM/PAYMENTINSTRUMENTCLEANUP/batchSize
- Added
PAYMENT_PROVIDER_CONFIG_GUID
field toTORDERPAYMENT
table. - Added indexes on:
TORDERADDRESS.FIRST_NAME
TORDERADDRESS.LAST_NAME
TORDERADDRESS.PHONE_NUMBER
TORDERADDRESS.FAX_NUMBER
TORDERADDRESS.ZIP_POSTAL_CODE
- Added
COUPONCODE_UPPER
field and index toTCOUPON
. - Added
USERNAME_UPPER
field and index toTCUSTOMERAUTHENTICATION
. - Changed
TBASEAMOUNT
index from a composite onPRICE_LIST_GUID
andOBJECT_GUID
, to a composite onPRICE_LIST_GUID
,OBJECT_GUID
, andOBJECT_TYPE
. - Updated
COMMERCE/SYSTEM/SEARCH/searchHost
setting definition to useapplication
cache strategy.
Upgraded libraries
The following libraries are upgraded as part of this release, primarily to address vulnerabilities detected within these libraries:
Library | Change |
---|---|
aopalliance-repackaged-2.5.0-b42.jar | Removed |
commons-daemon-1.2.4.jar | Removed |
commons-io-2.11.0.jar | Removed |
commons-lang-2.3.jar | Added |
commons-lang3-3.12.0.jar | Removed |
commons-logging-1.2.jar | Removed |
commons-net-3.5.jar | Added |
drools-persistence-api-7.6.0.Final.jar | Removed |
drools-persistence-jpa-7.6.0.Final.jar | Removed |
esapi-osgi-bundle-2.1.0.1.jar | Removed |
gemini-blueprint-extender-2.1.0.RELEASE.jar | Removed |
geronimo-annotation_1.0_spec-1.1.1.jar | Removed |
geronimo-jacc_1.1_spec-1.0.2.jar | Removed |
geronimo-jpa_2.0_spec-1.1.jar | Removed |
geronimo-jpa_2.2_spec-1.1.jar | Added |
hadoop-annotations-3.2.2.jar | Added |
hadoop-auth-3.2.2.jar | Added |
hadoop-common-3.2.2.jar | Added |
hawtbuf-1.11.jar | Removed |
hawtbuf-proto-1.11.jar | Removed |
HdrHistogram-2.1.11.jar | Added |
hk2-api-2.5.0-b42.jar | Removed |
hk2-locator-2.5.0-b42.jar | Removed |
hk2-utils-2.5.0-b42.jar | Removed |
jasypt-1.9.3.jar | Removed |
java-uuid-generator-3.1.5.jar | Removed |
javax.inject-2.5.0-b42.jar | Removed |
javax.xml.rpc_1.1.0.v201209140446.jar | Removed |
javax.xml.soap_1.2.0.v201005080501.jar | Removed |
jbpm-audit-7.6.0.Final.jar | Removed |
jbpm-flow-7.6.0.Final.jar | Removed |
jbpm-human-task-core-7.6.0.Final.jar | Removed |
jbpm-human-task-workitems-7.6.0.Final.jar | Removed |
jbpm-persistence-api-7.6.0.Final.jar | Removed |
jbpm-persistence-jpa-7.6.0.Final.jar | Removed |
jbpm-query-jpa-7.6.0.Final.jar | Removed |
jbpm-runtime-manager-7.6.0.Final.jar | Removed |
jcl-over-slf4j-1.7.25.jar | Removed |
jdk.tools-1.8.jar | Added |
jdom2-2.0.6.jar | Removed |
jersey-client-2.27.jar | Removed |
jersey-common-2.27.jar | Removed |
jersey-container-servlet-2.27.jar | Removed |
jersey-container-servlet-core-2.27.jar | Removed |
jersey-hk2-2.27.jar | Removed |
jersey-media-jaxb-2.27.jar | Removed |
jersey-media-multipart-2.27.jar | Removed |
jersey-server-2.27.jar | Removed |
jul-to-slf4j-1.7.25.jar | Removed |
LatencyUtils-2.0.3.jar | Added |
liquibase-core-4.8.0.jar | Version changed from 3.10.3 |
log4j-over-slf4j-1.7.25.jar | Removed |
logback-classic-1.2.10.jar | Version changed from 1.2.3 |
logback-core-1.2.10.jar | Version changed from 1.2.3 |
micrometer-core-1.3.9.jar | Added |
mimepull-1.9.6.jar | Removed |
objenesis-2.1.jar | Added |
ojdbc8-19.9.0.0.jar | Removed |
openjpa-3.2.2-ep1.0.jar | Version changed from 2.4.0-ep2.4 |
org.apache.axis_1.4.0.v201411182030.jar | Removed |
org.apache.batik.css_1.8.0.v20170214-1941.jar | Removed |
org.apache.batik.ext.awt_1.6.0.v201011041432.jar | Added |
org.apache.batik.util_1.8.0.v20170214-1941.jar | Removed |
org.apache.batik.util.gui_1.8.0.v20170214-1941.jar | Removed |
org.apache.commons.discovery_0.2.0.v201004190315.jar | Removed |
org.apache.commons.logging-1.1.1.v201101211721.jar | Removed |
org.apache.felix.configadmin-1.8.16.jar | Removed |
org.apache.felix.eventadmin-1.4.10.jar | Removed |
org.apache.felix.fileinstall-3.6.4.jar | Removed |
org.apache.felix.framework-5.6.10.jar | Removed |
org.apache.felix.http.api-3.0.0.jar | Removed |
org.apache.felix.http.bridge-4.0.2.jar | Removed |
org.apache.felix.http.proxy-3.0.2.jar | Removed |
org.apache.felix.http.servlet-api-1.1.2.jar | Removed |
org.apache.felix.inventory-1.0.6.jar | Removed |
org.apache.felix.metatype-1.1.6.jar | Removed |
org.apache.felix.scr-2.0.14.jar | Removed |
org.apache.felix.webconsole.plugins.ds-2.0.8.jar | Removed |
org.apache.felix.webconsole.plugins.event-1.1.8.jar | Removed |
org.apache.felix.webconsole.plugins.memoryusage-1.0.8.jar | Removed |
org.apache.felix.webconsole.plugins.packageadmin-1.0.4.jar | Removed |
org.apache.lucene.core_6.1.0.v20170814-1820.jar | Added |
org.apache.lucene.core_7.1.0.v20171214-1510.jar | Removed |
org.apache.servicemix.bundles.commons-collections-3.2.1_3.jar | Removed |
org.apache.servicemix.bundles.josql-1.5_5.jar | Removed |
org.apache.servicemix.bundles.quartz-2.3.2_1.jar | Removed |
org.apache.servicemix.bundles.spring-context-support-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-jdbc-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-jms-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-orm-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-security-config-4.2.4.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-security-core-4.2.13.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-security-web-4.2.4.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-tx-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-web-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.spring-webmvc-4.3.30.RELEASE_1.jar | Removed |
org.apache.servicemix.bundles.xstream-1.4.18_1.jar | Removed |
org.eclipse.birt_4.7.0.v201706222054.jar | Removed |
org.eclipse.birt.chart.device.pdf-4.7.0.v201706222054.jar | Added |
org.eclipse.birt.report.data.oda.excel-4.7.0.v201706222054.jar | Added |
org.eclipse.birt.report.data.oda.jdbc_4.7.0.v201706222054.jar | Removed |
org.eclipse.birt.report.data.oda.sampledb_4.7.0.v201706222054.jar | Removed |
org.eclipse.birt.report.designer.editor.xml.wtp_4.7.0.v201706222054.jar | Removed |
org.eclipse.birt.report.engine-4.7.0.v201706222054.jar | Added |
org.eclipse.birt.report.viewer-4.7.0.v201706222054.jar | Added |
org.eclipse.core.contenttype_3.7.0.v20180426-1644.jar | Removed |
org.eclipse.core.expressions_3.6.100.v20180426-1644.jar | Removed |
org.eclipse.core.filesystem_1.7.100.v20180304-1102.jar | Removed |
org.eclipse.core.jobs_3.10.0.v20180427-1454.jar | Removed |
org.eclipse.core.resources_3.13.0.v20180512-1138.jar | Removed |
org.eclipse.core.runtime_3.14.0.v20180417-0825.jar | Removed |
org.eclipse.datatools.connectivity.oda.feature_1.14.100.201802212225.jar | Removed |
org.eclipse.equinox.app_1.3.500.v20171221-2204.jar | Removed |
org.eclipse.equinox.common_3.10.0.v20180412-1130.jar | Removed |
org.eclipse.equinox.preferences_3.7.100.v20180510-1129.jar | Removed |
org.eclipse.equinox.registry_3.8.0.v20180426-1327.jar | Removed |
org.eclipse.equinox.security_1.2.400.v20171221-2204.jar | Removed |
org.eclipse.equinox.simpleconfigurator.manipulator_2.1.0.v20180103-0918-4.8.0.jar | Removed |
org.eclipse.equinox.simpleconfigurator.manipulator-2.1.0.jar | Added |
org.eclipse.help_3.8.100.v20180512-1136.jar | Removed |
org.eclipse.osgi_3.13.0.v20180409-1500-4.8.0.jar | Removed |
org.eclipse.osgi_3.13.0.v20180409-1500.jar | Removed |
org.eclipse.osgi-3.13.0.jar | Added |
org.eclipse.osgi.services_3.7.0.v20180223-1712.jar | Removed |
org.eclipse.osgi.util_3.5.0.v20180219-1511-4.8.0.jar | Removed |
org.eclipse.osgi.util_3.5.0.v20180219-1511.jar | Removed |
org.eclipse.osgi.util-3.5.0.jar | Added |
org.eclipse.sisu.inject-0.3.3.jar | Removed |
org.eclipse.update.configurator_3.4.0.v20180512-1141-4.8.0.jar | Removed |
org.eclipse.update.configurator-3.4.0.jar | Added |
org.eclipse.wst.common.fproj_3.7.1.v201711202234.jar | Removed |
org.osgi.service.log-1.3.0.jar | Removed |
org.w3c.sac_1.3.0.v201706222054.jar | Removed |
osgi-over-slf4j-1.7.25.jar | Removed |
osgi-resource-locator-1.0.3.jar | Removed |
postgresql-42.3.3.jar | Version changed from 42.2.23 |
slf4j-ext-1.7.32.jar | Version changed from 1.7.26 |
spring-batch-core-4.2.3.RELEASE.jar | Version changed from 4.0.4.RELEASE |
spring-batch-infrastructure-4.2.3.RELEASE.jar | Version changed from 4.0.4.RELEASE |
spring-retry-1.2.5.RELEASE.jar | Version changed from 1.2.4.RELEASE |
spring-security-oauth2-bundle-2.3.3.RELEASE.jar | Removed |
uk.co.spudsoft.birt.emitters.excel-4.7.0.v201706222054.jar | Added |
velocity-engine-core-2.3.jar | Removed |
xbean-asm9-shaded-4.20.jar | Added |
xbean-spring-4.18.jar | Removed |