Self-Managed Commerce 8.7.x Release Notes
Learn about changes to Self-Managed Commerce for this release. Fixes since the release are summarized in the changelog.
Changelog
The changelog contains the list of fixes and improvements made to Self-Managed Commerce 8.7 since its release date. To learn how to consume the updates, see Consuming Support Fixes.
Commit | Description | Badges | Release Date |
---|---|---|---|
42862cd6 | Changed "No product was found for base amount" error to a warning. | 28‑Aug‑2025 | |
ff9b43cd | Upgraded Tomcat from 10.1.42 to 10.1.44 to address CVE-2025-52520, CVE-2025-53506, and CVE-2025-48989. | Security | 26‑Aug‑2025 |
56be14d9 | Modified the XPFTaxableShoppingItem so that its GUID matches the shopping cart line item GUID, so that the ElasticPathTaxCalculator cache doesn't miss on subsequent identical tax lookups. | 25‑Aug‑2025 | |
745fc35c | Removed all ESAPI dependencies, which were not effectively protecting the Cortex API endpoints and were including vulnerable transitive dependencies. | 20‑Aug‑2025 | |
1db31ec0 | Fixed issue with service level options in the Commerce Manager promotion actions not updating correctly after the selected stores are changed. | 20‑Aug‑2025 | |
29072bea | Removed extra super.configure() call in ImportRouteBuilder . | 15‑Aug‑2025 | |
9a281811 | Upgraded Spring Security from 6.4.5 to 6.4.6 to address CVE-2025-41232. | Security | 13‑Aug‑2025 |
92c97b7b | Upgraded ActiveMQ from 5.18.5 to 5.18.7 to address CVE-2025-27533. | Security | 12‑Aug‑2025 |
f5b0852f | Upgraded Spring Framework from 6.2.6 to 6.2.8 to address CVE-2025-41234 and CVE-2025-22233. | Security | 12‑Aug‑2025 |
cdb98f9c | Fixed duplicate guid in facet test data that was causing intermittent test failures. | 12‑Aug‑2025 | |
c2f2ee9e | Fixed issue on promotion editor where store and catalog assignments were not persisted if changed after an initial save. | 12‑Aug‑2025 | |
d34f8e00 | Jakarta migration in committed source code. | Security | 1‑Aug‑2025 |
df6cdeb4 | Jakarta migration in replacer output. | 1‑Aug‑2025 |
8.7.0
Released: August 2025
Release highlights
Javax to Jakarta migration
For many years, Java EE was developed under the stewardship of Oracle, and core packages used the javax.*
namespace (e.g., javax.servlet
, javax.persistence
). In 2017, Oracle donated Java EE to the Eclipse Foundation, and the platform was rebranded as Jakarta EE.
However, Oracle retained the rights to the javax
namespace as part of the Java trademark. This created a major roadblock: although Jakarta EE could evolve independently, it could not modify any API under javax.*
.
To move forward with innovation, the Eclipse Jakarta EE Working Group made the decision to rename all relevant packages to the jakarta.*
namespace. This change officially occurred starting with Jakarta EE 9, released in December 2020.
Key changes included:
javax.servlet
-->jakarta.servlet
javax.persistence
-->jakarta.persistence
javax.ws.rs
-->jakarta.ws.rs
- And many more.
As a result, many of the Open Source dependencies used by Self-Managed Commerce have released new artifacts that use the jakarta.*
namespace, often with updated Maven coordinates. In order to consume these updates, Self-Managed Commerce needed to migrate all dependencies using the javax.*
packages to new dependencies that use the jakarta.*
packages at once, so that they can use the API interfaces defined by the new Jakarta EE version.
This allowed Self-Managed Commerce 8.7 to upgrade key dependencies such as Spring 5.x to Spring 6.x, OpenJPA 3.2.x to 4.x, and Tomcat 9.x to 10.x. Without making these changes, Self-Managed Commerce would be unable to consume the new versions of these dependencies which include important security fixes and new features.
For information about the impact of these changes on your custom code, see Upgrade Notes: Jakarta migration.
Promotions Calculator extension point
A new extension point has been added that can be used to externalize promotion calculations. This means that developers can delegate the calculation of promotions to a third-party service, or to a separate Self-Managed Commerce environment that exposes APIs for promotion calculations.
By default, the ElasticPathPromotionsCalculator
extension will implement this extension point, which reads promotion rules from the database and uses Drools to evaluate conditions.
For more information, see Promotions Calculator extension point.
Notification Events extension point
A new extension point has been added that allows developers to control how notifications are sent to customers and business users. This extension point is the basis for all notification events, including email, text message, and push notifications.
When Self-Managed Commerce needs to notify a customer or business user, all registered notification event extensions are notified by invoking the send
method. The context passed to this method includes details such as the notification type, recipients, and placeholder values. It is the responibility of the extension to both render and deliver the message to the recipients.
By default, the VelocitySMTPEmailSender
extension will implement this extension point, which renders emails using Apache Velocity and uses SMTP to send out the emails. However, this extension can be replaced with integrations to third-party services such as SendGrid or Postmark, so that business users can modify email templates themselves without needing to involve the development team. Additionally, other extensions could be created to send notifications to customers via text message (using Twilio) or other push notification services.
For more information, see Notification Events extension point and Email Delivery.
Product Events extension point
A new extension point has been added that is notified when a product is created or updated. This is useful for notifying back-end systems when catalog changes occur in Self-Managed Commerce. Extensions will be notified no matter how the product was changed, including Import/Export imports, Data Sync, or changes made in Commerce Manager.
For more information, see Product Events extension point.
Full support for Trusted Header Authentication
Previously, Cortex had partial support for Trusted Header Authentication, which allows the use of headers to authenticate a shopper.
However, this functionality had two major limitations:
- There was no support for creating a new customer record for an unrecognized
X-Ep-User-Id
header value. - There was no support for transitioning a
PUBLIC
shopper to aREGISTERED
shopper.
These limitations were previously addressed by wiring in the Cortex Trusted Header Mode Accelerator, however, this functionality is now built into the platform.
For more information, see Trusted Header Authentication.
New in this release
In addition to the Release Highlights, this release contains the following updates:
IS NULL
and IS NOT NULL
in the EP Search Query Language
Added support for Added support for the IS NULL
and IS NOT NULL
operators when specifying a filter for an Import/Export export. This allows API clients to filter fields based on whether a value is set or not.
For more details, see EP Search Query Language.
JMX endpoints for logging
A new com.elasticpath.logging
MBean server has been added to all Self-Managed Commerce services. This allows you to modify the log levels of running services in real time.
For more details, see Log level updates.
JpqlQueryBuilder
Added subquery support to The JpqlQueryBuilder
class now supports generation of queries with subqueries. This is useful for using the results from one query as a filter for another query.
This feature is supported through the new void appendWhereInSubquery(final String fieldName, final JpqlQueryBuilder subQueryBuilder)
method. This method adds a where clause to the query that ensures that the specified fieldName
value is contained in the results of the subQueryBuilder
result.
As an example, we can create a JPQL query that returns all customer records that are associated to a stores in the OPEN
state:
// Create subquery that returns store codes for all stores in the OPEN state
JpqlQueryBuilder subQuery = new JpqlQueryBuilder(persistenceEngine, "StoreImpl", "store", "store.code");
subQuery.getDefaultWhereGroup().appendWhereEquals("store.storeState", StoreState.OPEN);
// Create query that returns all customer records that are associated to stores in the OPEN state
JpqlQueryBuilder query = new JpqlQueryBuilder(persistenceEngine, "CustomerImpl", "cust");
query.getDefaultWhereGroup().appendWhereInSubquery("cust.storeCode", subQuery);
query.getDefaultWhereGroup().appendWhereEquals("cust.sharedId", "test");
// Execute query
persistenceEngine.retrieve(query.buildQuery(), query.buildParameterList().toArray());
Local developers now use the Cargo plugin to start webapps
Starting webapps on a local developer machine now uses the Cargo plugin instead of the Tomcat plugin. Therefore, webapps are now started by running mvn clean package cargo:run
from the appropriate webapp folder.
For more details, see Running Applications and Changes to webapp startup instructions for local development.
Added new Maven build parameter for quick builds
Developers can now use the -DskipSlowTests
parameter with Maven to run a quick build with basic validation. This parameter is similar to -DskipAllTests
, but also runs all static analysis checks and unit tests. Integration tests and Cucumber (and Selenium) tests are skipped. On a Mac M1, running mvn clean install -DskipSlowTests
should take about 19 minutes to run.
For more details, see Building source code.
Enhancements to the Operations Specification
Added a new jvmRuntimeArguments
field to the activemq
section of the ops-spec.json
file. This allows us to specify system properties to pass to the JVM when starting the ActiveMQ broker.
For more details, see Operations Specification.
Added build-time checks for multiple JARs providing the same classes
When a Java runtime classpath contains multiple JARs that provide the same fully qualified class name, the classloader will randomly choose one of the class implementations. This can lead to confusing intermittent issues such as MethodNotFound
at runtime.
To prevent this, a new plugin has been addedto the build process called duplicate-finder-maven-plugin
, which detects this situation and will fail the build if it finds multiple JARs providing the same class.
Along with this change, several conflicting dependencies have been resolved:
- Multiple conflicting jars:
jakarta.xml.bind:jakarta.xml.bind-api:2.3.3, javax.xml.bind:jaxb-api:2.3.1
javax.xml.bind:jaxb-api
was removed.jakarta.xml.bind:jakarta.xml.bind-api
is now the primary JAR providing Java Architecture for XML Binding functionality.
- Multiple conflicting jars:
javax.servlet:javax.servlet-api:3.1.0, org.eclipse.jetty.toolchain:jetty-servlet-api:4.0.6
org.eclipse.jetty.toolchain:jetty-servlet-api
was removed.javax.servlet:javax.servlet-api
is now the primary JAR providing servlet functionality.
- Multiple conflicting jars:
org.slf4j:jcl-over-slf4j:1.7.32, org.springframework:spring-jcl:5.3.39, commons-logging:commons-logging:1.1.1
commons-logging:commons-logging
was removed and banned.org.slf4j:jcl-over-slf4j
is now the primary JAR providing commons logging functionality.
- Multiple conflicting jars:
aopalliance:aopalliance:1.0, org.glassfish.hk2.external:aopalliance-repackaged:3.1.1, org.springframework:spring-aop:5.3.39
aopalliance:aopalliance
was removed and banned.org.glassfish.hk2.external:aopalliance-repackaged
is now the primary JAR providing Aspect-Oriented Programming functionality.
- Multiple conflicting jars:
jakarta.validation:jakarta.validation-api:2.0.2, javax.validation:validation-api:2.0.1.Final
- Core is only using
javax.validation:validation-api
(jakarta.validation-api
was removed). - Search Server is using both:
jakarta.validation-api
version 3.0.2 which provides thejakarta.validation
packages for SOLR.javax.validation-api
version 2.0.1 which provides thejavax.validation
packages.
- Core is only using
- Multiple conflicting jars:
javax.el:javax.el-api:3.0.0, org.glassfish:jakarta.el:3.0.4
jakarta.el:jakarta.el-api
andjavax.el:javax.el-api
were removed and banned.org.glassfish:jakarta.el
is now the only JAR providing expression language functionality.
- Multiple conflicting jars:
io.swagger.core.v3:swagger-annotations-jakarta:2.2.22, io.swagger.core.v3:swagger-annotations:2.1.13
io.swagger.core.v3:swagger-annotations
was removed and banned.io.swagger.core.v3:swagger-annotations-jakarta
is now the only JAR providing Swagger annotations functionality.
- Multiple conflicting jars:
com.sun.mail:imap:1.5.6, com.sun.mail:jakarta.mail:1.6.7, com.sun.mail:javax.mail:1.5.6
com.sun.mail:javax.mail
,com.sun.mail:imap
,javax.mail:mailapi
, andjavax.mail:mail
and were removed and banned.com.sun.mail:jakarta.mail
is now the only JAR providing mail functionality.
- Multiple conflicting jars:
com.sun.activation:jakarta.activation:1.2.2, com.sun.activation:javax.activation:1.2.0, jakarta.activation:jakarta.activation-api:1.2.2, javax.activation:activation:1.1
com.sun.activation:javax.activation
,javax.activation:activation
,javax.activation:javax.activation-api
, andjakarta.activation:jakarta.activation-api
were removed and banned.com.sun.activation:jakarta.activation
is now the only JAR providing activation functionality.
For more information, see Duplicate JAR finder.
Added new integration test for testing JPQL queries
A new integration test has been added to the ep-core-itests
module to make it easier to test JPQL queries against a Self-Managed Commerce database.
For more information, see JPQL Query Test.
Added pagination support for wish list line items in Cortex
Added a new link to the wishlists.wishlist
resource named lineitemspaginated
. This returns the same elements as the existing lineitems
link, but the results are paginated. The page size is defined by the COMMERCE/STORE/listPagination
setting value.
For more information, see Read paginated wishlist line items.
Added a new setting to disable price faceting to improve search indexing performance
For customers with a large number of price lists, rebuilding the product search index may be very slow, since the price for each product in every price list must be determined and populated in the index. However, this functionality is only needed for a specific aspect of filtered navigation functionality which allows shoppers to filter their search results by price.
If this functionality is not needed, it can be disabled by setting the COMMERCE/STORE/FILTEREDNAVIGATION/priceFacetingEnabled
setting to false
. This has two effects:
- The price faceting option is not shown when viewing facets on offer search results or category results.
- Pricing is not calculated during product search indexing, and is not stored in the SOLR index.
If this setting is disabled, product search indexing may be significantly faster for some customers.
Multiple extension point framework improvements
See the Extension Point Framework release notes.
Fixed issues
Commerce Engine
Performance optimization for retrieving extensions for Extension Points
Profiling revealed that the XPFExtensionLookup#getMultipleExtensions
and XPFExtensionLookup#getSingleExtension
methods were a major performance bottleneck.
Within the call stack of these methods is a call to PluginManager#getExtensions
. Although this call used a cache to avoid expensive extension instantiation costs, it still ended up doing classpath scanning to determine which classes support the passed extension point.
We were able to completely avoid doing this classpath scanning since we’ve already identified the available extensions within XPFInMemoryExtensionResolverImpl#init
.
These changes resulted in approximately a 7% improvement in overall Cortex response times.
Corrected bundle availability logic
The previous availability logic for bundles was correct for fixed bundles but not always correct for dynamic bundles.
Previous behavior: If any constituent was OUT_OF_STOCK
, then the entire bundle was considered OUT_OF_STOCK
.
New behavior: The bundle availability status is set to AVAILABLE
when the number of available constituents is greater than or equal to the selection rule count, and OUT_OF_STOCK
otherwise.
For example, given a scenario where the selection rule is 2, the bundle is assigned 5 constituents:
- If 3 are out of stock, the bundle will show as
AVAILABLE
. - If 4 or more are out of stock, then the bundle availability will show as
OUT_OF_STOCK
.
Order shipment shipping discount is now persisted
The TORDERSHIPMENT
table stores shipping subtotal (including discounts) in the SHIPPING_COST
column. However, the shipping subtotal before discounts and the shipping discount were not stored separately.
To address this issue, a SHIPPING_DISCOUNT
field has been added to track the shipping discount, and we use the previously ignored SHIPPING_SUBTOTAL
field to track shipping subtotal before discounts.
To summarize:
- Shipping subtotal before discounts:
TORDERSHIPMENT.SHIPPING_COST
- Shipping discount:
TORDERSHIPMENT.SHIPPING_DISCOUNT
- Shipping subtotal including discounts:
TORDERSHIPMENT.SHIPPING_SUBTOTAL
note
Since it's not possible to retroactively derive these values, existing TORDERSHIPMENT
records will contain null SHIPPING_DISCOUNT
and SHIPPING_SUBTOTAL
values. However, these fields will be populated for all newly created orders.
Added a new warning to the logs if application cache implementation is not being used
A new warning is now logged when a service using SwitchableProxyBinder
is using the fallback implementation, which usually indicates that application-level caching is not working. This can happen if no OSGi or Spring beans registered a cache implementation binding with the SwitchableProxyBinder
.
Example warning message:
WARN: Using fallback implementation of `com.elasticpath.service.pricing.PriceListAssignmentService`. This usually means that caching is disabled for this service. See https://documentation.elasticpath.com/commerce/docs/core/platform/cross-platform/ehcache.html#switchable-proxy-binder for more information.
For more information, see Switchable Proxy Binder: Determining if extensions are registered properly.
Added missing test modules to the Maven reactor
Previously, there were a number of modules that were not included in the Maven reactor. These modules are typically run tests that require a deployment to exist.
Since these modules are not included in the Maven reactor, they were not compiled or checked by the static analysis tools until the tests were actually run. This led to long delays in feedback about compilation, Checkstyle, and PMD errors.
Refactoring was much harder since IntelliJ wasn't aware of these classes. It also breaks the IntelliJ navigation to and from Cucumber features and their step definitions.
To address this issue, the following modules have been added to the Maven reactor:
ep-commerce/commerce-engine/core/ep-core-tool-itests
ep-commerce/extensions/cortex/ext-system-tests/cucumber
ep-commerce/extensions/catalog
ep-commerce/extensions/catalog/ext-system-tests
ep-commerce/extensions/catalog/system-tests
ep-commerce/extensions/system-tests/performance-tests/cucumber
ep-commerce/extensions/cm/ext-cm-modules/ext-system-tests
ep-commerce/extensions/cm/ext-cm-modules/system-tests/selenium
Cortex
Cortex OSGi console is no longer accessible by default
Previously, the OSGi console was accessible by default at the system/console
path. Although this was secured with a username/password, the default credentials are very easy to guess, so this presented a security risk.
To mitigate this risk, the OSGi console is now blocked by default, unless the ep.management.port
system property is set to the desired port. For production environments, we recommend setting this value to a port that is internally accessible for debugging production issues, but not externally accessible. Note that Tomcat must also be configured to listen on the specified port.
Commerce Manager
CartOrderService#getCartOrderGuidByShoppingCartGuid
Added caching for Normally, services handling shopper-controlled entities are not cached because they are changed frequently. However, the CartOrderService#getCartOrderGuidByShoppingCartGuid
service is used to retrieve the cart order GUID for a shopping cart GUID, which will never change, so it's cachable. This change eliminates several unnecessary database queries during shopping cart operations.
Search Server
Re-index products when catalog promotions are added
Fixed functionality to ensure that affected products are re-indexed when catalog promotions are added, modified, or become active or inactive to ensure that the indexed price is correct.
Tests
Consolidated and cleaned up Cucumber test Cargo configurations
Reduced duplication and complexity in the configuration of the Cargo plugins for Cucumber tests. Many of the properties, dependencies, and Cargo plugin configuration parameters have been moved out of the individual Cucumber module POMs and into extensions/pom.xml
and root pom.xml
. The root pom.xml
contains the shared dependencies and Cargo plugin configuration needed by all modules, while the extensions/pom.xml
contains specific execution configurations for starting each Self-Managed Commerce service for use by the Cucumber tests.
Additionally, the Cargo configuration defined in the root pom.xml
is reused by the webapp modules when local developers are starting the webapps with mvn clean package cargo:run
.
Database
- Added missing Liquibase checksums to changesets that were updated during the Liquibase upgrade.
- Fixed preconditions in
core-changelog-2020-08-cleanup-expired-failed-orders-job
changeset to avoid potential upgrade error. - Removed checksum validation from
core-changelog-2024-07-expired-data-point-values-job
changeset due to required changes in earlier versions. - Fixed SchemaSpy document generation on PostgreSQL.
- Upgraded SchemaSpy plugin from 1.0.4 to 5.3.0.
Additional Commerce Engine fixes
- Modified the build process to fail if
ops-spec.json
isn't a valid json file. - Fixed Core Request-Scoped Caching to ensure that retrievals with different load tuners or fetch groups are cached separately.
- Removed unused
CustomerTagStrategy
interface. - Removed unused
PricingCacheKey
class. - Removed unnecessary methods from the
PriceListService
interface. - Enabled Checkstyle and PMD for the
webapp-smoketests
module. - Enabled Checkstyle and PMD for the
http-mock-server-services
module. - Modified AspectJ logging to use the same format as the rest of the application.
- Added new entries to
.gitignore
:.sonarlint/
and.vscode/
. - False-positive FindBugs warnings are now suppressed with
@SuppressFBWarnings
instead of@SuppressWarnings
, to ensure that Static Application Security Testing tools can ignore these false-positive warnings properly. - Minor code refactoring for
TimeIntervalCacheImpl#get
to simplify implementation. - Added debug logging for
SwitchableProxyBinder
. - Fixed race condition in
TimeIntervalCacheImpl
that can result in aNoSuchElementException
when retrieving values from the cache. - Colored logging in Self-Managed Commerce services is now disabled by default; only enabled for local development deployments.
- Fixed issue where the shopping cart memento object was not correctly passed to bundle items during instantiation.
- Fixed issue with logging of some Catalog Syndication failures.
- Fixed infinite recursion bug in
CacheableFacetService#findAllFacetsForStore
. - Fixed issue where resending a Gift Certificate for a specific order line item was resending all order gift certificates to the specified recipient.
- Fixed an issue where domain events are not always triggered as expected if the domain class has been extended.
- Added calls to super.configure() within configure methods of route builders extending CRSCEnabledRouteBuilder.
- Fixed issue with Extension Point Framework entities missing all non-localized attribute values when a localized attribute contains a non-localized fallback value.
- Fixed issue that was sending messages to
VirtualTopic.ep.catalog
containing an error message when Catalog Syndication was triggered. - Fixed multiple issues with limited usage promotions:
- Promotion wizard not saving the limited use promotion setting.
- An error was occurring when checking out with limited use promotions:
Attempt to attach a modified class com.elasticpath.domain.rules.impl.PromotionRuleImpl which has @ShopperReadOnly annotation.
- Potential race condition when incrementing the promotion usage count during checkout, causing some uses to be missed.
- Fixed potential race condition for limited use coupons when incrementing the coupon usage count during checkout, causing some uses to be missed.
- Fixed issue with
CouponUsageDaoImpl#findEligibleUsagesByEmailAddressInStore
passing wrong value to named query when email address is empty. - Fixed behavior of the first time buyer flag if the shopper's first order fails.
- Fixed Tax Calculator extension
IndexOutOfBoundsException
exception for empty tax records collection. - Fixed incorrect environment subfolder names in
ext-data
. - Ensure that affected products are re-indexed when catalog promotions are added, modified, or become active or inactive to ensure that the indexed price is correct.
- Fixed stack trace logging on Camel routes for event-based extension points.
- Changed the way that
SkuOptionValue
is associated withProductSkuOptionValue
, using a lazy load approach instead of the Eager Field Post Load Strategy, to prevent possible "context has been closed" exceptions. - Fixed error handling for shipping option determination so that the actual underlying error is reported rather than a
NullPointerException
. - Fixed vulnerability in
DownloadServiceHandler
. - Fixed SQL injection warnings identified by SAST tooling in ep-persistence-openjpa.
- Refactored
ProductAssociationQueryBuilder
to useJPQLQueryBuilder
and optimized generated query for determining product associations. - Fixed
NullPointerException
in coupon auto-apply role transition if registered user email was null. - Fixed
NullPointerException
that could occur if looking up a non-existent compound GUID withCategoryLookup#findByCompoundCategoryAndCatalogCodes
. - Fixed
NullPointerException
that could occur ifRuleService#findByRuleGuid
is called with a non-existent guid. - Fixed a race condition in service health checks that could report false health check failures if multiple requests were submitted concurrently.
- Fixed
LibJarUtil
parser to properly exclude#runtime
refs when scanning the payment plugin classpath. - Updated the Log4j configuration for all services to ensure that log file sizes are limited by using a fixed window rolling policy.
- Improved warning "Setting retrieval strategy {} threw an exception." to ensure that full stack trace is logged.
- Fixed all query strings defined on beans for Catalog Syndication
JpaPagingItemReader
instances to ensure they have anORDER BY
clause. - Non-physical skus were treated as always available, regardless of the product availability rule setting. Now their availability is determined by the availability rule.
- Fixed issue where importing entities did't properly invalidate the application cache in some circumstances.
- Refactored
assertThat
imports fromorg.assertj.core.api.AssertionsForClassTypes
andorg.assertj.core.api.Java6Assertions
toorg.assertj.core.api.Assertions
. A new checkstyleIllegalImport
rule was also configured to flag if these imports are used in the future. - Modified how email locale is determined to ensure that the customer's preferred locale is used (if specified) instead of the store default locale.
- Fixed issue in which
CM_USER_CREATED
event is sent before user is persisted.
Additional Cortex fixes
- Fixed issue with structured error messages from some shopping item validators not showing a link to the affected shopping item.
- Fixed race condition that can occur when multiple users execute keyword or navigation searches with different sort keys.
- Removed unused bundles from Cortex:
javaparser-core
,big-math
, andantlr4-runtime
. - Fixed issue where dependent items could not be removed from dynamic bundles in the shopping cart.
- Fixed Cortex keyword search functionality so it correctly reads the
COMMERCE/SEARCH/*
system configuration settings. - Suppressed misleading "JWT signature does not match locally computed signature" errors in the Cortex log.
- Added JVM system property to ensure that Log4j always uses the
BasicContextSelector
to avoid OSGi issues in Cortex. - Hardcoded
mobee
andvestri
values removed from scope autocomplete in Cortex Studio. - Changed coupon validation failure code
ERROR_COUPON_USAGE_MISSING
toERROR_EMAIL_NOT_ASSIGNED
to improve clarity. - Added additional details to the structured error message response when a coupon is determined to be invalid.
- Fixed Cortex structured message response when purchase form is submitted with validation errors.
- Fixed Cortex applied promotions response for cart subtotal promotions to ensure that it returns the applied 'best of' promotion instead of all eligible promotions.
- Suppressed misleading "JWT signature does not match locally computed signature" errors in Cortex log.
- Fixed issue with Cortex attempting to write logs to a folder based on the build machine home folder instead of the runtime machine home folder.
- Payment method elements returned by Cortex are now returned in a consistent order (alphabetical based on configuration name).
- Removed support for
user-name
anduser-company
fields in JWT metadata payload, which was leading to unique constraint errors in PunchOut. - Fixed bug that caused a 404 error to be returned for wish list elements if the product or sku became unavailable.
Additional Commerce Manager fixes
- Fixed performance issue when adding actions to catalog promotions in Commerce Manager when database contains a large number of price lists.
- Improved performance in Commerce Manager when removing an attribute from a product type.
- Fixed potential table scan when retrieving the order list in Commerce Manager.
- Fixed split packages issue in
com.elasticpath:shipping-calculation-epcommerce
that was caused byep-core
being embedded. - Updated Commerce Manager cookies to always set the
HttpOnly
flag for improved security. - Fixed parent references in Commerce Manager modules to improve Maven reactor hygiene.
- Fixed error that can occur when editing boolean attributes in Commerce Manager.
- Fixed Commerce Manager error that occurs when searching for products using Advanced Search Query Builder.
- Fixed problem with "All Stores" filter being ignored on the customer search tab.
- Fixed sorting for "Enabled" and "Expiration Date" columns on cart and catalog promotion search results in Commerce Manager.
- Removed unused Felix Webconsole dependency from Commerce Manager.
- Fixed issue with the simulated selling context dialog in Commerce Manager in which labels were not appearing.
- Fixed issue with order hold getting stuck in
RESOLVE_PENDING
if order lock is present. - Fixed issue with private use coupons not working after adding new users to an existing promotion.
- Enabled state comparison version strategy on order holds to ensure that two users don't resolve the same hold simultaneously, leading to the order hold getting stuck in the
RESOLVE_PENDING
state. - Improved order hold resolution error handling to ensure that order holds don't get stuck in the
RESOLVE_PENDING
state. - Changed the orders list on the customer record in Commerce Manager to sort by created date instead of order number to avoid alphanumeric sorting issues.
- Fixed issues with the shopper conditions user interface in Commerce Manager where conditions were sometimes duplicated or could not be removed.
- Fixed potential
NullPointerException
that could occur if opening an address with a null sub-country in Commerce Manager. - Removed line from
com.elasticpath.cmclient.core/plugin.xml
that caused the XML to be invalid. - Fixed the "Cancel order" button to ensure that it is disabled for orders that have already been released.
- Fixed error that was occurring on the Commerce Manager exchange wizard after modifying items to be exchanged.
- Improved clarity of the dialog that appears in Commerce Manager when editing an order that has been edited by another user.
Additional Search Server fixes
- Fixed issue where the
parentCategoryCodes
field was not populated in the SOLR index for linked categories. - Enabled HTTP/2 support for Solr replication.
- Fixed parsing of queries in
LuceneRawQueryComposerImpl
that was causing problems for the search server when processing some index notifications. - Fixed search index rebuild when a product was added or updated using Import/Export.
- Fixed search indexing issue in which delete requests were ignored if there are no corresponding add/update requests.
- Fixed
SolrFacetAdapter
to consistently expectsearchCriteria.getSearchHint("priceSourceIds")
to contain a list of strings. - Fixed issue that causes search indexing to fail if multiple attribute values exist for the same attribute with the same locale.
Additional Integration Server fixes
- Fixed Spring circular dependency that was causing NullPointerExceptions during Integration Server startup.
- Removed unused
CXFServlet
references from Integration Serverweb.xml
.
Additional Batch Server fixes
- Fixed out of memory error that could occur on the Batch Server if the database contains a large number of
TCUSTOMERCONSENT
records.
Additional Data Sync fixes
- Fixed a
NullPointerException
that can occur when publishing multi-sku products through the Data Sync Webapp. - Fixed issue with Data Sync Webapp where changesets containing base amounts were causing multiple product index notifications to be created and were also holding the base amount objects in memory until the service was restarted.
Additional Import/Export fixes
- Fixed Import/Export to ensure that the necessary product search indexes are rebuilt when base amounts are updated.
- Renamed
notsoldseperately
tonotsoldseparately
in the Snap-it-upproducts.xml
.
Additional Operational Insights fixes
- Fixed issue with Operational Insights interpreting
serviceResponseWaitTime
in minutes instead of milliseconds. - Fixed the Operational Insights revenue calculations to exclude failed orders.
- Added
java.base/java.lang.ref
add-opens JVM parameter to prevent possible failures when Operational Insights evaluates cache sizes. - Fixed
bad value for type int
error that appeared in the logs when running Operational Insights with a PostgreSQL database. - Improved performance of the Operational Insights revenue query.
Additional Performance fixes
- Eliminated unnecessary shopper and shopping cart lookups during cart order retrieval.
- Fixed a performance issue in
LocalizedAttributeKeyUtils#getLocaleFromLocalizedKeyName
by removing a complex regular expression and caching Locale instantiation. - Fixed an issue that was causing unnecessary
TORDER
andTORDERAUDIT
update queries to be created. - Fixed issue with Core Request Scoped Caching where some database lookups were not being cached.
- Added missing indexes to PostgreSQL and Oracle that were created implicitly in MySQL.
- Changed
featuredoffers
link onnavigations
resource from a conditional to a static link to avoid an unnecessary product query. - Fixed issue with
ProductDaoImpl#findUidBySkuCode
that could cause OpenJPA to read all product skus from the database in rare circumstances. - Updated product, product sku, and category default cache timeouts from 1 second to 1 hour.
Additional Test fixes
- Fixed intermittent failure in the "Verify price facets are updated when a promotion is changed" Selenium test.
- Fixed intermittent failure in "Sort products by product code" Selenium test.
- Fixed intermittent failure in "Export Import all data - same server" Selenium test.
- Fixed intermittent failure in "Search product for Merchandising Associations can be filtered by brand" Selenium test.
- Improved "View Disabled Data Policy for Customer" Selenium test to not fail on retry.
- Fixed intermittent failure in
ExternalPluginTest
integration tests. - Allow Cucumber tests in
coupon-apply-validation.feature
to pass in Trusted Header Mode. - Refactored
b2b-buyer-functionality.feature
to useclient.authRegisteredUserByName
instead of JWT authentication. - Removed unnecessary product/category cleanup after Cucumber tests and fixed issue that allowed bundles to be created in Commerce Manager without a valid sku code.
- Fixed
NullPointerException
inShippingOptionInfoSelectorRepositoryImplTest
unit test. - Fixed intermittent Selenium issue related to the
ErrorDialog
class. - Fixed issue where Selenium cucumber tests in
extensions/cm/ext-cm-modules/system-tests/selenium
did not have access to all test step definitions. - Fixed connection leak in
DBConnector
classes. - Fixed issue where Commerce Manager errors were not being logged until after the error dialog was acknowledged and closed.
- Fixed intermittent failure in Selenium tests due to problems verifying that a user interface element contains the expected value.
- Fixed intermittent failure in Selenium tests due to problems obtaining focus on a user interface element.
- Improved assertion output in
CatalogBatchIntegrationTest
. - Improved assertion output in
RawJsonTestFacade
. - Fixed issue with a NullPointerException appearing in Operational Insights when the webapp smoketests were run.
- Fixed Catalog Syndication cucumber test stability issue.
- Fixed issue where Selenium tests were executed multiple times when using cucumber.options to attempt to run a single Selenium test.
- Removed some unnecessary log output while running Selenium tests.
Supported technology updates
Self-Managed Commerce 8.7.0 is compatible with the following Elastic Path releases:
Elastic Path Component | Compatibility |
---|---|
Extension Point Framework | Extension Point Framework compatibility matrix |
CloudOps for Kubernetes | CloudOps for Kubernetes compatibility matrix |
Self-Managed Commerce Docker | Self-Managed Commerce Docker compatibility matrix |
Additionally, the following changes have been made to the Supported Technologies:
- Dropped certification for MySQL 5.7. MySQL 5.7 reached its end-of-life on October 31, 2023. We recommend that customers upgrade to MySQL 8.0 or MySQL 8.4.
- Added certified support for MySQL 8.4.
- Upgraded certified PostgreSQL version from 16.6 to 16.8.
- Upgraded certified MySQL 8.0 Aurora version from 8.0.mysql_aurora.3.04.2 to 8.0.mysql_aurora.3.08.2.
- Upgraded certified MySQL RDS version from 8.0.35 to 8.0.41.
- Upgraded certified Oracle version from 19.0.0.0.ru-2024-01.rur-2024-01.r1 to 19.0.0.0.ru-2025-01.rur-2025-01.r2.
Dependency changes
Many dependencies were updated as part of Self-Managed Commerce 8.7.0. The highlights are shown below:
- Upgraded JavaEE 8 to JakartaEE 10.x.
- Upgraded Tomcat from 9.0.x to 10.1.x.
- Upgraded Spring Framework from 5.3.x to 6.2.x.
- Upgraded Camel from 3.x to 4.x.
- Upgraded OpenJPA from 3.2.x to 4.0.x.
- Upgraded Eclipse Remote Application Platform from 3.5 to 4.2.
- Upgraded Quartz from 2.3.2 to 2.5.0.
- Upgraded Solr from 9.4.1 to 9.8.0.
- Upgraded Wiremock from 2.x to 3.x.
Database changes
- Added new setting definition records:
COMMERCE/SYSTEM/EXPIREDDATAPOINTVALUECLEANUP/batchSize
COMMERCE/SYSTEM/REVOKEDDATAPOINTVALUECLEANUP/batchSize
COMMERCE/SYSTEM/CATALOGSYNDICATION/batchSize
COMMERCE/STORE/FILTEREDNAVIGATION/priceFacetingEnabled
- Added new setting value context records:
COMMERCE/SYSTEM/MESSAGING/ORDERS/channelUri
with contextorderConfirmationNotificationHandler
COMMERCE/SYSTEM/MESSAGING/ORDERS/channelUri
with contextorderShipmentShippedNotificationHandler
COMMERCE/SYSTEM/MESSAGING/ORDERS/channelUri
with contextorderShipmentReleaseFailedNotificationHandler
COMMERCE/SYSTEM/MESSAGING/ORDERS/channelUri
with contextreturnExchangeNotificationHandler
COMMERCE/SYSTEM/MESSAGING/ORDERS/channelUri
with contextorderOnHoldNotificationHandler
COMMERCE/SYSTEM/MESSAGING/ORDERS/channelUri
with contextorderCancelledNotificationHandler
COMMERCE/SYSTEM/MESSAGING/CMUSERS/channelUri
with contextcmUserPasswordResetNotificationHandler
COMMERCE/SYSTEM/MESSAGING/CMUSERS/channelUri
with contextcmUserCreatedNotificationHandler
COMMERCE/SYSTEM/MESSAGING/CMUSERS/channelUri
with contextcmUserPasswordChangedNotificationHandler
COMMERCE/SYSTEM/MESSAGING/CUSTOMERS/channelUri
with contextanonymousCustomerRegisteredNotificationHandler
COMMERCE/SYSTEM/MESSAGING/CUSTOMERS/channelUri
with contextpasswordChangedNotificationHandler
COMMERCE/SYSTEM/MESSAGING/CUSTOMERS/channelUri
with contextcustomerRegistrationNotificationHandler
COMMERCE/SYSTEM/MESSAGING/CUSTOMERS/channelUri
with contextpasswordForgottenNotificationHandler
COMMERCE/SYSTEM/MESSAGING/GIFTCERTIFICATES/channelUri
with contextgiftCertificateCreatedNotificationHandler
COMMERCE/SYSTEM/MESSAGING/GIFTCERTIFICATES/channelUri
with contextimportJobCompletedNotificationHandler
COMMERCE/SYSTEM/MESSAGING/DOMAIN/channelUri
with contextproductEventsExtensionHandler
COMMERCE/SYSTEM/MESSAGING/DOMAIN/deadLetterChannelUri
with contextproductEventsExtensionHandler
- Removed setting value context records:
COMMERCE/SYSTEM/CUSTOMER/identifier
with contextpunchout_attrval
.COMMERCE/SYSTEM/CUSTOMER/identifier
with contextpunchout_shared_id
.COMMERCE/SYSTEM/MESSAGING/ORDERS/channelUri
with contextorderConfirmationEmailHandler
.COMMERCE/SYSTEM/MESSAGING/ORDERS/channelUri
with contextorderShipmentShippedEmailHandler
.COMMERCE/SYSTEM/MESSAGING/ORDERS/channelUri
with contextorderShipmentReleaseFailedEmailHandler
.COMMERCE/SYSTEM/MESSAGING/ORDERS/channelUri
with contextreturnExchangeEmailHandler
.COMMERCE/SYSTEM/MESSAGING/GIFTCERTIFICATES/channelUri
with contextgiftCertificateCreatedEmailHandler
.COMMERCE/SYSTEM/MESSAGING/DATAIMPORT/channelUri
with contextimportJobCompletedEmailHandler
.COMMERCE/SYSTEM/MESSAGING/CUSTOMERS/channelUri
with contextanonymousCustomerRegisteredEmailHandler
.COMMERCE/SYSTEM/MESSAGING/CUSTOMERS/channelUri
with contextpasswordChangedEmailHandler
.COMMERCE/SYSTEM/MESSAGING/CUSTOMERS/channelUri
with contextpasswordForgottenEmailHandler
.COMMERCE/SYSTEM/MESSAGING/CMUSERS/channelUri
with contextcmUserPasswordResetEmailHandler
.COMMERCE/SYSTEM/MESSAGING/CMUSERS/channelUri
with contextcmUserCreatedEmailHandler
.COMMERCE/SYSTEM/MESSAGING/CMUSERS/channelUri
with contextcmUserCreatedEmailHandler
.COMMERCE/SYSTEM/MESSAGING/CMUSERS/channelUri
with contextcmUserPasswordChangedEmailHandler
.
- Modified
TCHANGESET
table:- Added
PUBLISHED_DATE
field.
- Added
- Modified
TCARTORDER
table:- Removed unused
PAYMENT_METHOD_UID
field.
- Removed unused
- Modified
TCUSTOMER
table:- Removed unnecessary index on the
CREATED_DATE
field.
- Removed unnecessary index on the
- Modified
TORDERSHIPMENT
table:- Added
SHIPPING_DISCOUNT
field.
- Added
- Modified
TAPPLIEDRULE
table:- Renamed
RULE_UID
field toRULE_GUID
, and updated the values accordingly.
- Renamed
- Created
TRULEUSAGE
table:UIDPK
:BIGINT
RULE_GUID
:VARCHAR(50)
USE_COUNT
:BIGINT
- Modified
TRULE
table:- Dropped
CURRENT_LUP_NUMBER
field. This value is transferred intoTRULEUSAGE.USE_COUNT
.
- Dropped
- Dropped all Spring Batch tables:
BATCH_JOB_STEP_EXECUTION_CONTEXT
BATCH_JOB_EXECUTION_CONTEXT
BATCH_STEP_EXECUTION
BATCH_JOB_EXECUTION_PARAMS
BATCH_JOB_EXECUTION
BATCH_JOB_INSTANCE
BATCH_STEP_EXECUTION_SEQ
BATCH_JOB_EXECUTION_SEQ
BATCH_JOB_SEQ
- Modified default setting definition values from 1 second to 3600 seconds (1 hour) for the following settings:
COMMERCE/SYSTEM/CACHING/CATEGORY/timeToLive
COMMERCE/SYSTEM/CACHING/CATEGORY/timeToIdle
COMMERCE/SYSTEM/CACHING/PRODUCT/timeToLive
COMMERCE/SYSTEM/CACHING/PRODUCT/timeToIdle
COMMERCE/SYSTEM/CACHING/PRODUCTSKU/timeToLive
COMMERCE/SYSTEM/CACHING/PRODUCTSKU/timeToIdle
- Note: These values will not be changed if they have already been modified to a different value.
- Added new index to improve performance of Operational Insights revenue query:
- Added index to
TORDER
onCREATED_DATE
,STORECODE
, andCURRENCY
.
- Added index to
- Dropped unnecessary index on
TCUSTOMER.CREATED_DATE
field.
Database index consistency
In MySQL, if a foreign key constraint is added to a table and no index exists on the base column, the index is created automatically. However, in Oracle and PostgreSQL, if a foreign key constraint is added to a table and no index exists on the base column, the index is not created automatically.
As a result, some Self-Managed Commerce tables had implicit indexes on MySQL, but not on Oracle or PostgreSQL. To correct this, Liquibase changesets have been created to make the following changes:
On MySQL, these changes are applied to ensure that the index names are consistent with the index names in Oracle and PostgreSQL:
- On the
TAPPLIEDRULECOUPONCODE
table, drop theTAPPLIEDRULECOUPONCODE_COUPON_GUID_FK
foreign key constraint (to remove the implicit index), add theI_APPLIEDRULECOUPONCODE_COUPONGUID
index, and re-add theTAPPLIEDRULECOUPONCODE_COUPON_GUID_FK
foreign key constraint. - On the
TCARTORDERPAYMENTINSTRUMENT
table, drop theFK_CARTORDERPAYMENTINSTRUMENT_PI
foreign key constraint (to remove the implicit index), add theI_CARTORDERPAYMENTINSTRUMENT_PAYMENTINSTRUMENTGUID
index, and re-add theFK_CARTORDERPAYMENTINSTRUMENT_PI
foreign key constraint. - On the
TCSDYNAMICCONTENTSPACE
table, drop theFK_DELSPACE_CONTENTSPACE
foreign key constraint (to remove the implicit index), add theI_CSDYNAMICCONTENTSPACE_DCCONTENTSPACEUID
index, and re-add theFK_DELSPACE_CONTENTSPACE
foreign key constraint. - On the
TCUSTOMERCONSENT
table, drop theFK_CONSENT_CUSTOMER
foreign key constraint (to remove the implicit index), add theI_CUSTOMERCONSENT_CUSTOMERGUID
index, and re-add theFK_CONSENT_CUSTOMER
foreign key constraint. - On the
TCUSTOMERPAYMENTINSTRUMENT
table, drop theFK_CUSTOMERPAYMENTINSTRUMENT_PI
foreign key constraint (to remove the implicit index), add theI_CUSTOMERPAYMENTINSTRUMENT_PAYMENTINSTRUMENTGUID
index, and re-add theFK_CUSTOMERPAYMENTINSTRUMENT_PI
foreign key constraint. - On the
TDATAPOLICYDATAPOINT
table, drop theTDATAPOLICYDATAPOINT_IBFK_2
foreign key constraint (to remove the implicit index), add theI_DATAPOLICYDATAPOINT_DATAPOINTUID
index, and re-add theTDATAPOLICYDATAPOINT_IBFK_2
foreign key constraint. - On the
TORDERPAYMENT
table, drop theFK_ORDERPAYMENT_PI
foreign key constraint (to remove the implicit index), add theI_ORDERPAYMENT_PAYMENTINSTRUMENTGUID
index, and re-add theFK_ORDERPAYMENT_PI
foreign key constraint. - On the
TORDERPAYMENT
table, drop theFK_ORDERPAYMENT_PPC
foreign key constraint (to remove the implicit index), add theI_ORDERPAYMENT_PAYMENTPROVIDERCONFIGUID
index, and re-add theFK_ORDERPAYMENT_PPC
foreign key constraint. - On the
TORDERPAYMENTINSTRUMENT
table, drop theFK_ORDERPAYMENTINSTRUMENT_PI
foreign key constraint (to remove the implicit index), add theI_ORDERPAYMENTINSTRUMENT_PAYMENTINSTRUMENTGUID
index, and re-add theFK_ORDERPAYMENTINSTRUMENT_PI
foreign key constraint. - On the
TSHOPPER
table, drop theSHOPPER_STORECODE_FK
foreign key constraint (to remove the implicit index), add theI_SHOPPER_STORECODE
index, and re-add theSHOPPER_STORECODE_FK
foreign key constraint. - On the
TSTORECUSTOMERATTRIBUTE
table, drop theSCA_ATTRIBUTE_KEY_FK
foreign key constraint (to remove the implicit index), add theI_STORECUSTOMERATTRIBUTE_ATTRIBUTEKEY
index, and re-add theSCA_ATTRIBUTE_KEY_FK
foreign key constraint. - On the
TTAGALLOWEDVALUE
table, drop theFK_TAGALLOWEDVAL_TAGTYPE
foreign key constraint (to remove the implicit index), add theI_TAGALLOWEDVALUE_TAGVALUETYPEGUID
index, and re-add theFK_TAGALLOWEDVAL_TAGTYPE
foreign key constraint. - On the
TTAGVALUETYPEOPERATOR
table, drop theFK_TAGOPERATOR_TAGVALUETYPE
foreign key constraint (to remove the implicit index), add theI_TAGVALUETYPEOPERATOR_TAGOPERATORGUID
index, and re-add theFK_TAGOPERATOR_TAGVALUETYPE
foreign key constraint.
On PostgreSQL and Oracle, these changes are applied to ensure that all expected indexes are present:
- On the
TAPPLIEDRULECOUPONCODE
table, add theI_APPLIEDRULECOUPONCODE_COUPONGUID
index. - On the
TCARTORDERPAYMENTINSTRUMENT
table, add theI_CARTORDERPAYMENTINSTRUMENT_PAYMENTINSTRUMENTGUID
index. - On the
TCSDYNAMICCONTENTSPACE
table, add theI_CSDYNAMICCONTENTSPACE_DCCONTENTSPACEUID
index. - On the
TCUSTOMERCONSENT
table, add theI_CUSTOMERCONSENT_CUSTOMERGUID
index. - On the
TCUSTOMERPAYMENTINSTRUMENT
table, add theI_CUSTOMERPAYMENTINSTRUMENT_PAYMENTINSTRUMENTGUID
index. - On the
TDATAPOLICYDATAPOINT
table, add theI_DATAPOLICYDATAPOINT_DATAPOINTUID
index. - On the
TORDERPAYMENT
table, add theI_ORDERPAYMENT_PAYMENTINSTRUMENTGUID
index. - On the
TORDERPAYMENT
table, add theI_ORDERPAYMENT_PAYMENTPROVIDERCONFIGUID
index. - On the
TORDERPAYMENTINSTRUMENT
table, add theI_ORDERPAYMENTINSTRUMENT_PAYMENTINSTRUMENTGUID
index. - On the
TSHOPPER
table, add theI_SHOPPER_STORECODE
index. - On the
TSTORECUSTOMERATTRIBUTE
table, add theI_STORECUSTOMERATTRIBUTE_ATTRIBUTEKEY
index. - On the
TTAGALLOWEDVALUE
table, add theI_TAGALLOWEDVALUE_TAGVALUETYPEGUID
index. - On the
TTAGVALUETYPEOPERATOR
table, add theI_TAGVALUETYPEOPERATOR_TAGOPERATORGUID
index.