Commerce

8.4.x

Elastic Path Commerce 8.4.x Release Notes

Learn about changes to Elastic Path Commerce for this release. Fixes since the release are summarized in the changelog.

Changelog

The changelog contains the list of fixes and improvements made to Elastic Path Commerce 8.4 since its release date. To learn how to consume the updates, see Consuming Support Fixes.

  • b75907e5: Improved Operational Insights error handling when hardware metrics calls generate a NoClassDefFoundError. (20-Mar-2023)
  • cbf513ee: Fixed potential NullPointerException when requesting Operational Insights report if no services respond with results. (20-Mar-2023)
  • 88b40814: Improved parallelization of Import/Export Cucumber tests to generate directories using a UUID instead of a sequential number to avoid potential conflicts. (5-Mar-2023)
  • 2d9aa0e9: Performance improvement which replaces full product lookup with simple query when only product sku guid to product sku code conversion is needed. (14-Feb-2023)
  • 5c033334: Resolved local Cortex startup warning The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". (9-Feb-2023)
  • 7910c054: Reduced the amount of logging produced when running Selenium tests. (8-Feb-2023)
  • 5acbde0a: Fix for intermittent test failures in PaymentConfigurations Cucumber tests. (8-Feb-2023)
  • 531d90e0: Fixed issue with changeset list resetting to page one when locking or publishing changesets. (7-Feb-2023)
  • 5e090d91: Fixed issue where a free item is not automatically removed if the promotion becomes ineligible. (7-Feb-2023)
  • 65a2ee95: Added @SupportsMultiplePartialCharges annotation that allows payment plugins to indicate if the payment gateway supports multiple partial captures against a single pre-auth. (7-Feb-2023)
  • 97b24cf8: Added support for quartz.timezone JVM parameter in Batch Server to define the timezone used by Quartz jobs. (7-Feb-2023)
  • 068b1dac: Added support for format=nolinks query parameter in Cortex to prevent unnecessary conditional link evaluation. (6-Feb-2023)
  • fa0b2439: Fix for intermittent Selenium test failures due to thread safety issues. (30-Jan-2023)
  • 1c0ab0ea: Fixed issues with the skuOptions and modifierGroups options in the product type load tuner. (27-Jan-2023)
  • 68311c24: Fix for "Device is disposed" error in Commerce Manager. (26-Jan-2023)
  • a3565152: Fix for intermittent failure in "Import Data Policies with existing Data Policies" test. (26-Jan-2023)
  • ef88b929: Fix SonarQube issues introduced by the Tax Calculator extension point. (25-Jan-2023)
  • f53c1a76: Fix for potential deadlocks on shopping cart last modified date updates. (24-Jan-2023)
  • a1c4573b: Fixed ability to run Cucumber integration tests on Windows developer machines. (24-Jan-2023)
  • a87a3c1e: Modified Product Association export mechanism to significantly improve performance. (17-Jan-2023)
  • d5035ba6: Fix for NoClassDefFoundError: org/slf4j/IMarkerFactory error when the first Cortex request is received. (17-Jan-2023)
  • 58321249: Added additional address data point fields and a new CUSTOMER_ALL_ADDRESSES data point location for data protection. (16-Jan-2023)
  • ab9ab14e: Fixed issue with empty facet name when assigning available facets to a store in Commerce Manager. (10-Jan-2023)
  • e83b4834: Fixed incorrect logging of successful / skipped messages in batch jobs after failure. (9-Jan-2023)
  • 4ba0e874: Fixed NullPointerException that can occur when updating a shopping cart line item quantity if the line item has a non-bundle-constituent child. (9-Jan-2023)
  • 1ea05359: Wherever an order is marked failed, there should always be a reason added as an order note. (5-Jan-2023)
  • a7023d48: Returned default JMS max active session per connection size back to 25. (16-Dec-2022)
  • 5e5626fc: Upgraded ehcache-openjpa from version 0.2.0 to 0.2.0-ep1.0 to address potential ConcurrentModificationException. (15-Dec-2022)
  • d5586a3a: Removed problematic and unnecessary ep-core-cucumber-itests module. (15-Dec-2022)
  • 3e23abbd: Fix for intermittent "Create category in existing category" selenium test failure. (15-Dec-2022)
  • 0466e9e2: Refactored TaxCalculatorXPFBridge so it adheres to best practices. (8-Dec-2022)
  • bf20745d: Addressed XML parse warning in search server logs during startup on local developer machines. (7-Dec-2022)
  • 3dfa3560: Limited orders list to 25 on customer record in Commerce Manager to prevent slowness when accessing that tab for customers with many orders. (6-Dec-2022)
  • 9b9df078: Addressed api-platform build issue on M1 MacBooks. (5-Dec-2022)
  • d42065eb: Include all caches in Operational Insights API response, instead of just select caches. (29-Nov-2022)
  • 17e2fd98: Upgraded hibernate-validator from version 5.4.3.Final to 6.0.20.Final to address CVE-2020-10693. (25-Nov-2022)
  • 6fa45112: Added caching to the isInCategory method to improve performance of promotions and price lists that are conditional on a product being in a category. (25-Nov-2022)
  • 977f88b9: Added caching of payment provider configurations to improve performance. (24-Nov-2022)
  • f090f119: Upgraded groovy-all from version 2.4.15 to 2.4.21 to address CVE-2020-17521. (23-Nov-2022)
  • e238fff6: Fixed an issue where a free item promotion triggered by a coupon was not activated. (23-Nov-2022)
  • 37263ca5: Fixed error in JWT authentication if token does not contain either sub or account. (16-Nov-2022)
  • ffbc03e2: Upgraded ESAPI from version 2.1.0.1 to 2.3.0.0 to resolve CVE-2022-23457. (15-Nov-2022)
  • 1fbc1f37: Fix for search server race condition that can prevent indexes from building. (15-Nov-2022)
  • 0df22379: Changed log level in PriceListPriceScoreDocComparator to prevent logs from being flooded during search indexing. (15-Nov-2022)
  • 379fed99: Removed duplicate "Assign Customer Segments" permission appearing in Commerce Manager. (14-Nov-2022)
  • 04004932: Upgraded httpclient from version 4.5.5 to 4.5.13 to resolve CVE-2020-13956. (11-Nov-2022)
  • 4305e9c4: Upgraded mybatis from version 3.2.3 to 3.5.11 to resolve CVE-2020-26945. (10-Nov-2022)
  • d42b5d95: Upgraded spring-security-oauth2 from 2.3.8.RELEASE to 2.5.2.RELEASE to resolve CVE-2022-22969. (10-Nov-2022)
  • f9f98925: Modified EpEmailValidator to accept empty values to be consistent with other validators. (8-Nov-2022)
  • 9208c034: Upgraded json-path from version 2.4.0 to 2.6.0. (7-Nov-2022)
  • e6ef87a6: Upgraded jdom from version 1.1.3 to 2.0.6.1. (7-Nov-2022)
  • 6ec94a6a: Fix to populate the cart item modifier fields in the OrderSkuDTO object that is passed to payment plugins. (3-Nov-2022)
  • 4cb673a0: When checking out a cart that contains a coupon that has run out of uses, block checkout instead of removing the coupon code automatically. (31-Oct-2022)
  • b37bae0c: Upgraded xstream version from 1.4.18 to 1.4.19 to address CVE-2021-43859. (31-Oct-2022)
  • 0c6b1472: Upgraded mysql-connector-java version from 8.0.25 to 8.0.30. (31-Oct-2022)
  • 4745dbd0: Upgraded json library version from 20170516 to 20220924. (28-Oct-2022)
  • 2d58ed72: Added a timeout on Helix resource operations to ensure that stuck threads are released. Timeout defaults to 30 secs but can be overridden with relos.prototype.operation.timeout JVM parameter. (27-Oct-2022)
  • 5485b8df: Returned default JMS connection pool size back to 25. (27-Oct-2022)
  • 4908ca6b: Fixed issue preventing email notifications from being sent when a changeset publish completes. (25-Oct-2022)
  • eda7c53a: Upgraded commons-text from version 1.9 to 1.10 to address CVE-2022-42889. (24-Oct-2022)
  • 24f966c5: Upgraded logback and slf4j versions in api-platform so they match ep-commerce. (21-Oct-2022)
  • aa352e18: Fixed issue where cart item modifier fields were sometimes immutable, preventing customizations from modifying them. (20-Oct-2022)
  • 7c52313a: Replaced libsass-maven-plugin to resolve build errors on Mac M1 machines. (19-Oct-2022)
  • a64b23ef: Upgraded commons-validator from version 1.6 to 1.7. This allows Cortex to recognize recent new DNS top-level domains when validating email addresses. (18-Oct-2022)
  • d750c7eb: Changed customer shared ID to be case insensitive on PostgreSQL and Oracle to match MySQL behaviour. (17-Oct-2022)
  • fd625832: Added a customData map to all Extension Point Framework entity and context classes to allow project teams to pass custom data through these classes with limited code changes. (14-Oct-2022)
  • beb65dca: Removed UPPER from all queries involving store code. (7-Oct-2022)
  • 43dd05df: Removed the failover protocol from the JMS broker URL in accordance with our policy of discouraging use of ActiveMQ high availability mode. (6-Oct-2022)
  • c3a28994: Modified Commerce Manager product and category display name localization so that only intentionally specified values are displayed and saved. (5-Oct-2022)
  • a6eb6621: Improved performance of case-insensitive queries involving store code. (5-Oct-2022)
  • 1d6aa8bc: Modified Oracle connection defaults so it uses service names instead of SIDs and supports PDBs. (4-Oct-2022)
  • 9d442ff1: Improvements to Selenium test suite run time. (27-Sep-2022)
  • 04c91f77: Fixed an issue where a promotion is returned in appliedPromotions to more line items than expected. (26-Sep-2022)
  • 7bb5d9cd: Removed all Direct Web Remoting library dependencies. (21-Sep-2022)
  • 5c3ec7b7: When importing a product with localized attribute values that already exist, attempting to set a more specific attribute value locale incorrectly updated the "broader" locale value. (21-Sep-2022)
  • e65c1dd6: Updated Maven Minimal configuration so that changes to ext-cm-libs trigger the correct subprojects. (20-Sep-2022)
  • e5741972: Fixed issue with product not being automatically added to cart by free item promotion action. (19-Sep-2022)
  • cad0ebfe: Fixed issue where promotion date range was being checked using application timezone instead of database timezone. (16-Sep-2022)
  • 9413b995: Build stability improvements. (8-Sep-2022)
  • 6ee848d7: Refactored additional logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging). (7-Sep-2022)
  • fbfc1a2c: Corrected the location of the purchase-order-plugin in the Integration webapp pom.xml. (2-Sep-2022)
  • 5ca6be6d: Separated indexing pipelines by type to ensure that long queues in one pipeline doesn't delay indexing in another. (1-Sep-2022)
  • 1bd450f5: Upgraded antisamy from version 1.5.8 to 1.6.7. (30-Aug-2022)
  • e735dc0a: Upgraded Jackson from version 2.12.3 to 2.12.7 to address jackson-databind security vulnerability. (25-Aug-2022)
  • ccb253b2: Disabled an intermittently failing Selenium test. (24-Aug-2022)
  • 849d7eeb: Disabled an intermittently failing Selenium test. (24-Aug-2022)
  • d1163749: Upgraded guava from version 24.1.1-jre to 31.1-jre. (22-Aug-2022)
  • 6a4e37e5: Removed duplicate database indexes from the TORDERADDRESS table. (18-Aug-2022)
  • 0673d053: Removed Product Recommendations job to avoid OptimisticLockingExceptions in DST. (18-Aug-2022)
  • d2db7aae: Removed checksum validation from 2021-09-create-FK-indices-for-8.0 changeset due to required changes in earlier versions. (18-Aug-2022)
  • ccfa7ba1: Fixed content root error appearing in IntelliJ for some modules. (17-Aug-2022)
  • a2fc287c: Fixed issue with payment framework charges that could cause a successful operation to be treated as a failure, and retried. (17-Aug-2022)
  • 72f5a1f0: Updated Catalog Syndication projection builder to ensure that projection and projection history records are persisted in separate transactions to prevent deadlocks. (16-Aug-2022)
  • d25730d1: Replaced the single-threaded taskExecutor used by the blueprint-extender with a configurable ThreadPoolTaskExecutor version. This allows the extender to work in parallel on the bundles resulting in faster Cortex boot time. (7-Aug-2022)
  • bceec926: Reduce maximum default product cache size to avoid out of memory issues with larger catalogs. (5-Aug-2022)
  • 3fc54097: Use embedded web server to reliably serve test mail attachment for Cucumber emailFileAttachments.feature. (5-Aug-2022)
  • 35b32938: Disabled checksum validation on the SUP-1020-customer-search-fields-case-insensitive changeset to account for required changes in backports to earlier versions. (19-Jul-2022)
  • a6b5707f: Changed DBSettingValueRetrievalStrategy so dependencies are more explicit to prevent failures if extensions create a circular dependency. (13-Jul-2022)
  • e18d3f39: Extracted portions of changeset 2020-08-purge-expired-failed-orders-job-recreate-FKs-with-cascade-delete into separate changesets that are only executed if the TORDERDATA and TORDERITEMDATA tables exist, since they are removed by another patch. (12-Jul-2022)

8.4.0

Released: July 2022

Release highlights

Correlation ID Support

We now support the ability to pass an identifier to our Cortex and Integration Server APIs, which will be included in all logs related to that request. The correlation ID will also flow through to all corresponding asynchronous tasks.

For example, if a correlation ID is passed to the Cortex request that initiates a purchase, all asynchronous checkout events that are executed on the Integration Server will also have the same correlation ID. The correlation ID is exchanged between these services as part of the domain event message that is sent through JMS.

Correlation ID

Both Cortex and the Integration Server REST APIs will accept an x-correlation-id header as part of the requests. If present, the correlation ID will appear in the fourth log column, as shown in the example below:

2022-05-17T13:23:41,051-02:30 | INFO  | EP-Integration | correlationIdTest | Camel (ep-order-email-handler) thread #31 - JmsConsumer[Consumer.orderCancelledEmailHandler.VirtualTopic.ep.orders] | org.apache.camel.processor.interceptor.Tracer.log(CamelLogger.java:159) | Test log message

Extensions can also access the correlation ID if it needs to be passed to downstream services.

For more information, see X-Correlation-Id and Extension Point Framework Correlation ID.

Payment instrument data cleanup jobs

Three new data cleanup jobs have been created to remove old and unused payment instruments from the database.

cleanupOrphanedOrderPaymentGuidsJob searches for order payment records on orders older than a configured age, and sets the payment instrument GUID reference to null (UPDATE TORDERPAYMENT SET PAYMENT_INSTRUMENT_GUID = null WHERE UIDPK IN <list>). This reference is only used for showing the "display name" (usually last 4 digits of the card number) when viewing order history in Commerce Manager. This job runs once per day at midnight, if enabled. This job is configured by the following system configuration settings:

  • COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/enable controls whether this job is enabled. Defaults to false.
  • COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/maxHistory controls how many days old an order should be before its order payment references to payment instruments should be cleared. Defaults to 365.
  • COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/batchSize controls the maximum number of records that should be processed in each job execution.

cleanupOrphanedOrderPaymentInstrumentsJob deletes order payment instrument records on orders older than a configured age (DELETE TORDERPAYMENTINSTRUMENT WHERE UIDPK IN <list>). These records are only needed for operations that require doing a payment reservation using the existing payment method, such as order modification. This job runs once per day at midnight, if enabled. This job is configured by the following system configuration settings:

  • COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/enable controls whether this job is enabled. Defaults to false.
  • COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/maxHistory controls how many days old an order should be before its order payment references to payment instruments should be cleared. Defaults to 365.
  • COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/batchSize controls the maximum number of records that should be processed in each job execution.

cleanupOrphanedPaymentInstrumentsJob deletes payment instrument records that are orphaned (have no incoming references from TORDERPAYMENTINSTRUMENT, TORDERPAYMENT, TCARTORDERPAYMENTINSTRUMENT, and TCUSTOMERPAYMENTINSTRUMENT). This job runs once per day at midnight, and is always enabled. This job is configured by the following system configuration settings:

  • COMMERCE/SYSTEM/PAYMENTINSTRUMENTCLEANUP/batchSize controls the maximum number of records that should be processed in each job execution.

Changeset data cleanup job

A new cleanup job has been created to cleanup old changesets from an author environment.

cleanupChangesetsJob deletes changesets that are in the FINALIZED state and published more than a configured number of days ago. This job runs once per day at midnight, if enabled. This job is configured by the following system configuration settings:

  • COMMERCE/SYSTEM/CHANGESETCLEANUP/enable controls whether this job is enabled. Defaults to false.
  • COMMERCE/SYSTEM/CHANGESETCLEANUP/maxHistory controls the minimum number of days to consider a changeset since it was published. Defaults to 60.
  • COMMERCE/SYSTEM/CHANGESETCLEANUP/batchSize controls the maximum number of records that should be processed in each job execution.

Core request-scoped caching

Currently, Elastic Path Commerce employs two major caching approaches:

While both caches solve the major bottleneck related to excessive database calls, the major challenge of handling transactional entities (e.g. carts, orders, shoppers etc) still exists.

To solve this issue, a new request-scoped cache has been developed to cache JPA named query execution. This cache is enabled in Cortex, Search Server, and Integration Server. Entries in the cache only last for the duration of a "request", usually meaning a single API request. For that reason, it has a small memory footprint, and adds no risk of "dirty reads" after database modifications.

This cache has been named Core Request-Scoped Caching or CRSC for short. For more information, see Core Request-Scoped Caching.

Enabled Application Caching in Search Server and Integration Server

Until now, Application Caching using EhCache was only enabled for Cortex and the Import/Export tool. Now we’ve also enabled application caching for the Search Server and Integration Server. This significantly improves the performance of search indexing, asynchronous checkout operations, and Integration Server APIs.

With the application cache enabled in Search Server, the number of queries required to index the mobee test store was reduced from ~400,000 to ~50,000.

note

This change can cause some services to return dirty reads; in other words, if a cached result is returned then it might be an out-of-date representation of the object. If certain customizations are sensitive to dirty reads, you can reference the non-caching versions by adding nonCaching prefix to the reference in your service bean definition. For example, references to the storeService bean can be changed to nonCachingStoreService. You can also completely disable application caching for a service by setting the -Dnet.sf.ehcache.disabled=true JVM parameter.

For more information, see Application Caching using EhCache.

System requirements and compatibility

Elastic Path Commerce 8.4.0 is compatible with the following Elastic Path releases:

Elastic Path ComponentCompatibility
Extension Point FrameworkExtension Point Framework compatibility matrix
CloudOps for KubernetesCloudOps for Kubernetes compatibility matrix

For more information, see Supported Technologies.

New in this release

In addition to the Release Highlights, this release contains the following updates:

Allow Batch Server to determine database type automatically

In prior versions, the Spring Batch framework used within the Batch Server required that the following JVM parameters be specified if using any database engine except MySQL:

-Dep.catalog.batch.database.create.script=
-Dep.catalog.batch.database.drop.script=

Now these JVM parameters are no longer required, and the Batch Server will determine the database type automatically.

The modifier group importer now supports dependentelement for modifier fields

When importing modifier groups through Import/Export, there was no way to remove existing modifier fields from an existing modifier group.

To support this, the importconfiguration.xml used by the Import/Export API, the Import/Export CLI, and data population now allows a dependentelement to be defined for the MODIFIERGROUP importer, as in the following example:

<importer type="MODIFIERGROUP">
    <importstrategy>INSERT_OR_UPDATE</importstrategy>
    <dependentelements>
        <dependentelement type="MODIFIER_FIELDS">CLEAR_COLLECTION</dependentelement>
    </dependentelements>
</importer>

If not specified, the behaviour defaults to RETAIN_COLLECTION, which is the same as the old behaviour. The Import/Export API has now been configured to use the CLEAR_COLLECTION behaviour.

Added "identifier" Cortex link on user profile

The user profile resource now contains a new identifier link that returns the shared ID of the currently logged-in user. This works the same way as the existing identifier link on accounts.

Added security headers to Cortex responses

We have added several new headers to Cortex responses to improve security, in line with the recommendations provided by the Open Web Application Security Project Secure Headers Project.

  • Content-Security-Policy: default-src 'none'
  • Referrer-Policy: no-referrer
  • Strict-Transport-Security: max-age=31536000 ; includeSubDomains
  • X-Content-Type-Options: nosniff
  • X-XSS-Protection: 0

For more information, see Cortex Response Headers.

Added new fields to Operational Insights API response

Some additional values to the Operational Insights API response, as shown below:

  • Added configuration-->service-->operating-system-->os-lang. This represents the Operating System default language. If this value is not UTF-8, then Elastic Path services will have problems when reading certain files from the classpath.

  • Added configuration-->service-->jvm-->jvm-charset. This represents the JVM default character set. If this value is not something ending with .UTF-8, then Cortex will report severe symlink errors during startup.

  • Added commerce-ticker. This is only contained in the response by adding a zoom=commerce-ticker query parameter to the request. It contains deteails that can be used for showing near-realtime metrics about purchases, grouped by store and currency. Example response:

    "commerce-ticker": {
  "last-minute": [
    {
      "store-code": "MOBEE",
      "order-count": 1,
      "booked-revenue": 23.44,
      "currency-code": "CAD"
    }
  ],
  "since-midnight": [
    {
      "store-code": "MOBEE",
      "order-count": 3,
      "booked-revenue": 174.1,
      "currency-code": "CAD"
    },
    {
      "store-code": "KOBEE",
      "order-count": 1,
      "booked-revenue": 12.16,
      "currency-code": "CAD"
    }
  ]
}

For more information, see Operational Insights API.

Refactored permission parameter strategy classes to improve Cortex authorization performance

The previous permission parameter strategy implementations needed to retrieve every possible identifier that a user is permitted to access so that Shiro knows if a user is an "owner". However, since Shiro is actually only validating a single resource with a known identifier, we have modified the implementation so that Cortex now passes the requested identifier to each permission parameter strategy, allowing for significantly more performant implementations.

Previously, permission parameter strategies extended AbstractCollectionValueStrategy, which required implementing this method:

Collection<String> getParameterValues(PrincipalCollection principals);

Implementations of this method could only access the scope and user ID from the PrincipalCollection, and would then need to return a collection of all identifiers that the user is allowed to access. This list could be quite large for scenarios like the purchases that a user has placed. Note that this approach is still supported, but the method above has been marked as deprecated.

As of Elastic Path Commerce 8.4, permission parameter strategies should extend AbstractOptimizedCollectionValueStrategy, which requires implementing this method:

String getParameterValue(PrincipalCollection principals, String encodedResourceIdToVerify);

Implementations of this method need to decode the encodedResourceIdToVerify, verify that the user is permitted to access the identified entity, and then return the URI-encoded identifier if permitted, or missing if not. The code sample below shows an example of how this might be done:

    @Override
    protected String getParameterValue(final PrincipalCollection principals, final String encodedOrderNumberToVerify) {
        String scope = PrincipalsUtil.getScope(principals);
        final IdentifierTransformer<Identifier> identifierTransformer = identifierTransformerProvider.forUriPart(PurchaseIdentifier.PURCHASE_ID);
        String orderNumberToVerify = decodeResourceId(identifierTransformer, encodedOrderNumberToVerify);

        return repository.get()
                .resourceExists(StringIdentifier.of(scope), orderNumberToVerify)
                .map(resolvedPurchaseIdentifier -> identifierTransformer.identifierToUri(resolvedPurchaseIdentifier.getPurchaseId()))
                .blockingGet();
    }

Note that the repository class makes calls to the PermissionSupportRepositoryImpl class for determining if a user is permitted to access a particular entity. The getResourceId method returns the missing string if access is denied.

Purchase order payment plugin now available by default

Elastic Path Commerce has had a dormant Purchase Order payment plugin in the source since version 8.0, but it was difficult to wire into the platform. This payment plugin is now wired in by default, and can be enabled by adding a payment configuration record through Commerce Manager or Import/Export, and associating it to one or more stores.

This payment plugin allows shoppers to place orders using a payment method that only requires a purchase order number to be specified.

Item keyword search functionality improved

Previously, when searching for items (product skus) using the keyword search functionality, Cortex would use the Product index for searching, and would only return a single result per-product: The default SKU. We have now changed this functionality so that Cortex searches for items using the product SKU index, and returns all matching SKUs.

For example, assume we have a catalog with a single product as follows:

  • Product Aliens Movie, with attribute Runtime: 120
    • SKU Aliens DVD, with attribute Media: DVD (Default SKU)
    • SKU Aliens LaserDisc, with attribute Media: LaserDisc

Before this change, searching for Aliens Movie or 120 would return a single result: Aliens DVD. Searching for "LaserDisc" would (confusingly) return Aliens DVD.

After this change, searching for Aliens Movie or 120 returns two results: Aliens DVD and Aliens LaserDisc. Searching for LaserDisc now returns Aliens LaserDisc.

Note that these changes do not affect the offer (product) keyword search in any way. So if you prefer to have a single result per-product in your search result, we recommend using the offer keyword search instead of the item keyword search.

Added a new JMX method to return a list of all loaded Extension Point Framework plugins

A new attribute has been added to the XPFPluginFactory JMX object named AllLoadedPluginIDs. This returns the plugin IDs for all external plugins that are currently loaded into the service.

For more information, see Get All Loaded External Plugins.

Updated all services to use a consistent logging format for console and file output

There were many problems with our old logging configuration:

  • Formats were inconsistent between services (i.e. Search vs Cortex).
  • Formats were inconsistent between CONSOLE and FILE output.
  • File format was split into two lines.
  • Format was hard to parse by log aggregators due to a lack of consistent field separators.
  • Some fields were duplicated or unnecessary.

The new format outputs the following columns (FILE and CONSOLE log output will be consistent):

  • Date/time
  • Log level
  • Service name
  • Correlation ID
  • Thread name
  • Class/method/line
  • Message

Example output:

2022-07-12T09:24:58,360-07:00 | INFO  | EP-Cortex      | CorrelationID | EclipseGeminiBlueprintExtenderThread-1 | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Cortex REST Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO  | EP-CM          | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Commerce Manager Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO  | EP-Search      | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Search Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO  | EP-Integration | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Integration Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO  | EP-Batch       | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Batch Web Application 8.3.1 by Elastic Path Software, Inc
2022-07-12T09:24:58,360-07:00 | INFO  | EP-DataSync    | CorrelationID | main | com.elasticpath.commons.util.impl.VersionService.init(VersionService.java:25) | Commerce Version: Data Sync Web Application 8.3.1 by Elastic Path Software, Inc

Added support for multiple JDBC driver JARs in the deployment package

It is now possible to easily define multiple JDBC driver JARs at build time for inclusion in the deployment package that is used when deploying Elastic Path Commerce.

For more information, see Deployment package JDBC drivers.

Significantly improved the performance of customer, account, and order searches in Commerce Manager

When the customer SOLR index was removed, the way that Commerce Manager looks up customer details was refactored to lookup customer and account details in the database instead of using SOLR. However, since many of the search fields need to do case-insensitive searches and/or partial matches, database indexes were not being leveraged effectively. This lead to very slow response times when the database contains a large number of user, account, or order records. The search queries have been updated to effectively use the database indexes, even for lookups that are case-insensitive or prefix (searches for results starting with the specified value).

The tables below show the type of search that is used for each search field.

Searchable user fields:

FieldSearch Type
Shared IDExact Match
EmailCase Insensitive Match
UsernameCase Insensitive Match
First NameCase Insensitive Prefix Match
Last NameCase Insensitive Prefix Match
Zip / Postal CodeCase Insensitive Match
Phone NumberCase Insensitive Match
StoreExact Match

Searchable account fields:

FieldSearch Type
Shared IDExact Match
Business NameCase Insensitive Prefix Match
Business NumberCase Insensitive Prefix Match
Phone NumberCase Insensitive Match
Fax NumberCase Insensitive Match
Zip / Postal CodeCase Insensitive Match

Searchable order fields:

FieldSearch Type
Order NumberExact Match
User Shared IDCase Insensitive Match
User First NameCase Insensitive Prefix Match
User Last NameCase Insensitive Prefix Match
User EmailCase Insensitive Match
User Phone NumberCase Insensitive Match
Account Shared IDExact Match
Account Business NameCase Insensitive Prefix Match
Account Business NumberCase Insensitive Prefix Match
Account Phone NumberCase Insensitive Match
Billing Address First NameCase Insensitive Prefix Match
Billing Address Last NameCase Insensitive Prefix Match
Billing Address Phone NumberCase Insensitive Match
Billing Address Fax NumberCase Insensitive Match
Billing Address Zip / Postal CodeCase Insensitive Match
Shipping Address First NameCase Insensitive Prefix Match
Shipping Address Last NameCase Insensitive Prefix Match
Shipping Address Phone NumberCase Insensitive Match
Shipping Address Fax NumberCase Insensitive Match
Shipping Address Zip / Postal CodeCase Insensitive Match
Order StatusExact Match
Shipment StatusExact Match
StoreExact Match
Product SKU CodeExact Match
RMA CodeExact Match

Additionally, the following bugs were fixed:

  • The "Account details" fields on the order search tab now works properly (these fields were being ignored).
  • The "Shipping zip / postal code" field on the order search tab was actually searching for billing zip/postal code.
  • The customer search sort by username was actually sorting by shared ID.
  • The progress indicator in the bottom right corner of Commerce Manager now indicates when a search is in progress.

Fixed Issues

Stability/Correctness

  • Extended expiry date for test Commerce Manager passwords to correct test failures.
  • Fix for purchase lookup form not finding orders that were placed on behalf of the account that is specified in x-ep-account-shared-id.
  • Fixed issue where service logs were not being written to the correct location. They are now always written to [user.home]/ep/logs.
  • Fixed issue where adding a dependency within an embedded extension on any bean that has a direct or transitive settings:setting dependency caused a circular dependency.
  • Fixed a potential LinkageError when external Extension Point Framework plugin attempted to use SLF4j logging classes.
  • Fixed multiple issues when retrieving setting definition values:
    • When retrieving a value for a Boolean setting definition, if the value was missing it would be returned as false instead of throwing an exception.
    • When retrieving a context-specific value for a setting definitions using the immediate cache refresh strategy, the framework did not fall back to the default value if the context key was missing.
  • XPFEntityUtil#getAttributeValueByKey threw a NullPointerException instead of returning Optional.empty if an attribute value wasn’t found for the passed locale.
  • Modified Cortex to allow it to continue functioning normally if ActiveMQ is overloaded or offline.
  • Refactored most logging calls from using Log4j2 classes to SLF4j classes to allow these log messages to appear properly in Cortex (which uses Logback for logging).
  • Fixed issue where Cortex prevented checkout for default shopping carts that were missing cart modifier values.
  • When a Data Sync Tool failure occurs, the log now contains details about which object failed.
  • Fixed issue where JMX still showed an Extension Point Framework plugin as loaded after it is unloaded dynamically.
  • Improved the SETTING_VALUE_RETRIEVAL Extension Point so that if an extension throws an exception, any subsequent extensions will still be invoked.
  • If attempting to unload an Extension Point Framework plugin that does not exist, a meaningful error is now returned instead of a NullPointerException.
  • Fixed issue where an Extension Point Framework extension class without any @XPFAnnotation could not be assigned to an extension point using the extensions.json file.
  • Fixed issue with the pricing engine not properly differentiating between product codes and sku codes when searching for base amounts. If a product and a product sku have the same code, then without this fix the pricing engine might incorrectly return the price for the wrong base amount.
  • Fixed an issue where domain event messages were not being published for domain classes that were extended. The DomainEventTypeFactoryImpl class evaluates which domain event type should be published based on the entity class being persisted. Now as long as the extended domain class is assignable to the specified class, the domain events will work normally.
  • Fixed issue where users with the same username in different upper/lowercase are treated as separate users in PostgreSQL.
  • When accessing the Operational Insights API, the response no longer returns a redirect to a different URL. The redirect was causing issues for environments with multiple Integration Servers behind a load balancer.
  • Fixed issues with custom sort attributes that used the date data type.
  • Updated the order item detail table in Commerce Manager to allow values to be copied into the clipboard on completed orders.
  • Fixed optimistic locking error that would occur when attempting to edit the same system configuration setting more than once in a Commerce Manager session.
  • Updated promotion rule caching to prevent a potential thundering herd issue under high load.
  • Modified the coupon service to skip updating coupon usage values for unlimited use coupons to avoid concurrency issues under high load with unlimited public coupons.
  • Fixed issue where offer search results can sometimes return the wrong result from the cache due to incorrect hashcode/equals methods on SearchCriteria classes.
  • Fixed an issue where creating an exchange can result in two payments being collected from the customer.
  • Increased the size of the fields used to hold catalog syndication content.
  • Fixed issue with multiple Cortex OSGi bundles exporting the same package, leading to potential instability at startup.
  • Improved thread safety around promotion rule compilation.
  • Added ResetAbandonedTimer JDBC interceptor and increased remove abandoned timeout on the Tomcat JDBC Connection Pool to prevent "Connection has already been closed" errors.
  • Fixed issue where cart item modifiers on shopping cart child line items cannot be updated.
  • Fixed issue where if there is a bundle in the cart with children, and the bundle cart item modifier is modified, the cart item modifier values on all child items are lost.
  • When a promotion can apply to multiple cart line items, this fix ensures that the appliedpromotions resource shows the promotion for all of the applicable line items.
  • Enabled Checkstyle and PMD for liquibase-extensions module.
  • Fixed issue with DST cache that is not cleared after failed synchronizations, which can lead to errors in subsequent synchronization attempts.
  • Fixed potential NullPointerException during Batch server startup, caused by the way that configuration settings were wired into some batch job classes.
  • Refactored TaxCalculationResultImpl to improve consistency around how it is initialized.
  • Fixed boolean datatype for the "deleted" column of the TCATALOGHISTORY table (in PostgreSQL).
  • Modified I search for an order by number Cucumber expectation to wait until all Outbox messages are consumed to resolve intermittent test failures.
  • Removed duplicate DataPopulationMojoRunner class in extensions module.
  • Modified RelayOutboxMessageBatchProcessor to inject the producer template via Spring instead of @EndpointInject annotation to improve reliability.
  • Improved the exception message logged when an extension class fails to startup by logging the name of the extension class that failed.
  • Allow super users to move changeset objects to changesets created by other users.
  • Allow business users to add "not sold separately" products as associations.
  • Fixed a scenario where the Integration Server product lookup cache could be populated with a partially loaded product object, which lead to NullPointerExceptions.
  • Fixed intermittent failure in OrderHoldStrategyXPFBridgeImplTest#testEvaluateOrderHoldsWithDefaultExtensions integration test.
  • Fixed intermittent failure in XPFExtensionLookupImplTest.testGetMultipleExtensionsTimeLogging unit test.
  • Fixed intermittent failure in InsightsServiceImplTest#testConvertLocalDateTimeToDBDate unit test.
  • Fixed race condition in IndexNotificationProcessor preventing index notifications from being deleted properly.
  • Added ability to set customer username as a data policy data point so that Personally-Identifiable Information data in that field (usually email address) is removed when consent is revoked.
  • Removed the Top Seller quartz job and corresponding sales count field on products. This job was only intended for use in demos, and was causing optimistic locking errors in the Data Sync Tool.
  • Updated Commerce Manager to allow base amounts to be added/edited/deleted without first adding the price list to the changeset.
  • Fixed issue where the wishlistmemberships Cortex resource returned no results if the x-ep-account-shared-id header was set.
  • Fixed issue where deployment package module would fail to build if the project version contained the string data or schema.
  • Reduced the amount of unnecessary logging produced when running Cucumber tests.
  • Resolved Cannot resolve plugin org.eclipse.m2e:lifecycle-mapping:1.0.0 warning when loading code in IntelliJ.
  • Fixed issue with extension point proxy that could cause a ClassCastException if an extension is extended.
  • All P2 repository URLs pointing to http://download.eclipse.org have been be updated to https://download.eclipse.org.
  • Removed unused .gitignore files.
  • Fix for failing email file attachments Cucumber test due to change in place-hold.it URL.

Import/Export

  • Fixed issue where exporting a specific store using the filter query in the Import/Export API would export all associated stores instead of just the requested store. For example, https://[INTEGRATION_BASE_URL]>/api/importexport/export?query=FIND Store WHERE StoreCode = 'mobee'&type=Store should only export the mobee store.
  • Disabled unnecessary dependency retrieval when exporting products through Import/Export API to greatly improve performance. Also fixed DIRECT_ONLY flag in exportconfiguration.xml so it correctly excludes associated products from the product export.
  • Fixed error when importing promotion condition rules: The content of element conditions is not complete.

Performance

  • Performance improvement to ensure that if StoreProductService#wrapProduct is invoked on a wrapped product, that it isn’t double wrapped.
  • Performance improvement for the Cortex shopping cart link on cart order, which was retrieving a fully loaded cart order when only the shopping cart guid was required.
  • Performance improvement for the isItemPurchaseable method that was unnecessarily retrieving the shopping cart GUID.
  • Performance improvement to avoid loading the entire cart order when only the shopping cart GUID is needed.
  • Modified the Commerce Manager promotion wizard sku and product selection dialogs to avoid showing prices, which can be a performance bottleneck.
  • Performance improvements for tax lookups when using Elastic Path tax tables with a large number of tax regions and values.
  • Fixed a performance issue where shopping cart validators were executed twice at checkout.
  • Fixed performance inefficiency when importing price lists through Import/Export if the BASE_AMOUNTS dependent element is set to CLEAR_COLLECTION.
  • Fixed search indexing to allow each index to commit as soon as it is complete instead of waiting for all indexes to complete.
  • Modified coupon table to store coupon codes in uppercase so we can do a case-insensitive lookups without a table scan.
  • Changed attribute value LONG_TEXT_VALUE field from CLOB to VARCHAR to prevent JPA from making additional database queries for each attribute value.
  • Improved the CatalogPromotionMonitor to ensure that products aren’t re-indexed immediately after a full build completes.
  • Avoid inventory lookup during search indexing for stores with isDisplayOutOfStock set to true.
  • Increased the number of primary key sequence values that are retrieved in a batch for additional transactional entities to improve record insert performance.
  • Removed unnecessary event handler that was loading price lists into memory during authentication.

Liquibase Changesets

  • Improved upgrade performance of the PB-8250 Migrate Data to USERNAME Liquibase changeset on MySQL.
  • Fix for the 2020-08-remove-gender changeset to ensure that it doesn’t unintentionally delete unrelated localized properties.
  • Significantly improved performance of the 2020-05-update-accountmanagement-customertype Liquibase changeset.
  • Fixed multiple issues with Liquibase changesets in core-changelog-2020-03-payments.xml which could cause errors during a database upgrade.
  • Improved upgrade performance of Liquibase changesets: 7.6.0-torder-make-cart-order-guids-unique, 2020-09-convert-customer-passwords-to-bcrypt, 2020-08-flatten-order-sku-tree-*, 2020-03-payment-configurations-*, 2020-05-update-accountmanagement-customertype.
  • Improved upgrade performance of the PopulateCustomerType custom Liquibase data migration task.
  • Improved upgrade performance of the UpdateDuplicateOrders custom Liquibase data migration task.
  • Improved upgrade performance of the PurgeDanglingCartOrders custom Liquibase data migration task.
  • Added preconditions to ensure that PostgreSQL-specific changesets aren’t executed after migrating from MySQL or Oracle to PostgreSQL.
  • Renamed the ROLE_CODE field in several tables to better reflect what it actually contains.

Security & Dependency Upgrades

  • Fixed potential cross-site scripting vulnerability in Cortex Studio when adding a custom entry point.
  • Added HTTP header and Javascript to defend against potential clickjacking attacks on Cortex Studio.
  • Upgraded all code to use Apache Commons Collections 4 packages instead of Apache Commons Collections 3.
  • Upgraded Apache OpenJPA from version 2.4 to 3.2.
  • Upgraded Plexus utils from version 2.0.4 to 3.0.24.
  • Upgraded Apache SOLR from version 7.4 to 8.11.1.
  • Upgraded Apache Shiro from version 1.3.2 to 1.8.0.
  • Upgraded Liquibase from version 3.10.3 to 4.8.0.
  • Upgraded Apache Spring Batch from version 4.0.4 to 4.2.3.
  • Upgraded ActiveMQ to version 5.16.4 which uses Reload4j instead of Log4j to address several security vulnerabilities.
  • Upgraded PostgreSQL JDBC driver from version 42.2.23 to 42.3.3.
  • Upgraded Logback from version 1.2.3 to 1.2.10.
  • Upgraded Log4j2 from version 2.13.3 to 2.17.1.

Upgrade notes

The upgrading Elastic Path guide provides general instructions on upgrading Elastic Path projects.

Core classes now use SLF4j logging classes instead of Log4j

Since Cortex uses Logback, and other services use Log4j for logging, we should be using SLF4j as a common interface to access either logging implementation. Most Elastic Path Commerce code has now been modified to use SLF4j classes instead of Log4j classes. If Log4j classes are used, then those logs may not appear in Cortex. Therefore we recommend that any logging done in extension code should also be migrated to SLF4j, as in the following example:

Log4j to SLF4j Code Diff

Extension code using Commons Collections 3 classes need to be upgraded to Commons Collections 4

Some Apache Commons Collections 3 dependencies have been removed. Therefore any extension code using org.apache.commons.collections.* imports will need to be changed to use org.apache.commons.collections4.* instead.

Core request-scoped caching

The important thing to consider for extensions is that the core request-scoped cache is properly invalidated.

In Cortex this is done by CRSCSupportRequestListener#requestDestroyed. Since this is invoked by a Servlet filter, it should work properly with all extensions.

In Search Server this is done by AbstractIndexServiceImpl#buildIndexJobRunner and AbstractIndexingStage.LogWrappedIndexingTask#run. Make sure that any search extensions extend these abstract classes.

In Integration Server this is done by CRSCEnabledRouteBuilder. Make sure that any custom Camel routes extend this class instead of RouteBuilder.

Changed attribute value LONG_TEXT_VALUE field from CLOB to VARCHAR

This fix changes the type of the LONG_TEXT_VALUE field in all attribute value tables (TCATEGORYATTRIBUTEVALUE, TCUSTOMERPROFILEVALUE, TPRODUCTSKUATTRIBUTEVALUE, and TPRODUCTATTRIBUTEVALUE) from CLOB to VARCHAR. This is done to avoid an extra select query on the database for each record returned in these tables. These extra select queries significantly slows performance when retrieving customers, categories, products, and product skus from the database, even when the LONG_TEXT_VALUE field is not populated.

Before deploying this change to production, note the following impacts:

  • If any of the tables listed above contain a large amount of data in the LONG_TEXT_VALUE field for any single record, the data population process may fail.
    • For MySQL, the new limit is 20,000 characters.
    • For PostgreSQL, the new limit is 65535 bytes (note that each unicode character can consume between 1 and 4 bytes).
    • For Oracle, the new limit is 32767 bytes (note that each unicode character can consume between 1 and 4 bytes).
  • The data population process may take several minutes or hours to execute, depending on the number of records in the tables listed above, database type used, and database size. While data population is running, Cortex operations may fail or be very slow due to database load and database table locks.
  • Teams using Oracle must ensure that the MAX_STRING_SIZE parameter is set to EXTENDED before running data population process or it will fail.

For all these reasons, before deploying this change to production, your teams should test the data population process on a snapshot of your production database in a pre-production environment. Verify that the process is able to complete successfully and make note of how long the data population process takes. Also validate the behaviour of Cortex during the data population process; you may need to plan for downtime during this process if the Cortex impact is significant.

For teams using Oracle, follow these instructions to change your database MAX_STRING_SIZE parameter to EXTENDED:

Modified logging format

Due to the changes to the logging formats (both CONSOLE and FILE), if you have any log aggregation tools that parse the log output, they will need to be updated.

Tax Calculation plugins

Any custom Tax Calculation plugins will need to be migrated from the old plugin approach to the new Extension Point Framework approach. Guidance on how to migrate can be found here.

Database changes

  • Deleted unused TSETTINGDEFINITION records:
    • COMMERCE/SYSTEM/INVENTORY/inventoryStrategy
    • COMMERCE/SYSTEM/encryptionKey
  • Dropped tables related to Top Seller functionality:
    • TTOPSELLER
    • TTOPSELLERPRODUCTS
  • Dropped TPRODUCT.SALES_COUNT field.
  • Deleted Top Seller TSETTINGDEFINITION record: COMMERCE/SYSTEM/CATALOG/catalogTopSellerCount.
  • Renamed TRULE.ROLECODE field to TRULE.GUID.
  • Renamed TAPPLIEDRULE.RULE_CODE field to TAPPLIEDRULE.RULE_CODE_CHECKSUM.
  • Renamed TCOUPONCONFIG.RULECODE field to TCOUPONCONFIG.RULE_GUID.
  • Added an index on the TTAXREGION.REGION_NAME field.
  • Added a unique index on the composite of the TAX_REGION_UID and TAX_CODE_UID fields in TTAXVALUE. Also changed these fields to be non-nullable.
  • Inserted records into TINDEXNOTIFY table to trigger a rebuild of all indexes after the upgrade from SOLR 7.4.x to 8.11.x.
  • Converted the following field types from CLOB to VARCHAR:
    • TCATEGORYATTRIBUTEVALUE.LONG_TEXT_VALUE
    • TCUSTOMERPROFILEVALUE.LONG_TEXT_VALUE
    • TPRODUCTSKUATTRIBUTEVALUE.LONG_TEXT_VALUE
    • TPRODUCTATTRIBUTEVALUE.LONG_TEXT_VALUE
  • Changed field type of TCATALOGHISTORY.DELETED from TINYINT to BOOLEAN (PostgreSQL only).
  • Increased the size of the TCATALOGPROJECTIONS.CONTENT and TCATALOGHISTORY.CONTENT fields.
  • Added LAST_MODIFIED_DATE field to TCHANGESET table.
  • Changed the foreign key between TOBJECTGROUPMEMBER and TOBJECTMETADATA to cascade on delete.
  • Changed the foreign key between TCHANGESET and TOBJECTGROUPMEMBER to cascade on delete.
  • Changed the foreign key between TCHANGESET and TCHANGESETUSER to cascade on delete.
  • Changed the foreign key between TORDERPAYMENT and TPAYMENTINSTRUMENT to cascade on delete.
  • Changed the foreign key between TCARTORDERPAYMENTINSTRUMENT and TPAYMENTINSTRUMENT to cascade on delete.
  • Changed the foreign key between TCUSTOMERPAYMENTINSTRUMENT and TPAYMENTINSTRUMENT to cascade on delete.
  • Changed the foreign key between TPAYMENTINSTRUMENT and TPAYMENTINSTRUMENTDATA to cascade on delete.
  • Inserted TSETTINGDEFINITION records for the new cleanup jobs:
    • COMMERCE/SYSTEM/CHANGESETCLEANUP/batchSize
    • COMMERCE/SYSTEM/CHANGESETCLEANUP/maxHistory
    • COMMERCE/SYSTEM/CHANGESETCLEANUP/enable
    • COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/batchSize
    • COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/maxHistory
    • COMMERCE/SYSTEM/ORDERPAYMENTCLEANUP/enable
    • COMMERCE/SYSTEM/PAYMENTINSTRUMENTCLEANUP/batchSize
  • Added PAYMENT_PROVIDER_CONFIG_GUID field to TORDERPAYMENT table.
  • Added indexes on:
    • TORDERADDRESS.FIRST_NAME
    • TORDERADDRESS.LAST_NAME
    • TORDERADDRESS.PHONE_NUMBER
    • TORDERADDRESS.FAX_NUMBER
    • TORDERADDRESS.ZIP_POSTAL_CODE
  • Added COUPONCODE_UPPER field and index to TCOUPON.
  • Added USERNAME_UPPER field and index to TCUSTOMERAUTHENTICATION.
  • Changed TBASEAMOUNT index from a composite on PRICE_LIST_GUID and OBJECT_GUID, to a composite on PRICE_LIST_GUID, OBJECT_GUID, and OBJECT_TYPE.
  • Updated COMMERCE/SYSTEM/SEARCH/searchHost setting definition to use application cache strategy.

Upgraded libraries

The following libraries are upgraded as part of this release, primarily to address vulnerabilities detected within these libraries:

LibraryChange
aopalliance-repackaged-2.5.0-b42.jarRemoved
commons-daemon-1.2.4.jarRemoved
commons-io-2.11.0.jarRemoved
commons-lang-2.3.jarAdded
commons-lang3-3.12.0.jarRemoved
commons-logging-1.2.jarRemoved
commons-net-3.5.jarAdded
drools-persistence-api-7.6.0.Final.jarRemoved
drools-persistence-jpa-7.6.0.Final.jarRemoved
esapi-osgi-bundle-2.1.0.1.jarRemoved
gemini-blueprint-extender-2.1.0.RELEASE.jarRemoved
geronimo-annotation_1.0_spec-1.1.1.jarRemoved
geronimo-jacc_1.1_spec-1.0.2.jarRemoved
geronimo-jpa_2.0_spec-1.1.jarRemoved
geronimo-jpa_2.2_spec-1.1.jarAdded
hadoop-annotations-3.2.2.jarAdded
hadoop-auth-3.2.2.jarAdded
hadoop-common-3.2.2.jarAdded
hawtbuf-1.11.jarRemoved
hawtbuf-proto-1.11.jarRemoved
HdrHistogram-2.1.11.jarAdded
hk2-api-2.5.0-b42.jarRemoved
hk2-locator-2.5.0-b42.jarRemoved
hk2-utils-2.5.0-b42.jarRemoved
jasypt-1.9.3.jarRemoved
java-uuid-generator-3.1.5.jarRemoved
javax.inject-2.5.0-b42.jarRemoved
javax.xml.rpc_1.1.0.v201209140446.jarRemoved
javax.xml.soap_1.2.0.v201005080501.jarRemoved
jbpm-audit-7.6.0.Final.jarRemoved
jbpm-flow-7.6.0.Final.jarRemoved
jbpm-human-task-core-7.6.0.Final.jarRemoved
jbpm-human-task-workitems-7.6.0.Final.jarRemoved
jbpm-persistence-api-7.6.0.Final.jarRemoved
jbpm-persistence-jpa-7.6.0.Final.jarRemoved
jbpm-query-jpa-7.6.0.Final.jarRemoved
jbpm-runtime-manager-7.6.0.Final.jarRemoved
jcl-over-slf4j-1.7.25.jarRemoved
jdk.tools-1.8.jarAdded
jdom2-2.0.6.jarRemoved
jersey-client-2.27.jarRemoved
jersey-common-2.27.jarRemoved
jersey-container-servlet-2.27.jarRemoved
jersey-container-servlet-core-2.27.jarRemoved
jersey-hk2-2.27.jarRemoved
jersey-media-jaxb-2.27.jarRemoved
jersey-media-multipart-2.27.jarRemoved
jersey-server-2.27.jarRemoved
jul-to-slf4j-1.7.25.jarRemoved
LatencyUtils-2.0.3.jarAdded
liquibase-core-4.8.0.jarVersion changed from 3.10.3
log4j-over-slf4j-1.7.25.jarRemoved
logback-classic-1.2.10.jarVersion changed from 1.2.3
logback-core-1.2.10.jarVersion changed from 1.2.3
micrometer-core-1.3.9.jarAdded
mimepull-1.9.6.jarRemoved
objenesis-2.1.jarAdded
ojdbc8-19.9.0.0.jarRemoved
openjpa-3.2.2-ep1.0.jarVersion changed from 2.4.0-ep2.4
org.apache.axis_1.4.0.v201411182030.jarRemoved
org.apache.batik.css_1.8.0.v20170214-1941.jarRemoved
org.apache.batik.ext.awt_1.6.0.v201011041432.jarAdded
org.apache.batik.util_1.8.0.v20170214-1941.jarRemoved
org.apache.batik.util.gui_1.8.0.v20170214-1941.jarRemoved
org.apache.commons.discovery_0.2.0.v201004190315.jarRemoved
org.apache.commons.logging-1.1.1.v201101211721.jarRemoved
org.apache.felix.configadmin-1.8.16.jarRemoved
org.apache.felix.eventadmin-1.4.10.jarRemoved
org.apache.felix.fileinstall-3.6.4.jarRemoved
org.apache.felix.framework-5.6.10.jarRemoved
org.apache.felix.http.api-3.0.0.jarRemoved
org.apache.felix.http.bridge-4.0.2.jarRemoved
org.apache.felix.http.proxy-3.0.2.jarRemoved
org.apache.felix.http.servlet-api-1.1.2.jarRemoved
org.apache.felix.inventory-1.0.6.jarRemoved
org.apache.felix.metatype-1.1.6.jarRemoved
org.apache.felix.scr-2.0.14.jarRemoved
org.apache.felix.webconsole.plugins.ds-2.0.8.jarRemoved
org.apache.felix.webconsole.plugins.event-1.1.8.jarRemoved
org.apache.felix.webconsole.plugins.memoryusage-1.0.8.jarRemoved
org.apache.felix.webconsole.plugins.packageadmin-1.0.4.jarRemoved
org.apache.lucene.core_6.1.0.v20170814-1820.jarAdded
org.apache.lucene.core_7.1.0.v20171214-1510.jarRemoved
org.apache.servicemix.bundles.commons-collections-3.2.1_3.jarRemoved
org.apache.servicemix.bundles.josql-1.5_5.jarRemoved
org.apache.servicemix.bundles.quartz-2.3.2_1.jarRemoved
org.apache.servicemix.bundles.spring-context-support-4.3.30.RELEASE_1.jarRemoved
org.apache.servicemix.bundles.spring-jdbc-4.3.30.RELEASE_1.jarRemoved
org.apache.servicemix.bundles.spring-jms-4.3.30.RELEASE_1.jarRemoved
org.apache.servicemix.bundles.spring-orm-4.3.30.RELEASE_1.jarRemoved
org.apache.servicemix.bundles.spring-security-config-4.2.4.RELEASE_1.jarRemoved
org.apache.servicemix.bundles.spring-security-core-4.2.13.RELEASE_1.jarRemoved
org.apache.servicemix.bundles.spring-security-web-4.2.4.RELEASE_1.jarRemoved
org.apache.servicemix.bundles.spring-tx-4.3.30.RELEASE_1.jarRemoved
org.apache.servicemix.bundles.spring-web-4.3.30.RELEASE_1.jarRemoved
org.apache.servicemix.bundles.spring-webmvc-4.3.30.RELEASE_1.jarRemoved
org.apache.servicemix.bundles.xstream-1.4.18_1.jarRemoved
org.eclipse.birt_4.7.0.v201706222054.jarRemoved
org.eclipse.birt.chart.device.pdf-4.7.0.v201706222054.jarAdded
org.eclipse.birt.report.data.oda.excel-4.7.0.v201706222054.jarAdded
org.eclipse.birt.report.data.oda.jdbc_4.7.0.v201706222054.jarRemoved
org.eclipse.birt.report.data.oda.sampledb_4.7.0.v201706222054.jarRemoved
org.eclipse.birt.report.designer.editor.xml.wtp_4.7.0.v201706222054.jarRemoved
org.eclipse.birt.report.engine-4.7.0.v201706222054.jarAdded
org.eclipse.birt.report.viewer-4.7.0.v201706222054.jarAdded
org.eclipse.core.contenttype_3.7.0.v20180426-1644.jarRemoved
org.eclipse.core.expressions_3.6.100.v20180426-1644.jarRemoved
org.eclipse.core.filesystem_1.7.100.v20180304-1102.jarRemoved
org.eclipse.core.jobs_3.10.0.v20180427-1454.jarRemoved
org.eclipse.core.resources_3.13.0.v20180512-1138.jarRemoved
org.eclipse.core.runtime_3.14.0.v20180417-0825.jarRemoved
org.eclipse.datatools.connectivity.oda.feature_1.14.100.201802212225.jarRemoved
org.eclipse.equinox.app_1.3.500.v20171221-2204.jarRemoved
org.eclipse.equinox.common_3.10.0.v20180412-1130.jarRemoved
org.eclipse.equinox.preferences_3.7.100.v20180510-1129.jarRemoved
org.eclipse.equinox.registry_3.8.0.v20180426-1327.jarRemoved
org.eclipse.equinox.security_1.2.400.v20171221-2204.jarRemoved
org.eclipse.equinox.simpleconfigurator.manipulator_2.1.0.v20180103-0918-4.8.0.jarRemoved
org.eclipse.equinox.simpleconfigurator.manipulator-2.1.0.jarAdded
org.eclipse.help_3.8.100.v20180512-1136.jarRemoved
org.eclipse.osgi_3.13.0.v20180409-1500-4.8.0.jarRemoved
org.eclipse.osgi_3.13.0.v20180409-1500.jarRemoved
org.eclipse.osgi-3.13.0.jarAdded
org.eclipse.osgi.services_3.7.0.v20180223-1712.jarRemoved
org.eclipse.osgi.util_3.5.0.v20180219-1511-4.8.0.jarRemoved
org.eclipse.osgi.util_3.5.0.v20180219-1511.jarRemoved
org.eclipse.osgi.util-3.5.0.jarAdded
org.eclipse.sisu.inject-0.3.3.jarRemoved
org.eclipse.update.configurator_3.4.0.v20180512-1141-4.8.0.jarRemoved
org.eclipse.update.configurator-3.4.0.jarAdded
org.eclipse.wst.common.fproj_3.7.1.v201711202234.jarRemoved
org.osgi.service.log-1.3.0.jarRemoved
org.w3c.sac_1.3.0.v201706222054.jarRemoved
osgi-over-slf4j-1.7.25.jarRemoved
osgi-resource-locator-1.0.3.jarRemoved
postgresql-42.3.3.jarVersion changed from 42.2.23
slf4j-ext-1.7.32.jarVersion changed from 1.7.26
spring-batch-core-4.2.3.RELEASE.jarVersion changed from 4.0.4.RELEASE
spring-batch-infrastructure-4.2.3.RELEASE.jarVersion changed from 4.0.4.RELEASE
spring-retry-1.2.5.RELEASE.jarVersion changed from 1.2.4.RELEASE
spring-security-oauth2-bundle-2.3.3.RELEASE.jarRemoved
uk.co.spudsoft.birt.emitters.excel-4.7.0.v201706222054.jarAdded
velocity-engine-core-2.3.jarRemoved
xbean-asm9-shaded-4.20.jarAdded
xbean-spring-4.18.jarRemoved
Last updated on 3/20/2023
OverviewSupported Technologies