HCL Commerce 9.1.10.0
HCL Commerce
9.1.10.0 was released on March 31, 2022.
Security updates
HCL Commerce
9.1.10.0 contains the following security-related fixes.
| Affected software | CVE(s) | Vulnerability |
|---|---|---|
| jackson-databind, Spring Framework | WS-2021-0616, CVE-2021-22096 | Multiple vulnerabilities in open source components affect HCL Commerce |
| Apache Chainsaw, Apache XercesJ, Spring Framework | CVE-2022-23307, CVE-2022-23437, CVE-2021-22060 | Multiple vulnerabilities in open source components affect HCL Commerce |
| corenlp, Netty, node-fetch | CVE-2022-0198, CVE-2021-43797, CVE-2022-0235 | Multiple vulnerabilities in open source components affect HCL Commerce |
| WebSphere Application Server and IBM HTTP Server | CVE-2021-23450, CVE-2022-23990, CVE-2022-23852, CVE-2022-22822, CVE-2022-22823, CVE-2022-22825, CVE-2021-46143, CVE-2022-22824, CVE-2022-22826, CVE-2022-22827, CVE-2021-45960 | Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce |
| Apache Log4j | CVE-2022-23307, CVE-2022-23302, CVE-2022-23305 | Vulnerability in Apache Log4j 1.2 affects HCL Commerce |
| IBM HTTP Server, IBM Java SDK | CVE-2022-25315, CVE-2021-35550, CVE-2022-25313, CVE-2022-21340, CVE-2022-25236, CVE-2021-35603, CVE-2022-25235 | Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce |
| WebSphere Application Server | CVE-2021-39038 | A vulnerability in WebSphere Application Server affects HCL Commerce |
Important changes
HCL Commerce 9.1.10.0 contains the following important changes to site features and functionality.
Important:
Required changes
- Upgrading to HCL Commerce 9.1.10.0 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.
- From
HCL Commerce version 9.1.10.0 onwards, Spring is upgraded from version
4.x to version 5.x. You must update your
existing spring-extension.xml Spring configuration file with the
supportedMethodsproperty and the associated values ofGETandPOST.For example:<bean id="/GetRootManagedDirectory" class="org.springframework.web.servlet.mvc.ParameterizableViewController"> <property name="viewName" value="/jsp/commerce/attachment/restricted/GetRootManagedDirectory.jsp"/> <property name="supportedMethods" value="GET,POST"/> </bean>
Feature enhancements
The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.
Indicates enhancements
inspired by or created by customers and partners, and submitted through the
HCL Commerce | Product Portal. Sign up to vote and submit
your own ideas!
- Deployment
- Search
-
- Ingest profiles
- This powerful new feature enables you to fine-tune the behavior of NiFi connectors. You can issue SQL commands and execute custom Java code during the flow of a specific connector, to pre- and post-process data before it is indexed.
- Configure Ingest at a single REST endpoint
- All NiFi connectors inherit a set of configurations such as global attributes and make them available as NiFi flowfile attributes inside NiFi. Using one REST endpoint, you can add or remove these NiFi capabilities from outside the main NiFi process flow.
- Migrate Elasticsearch customizations
- You can migrate custom connectors and NiFi flows to the latest version of HCL Commerce Search. You have more options and guidance to make the process easier and faster.
- Remote debugging of Query service
- A new remote facility enables your developers to see the current state of variables, and leverage code hot swapping to see your changes reflected in the Query server as they develop code.
- Data integrity check
- You can improve the reliability of the Ingest service by checking the health of the Index. The integrity check pipeline counts and compares Elasticsearch documents against the database.
- Store
-
Marketplace hosts products from other
vendors- The Marketplace feature allows designated Owners to post products from other vendors. Buyers can filter products by a single or multiple seller names. This feature is available for registered and guest users.
- Product Compare
- Your shoppers can now compare products on a dedicated screen. They can use this feature to compare features such as price, description, or even customer ratings of your products.
- Ribbon Ads now available for React Store
- A ribbon ad is an image overlay that is displayed over the thumbnail image of catalog entries. The image overlay contains text that describes a shared characteristic of the catalog entries, such as Exclusive, Clearance, New, or On Sale to draw the attention of shoppers. You can easily add ribbon ads to your React storefront.
- My Account/Dashboard PI Updates
- Your customers have an improved My Account page that enables them to edit personal information such as name and address, and change the login password for their accounts.
- Kit Details Page
- Kits are collections of products that your customers can purchase in a single transaction. They differ from bundles in that the products and quantities are fixed. The Business-to-Business Sapphire React-based store now has a kits page that complements the existing bundles feature.
- Remember-me/persistent session
- Emerald (B2C) React Store customers can leave a shopping session and on returning find their current cart and other details preserved. You can define which behaviors can be persisted, and even extend some persistence to guest shoppers (shoppers without an account).
- Product Listing Page Price Ranges
- The Product Listing Page (PLP) has been improved. The price-range for SKUs of a product or a variant are now visible when these items are displayed in the PLP.
- Requisition Lists for B2B React stores
- Requisition lists are lists of items that will be used to create orders at a later date. Your customers can create requisition lists of items that they order frequently and use them to periodically re-order the items. You can now use requisition lists in B2B Sapphire React-based stores.
- Tools
-
- Marketplace Tool
- Marketplaces are new to HCL Commerce for version 9.1.10.0. A variety of new options are available in the Management Center under the Marketplace menu item. For example, Marketplace owners can manage multiple marketplaces as well as sellers, and sellers have options for controlling their own market.
- Page Composer enhancements
- Page Composer has been improved. You can now create default layouts and kits for catalog entry and category pages.
Defect fixes
See HCL Commerce 9.1.10.0 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release.
Supported companion software
HCL Commerce
9.1.10.0 has been tested with the following companion
software.
| Commerce | Companion software | Database | Browsers |
|---|---|---|---|
| HCL Commerce Version 9.1.10.0 |
|
|
|
7.17.1
7.8.0