HCL Commerce 9.1.11.0
Security updates
Affected software | CVE(s) | Vulnerability |
---|---|---|
WebSphere Application Server and IBM HTTP Server | CVE-2022-26377, CVE-2022-28615, CVE-2022-28614, CVE-2022-29404, CVE-2022-31813, CVE-2022-30556 | Multiple vulnerabilities in IBM HTTP Server included with WebSphere Application Server affect HCL Commerce |
HCL Commerce | CVE-2021-27785 | HCL Commerce could allow a local attacker to obtain sensitive personal information |
WebSphere Application Server V8.5.5 Liberty | CVE-2022-22475, CVE-2021-46708, CVE-2022-22393 | Multiple vulnerabilities in WebSphere Application Server Liberty affect HCL Commerce |
WebSphere Application Server and IBM HTTP Server | CVE-2022-22721, CVE-2022-22720, CVE-2022-22365, CVE-2022-22719 | Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce |
jackson-databind, Spring Framework | CVE-2020-36518, CVE-2022-22950 | Multiple vulnerabilities in open source components affect HCL Commerce |
Apache Struts 2, org.cyberneko.html | CVE-2021-31805, CVE-2022-24839, CVE-2022-2950 | Multiple vulnerabilities in open source components affect HCL Commerce |
Important changes
HCL Commerce 9.1.11.0 contains the following important changes to site features and functionality.
- Upgrading to HCL Commerce 9.1.11.0 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.
- From
HCL Commerce version 9.1.10.0 onwards, Spring is upgraded from version
4.x to version 5.x. You must update your
existing spring-extension.xml Spring configuration file with the
supportedMethods
property and the associated values ofGET
andPOST
.For example:<bean id="/GetRootManagedDirectory" class="org.springframework.web.servlet.mvc.ParameterizableViewController"> <property name="viewName" value="/jsp/commerce/attachment/restricted/GetRootManagedDirectory.jsp"/> <property name="supportedMethods" value="GET,POST"/> </bean>
Feature enhancements
The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.
Indicates enhancements inspired by or created by customers and partners, and submitted through the HCL Commerce | Product Portal. Sign up to vote and submit your own ideas!
- Deployment
-
- Google Anthos certification
- HCL Commerce has been tested on Google Anthos. Google Anthos provides improved scaling, management, and upgrade functionality for Kubernetes deployments.
- Search
-
- Migrating DOM-based inventory to Elasticsearch
- You can easily move inventory created in a Distributed Order Management (DOM) system into Elasticsearch. Samples are provided to assist you with setting up the migration.
- Store
-
- Seller-grouping available in Marketplace
- Seller-grouping is available in checkout flow and order-history of the marketplace stores. Now shoppers can also type the seller name in the search box and get suggestions for sellers and products.
- Buy Online Pickup In Store (BOPIS) and Store Locator component added for React store
- Shoppers can buy products online and pick them up from their
nearest stores using the BOPIS functionality. In order to make
this process smoother, the HCL Commerce now comes with
a store locator feature that helps the shoppers to locate the
nearest physical store using online maps.
Store locator: Learn more about the Store Locator..
- Wishlist Enhancements
-
You can add products to your personalised wishlist in react-based stores. You need only drop a product into the wishlist and you can then add those wishlist products to the chekout whenever you wish.
- Sitemap Generator Enhancement
-
The sitemap generator now supports generation of sitemap files for Emerald and Sapphire stores. You can use the SEO pattern files to generate SEO URLs and also modify these SEO Pattern files to generate your own SEO URLs.
- Tools
-
- Marketplace Enhancements
- The Marketplace is a web store that allows shoppers to shop for multiple products. The entity who owns the marketplace is known as the Marketplace Operator. The Marketplace Operator can add a number of sellers to the marketplace and allow them to sell their products on the assigned marketplaces. They can add a number of sellers to one marketplace or can add a seller to a number of marketplaces.
- Catalog Updates
- Catalog contains the information related to all the products available for shoppers on the storefront. You can perform multiple tasks such as updating catalog entries, searching catalog update requests, previewing the updated catalog entries and so on.
- Inventory Updates
- Inventory is the number of products that are available for shoppers. You can update the existing information by updating and uploading .CSV file.
- Order Management
- HCL Commerce allows the Marketplace Operators and Marketplace Sellers to manage orders placed from the storefront through the Management Center. You can change the order status, update the seller details and perform more functions through the Order Management.
- Access Control
- There are three roles related to the Marketplace:
- Marketplace Operator
- Marketplace Seller
- Marketplace Seller Administrator
- Seller Dashboard
- Both the Marketplace Seller and the Marketplace Seller Administrator can access Marketplace functions through the Seller Dashboard.
- Page Composer
- When creating a new layout, you can assign the layout as a default layout for the selected page. A new page called Category-level SKU Display Pages added in the page list shown.
- Performance
-
- Ingest Tuning Guide
- Ingest Tuning Guide is a continuation of the previous tuning guide Elasticsearch based search perfomance tuning guide for the NiFi/ Elasticsearch components of the HCL Commerce search solution. This guide will help you gain a broad understanding of tuning and discuss how to tune the solution for a certain setup and catalog structure.
Defect fixes
See HCL Commerce 9.1.11.0 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release.
Supported companion software
Commerce | Companion software | Database | Browsers |
---|---|---|---|
HCL Commerce Version 9.1.11.0 |
|
|
|