HCL Commerce 9.1.12.0
HCL Commerce
9.1.12.0 was released on March 16, 2023.
Security updates
HCL Commerce
9.1.12.0 contains the following security-related fixes.
| Affected software | CVE(s) | Vulnerability |
|---|---|---|
| Apache Kafka | CVE-2022-34917 | Vulnerabilities in Apache Kafka affect HCL Commerce |
| WebSphere Application Server and IBM HTTP Server | CVE-2022-43680, CVE-2022-37436, CVE-2022-21541, CVE-2021-2163, CVE-2022-21540, CVE-2022-21626, CVE-2017-9233, CVE-2013-0340, CVE-2022-21624 | Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce |
| WebSphere Application Server V8.5.5 Liberty | CVE-2022-24839, CVE-2022-22476 | Multiple vulnerabilities in WebSphere Application Server Liberty affect HCL Commerce |
| WebSphere Application Server | CVE-2023-23477, CVE-2022-22477, CVE-2022-38712, CVE-2022-34336, CVE-2022-40750, CVE-2022-34165, CVE-2022-35282, CVE-2022-22473 | Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce |
| jQuery | CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160 | Multiple vulnerabilities in jQuery affect HCL Commerce |
Important changes
HCL Commerce 9.1.12.0 contains the following important changes to site features and functionality.
Important:
Required changes
- The security settings for XML processing in inbound web services that use the Program Adapter and WCS.INTEGRATION message mapper are strengthened in HCL Commerce 9.1.12.0. You may need to update the configuration around handling external entities if it is too restrictive for your environment.
- Management Center for HCL Commerce in HCL Commerce
9.1.12.0 automatically reports business user
analytics to HCL. This information assists HCL in the development of new
features and the enhancement of existing business user tools.Note: Only high level business user behaviors in new tools within Management Center are collected. No sensitive information about the user or the organization that owns the environment is captured or transmitted to HCL. Specifically, the URLs of the pages that business users access are logged. Event data such as the version of HCL Commerce and the deployment type, as well as generic information about the browser, are also collected. Google Analytics also captures general location information, if users have opted-in through their browser settings.Important: When starting the Tooling Web Docker container in versions 9.1.12.0 through 9.1.14.0, you must set the container deployment type. Failure to do so will prevent the container from starting. Ensure that you set the deployment type via the DEPLOYMENT_TYPE container environment variable, or in Vault at the following path
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/deploymentType. Accepted values are development, staging, or production.The collection of this data can be disabled during deployment. For more information on disabling this data collection, see the following steps in the deployment documentation: - Hystrix is no longer supported by its maintainers. It is recommended to disable Hystrix on the Store server. For more information, see Disabling Hystrix on the Store server.
- Upgrading to HCL Commerce 9.1.12.0 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.
- From
HCL Commerce version 9.1.10.0 onwards, Spring is upgraded from version
4.x to version 5.x. You must update your
existing spring-extension.xml Spring configuration file with the
supportedMethodsproperty and the associated values ofGETandPOST.For example:<bean id="/GetRootManagedDirectory" class="org.springframework.web.servlet.mvc.ParameterizableViewController"> <property name="viewName" value="/jsp/commerce/attachment/restricted/GetRootManagedDirectory.jsp"/> <property name="supportedMethods" value="GET,POST"/> </bean>
Feature enhancements
The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.
Indicates enhancements
inspired by or created by customers and partners, and submitted through the
HCL Commerce | Product Portal. Sign up to vote and submit
your own ideas!
- Deployment
-
- AWS foundational technical review passed
- HCL Commerce has been accepted through technical review for inclusion on the Amazon Web Services (AWS) Marketplace. See the HCLTech partner page to learn more about the software services and products that are available on AWS from HCL as an AWS Premier Consulting Partner.
- Search
-
- Catalog Asset Store indexing model
for eSites
- Indexing speed has been greatly improved when you have a large number of Extended Sites (eSites). The Catalog Asset Store (CAS) indexing model removes the need to index each eSite separately. The CAS model performs one fast, simple centralized indexing operation.
- Store
-
- CSR post order capabilities
- Customer Service Representatives (CSRs) can now use the CSR tool to initiate returns, modify orders after they have been submitted, and apply SKU-level or order-level discounts. In addition, CSRs can find a customer using that customer's email address, and add comments to an order record or customer record.
- Registering a Marketplace
Seller
- Marketplace sellers can select their own shipping methods, and self-register for one or more marketplaces approved by the Operator.
- Material User Interface Version 5
upgrade Guide
- Material UI, the open-source component library for React stores, has been upgraded to Version 5.
- Display browsing history in the Page Composer eSpot widget
- Shoppers can now review their browsing history in the default Emerald store home page.
- Promotion proximity messages for React-based stores
- You can add promotion proximity messages to your React-based stores. These messages inform shoppers of the additional product value required to qualify for a promotional offer.
- Tools
-
- Marketplace enhancements
- The Marketplace Seller Dashboard has a new card for Contracts.
The Management Center enables marketplace sellers to
self-register and manage B2B pricing.
- Contracts
- Site Administrators and Marketplace Operators can access the buyer contracts card, pricing, and contract filter through the Marketplace tool.
- Approvals enhancements
- Marketplace Operators and Site Administrators can approve Marketplace Seller registration requests from the Management Center.
- Google Analytics enhancements
- Google Analytics supports GA4 reporting in the Management
Center. For the GA4 support, you should update the Universal
Analytics, GA4 Property Configuration, and Transaction server
with the latest configuration.
Universal Analytics: Learn more...
GA4 Property Configuration: Learn more...
Transaction Server Configuration: Learn more...
- Administrators can monitor their orders and order lines
- Seller Administrators can view and track all orders placed from the storefront.
- Catalogs tool
- You can now download the current catalog list without creating a new catalog upload request.
- Advanced User Search
- You can now configure advanced user search if you have a large number of users registered. This feature allows you to search users using additional filters such as search scope and type.
- Marketplace Analytics
- Marketplace Sellers can view sales, orders, top products, and more for the selected Marketplace through the Management Center.
Defect fixes
See HCL Commerce 9.1.12.0 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release.
Supported companion software
HCL Commerce
9.1.12.0 has been tested with the following companion
software.
| Commerce | Companion software | Database | Browsers |
|---|---|---|---|
| HCL Commerce Version 9.1.12.0 |
|
|
|
7.17.3
7.17.3