HCL Commerce Version 9.1.15.0

HCL Commerce 9.1.15.2

HCL Commerce 9.1.15.0 is a feature (mod pack) release for HCL Commerce Version 9.1.

  • HCL Commerce 9.1.15.0 was released on December 13, 2023.
  • A fix pack containing fixes for Elasticsearch, HCL Commerce 9.1.15.1, was released on January 23, 2024.
  • A fix pack for HCL Commerce Developer, HCL Commerce Developer 9.1.15.2, was released on March 21, 2024.
  • A second fix pack containing fixes for Elasticsearch, HCL Commerce 9.1.15.2, was released on July 9, 2024.

Fix packs

HCL Commerce fix packs include defect fixes, and are made available between major releases, beginning with 9.1.13.1. It is recommended to upgrade to the latest fix pack as it becomes available. Only certain images within the release are updated for fix pack releases. These updated containers, with modified fix pack file names, are intended to be used with the remaining original containers of the same release.
Important:
HCL has identified issues in HCL Commerce Developer 9.1.15.0 and 9.1.15.1.
Release Date Updated containers
HCL Commerce 9.1.15.2 July 9, 2024
  • HCL_Commerce_Enterprise_9.1.15.2_Data_Query_Server_x86-64.tgz
  • HCL_Commerce_Enterprise_9.1.15.2_Data_Ingest_Server_x86-64.tgz
  • HCL_Commerce_Enterprise_9.1.15.2_Data_NiFi_Server_x86-64.tgz
  • HCL_Commerce_Enterprise_9.1.15.2_Data_NiFi_Registry_Server_x86-64.tgz
  • HCL_Commerce_Enterprise_9.1.15.2_Data_Query_Server_ppc64le.tgz
  • HCL_Commerce_Enterprise_9.1.15.2_Data_Ingest_Server_ppc64le.tgz
  • HCL_Commerce_Enterprise_9.1.15.2_Data_NiFi_Server_ppc64le.tgz
  • HCL_Commerce_Enterprise_9.1.15.2_Data_NiFi_Registry_Server_ppc64le.tgz
  • HCL_Commerce_Search_Bundle_9.1.15.2.zip
  • HCL_Commerce_Helm_Charts_9.1.15.2.bundle
HCL Commerce Developer 9.1.15.2 March 21, 2024
  • HCL_Commerce_Enterprise_V9.1.15.2_Developer.zip
HCL Commerce 9.1.15.1 January 23, 2024
  • HCL_Commerce_Enterprise_9.1.15.1_Data_Query_Server_x86-64.tgz
  • HCL_Commerce_Enterprise_9.1.15.1_Data_Ingest_Server_x86-64.tgz
  • HCL_Commerce_Enterprise_9.1.15.1_Data_NiFi_Server_x86-64.tgz
  • HCL_Commerce_Enterprise_9.1.15.1_Data_NiFi_Registry_Server_x86-64.tgz
  • HCL_Commerce_Enterprise_9.1.15.1_Data_Query_Server_ppc64le.tgz
  • HCL_Commerce_Enterprise_9.1.15.1_Data_Ingest_Server_ppc64le.tgz
  • HCL_Commerce_Enterprise_9.1.15.1_Data_NiFi_Server_ppc64le.tgz
  • HCL_Commerce_Enterprise_9.1.15.1_Data_NiFi_Registry_Server_ppc64le.tgz
  • HCL_Commerce_Nextjs_Store_9.1.15.1.bundle
  • HCL_Commerce_Search_Bundle_9.1.15.1.zip
  • HCL_Commerce_Enterprise_V9.1.15.1_Developer.zip
HCL Commerce 9.1.15.0 December 13, 2023 Full release.

For a full list of the release files and their associated MD5 checksum values, see HCL Commerce eAssemblies.

Security updates

HCL Commerce 9.1.15.0 contains the following security-related fixes.
Affected software CVE(s) Vulnerability
WebSphere Application Server V8.5.5 Liberty CVE-2023-44487, CVE-2023-46158 Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect HCL Commerce
Apache Tomcat CVE-2023-44487, CVE-2023-45648, CVE-2023-42795 Multiple vulnerabilities in Apache Tomcat affect HCL Commerce
TinyMCE CVE-2023-45818, CVE-2023-48219 Multiple vulnerabilities in TinyMCE affect HCL Commerce
JSON-Java CVE-2023-5072 A vulnerability in JSON-Java affects HCL Commerce

Important changes

HCL Commerce 9.1.15.2 contains the following important changes to site features and functionality.

Important: Required changes
  • Before upgrading your deployment to HCL Commerce 9.1.14.0 or greater, you must consider the implications of the non-root user update. Not doing so can break your deployment. For more information, see HCL Commerce container users and privileges.
  • After upgrading to HCL Commerce 9.1.14.0 or greater with the Elasticsearch-based search solution, you must delete any existing boost scripts.
    1. Run the following REST API calls to delete any existing scripts.
      DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-1
      DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-2
      DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-3
      Note: you can use the GET request method to check for existing scripts.
    2. Restart the Query service to re-generate the appropriate boost scripts for this release.
  • Management Center for HCL Commerce in all releases 9.1.12.0 and greater now report business user analytics to HCL. This information assists HCL in the development of new features and the enhancement of existing business user tools.
    Note: Only high level business user behaviors in new tools within Management Center are collected. No sensitive information about the user or the organization that owns the environment is captured or transmitted to HCL. Specifically, the URLs of the pages that business users access are logged. Event data such as the version of HCL Commerce and the deployment type, as well as generic information about the browser, are also collected. Google Analytics also captures general location information, if users have opted-in through their browser settings.
    The collection of this data can be disabled during deployment. For more information on disabling this data collection, see the following steps in the deployment documentation:
    • For Docker deployments, see step #8 in the deployment prerequisites.
    • For Kubernetes deployments, see step #11 in the deployment prerequisites.
    • For SoFy deployments, see step #2 in the deployment.
  • From HCL Commerce version 9.1.10.0 onwards, Spring is upgraded from version 4.x to version 5.x. You must update your existing spring-extension.xml Spring configuration file with the supportedMethods property and the associated values of GET and POST.
    For example:
    <bean id="/GetRootManagedDirectory" class="org.springframework.web.servlet.mvc.ParameterizableViewController">
    <property name="viewName" value="/jsp/commerce/attachment/restricted/GetRootManagedDirectory.jsp"/>
    <property name="supportedMethods" value="GET,POST"/>
    </bean>
  • Upgrading to HCL Commerce 9.1.15.2 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.

    Learn more...

Feature enhancements

The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.

Indicates enhancements inspired by or created by customers and partners, and submitted through the HCL Commerce | Product Portal. Sign up to vote and submit your own ideas!

Deployment
HCL Harbor Container Registry
The HCL Harbor Container Registry is now available as an alternative means to obtain HCL Commerce Docker images. HCL Harbor can be used within your CI/CD pipeline to more quickly and easily obtain the latest HCL Commerce releases from HCL.
Note:
  • CFIUS images are not impacted by this implementation.
  • Additional HCL Commerce software, such as git bundles, and third-party software packages, can only be obtained via the HCL License and Delivery portal.
Learn more...
Configuration additions
  • Automated clean-up of ingress definitions.

    The clean up of old ingress configurations is automated in order to avoid conflicts during HCL Commerce deployment upgrades. Set backwardCompatibility.ingressFormatUpgrade.enabled to true in your HCL Commerce Helm Chart values.yaml configuration file before deployment to trigger the associated upgrade job.

  • Set optional Transaction server trace file variables.

    Use Vault values or Run Engine commands to set your Transaction server trace file size, and the number of historical trace files that are kept. The defaults for these values are up to five files that are a maximum of 20MB in size per file.

  • Set optional HCL Commerce Elasticsearch-based Search configuration.
    Use Vault values to:
    • Set the Registry service scheduler job interval. By default this is set to 300 seconds (5 minutes).
    • Enable or disable the automatic update of Ingest service pipe version. By default, this is set to false, requiring the manual use of Ingest APIs to reset and upgrade any pipe.
For more information on Vault configurations, and Run Engine commands, see:
Comprehensive guides to using and extending Elasticsearch
Search documentation has been revised, updated, and new guides and references added. These improvements will quickly familiarize you with the concepts and practicalities of running and customizing Elasticsearch as well as the powerful Ingest and Query systems that power the V9.1 Search stack.
Store
Ruby Business-to-Business (B2B) storefront improvements

The following subtasks relate to performance improvements in the Ruby B2B store.

Recurring Orders

In the Ruby B2B store, Recurring Orders allow users to create automatic orders for products on a schedule.

Learn more...
Organization Management
A Buyer Administrator can navigate a hierarchical list of organizations, select one, and display its buyer list. This feature allows you to create, view, edit and approve organizations.

Learn more...

Buyer Management

Buyer management involves administering buyer accounts and access within an organization. This involves tasks like creating, editing, enabling or disabling accounts, and maintaining control over assigning roles to new buyers who register.

Learn more...

Buyer and Order approval
  • Buyer Administrators can manage and approve registered buyers through the Buyer Approval page.
  • Buyer Administrators and Buyer Approvers can manage and approve orders through the Order Approval page.

Learn more...

Performance
New Statistics Service
The Statistics service gathers data on catalog dimensions. You can use this information to customize the default SQL used by the Search system, and extend it using your own SQL.

Learn more...

Ingest tuning guide
A new guide has been added that includes formulae and methods for tuning the performance of your NiFi service to match the capacity of your Elasticsearch indexing system.

Learn more...

Defect fixes

See HCL Commerce 9.1.15.0, HCL Commerce 9.1.15.1, and HCL Commerce 9.1.15.2 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release and its associated fix pack.

Supported companion software

HCL Commerce 9.1.15.2 has been tested with the following companion software.
Commerce Companion software Database Browsers
HCL Commerce Version 9.1.15.0
  • WebSphere Application Server 9.0.5.17
  • WebSphere Application Server V8.5.5 Liberty 23.0.0.9 + IFPH57579 + IFPH57878
  • IBM SDK, Java Technology Edition, Version 8.0.8.10
  • IBM HTTP Server 9.0.5.17
  • Elasticsearch
    • x86-647.17.13
    • Power7.17.13
  • ZooKeeper
    • x86-643.8.0
    • Power3.8.0
  • Redis
    • x86-647.2.1
    • Power7.2.1
  • Reddison 3.23.3
  • NiFi 1.22
  • NiFi Registry 1.22
  • CoreNLP 4.5.5
  • Vault 1.14.4
  • Kubernetes 1.27 to 1.28
  • Helm 3.13+
  • Solr-based search solution
    • IBM Db2
      • x86-6411.5.8
      • Power11.5.8
    • Oracle 18c
    • Oracle 19c
  • Elasticsearch-based search solution
    • IBM Db2
      • x86-6411.5.8
      • Power11.5
    • Oracle 19c
  • Approval server
    • x86-64PostgreSQL 14.10
    • PowerPostgreSQL 14.9
  • Management Center for HCL Commerce
    • Edge 20+
    • Firefox 39+
    • Chrome 44+
    • Safari 10+
    HCL Commerce Version 9.1.14.0 or laterNote: HCL Commerce 9.1.14.0 and greater no longer supports Internet Explorer for use with Management Center.
  • React-based storefronts
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+
  • Aurora-based storefronts
    • Internet Explorer 20H2+
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+