HCL Commerce Version 9.1.16.0

HCL Commerce 9.1.16.1

HCL Commerce 9.1.16.0 is a feature (mod pack) release for HCL Commerce Version 9.1.

  • HCL Commerce 9.1.16.0 was released on August 30, 2024.
  • A fix pack containing the Orchestration service, HCL Commerce 9.1.16.1, was released on October 8, 2024.

Fix packs

HCL Commerce fix packs include defect fixes, and are made available between major releases, beginning with 9.1.13.1. It is recommended to upgrade to the latest fix pack as it becomes available. Only certain images within the release are updated for fix pack releases. These updated containers, with modified fix pack file names, are intended to be used with the remaining original containers of the same release.

Release Date Updated binaries
HCL Commerce 9.1.16.1 October 8, 2024
Note: The release of 9.1.16.1 contains the introduction of the Orchestration service, to add support for using Solr-based search with the Nextjs store.
  • HCL_Commerce_DevOps_9.1.16.1.bundle
  • HCL_Commerce_Helm_Charts_9.1.16.1.bundle
  • HCL_Commerce_Enterprise_9.1.16.1_Orchestration_Server_x86-64.tgz
  • HCL_Commerce_Enterprise_9.1.16.1_Search_Server_x86-64.tgz
  • HCL_Commerce_Config_Version_9.1.16.1.zip
  • HCL_Commerce_Notices_9.1.16.1.txt
HCL Commerce 9.1.16.0 August 30, 2024 Full release.

For a full list of the release files and their associated MD5 checksum values, see HCL Commerce eAssemblies.

Security updates

HCL Commerce 9.1.16.0 contains the following security-related fixes.
Date of bulletin Affected software CVE(s) Vulnerability
November 1, 2024 WebSphere Application Server, WebSphere Application Server V8.5.5 Liberty, and IBM HTTP Server CVE-2024-37532, CVE-2023-51775, CVE-2024-35154, CVE-2024-22354, CVE-2023-50313, CVE-2024-25026, CVE-2024-35153, CVE-2024-22329, CVE-2024-38474, CVE-2024-38475, CVE-2024-38477, CVE-2024-24795, CVE-2023-38709, CVE-2024-39573, CVE-2024-40898, CVE-2024-40725, CVE-2024-38472, CVE-2024-38476, CVE-2024-38473 Multiple vulnerabilities in IBM WebSphere Application Server, IBM WebSphere Application Server Liberty and IBM HTTP Server affect HCL Commerce
November 1, 2024 IBM Java SDK CVE-2023-22081, CVE-2023-22067, CVE-2023-5676, CVE-2024-20918, CVE-2024-20952, CVE-2024-20921, CVE-2024-20945, CVE-2023-33850, CVE-2024-21011, CVE-2023-38264 Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty
November 1, 2024 WebSphere Application Server V8.5.5 Liberty CVE-2024-27268, CVE-2023-50312, CVE-2024-27270 Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect HCL Commerce
September 3, 2024 logback, ws, Apache Tomcat, micromatch, braces, TinyMCE CVE-2023-6378, CVE-2023-6481, CVE-2024-37890, CVE-2023-46589, CVE-2024-37890, CVE-2024-4067, CVE-2024-4068, CVE-2024-38357, CVE-2024-38356 Multiple vulnerabilities in open source components affect HCL Commerce
December 14, 2023 Apache Struts 2 CVE-2023-50164, CVE-2023-41835 A vulnerability in Apache Struts 2 affects HCL Commerce
Important: Review the list of Non-applicable vulnerabilities to clear any vulnerabilities that have been discovered during a security scan of your HCL Commerce images. This list has been fully vetted by HCL to ensure that these vulnerabilities do not have any impact on the security of your deployment.

Important changes

HCL Commerce 9.1.16.1 contains the following important changes to site features and functionality.

Important: Required changes
  • Before upgrading your deployment to HCL Commerce 9.1.14.0 or greater, you must consider the implications of the non-root user update. Not doing so can break your deployment. For more information, see HCL Commerce container users and privileges.
  • After upgrading to HCL Commerce 9.1.14.0 or greater with the Elasticsearch-based search solution, you must delete any existing boost scripts.
    1. Run the following REST API calls to delete any existing scripts.
      DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-1
      DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-2
      DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-3
      Note: you can use the GET request method to check for existing scripts.
    2. Restart the Query service to re-generate the appropriate boost scripts for this release.
  • Management Center for HCL Commerce in all releases 9.1.12.0 and greater now report business user analytics to HCL. This information assists HCL in the development of new features and the enhancement of existing business user tools.
    Note: Only high level business user behaviors in new tools within Management Center are collected. No sensitive information about the user or the organization that owns the environment is captured or transmitted to HCL. Specifically, the URLs of the pages that business users access are logged. Event data such as the version of HCL Commerce and the deployment type, as well as generic information about the browser, are also collected. Google Analytics also captures general location information, if users have opted-in through their browser settings.
    The collection of this data can be disabled during deployment. For more information on disabling this data collection, see the following steps in the deployment documentation:
    • For Docker deployments, see step #8 in the deployment prerequisites.
    • For Kubernetes deployments, see step #11 in the deployment prerequisites.
    • For SoFy deployments, see step #2 in the deployment.
  • From HCL Commerce version 9.1.10.0 onwards, Spring is upgraded from version 4.x to version 5.x. You must update your existing spring-extension.xml Spring configuration file with the supportedMethods property and the associated values of GET and POST.
    For example:
    <bean id="/GetRootManagedDirectory" class="org.springframework.web.servlet.mvc.ParameterizableViewController">
    <property name="viewName" value="/jsp/commerce/attachment/restricted/GetRootManagedDirectory.jsp"/>
    <property name="supportedMethods" value="GET,POST"/>
    </bean>
  • Upgrading to HCL Commerce 9.1.16.1 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.

    Learn more...

Feature enhancements

The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.

Indicates enhancements inspired by or created by customers and partners, and submitted through the HCL Commerce | Product Portal. Sign up to vote and submit your own ideas!

Deployment
Kubernetes deployment Solr-based search index sharding
Solr search sharding is included as an optional configuration in the HCL Commerce 9.1.16.0 Helm Chart. This enables Solr-based search deployments with large indexes to enable multiple Java Virtual Machines (JVMs) to complete indexing work in parallel, reducing indexing time, and alleviating any resource issues that can be encountered when using a single JVM.
Learn more...
New contentManually update the prerequisite software in older HCL Commerce images
To ensure that your site remains up-to-date with any important fixes that are delivered subsequent to the latest HCL Commerce release, or to continue to use older HCL Commerce release images, this group of tasks can be used to manually rebuild custom images to include important IBM stack updates.
Learn more...
New contentOrchestration
The Orchestration service enables the Ruby starter store to use Solr-based search. The Ruby store uses the V2 search REST API that is only compatible with Elasticsearch. With the Orchestration service, the ability to convert a JSON message from one format into another is introduced.
Learn more...
Store
Storefront improvements

The following new features are enabled in the Ruby store.

Multiple languages for the CSR tool

The Customer Service Representative (CSR) tool supports multiple languages for all stores.

Learn more...
Enabling guest shopping for the Next.js store

In the Next.js store, you can enable the guest shopping for customers.

Learn more...

Disabling guest shopping for the Next.js store

In the Next.js store, you can disable the guest shopping for customers.

Learn more...

Quick Order for Next.js store (B2C and B2B)

You can place orders within the Next.js store using the quick order functionality without navigating through product details and listing pages.

Learn more...

Free gift with the order

The Free Gift with the Order promotion allows eligible customers to select a free gift when their order meets specific criteria.

Learn more...

Product listing page
The product listing page displays each product's stock availability at the selected and all the nearby stores.

Learn more...

Product display page
The product display page helps you select whether you want to choose the Pickup or delivery options for the selected items.

Learn more...

Save for later
When you decide to postpone the purchase of an item in the shopping cart, you can save it for a potential future purchase.

Learn more...

Shopping cart

You can view the items added for purchase, manage your selected items, adjust quantities, choose between pickup and delivery, and proceed to checkout in the shopping cart.

You can view the contract name associated with each item in the shopping cart.

Learn more...

Tools
Dashboard and new navigation menu
Management Center has a dashboard and a new navigation menu to access all tools.

Learn more...

New login port
From the version 9.1.16.0 onwards, along with the previous web address you can also access the HCL Commerce Management Center using the following web address in your browser: https://host_name:7443/tooling/login.

Learn more...

Search Analytics
Search Analytics dashboard is a part of the Analytics tool.

Learn more...

Change Password
Management Center allows you to change your existing password from the new login menu option.

Learn more...

Security
Non-applicable vulnerabilities
Software security scans can identify vulnerabilities within HCL Commerce containers that do not apply. A list of vulnerabilities is introduced to help identify valid security concerns by eliminating false positives.

Learn more...

Defect fixes

See HCL Commerce 9.1.16.0 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release and its associated fix pack.

Supported companion software

HCL Commerce 9.1.16.1 has been tested with the following companion software.
Commerce Companion software Database Browsers
HCL Commerce Version 9.1.16.0
  • WebSphere Application Server 9.0.5.20 + PH61504 + PH61546 + PH61489 + PH61808
  • WebSphere Application Server V8.5.5 Liberty 24.0.0.6
  • IBM SDK, Java Technology Edition, Version 8.0.8.30
  • IBM HTTP Server 9.0.5.20 + PH61893 + PH62263
  • IBM Installation Manager 1.9.2.8
  • Elasticsearch
    • x86-647.17.20
    • Power7.17.20
  • ZooKeeper
    • x86-643.8.0
    • Power3.8.0
  • Redis
    • x86-647.2.5
    • Power7.2.5-bv-ubi8
  • Reddison 3.23.3
  • NiFi 1.22
  • NiFi Registry 1.22
  • CoreNLP 4.5.5
  • Vault 1.14.8
  • Kubernetes 1.27 to 1.30
  • Helm 3.13+
  • Solr-based search solution
    • IBM Db2
      • x86-6411.5.8
      • Power11.5.8
    • Oracle 18c
    • Oracle 19c
  • Elasticsearch-based search solution
    • IBM Db2
      • x86-6411.5.8
      • Power11.5
    • Oracle 19c
  • Approval server
    • x86-64PostgreSQL 14.12
    • PowerPostgreSQL 14.12
  • Management Center for HCL Commerce
    • Edge 20+
    • Firefox 39+
    • Chrome 44+
    • Safari 10+
    HCL Commerce Version 9.1.14.0 or laterNote: HCL Commerce 9.1.14.0 and greater no longer supports Internet Explorer for use with Management Center.
  • React-based storefronts
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+
  • Aurora-based storefronts
    • Internet Explorer 20H2+
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+