HCL Commerce 9.1.16.1
HCL Commerce 9.1.16.0 is a feature (mod pack) release for HCL Commerce Version 9.1.
- HCL Commerce 9.1.16.0 was released on August 30, 2024.
- A fix pack containing the Orchestration service, HCL Commerce 9.1.16.1, was released on October 8, 2024.
Fix packs
HCL Commerce fix packs include defect fixes, and are made available between major releases, beginning with 9.1.13.1. It is recommended to upgrade to the latest fix pack as it becomes available. Only certain images within the release are updated for fix pack releases. These updated containers, with modified fix pack file names, are intended to be used with the remaining original containers of the same release.
Release | Date | Updated binaries |
---|---|---|
HCL Commerce 9.1.16.1 | October 8, 2024 |
Note: The release of 9.1.16.1 contains the
introduction of the Orchestration service, to add support for using
Solr-based search with the Nextjs store.
|
HCL Commerce 9.1.16.0 | August 30, 2024 | Full release. |
For a full list of the release files and their associated MD5 checksum values, see HCL Commerce eAssemblies.
Security updates
Date of bulletin | Affected software | CVE(s) | Vulnerability |
---|---|---|---|
November 1, 2024 | WebSphere Application Server, WebSphere Application Server V8.5.5 Liberty, and IBM HTTP Server | CVE-2024-37532, CVE-2023-51775, CVE-2024-35154, CVE-2024-22354, CVE-2023-50313, CVE-2024-25026, CVE-2024-35153, CVE-2024-22329, CVE-2024-38474, CVE-2024-38475, CVE-2024-38477, CVE-2024-24795, CVE-2023-38709, CVE-2024-39573, CVE-2024-40898, CVE-2024-40725, CVE-2024-38472, CVE-2024-38476, CVE-2024-38473 | Multiple vulnerabilities in IBM WebSphere Application Server, IBM WebSphere Application Server Liberty and IBM HTTP Server affect HCL Commerce |
November 1, 2024 | IBM Java SDK | CVE-2023-22081, CVE-2023-22067, CVE-2023-5676, CVE-2024-20918, CVE-2024-20952, CVE-2024-20921, CVE-2024-20945, CVE-2023-33850, CVE-2024-21011, CVE-2023-38264 | Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty |
November 1, 2024 | WebSphere Application Server V8.5.5 Liberty | CVE-2024-27268, CVE-2023-50312, CVE-2024-27270 | Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect HCL Commerce |
September 3, 2024 | logback, ws, Apache Tomcat, micromatch, braces, TinyMCE | CVE-2023-6378, CVE-2023-6481, CVE-2024-37890, CVE-2023-46589, CVE-2024-37890, CVE-2024-4067, CVE-2024-4068, CVE-2024-38357, CVE-2024-38356 | Multiple vulnerabilities in open source components affect HCL Commerce |
December 14, 2023 | Apache Struts 2 | CVE-2023-50164, CVE-2023-41835 | A vulnerability in Apache Struts 2 affects HCL Commerce |
Important changes
HCL Commerce 9.1.16.1 contains the following important changes to site features and functionality.
- Before upgrading your deployment to HCL Commerce 9.1.14.0 or greater, you must consider the implications of the non-root user update. Not doing so can break your deployment. For more information, see HCL Commerce container users and privileges.
- After upgrading to HCL Commerce 9.1.14.0 or greater with the
Elasticsearch-based search solution, you must delete any existing boost
scripts.
- Run the following REST API calls to delete any existing
scripts.
DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-1 DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-2 DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-3
Note: you can use the GET request method to check for existing scripts. - Restart the Query service to re-generate the appropriate boost scripts for this release.
- Run the following REST API calls to delete any existing
scripts.
- Management Center for HCL Commerce in all releases 9.1.12.0
and greater now report business user analytics to HCL. This information
assists HCL in the development of new features and the enhancement of
existing business user tools.Note: Only high level business user behaviors in new tools within Management Center are collected. No sensitive information about the user or the organization that owns the environment is captured or transmitted to HCL. Specifically, the URLs of the pages that business users access are logged. Event data such as the version of HCL Commerce and the deployment type, as well as generic information about the browser, are also collected. Google Analytics also captures general location information, if users have opted-in through their browser settings.The collection of this data can be disabled during deployment. For more information on disabling this data collection, see the following steps in the deployment documentation:
- From
HCL Commerce version 9.1.10.0 onwards, Spring is upgraded from version
4.x to version 5.x. You must update your
existing spring-extension.xml Spring configuration file with the
supportedMethods
property and the associated values ofGET
andPOST
.For example:<bean id="/GetRootManagedDirectory" class="org.springframework.web.servlet.mvc.ParameterizableViewController"> <property name="viewName" value="/jsp/commerce/attachment/restricted/GetRootManagedDirectory.jsp"/> <property name="supportedMethods" value="GET,POST"/> </bean>
- Upgrading to HCL Commerce 9.1.16.1 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.
Feature enhancements
The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.
Indicates enhancements inspired by or created by customers and partners, and submitted through the HCL Commerce | Product Portal. Sign up to vote and submit your own ideas!
- Deployment
-
- Kubernetes deployment Solr-based search index sharding
- Solr search sharding is included as an optional configuration in the HCL Commerce 9.1.16.0 Helm Chart. This enables Solr-based search deployments with large indexes to enable multiple Java Virtual Machines (JVMs) to complete indexing work in parallel, reducing indexing time, and alleviating any resource issues that can be encountered when using a single JVM.
- Search
-
- Orchestration
- The Orchestration service enables the Ruby starter store to use Solr-based search. The Ruby store uses the V2 search REST API that is only compatible with Elasticsearch. With the Orchestration service, the ability to convert a JSON message from one format into another is introduced.
- Store
-
- Storefront improvements
-
The following new features are enabled in the Ruby store.
- Multiple languages for the CSR tool
-
The Customer Service Representative (CSR) tool supports multiple languages for all stores.
- Enabling guest shopping for the Next.js store
-
In the Next.js store, you can enable the guest shopping for customers.
- Disabling guest shopping for the Next.js store
-
In the Next.js store, you can disable the guest shopping for customers.
- Quick Order for Next.js store (B2C and B2B)
-
You can place orders within the Next.js store using the quick order functionality without navigating through product details and listing pages.
- Free gift with the order
-
The Free Gift with the Order promotion allows eligible customers to select a free gift when their order meets specific criteria.
- Product listing page
- The product listing page displays each product's stock availability at the selected and all the nearby stores.
- Product display page
- The product display page helps you select whether you want to choose the Pickup or delivery options for the selected items.
- Save for later
- When you decide to postpone the purchase of an item in the shopping cart, you can save it for a potential future purchase.
- Shopping cart
-
You can view the items added for purchase, manage your selected items, adjust quantities, choose between pickup and delivery, and proceed to checkout in the shopping cart.
You can view the contract name associated with each item in the shopping cart.
- Tools
-
- Dashboard and new navigation menu
- Management Center has a dashboard and a new navigation menu to access all tools.
- New login port
- From the version 9.1.16.0 onwards, along with the previous web address you can also access the HCL Commerce Management Center using the following web address in your browser: https://host_name:7443/tooling/login.
- Search Analytics
- Search Analytics dashboard is a part of the Analytics tool.
- Change Password
- Management Center allows you to change your existing password from the new login menu option.
- Security
-
- Non-applicable vulnerabilities
- Software security scans can identify vulnerabilities within HCL Commerce containers that do not apply. A list of vulnerabilities is introduced to help identify valid security concerns by eliminating false positives.
Defect fixes
See HCL Commerce 9.1.16.0 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release and its associated fix pack.
Supported companion software
Commerce | Companion software | Database | Browsers |
---|---|---|---|
HCL Commerce Version 9.1.16.0 |
|
|
|