HCL Commerce Version 9.1.17.0

HCL Commerce 9.1.17.0

HCL Commerce 9.1.17.0 is a feature (mod pack) release for HCL Commerce Version 9.1.

  • HCL Commerce 9.1.17 was released on December 2, 2024.

Fix packs

For a full list of the release files and their associated MD5 checksum values, see HCL Commerce eAssemblies.

Security updates

HCL Commerce 9.1.17.0 contains the following security-related fixes.
Affected software CVE(s) Vulnerability
WebSphere Application Server V8.5.5 Liberty

included in: HCL Commerce versions 9.1.0.0 - 9.1.16.0

 CVE-2024-45086, CVE-2024-45087, CVE-2024-45072, CVE-2024-45071, CVE-2023-50315, CVE-2023-50314, CVE-2024-45073 Multiple vulnerabilities in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affect HCL Commerce
HCL Commerce versions 9.1.0.0 - 9.1.16.0 CVE-2024-22262, CVE-2024-47764, CVE-2024-47554 Multiple vulnerabilities in open source components affect HCL Commerce
Important: Review the list of Non-applicable vulnerabilities to clear any vulnerabilities that have been discovered during a security scan of your HCL Commerce images. This list has been fully vetted by HCL to ensure that these vulnerabilities do not have any impact on the security of your deployment.

Important changes

HCL Commerce 9.1.17.0 contains the following important changes to site features and functionality.

HCL Commerce Version 9.1.17.0Important: Review Troubleshooting: Ingest indexing fails due to certificate issue if you encounter Ingest indexing failures when upgrading to HCL Commerce Developer 9.1.17.0.
Important: Required changes
  • Before upgrading your deployment to HCL Commerce 9.1.14.0 or greater, you must consider the implications of the non-root user update. Not doing so can break your deployment. For more information, see HCL Commerce container users and privileges.
  • After upgrading to HCL Commerce 9.1.14.0 with the Elasticsearch-based search solution, you must delete any existing boost scripts.
    1. Run the following REST API calls to delete any existing scripts.
      DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-1
DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-2
DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-3
      Note: you can use the GET request method to check for existing scripts.
    2. Restart the Query service to re-generate the appropriate boost scripts for this release.
  • Management Center for HCL Commerce in all releases 9.1.12.0 and greater now report business user analytics to HCL. This information assists HCL in the development of new features and the enhancement of existing business user tools.
    Note: Only high level business user behaviors in new tools within Management Center are collected. No sensitive information about the user or the organization that owns the environment is captured or transmitted to HCL. Specifically, the URLs of the pages that business users access are logged. Event data such as the version of HCL Commerce and the deployment type, as well as generic information about the browser, are also collected. Google Analytics also captures general location information, if users have opted-in through their browser settings.
    The collection of this data can be disabled during deployment. For more information on disabling this data collection, see the following steps in the deployment documentation:
    • For Docker deployments, see step #8 in the deployment prerequisites.
    • For Kubernetes deployments, see step #11 in the deployment prerequisites.
    • For SoFy deployments, see step #2 in the deployment.
  • From HCL Commerce version 9.1.10.0 onwards, Spring is upgraded from version 4.x to version 5.x. You must update your existing spring-extension.xml Spring configuration file with the supportedMethods property and the associated values of GET and POST.
    For example:
    <bean id="/GetRootManagedDirectory" class="org.springframework.web.servlet.mvc.ParameterizableViewController">
<property name="viewName" value="/jsp/commerce/attachment/restricted/GetRootManagedDirectory.jsp"/>
<property name="supportedMethods" value="GET,POST"/>
</bean>
  • Upgrading to HCL Commerce 9.1.17.0 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.

    Learn more...

Feature enhancements

The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.

Indicates enhancements inspired by or created by customers and partners, and submitted through the HCL Commerce | Product Portal. Sign up to vote and submit your own ideas!

Deployment
Simplified HCL Commerce development environment Orchestration service deployment
The Orchestration service is now easier to integrate within your HCL Commerce development environment.
Learn more...
updatedb utility enhancement
The updatedb utility now implements key splitting to ensure compatibility with the staging propagation utility, preventing collisions in counter values and avoiding primary key violation errors. Use the excludeKeySplit parameter to disable this enhancement.
Learn more...
Store
Multiple languages and currencies
The Next.js storefront supports multiple languages and currencies through configurable store preferences.
Learn more...
Tools
Enhanced Management Center dashboard
Management Center dashboard is updated with various features such as the marketing widget to include release information.
Learn more...
Search term association with Layouts
Management Center allows you to assign search terms to layouts from the Page Composer tool.
Learn more...

Defect fixes

See HCL Commerce 9.1.17.0 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release and its associated fix pack.

Supported companion software

HCL Commerce 9.1.17.0 has been tested with the following companion software.
Commerce Companion software Database Browsers
HCL Commerce Version 9.1.17.0
  • WebSphere Application Server 9.0.5.21 + IFPH63540 + IFPH63541 + IFPH62937 + IFPH63032 + IFPH62952
  • WebSphere Application Server V8.5.5 Liberty 24.0.0.9 + IFPH63533 + IFPH63673
  • IBM SDK, Java Technology Edition, Version 8.0.8.30
  • IBM HTTP Server 9.0.5.21
  • IBM Installation Manager 1.10
  • Elasticsearch
    • x86-647.17.20
    • Power7.17.20
  • ZooKeeper
    • x86-643.8.0
    • Power3.8.0
  • Redis
    • x86-647.4.1
    • Power7.2.5-bv-ubi8
  • Reddison 3.38.1
  • NiFi 1.22
  • NiFi Registry 1.22
  • CoreNLP 4.5.5
  • Vault 1.14.8
  • Kubernetes 1.27 to 1.30
  • Helm 3.13+
  • Solr-based search solution
    • IBM Db2
      • x86-6411.5.9
      • Power11.5.9
    • Oracle 18c
    • Oracle 19c
  • Elasticsearch-based search solution
    • IBM Db2
      • x86-6411.5.9
      • Power11.5.9
    • Oracle 19c
  • Approval server
    • x86-64PostgreSQL 14.13
    • PowerPostgreSQL 14.12
  • Management Center for HCL Commerce
    • Edge 20+
    • Firefox 39+
    • Chrome 44+
    • Safari 10+
    HCL Commerce Version 9.1.14.0 or laterNote: HCL Commerce 9.1.14.0 and greater no longer supports Internet Explorer for use with Management Center.
  • React-based storefronts
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+
  • Aurora-based storefronts
    • Internet Explorer 20H2+
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+