HCL Commerce Version 9.1.20.0

HCL Commerce 9.1.20.0

HCL Commerce 9.1.20.0 is a feature (mod pack) release for HCL Commerce Version 9.1.

  • HCL Commerce 9.1.20.0 was released on May 12, 2026.

For a full list of the release files and their associated MD5 checksum values, see HCL Commerce eAssemblies.

Security updates

HCL Commerce 9.1.20.0 contains the following security-related fixes.
Affected software CVE(s) Vulnerability

IBM WebSphere Application Server, IBM WebSphere Application Server Liberty, IBM HTTP Server and IBM Java SDK

included in:

HCL Commerce 9.1.0 - 9.1.19.0

 CVE-2024-29371, CVE-2026-21945, CVE-2026-21925, CVE-2025-14914, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915, CVE-2026-1561, CVE-2025-13333, CVE-2025-14923, CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007, CVE-2026-3621, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-21933 Multiple vulnerabilities in various IBM products affect HCL Commerce

HCL Commerce 9.1.0 - 9.1.19.0

 CVE-2026-4867, CVE-2026-33532, CVE-2026-1225, CVE-2024-38828, CVE-2024-38820, CVE-2026-24880, CVE-2026-40973 Multiple vulnerabilities in open source components affect HCL Commerce

WebSphere Application Server, WebSphere Application Server Liberty, and IBM HTTP Server

included in:

HCL Commerce 9.1.0 - 9.1.19.0

 CVE-2025-66200, CVE-2025-59375, CVE-2025-65082, CVE-2025-59775, CVE-2025-58098, CVE-2025-1263 Multiple vulnerabilities in various IBM products affect HCL Commerce
Important: Non-applicable vulnerabilities are security vulnerabilities related to HCL Commerce and its companion or co-requisite software that the HCL Commerce team has determined require no action, as they do not impact HCL Commerce deployments.

Feature enhancements

The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.

Search
Elasticsearch-based search updates
Elasticsearch-based search updates are made and documented between releases; review Keeping Elasticsearch-based search up-to-date for details on important changes and upgrade considerations for Elasticsearch-based search schemas, NiFi, Ingest, and Query services.
Introduced HCL Commerce Developer Solr-based Search environment
The HCL Commerce Developer Solr-based Search environment enables customization and debugging of search functionality using Solr 9.7. It replaces the legacy IBM RAD-based development environment with a simplified development approach using Maven, Open Liberty, and Eclipse. It supports the Solr-based Search runtime built on Solr 9.7 and enables faster development.
Learn more...
Redisson version is upgraded to 4.2
Starting with HCL Commerce 9.1.20.0, the supported Redisson version is upgraded to 4.2. As a result, if you are using the Solr 7 search application, you must update the /SETUP/hcl-cache/redis_cfg.yaml file with the required configuration values.
Learn more...
Tools
Angular version update
Angular is upgraded from version 19 to 21. See the commerce-tooling/package.json file within the Tooling SDK for information regarding exact version levels. To download the Tooling SDK, see Downloading HCL Commerce software.
Deployment
IBM Rational Application Developer 9.7 support
This release introduces support for IBM Rational Application Developer(RAD) 9.7. Support for RAD version 9.6 ends September 30, 2026.
For HCL Commerce Developer (Commerce Toolkit):
  • Existing customers: Upgrade from RAD version 9.6 to 9.7. Learn more...
  • New customers: Use RAD version 9.7 to set up the development environment. Learn more...
Ingress controller and gateway support
F5 NGINX Ingress and Envoy Gateway are now supported. Support for Community Ingress-NGINX ends in March 2026; customers should migrate to a supported option such as F5 NGINX Ingress, Emissary Ingress Controller, or Envoy Gateway.
Learn more...
wc-server.xml update
Cache-Control and Pragma headers are now enabled by default for runtime environments to improve REST response caching behavior.
Learn more...
Developer Solr-based Search environment
Support for a new Solr (version 9.7) based Developer Search environment is introduced, replacing the legacy RAD-based setup.
Learn more...
Build Solr v9-based search customization package
For Solr v9-based search, use the WCB HCL Commerce Build tool (WCB tool) included in ts-utils to package customized Solr search code. Ensure the solr.version.v9 property is set to true in the wcbd-build-search.properties file. For other server types, ensure this property is not set to true. For more information, see Packaging customized code for deployment Packaging customized code for deployment.
Alternatively, you can use the Solr-based search development environment in Eclipse to package your code.
Learn more...
Build Bitnami Redis Docker images
In 9.1.20.0, Bitnami Redis 8.4.1 is certified on xLinux, and the corresponding Bitnami Redis Helm chart is bundled with the 9.1.20.0 xLinux Helm chart. You must build the Bitnami Redis 8.4.1 Docker image yourself.
Learn more...
Utilities
checkDuplicateJars.bat utility
The checkDuplicateJars.bat utility identifies duplicate JAR files in the HCL Commerce Developer toolkit and provides an interactive option to review and remove redundant libraries.
Learn more...
configureSolrSearchSDK.bat utility
Use the configureSolrSearchSDK.bat utility to configure the Transaction server and CRS server for the Solr Search SDK in HCL Commerce Developer.
Learn more...
setSolrSearchSDKSpiuserPassword utility
Use the setSolrSearchSDKSpiuserPassword utility to update the Solr Search SDK SPI user password in HCL Commerce Developer. The utility configures a new SPI user password that matches the encrypted password stored in the database.
Learn more...
Logging services
Enhanced trace logging security
Enable the option to activate the Sensitive Log and Trace Guard and prevent sensitive data from being logged.
Learn more...
Performance
Redisson
The tcp and keepAlive deployment-level parameters have been deprecated and moved to the Config object. Additionally, the keepAlive parameter has been renamed to tcpKeepAlive.

HCL Commerce now retrieves these settings from the Config configuration instead of deployment-level parameters.

Learn more...

Defect fixes

See Version 9.1.20.0 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release and its associated fix pack.

Supported software

HCL Commerce 9.1.20.0 has been tested with the following supported software. The icon highlights software updates for version 9.1.20.0.

Commerce Supported software Database Browsers
HCL Commerce Version 9.1.20.0
  • WebSphere Application Server 9.0.5.27
  • WebSphere Application Server V8.5.5 Liberty V8.5.5 Liberty 26.0.0.3 PH70327 + PH70017 + PH70078 + PH70510 + PH70352
  • IBM SDK, Java Technology Edition, Version 8.0.8.65
  • IBM HTTP Server 9.0.5.27+ PH70572
  • IBM Installation Manager 1.10.1.3
  • Elasticsearch
    • x86-647.17.29
    • Power7.17.28
  • NiFi 1.28.1
  • NiFi Registry 1.28.1
  • CoreNLP 4.5.10
  • Solr
    • Solr 7.3
    • Solr 9.10.1
  • ZooKeeper
    • x86-643.9.3
    • Power3.9.3
  • Redis
    • x86-648.4.1
    • Power7.4.2-bv
  • Reddison 4.1.0
  • Vault
    • x86-641.21.0
    • Power1.14.8
  • Kubernetes 1.30 to 1.35
  • Helm 3.17.x
  • Solr-based search solution
    • IBM Db2
      • x86-6411.5.9
      • Power11.5.9
    • Oracle 18c
    • Oracle 19c
  • Elasticsearch-based search solution
    • IBM Db2
      • x86-6411.5.9
      • Power11.5.9
    • Oracle 19c
  • Approval server
    • x86-64PostgreSQL 14.13
    • PowerPostgreSQL 14.13
  • Management Center for HCL Commerce
    • Edge 20+
    • Firefox 39+
    • Chrome 44+
    • Safari 10+
  • React-based storefronts
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+
  • Aurora-based storefronts
    • Internet Explorer 20H2+
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+