HCL Commerce Version 9.1.6.0

HCL Commerce 9.1.6.0

HCL Commerce 9.1.6.0 was released on March 30, 2021.

Security updates

HCL Commerce 9.1.6.0 contains the following security-related fixes.
Affected software CVE(s) Vulnerability
HCL Commerce CVE-2021-27741 XML external entity (XXE) injection vulnerability in HCL Commerce
WebSphere Application Server CVE-2020-4576, CVE-2020-14797, CVE-2020-4949, CVE-2021-20353, CVE-2021-20354, CVE-2020-2773, CVE-2020-14782, CVE-2020-27221, CVE-2020-14781 Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce
Jackson Dataformat CVE-2020-28491 Multiple vulnerabilities in Jackson Dataformat, Netty Handler and Elastic Search affect HCL Commerce
Netty Handler CVE-2020-21290 Multiple vulnerabilities in Jackson Dataformat, Netty Handler and Elastic Search affect HCL Commerce
Elasticsearch CVE-2020-7021 Multiple vulnerabilities in Jackson Dataformat, Netty Handler and Elastic Search affect HCL Commerce
Netty All library CVE-2021-21290 Information disclosure vulnerability in Netty All library affects HCL Commerce
CKEditor CVE-2020-9281, CVE-2018-17960 Cross-site scripting (XSS) vulnerabilities in CKEditor shipped with HCL Commerce

Important changes

HCL Commerce 9.1.6.0 contains the following important changes to site features and functionality.
Important: Required changes

If you update your HCL Commerce Developer installations to IBM SDK, Java Technology Edition 8.0.6.25, you must apply the IJ31256 iFix. This fix, specific to HCL Commerce, is to address failures that occur when using security-related utilities.

Feature enhancements

The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.

This icon indicates enhancements that were voted on by customers and partners. Sign up to vote and submit your own ideas!

Foundation
Security enhancements
Security enhancements have been made to session cookies, server-side session invalidation, and account lockout policy.
  • All session cookies now have the secure attribute set by default.

    Learn more...

  • Session invalidation has been enhanced when it comes to security related events and actions.

    Learn more...

  • Account lockout has been enhanced. Site users can now reset their passwords to re-enable their own accounts after too many incorrect password attempts.

    This is facilitated by the Logon command returning a new error code, 2490, instead of disabling the account. Ensure that you update your store login flow to handle this new error code.

    Learn more...

OpenAPI 3.0
HCL Commerce now supports OpenAPI 3.0 specification.

Learn more...

Search
Enhanced preview capability in workspaces
Workspace support for the HCL Commerce Search solution based on Elasticsearch. Using workspaces in an authoring environment, business users can work on catalog-related changes in an isolated environment. They can then preview their changes in the storefront before submitting them for approval.

Learn more...

Enhanced Search Ingest Service API
Extend the default Ingest connectors using Search Ingest Service API.

Learn more...

Easily configure multi-dimensional matchmaker
The product depth dimension can also be configured in the zookeeper .

Learn more...

Store
HCL Customer Service for React stores
HCL Customer Service for HCL Commerce provides customer service enhancements that enable a customer service representative (CSR) to resolve common issues and capture orders. These capabilities are built into the HCL Commerce Reference Store application and enable a CSR to complete key tasks on behalf of a guest and registered customers for both B2B and B2C stores.

Learn more...

Email Templates for React stores
The Store SDK contains email templates to send order confirmation, order cancellation, and order shipment notification emails. It also contains email templates for password reset request notifications, password change notifications, and to support shopper email activation scenarios.

Learn more...

Integration with Google Analytics 4 supported
HCL Commerce now supports integration with Google Analytics 4. HCL Commerce continues to support integration with Google Analytics Universal Analytics.

Learn more...

Tools
More native dashboards
Additional dashboards are available from within the Management Center. These track and control such things as revenue, orders, products, visitors and top search hits.

Learn more...

CKEditor
Updated UI for default text editor with new icons for better user experience.

Learn more...

Supported companion software

HCL Commerce 9.1.6.0 has been tested with the following companion software.