HCL Commerce 9.1.7.0
HCL Commerce
9.1.7.0 was released on July 23, 2021.
Security updates
HCL Commerce
9.1.7.0 contains the following security-related fixes.
Affected software | CVE(s) | Vulnerability |
---|---|---|
HCL Commerce | CVE-2021-27750 | Session termination vulnerability in HCL Commerce |
WebSphere Application Server | CVE-2020-5016 | A vulnerability in WebSphere Application Server affects HCL Commerce |
WebSphere Application Server | CVE-2020-5258, CVE-2021-20453, CVE-2021-20454, CVE-2021-26296, CVE-2021-2161, CVE-2015-5262, CVE-2011-1498, CVE-2014-3577, CVE-2012-6153, CVE-2021-29754 | Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce |
Apache Tomcat | CVE-2020-11996, CVE-2020-13934, CVE-2021-25122, CVE-2021-25329, CVE-2021-24122, CVE-2020-1935, CVE-2020-13943 | Multiple vulnerabilities in Apache Tomcat affects HCL Commerce |
Apache PDFBox | CVE-2021-27807, CVE-2021-27906 | Multiple vulnerabilities in Apache PDFBox affect HCL Commerce |
Apache PDFBox | CVE-2021-31811, CVE-2021-31812 | Multiple security vulnerabilities in Apache PDFBox affect HCL Commerce |
CKeditor | CVE-2021-26272 | Vulnerability in CKeditor affects HCL Commerce |
Important changes
HCL Commerce
9.1.7.0 contains the following important changes to site
features and functionality.
Important:
Required changes
- Upgrading to HCL Commerce 9.1.7.0 with a previously configured social network OAuth 2.0 login integration requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.
Feature enhancements
The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.
Indicates enhancements inspired by or created by customers and partners, and submitted through the HCL Commerce | Product Portal. Sign up to vote and submit your own ideas!
- Database
- Deployment
-
- Deployment improvements
- Deployment of HCL Commerce has been improved by
expanding the variety of supported products and platforms:
- The Elasticsearch-based search solution Kubernetes deployment is now supported on Power Linux.
- Oracle Database support for HCL Digital Experience integration.
- HCL Commerce deployment is now supported on Google Cloud Platform (GCP) and Amazon Web Services (AWS).
- Search
-
- Performance-related search index schema changes
- The HCL Commerce Search index schema has been modified for performance. Ensure that you review these changes to make any required changes to customizations that rely on it.
- Configure search results
- HCL Commerce Search provides you the ability to configure the search results that are displayed to the shoppers while searching for any product or service at the storefront. It helps you to enhance the search experience of shoppers by returning the relevant results at the storefront.
- Ingest status API
- A new API has been introduced to allow checking the status of the search index for the specific store post NRT updates.
- Fine-grained cache invalidation
- Fine-grained cache invalidation allows you to scope cache invalidation down to the level of individual products or categories to rebuild only the necessary cache. It helps to minimize the runtime impact at the time of cache invalidation. You can create a custom template for product and category invalidation. This means you can set the desired product and category cache invalidation and the place to send this custom invalidation.
- Access control for the Query service configuration endpoints
- Authentication has been introduced to protect your query configuration endpoints.
- Customize spell check correction suggestions
- HCL Commerce Search provides you the ability to customize spell check correction suggestions as per your business needs. This means you can customize the spellcheck correction suggestions that are displayed at the storefront in case of misspelled search queries
- Search profiles for the HCL Commerce Search based on Elasticsearch
- You can use search profiles to control the storefront search experience at a page level. There are two versions of the search profiles you can use: the Version 2 search profiles intended for use with the React storefronts; and Version 1 search profiles designed for backward compatibility.
- Serviceability module
- The modern HCL Commerce uses many microservices. A new tool, the Must-Gather application, has been introduced to enable you to gather troubleshooting data such as traces, settings, or logs from multiple different sources. It can take this troubleshooting information from all microservices and deliver it in a single package, which you can then share with the HCL Commerce support team. Currently, this application is enabled only for the search services like Query service, Ingest service, Nifi, and Registry.
- Recover a corrupted or deleted workspace index
- The corrupted or deleted workspace index can result in incorrect functioning of workspace preview and push-to-live operation. You can recover a workspace index (auth.workspace) if it is corrupted or has been deleted accidentally, and all the change history events captured for all the workspaces and approved content are lost
- Component configuration
- Component configuration properties for the Elasticsearch-based search are fully documented. Controlling these properties lets you fine-tune everything from inventory range to final sorting prioroties in your search results.
- Applying patches to NiFi and NiFi Registry
- Learn how to apply patches received from HCL Commerce to NiFi and NiFi Registry.
- Store
-
- Multiple shipment
- Customers logged in to the Emerald or Sapphire stores can checkout multiple orders for different addresses while choosing different shipping methods for each. This gives a flexibility for user to send similar orders to different shipping addresses by different shipping methods.
- Page Composer in the storefront
- Page Composer is a new feature of the Commerce React Store. It
separates existing React components into different
npm
packages, and integrates store layout and widgets with Management Center page composer.
- Customer Service Hub
- Many new features are implemented in the Customer Service hub.
Customer Service Representatives (CSRs) or Site Administrators
can now:
- Add new customers
- Search Orders
- Search Customers
- Shop on behalf of the Customer
- Reset passwords
- Change account details and Status
- Tools
-
- Management Center tools for Page Composer
- Like the Commerce Composer tool in Management Center for HCL Commerce, the Page Composer tool lets business users manage store pages, including React stores. This new tool allows you to create store pages and assign SEO URLs to them. You can create, edit or delete page layouts and schedule when they should be displayed in your store.
- Search Tool for Merchandisers
- In addition to all new search based analytics, merchandisers now have the ability to visually manipulate search results for given search terms or phrases. They can perform re-sequencing and pinning of catalog entry search results as well as hide or arbitrarily add selected products from the catalog.
- Security
-
- Resetting a lost password from the desktop or mobile is easier and can be done more securely.
- Upgrading to HCL Commerce 9.1.7.0 with a previously configured social network OAuth 2.0 login integration requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.
- Performance
-
- NiFi performance optimization
- Default settings should be adequate for most NiFi implementations. If your needs are different, an alternative set of optimized settings are provided to help you fine-tune your Search environment.
Supported companion software
HCL Commerce
9.1.7.0 has been tested with the following companion
software.