HCL Commerce 9.1.9.0
Security updates
Affected software | CVE(s) | Vulnerability |
---|---|---|
HCL Commerce | CVE-2021-27751 | HCL Commerce is affected by Insufficient Session Expiration vulnerability |
WebSphere Application Server | CVE-2021-23450, CVE-2022-23990, CVE-2022-23852, CVE-2022-22822, CVE-2022-22823, CVE-2022-22825, CVE-2021-46143, CVE-2022-22824, CVE-2022-22826, CVE-2022-22827, CVE-2021-45960, | Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce |
WebSphere Application Server | CVE-2021-40438, CVE-2021-45046, CVE-2021-4104, CVE-2021-36090, CVE-2021-38951, CVE-2021-34798, CVE-2021-35517, CVE-2021-35578, CVE-2021-35564, CVE-2021-2369, CVE-2021-39275, CVE-2021-29842 | Multiple security vulnerabilities in WebSphere Application Server affect HCL Commerce |
Netty All | CVE-2021-37136, CVE-2021-37137 | Multiple vulnerabilities in Netty All affect HCL Commerce |
Multiple open source libraries | CVE-2021-3878, CVE-2021-27568, CVE-2021-3869, CVE-2012-0881, CVE-2021-44832, CVE-2021-42550, CVE-2013-4002, CVE-2014-0107, CVE-2009-2625 | Multiple vulnerabilities in open source libraries affect HCL Commerce with Elasticsearch |
Important changes
HCL Commerce 9.1.9.0 contains the following important changes to site features and functionality.
- Upgrading to HCL Commerce 9.1.9.0 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.
Feature enhancements
The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.
Indicates enhancements inspired by or created by customers and partners, and submitted through the HCL Commerce | Product Portal. Sign up to vote and submit your own ideas!
- Deployment
-
- Improvements to Transaction server start-up performance
- Optimization of the add-generic-jvmarg,
set-system-property, and
set-jndi-entry run engine commands result
in significant time savings when starting the Transaction server (
ts-app
). Use of these run engine commands beyond the default implementation can further improve start-up time up to 90% per individual command call over the same deployment on HCL Commerce 9.1.8.0. - Azure Kubernetes Service (AKS) certification
- HCL Commerce can be deployed to the Azure Kubernetes Service, including taking advantage of AKS-specific capabilities.
- SSL/LDAP support
- LDAP integration is now supported for Kubernetes and Docker-based deployments.
- Store
-
- Multiple quick checkout profiles
- Checkout profiles allow your registered shoppers to predefine separate billing and shipping addresses. The quick checkout feature auto-populates the billing and shipping addresses when they check out. Your shoppers can have more than one quick checkout profile.
- Page Composer improvements for Emerald and Sapphire stores
- A number of improvements have been made and new use cases added to the reference React-based stores. The user experience for mobile shoppers has been improved; Customer Service Representative (CSR) support is added for anonymous or guest shoppers; and search term suggestions are enhanced.
- Page Composer widgets updated
- A new set of Page Composer widgets rounds out the capabilities of this powerful page customization tool.
- Shared orders in B2B stores
- Multiple buyers can now work on the same order in business-to-business (Sapphire) stores. Shared orders are very much like a user's private order, except they allow other users from the order owner's organization to see the order. These contributors can add items to other users' shared orders and delete or update them.
- Multiple payment options for any order
- Your shoppers can now divide payment for their order among payment methods, such as cash on delivery or credit cards. This Multiple Payment option is available in all React stores.
- Bundle details page
-
Customers can now shop with more ease with the introduction of the new Bundle page. It displays various combinations of items (bundles) in tabular form to allow the shoppers to select attributes for products and their variants. The bundle details page looks similar to the product-details page, but has provision for all of the stock keeping units (SKUs), products and variants on same page.
- Tools
-
- Workspace enhancements to Page Composer
- Page Composer now allows you to work with workspaces. You can display pages in the context of a workspace, and create, edit, delete and preview pages and layouts.
- Faster launch of Management Center
- You no longer need to set your browser to allow pop-up windows when launching Management Center. The launch behavior has been changed so that the login prompt appears in the original Management Center window.
- Performance
-
- Custom caches tutorial
- Custom caches improve performance of customizations by enabling the re-use of logic and data. Caches that you build to support your custom code can take full advantage of the HCL Cache framework for caching locally and remotely in Redis.
- GraphQL for HCL Commerce
- GraphQL is a markup language for any API, as well as a server-side interpreter for processing queries using a data type system you design. You can significantly improve the efficiency and speed of queries relative to the standard REST API by using GraphQL.
Defect fixes
See HCL Commerce 9.1.9.0 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release.
Supported companion software
Commerce | Companion software | Database | Browsers |
---|---|---|---|
HCL Commerce Version 9.1.9.0 |
|
|
|