HCL Commerce Version 9.1.12.0

HCL Commerce 9.1.12.0

HCL Commerce 9.1.12.0 was released on March 16, 2023.

Security updates

HCL Commerce 9.1.12.0 contains the following security-related fixes.
Affected software CVE(s) Vulnerability
Apache Kafka CVE-2022-34917 Vulnerabilities in Apache Kafka affect HCL Commerce
WebSphere Application Server and IBM HTTP Server CVE-2022-43680, CVE-2022-37436, CVE-2022-21541, CVE-2021-2163, CVE-2022-21540, CVE-2022-21626, CVE-2017-9233, CVE-2013-0340, CVE-2022-21624 Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce
WebSphere Application Server V8.5.5 Liberty CVE-2022-24839, CVE-2022-22476 Multiple vulnerabilities in WebSphere Application Server Liberty affect HCL Commerce
WebSphere Application Server CVE-2023-23477, CVE-2022-22477, CVE-2022-38712, CVE-2022-34336, CVE-2022-40750, CVE-2022-34165, CVE-2022-35282, CVE-2022-22473 Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce
jQuery CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160 Multiple vulnerabilities in jQuery affect HCL Commerce

Important changes

HCL Commerce 9.1.12.0 contains the following important changes to site features and functionality.

Important: Required changes
  • The security settings for XML processing in inbound web services that use the Program Adapter and WCS.INTEGRATION message mapper are strengthened in HCL Commerce 9.1.12.0. You may need to update the configuration around handling external entities if it is too restrictive for your environment.

    Learn more...

  • Management Center for HCL Commerce in HCL Commerce 9.1.12.0 automatically reports business user analytics to HCL. This information assists HCL in the development of new features and the enhancement of existing business user tools.
    Note: Only high level business user behaviors in new tools within Management Center are collected. No sensitive information about the user or the organization that owns the environment is captured or transmitted to HCL. Specifically, the URLs of the pages that business users access are logged. Event data such as the version of HCL Commerce and the deployment type, as well as generic information about the browser, are also collected. Google Analytics also captures general location information, if users have opted-in through their browser settings.
    Important: When starting the Tooling Web Docker container in versions 9.1.12.0 through 9.1.14.0, you must set the container deployment type. Failure to do so will prevent the container from starting. Ensure that you set the deployment type via the DEPLOYMENT_TYPE container environment variable, or in Vault at the following path ${VAULT_URL}/${TENANT}/${ENVIRONMENT}/deploymentType. Accepted values are development, staging, or production.
  • Hystrix is no longer supported by its maintainers. It is recommended to disable Hystrix on the Store server. For more information, see Disabling Hystrix on the Store server.
  • Upgrading to HCL Commerce 9.1.12.0 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.

    Learn more...

  • From HCL Commerce version 9.1.10.0 onwards, Spring is upgraded from version 4.x to version 5.x. You must update your existing spring-extension.xml Spring configuration file with the supportedMethods property and the associated values of GET and POST.
    For example:
    <bean id="/GetRootManagedDirectory" class="org.springframework.web.servlet.mvc.ParameterizableViewController">
    <property name="viewName" value="/jsp/commerce/attachment/restricted/GetRootManagedDirectory.jsp"/>
    <property name="supportedMethods" value="GET,POST"/>
    </bean>

Feature enhancements

The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.

Indicates enhancements inspired by or created by customers and partners, and submitted through the HCL Commerce | Product Portal. Sign up to vote and submit your own ideas!

Deployment
AWS foundational technical review passed
HCL Commerce has been accepted through technical review for inclusion on the Amazon Web Services (AWS) Marketplace. See the HCLTech partner page to learn more about the software services and products that are available on AWS from HCL as an AWS Premier Consulting Partner.

Learn more...

Catalog Asset Store indexing model for eSites
Indexing speed has been greatly improved when you have a large number of Extended Sites (eSites). The Catalog Asset Store (CAS) indexing model removes the need to index each eSite separately. The CAS model performs one fast, simple centralized indexing operation.

Learn more...

Store
CSR post order capabilities
Customer Service Representatives (CSRs) can now use the CSR tool to initiate returns, modify orders after they have been submitted, and apply SKU-level or order-level discounts. In addition, CSRs can find a customer using that customer's email address, and add comments to an order record or customer record.

Learn more...

Registering a Marketplace Seller
Marketplace sellers can select their own shipping methods, and self-register for one or more marketplaces approved by the Operator.

Learn more...

Material User Interface Version 5 upgrade Guide
Material UI, the open-source component library for React stores, has been upgraded to Version 5.

Learn more...

Display browsing history in the Page Composer eSpot widget
Shoppers can now review their browsing history in the default Emerald store home page.

Learn more...

Promotion proximity messages for React-based stores
You can add promotion proximity messages to your React-based stores. These messages inform shoppers of the additional product value required to qualify for a promotional offer.

Learn more...

Tools
Marketplace enhancements
The Marketplace Seller Dashboard has a new card for Contracts. The Management Center enables marketplace sellers to self-register and manage B2B pricing.
Contracts
Site Administrators and Marketplace Operators can access the buyer contracts card, pricing, and contract filter through the Marketplace tool.

Learn more...

Marketplace Sellers can access the buyer contracts card, pricing, and contract filter through the Seller Dashboard tool.

Learn more...

Marketplace Seller Administrators can access the buyer contracts card, pricing, and contract filter through the Seller Dashboard tool with limited access.

Learn more...

Approvals enhancements
Marketplace Operators and Site Administrators can approve Marketplace Seller registration requests from the Management Center.

Learn more...

Google Analytics enhancements
Google Analytics supports GA4 reporting in the Management Center. For the GA4 support, you should update the Universal Analytics, GA4 Property Configuration, and Transaction server with the latest configuration.

Universal Analytics: Learn more...

GA4 Property Configuration: Learn more...

Transaction Server Configuration: Learn more...

Administrators can monitor their orders and order lines
Seller Administrators can view and track all orders placed from the storefront.

Learn more...

Catalogs tool
You can now download the current catalog list without creating a new catalog upload request.

Learn more...

Advanced User Search
You can now configure advanced user search if you have a large number of users registered. This feature allows you to search users using additional filters such as search scope and type.

Learn more...

Marketplace Analytics
Marketplace Sellers can view sales, orders, top products, and more for the selected Marketplace through the Management Center.

Learn more...

Defect fixes

See HCL Commerce 9.1.12.0 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release.

Supported companion software

HCL Commerce 9.1.12.0 has been tested with the following companion software.
Commerce Companion software Database Browsers
HCL Commerce Version 9.1.12.0
  • WebSphere Application Server 9.0.5.14
  • WebSphere Application Server V8.5.5 Liberty 22.0.0.12
  • IBM SDK, Java Technology Edition, Version 8.0.7.20
  • IBM HTTP Server 9.0.5.14 + PH50316
  • Elasticsearch
    • x86-647.17.3
    • Power7.17.3
  • ZooKeeper
    • x86-643.8.0
    • Power3.8.0
  • Redis
    • x86-647.0.4
    • Power7.0.4
  • Reddison 3.17.4
  • NiFi 1.17.0
  • NiFi Registry 1.17.0
  • Solr-based search solution
    • IBM Db2 11.5
    • Oracle 18c
    • Oracle 19c
  • Elasticsearch-based search solution
    • IBM Db2 11.5
    • Oracle 19c
  • Approval server
    • PostgreSQL 14.5
  • Management Center for HCL Commerce
    • Edge 20+
    • Internet Explorer 9+
    • Firefox 39+
    • Chrome 44+
    • Safari 10+
  • React-based storefronts
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+
  • Aurora-based storefronts
    • Internet Explorer 20H2+
    • Edge 87+
    • Firefox 84+
    • Chrome 87+
    • Safari 14+