HCL Commerce 9.1.15.2
Fix packs
HCL Commerce fix packs are generally intended to enhance Elasticsearch functionality, and are made available between major releases, beginning with 9.1.13.1. In some circumstances fix packs are also used to resolve issues that are discovered with releases. It is recommend to upgrade to the latest fix pack as it becomes available. Only certain images within the release are updated for fix pack releases. These updated containers, with modified fix pack file names, are intended to be used with the remaining original containers of the same release.
HCL has identified issues in HCL Commerce Developer 9.1.15.0 and 9.1.15.1.
If you have already upgraded to 9.1.15.1, review Troubleshooting: Upgrading to HCL Commerce Developer 9.1.15.1 overwrites configuration.
| Release | Date | Updated containers |
|---|---|---|
| HCL Commerce 9.1.15.2 | March 21, 2024 |
|
| HCL Commerce 9.1.15.1 | January 23, 2024 |
|
| HCL Commerce 9.1.15.0 | December 13, 2023 | Full release. |
For a full list of the release files and their associated MD5 checksum values, see HCL Commerce eAssemblies.
Security updates
| Affected software | CVE(s) | Vulnerability |
|---|---|---|
| WebSphere Application Server V8.5.5 Liberty | CVE-2023-44487, CVE-2023-46158 | Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect HCL Commerce |
| Apache Tomcat | CVE-2023-44487, CVE-2023-45648, CVE-2023-42795 | Multiple vulnerabilities in Apache Tomcat affect HCL Commerce |
| TinyMCE | CVE-2023-45818, CVE-2023-48219 | Multiple vulnerabilities in TinyMCE affect HCL Commerce |
| JSON-Java | CVE-2023-5072 | A vulnerability in JSON-Java affects HCL Commerce |
Important changes
HCL Commerce 9.1.15.2 contains the following important changes to site features and functionality.
- Before upgrading your deployment to HCL Commerce 9.1.14.0 or greater, you must consider the implications of the non-root user update. Not doing so can break your deployment. For more information, see HCL Commerce container users and privileges.
- After upgrading to HCL Commerce 9.1.14.0 with the
Elasticsearch-based search solution, you must delete any existing boost
scripts.
- Run the following REST API calls to delete any existing
scripts.
DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-1 DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-2 DELETE - http://ESHOST:ESPORT/_scripts/boost-script-param-3Note: you can use the GET request method to check for existing scripts. - Restart the Query service to re-generate the appropriate boost scripts for this release.
- Run the following REST API calls to delete any existing
scripts.
- Management Center for HCL Commerce in all releases 9.1.12.0
and greater now report business user analytics to HCL. This information
assists HCL in the development of new features and the enhancement of
existing business user tools.Note: Only high level business user behaviors in new tools within Management Center are collected. No sensitive information about the user or the organization that owns the environment is captured or transmitted to HCL. Specifically, the URLs of the pages that business users access are logged. Event data such as the version of HCL Commerce and the deployment type, as well as generic information about the browser, are also collected. Google Analytics also captures general location information, if users have opted-in through their browser settings.The collection of this data can be disabled during deployment. For more information on disabling this data collection, see the following steps in the deployment documentation:
- Upgrading to HCL Commerce 9.1.15.2 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.
- From
HCL Commerce version 9.1.10.0 onwards, Spring is upgraded from version
4.x to version 5.x. You must update your
existing spring-extension.xml Spring configuration file with the
supportedMethodsproperty and the associated values ofGETandPOST.For example:<bean id="/GetRootManagedDirectory" class="org.springframework.web.servlet.mvc.ParameterizableViewController"> <property name="viewName" value="/jsp/commerce/attachment/restricted/GetRootManagedDirectory.jsp"/> <property name="supportedMethods" value="GET,POST"/> </bean>
Feature enhancements
The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.
Indicates enhancements inspired by or created by customers and partners, and
submitted through the HCL Commerce | Product Portal. Sign up to
vote and submit your own ideas!
- Deployment
-
- HCL Harbor Container Registry
- The HCL Harbor Container Registry is now available as an
alternative means to obtain HCL Commerce Docker
images. HCL Harbor can be used within your CI/CD
pipeline to more quickly and easily obtain the latest HCL Commerce releases from HCL.Note:
- CFIUS images are not be impacted by this implementation.
- Additional HCL Commerce software, such as git bundles, and third-party software packages, can only be obtained via the HCL License and Delivery portal.
- Configuration additions
-
- Automated clean-up of ingress definitions.
The clean up of old ingress configurations is automated in order to avoid conflicts during HCL Commerce deployment upgrades. Set backwardCompatibility.ingressFormatUpgrade.enabled to true in your HCL Commerce Helm Chart values.yaml configuration file before deployment to trigger the associated upgrade job.
- Set optional Transaction server trace file
variables.
Use Vault values or Run Engine commands to set your Transaction server trace file size, and the number of historical trace files that are kept. The defaults for these values are up to five files that are a maximum of 20MB in size.
- Set optional HCL Commerce Elasticsearch-based
Search configuration.Use Vault values to:
- Set the Registry service scheduler job
interval. By default this is set to
300seconds (5 minutes). - Enable or disable the automatic update of
Ingest service pipe version. By default, this is
set to
false, requiring the manual use of Ingest APIs to reset and upgrade any pipe.
- Set the Registry service scheduler job
interval. By default this is set to
For more information on Vault configurations, and Run Engine commands, see: - Automated clean-up of ingress definitions.
- Search
-
- Comprehensive guides to using and extending Elasticsearch
- Search documentation has been revised, updated, and new guides
and references added. These improvements will quickly
familiarize you with the concepts and practicalities of running
and customizing Elasticsearch as well as the powerful Ingest and
Query systems that power the V9.1 Search stack.
- Extending Elasticsearch An updated set of guides and reference sections provide extensive information on customizing Elasticsearch.
- Additional tuning parameters in the Indexing Build Summary Report More parameters are available in the Indexing Summary Build Report. This report is an essential tool for tuning a variety of Ingest functions.
- Text Relevance in HCL Commerce Search Improve your Query service results by tuning search relevance.
- Store
-
- Ruby Business-to-Business (B2B) storefront improvements
-
The following subtasks relate to performance improvements in the Ruby B2B store.
- Recurring Orders
-
In the Ruby B2B store, Recurring Orders allow users to create automatic orders for products on a schedule.
- Organization Management
- A Buyer Administrator can navigate a hierarchical list of organizations, select one, and display its buyer list. This feature allows you to create, view, edit and approve organizations.
- Buyer Management
-
Buyer management involves administering buyer accounts and access within an organization. This involves tasks like creating, editing, enabling or disabling accounts, and maintaining control over assigning roles to new buyers who register.
- Buyer and Order approval
-
- Buyer Administrators can manage and approve registered buyers through the Buyer Approval page.
- Buyer Administrators and Buyer Approvers can manage and approve orders through the Order Approval page.
- Performance
-
- New Statistics Service
- The Statistics service gathers data on catalog dimensions. You can use this information to customize the default SQL used by the Search system, and extend it using your own SQL.
- Ingest tuning guide
- A new guide has been added that includes formulae and methods for tuning the performance of your NiFi service to match the capacity of your Elasticsearch indexing system.
Defect fixes
See HCL Commerce 9.1.15.0, and HCL Commerce 9.1.15.1 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release and its associated fix pack.
Supported companion software
| Commerce | Companion software | Database | Browsers |
|---|---|---|---|
| HCL Commerce Version 9.1.15.0 |
|
|
|
7.17.13
7.17.13