HCL Commerce 9.1.8.1
Security updates
| Affected software | CVE(s) | Vulnerability |
|---|---|---|
| WebSphere Application Server | CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 | Multiple vulnerabilities in Apache Log4j 2 affect HCL Commerce |
| Affected software | CVE(s) | Vulnerability |
|---|---|---|
| WebSphere Application Server | CVE-2021-29736 | Privilege Escalation vulnerability in WebSphere Application Server affects HCL Commerce |
| Apache Ant | CVE-2021-36373, CVE-2021-36374 | Multiple vulnerabilities in Apache Ant affect HCL Commerce |
| Apache Tomcat | CVE-2021-33037 | Vulnerability in Apache Tomcat affects HCL Commerce |
Important changes
HCL Commerce 9.1.8.1 contains the following important changes to site features and functionality.
- The 9.1.8.1 fix pack for HCL Commerce
9.1.8.0 includes fixes for all Log4j 2.x security
vulnerabilities across the affected HCL Commerce containers. In
addition, a standardized selection of fixes for the Elasticsearch-based
search solution have been included in the updated Elasticsearch-based search
solution containers.
Upgrade to this fix pack to secure your deployment from this vulnerability, and to receive the latest in fixes and improvements to the Elasticsearch-based solution to continue to receive expedient troubleshooting support from HCL.
To upgrade your HCL Commerce
9.1.8.0 deployments to HCL Commerce
9.1.8.1:- For use with Solr-based search, upgrade the following
containers to those that are provided with HCL Commerce
9.1.8.1:
- ts-app
- ts-utils
- For use with Elasticsearch-based search, upgrade the
following containers to those that are provided with
HCL Commerce
9.1.8.1:
- ts-app
- ts-utils
- search-query-app
- search-nifi-app
- search-registry-app
- search-ingest-app
- For use with Solr-based search, upgrade the following
containers to those that are provided with HCL Commerce
9.1.8.1:
- To upgrade from a previous HCL Commerce Version 9.1 release to
HCL Commerce
9.1.8.1, use the updated 9.1.8.1 containers in combination with
the unchanged 9.1.8.0 containers that are still provided with
the 9.1.8.1 release.
Only a selection of containers were updated for the 9.1.8.1 release, and these containers remain compatible with the remaining containers from the original 9.1.8.0 release.
For more information on the containers used for the 9.1.8.1 release, see HCL Commerce eAssemblies.
- Upgrading to HCL Commerce 9.1.8.1 with a social network OAuth 2.0 login integration that was configured prior to 9.1.7.0 requires changes to be made for the integration to continue working. No action will result in the integration ceasing to function.
Feature enhancements
The following features have been introduced in this release. Review the following list to ensure that your site is prepared once this update is applied.
Indicates enhancements
inspired by or created by customers and partners, and submitted through the
HCL Commerce | Product Portal. Sign up to vote and submit
your own ideas!
- Search
-
- Natural Language Processing (NLP) profiles
- You can use an NLP profile to control the preprocessing flow of search terms before executing an Elasticsearch query. In addition, four new languages have been added to the NLP service.
- Ingest upgrade
- Upgrading your pipelines to use the latest version of the Ingest API has been made easier. You no longer have to rebuild your connectors to get the latest pipe updates to propagate throughout your Ingest service.
- Create your own NiFi processors
- Processors perform specific tasks within the NiFi pipeline, such as listening for incoming data, pulling data from external sources, publishing data to external sources, and routing, transforming, or extracting information from flow files. You can create your own custom processor if your IDE can use the Maven plugin.
- Query toolkit and API enhancements
- Search profiles group sets of search runtime parameters, such as the search index name, search index fields, expression providers, paging, and sorting. You can now add custom fields to your search profiles for Elasticsearch to further extend its capabilities.
- Store
-
- Page Composer Widgets
- The Page Composer tool allows you to create store pages and assign SEO URLs to them. Page Composer tool has customizable page components such as Widgets, which can be placed within the page layout.
- Converting pages to page Composer-enabled pages
- All pages created prior to HCL Commerce version 9.1.7.0 can be converted to Page Composer-enabled pages.
- Wish list tutorial task
- The wishlist is an e-commerce feature that helps you to create a personalized collection of products they want to purchase and save them in their account page. A new tutorial guides you through the entire process of creating, adding, listing or deleting wish list items.
- Tools
-
- Assets tool
- Managers can use the Assets tool to create, change, and delete files or attachments in support of your marketing campaigns. The tool can be accessed through Management Center.
- Performance
-
- Thread monitor
- Thread dumps and Javacores are gathered by the Thread Monitor tool at predetermined intervals and during events such as high WebContainer / Default Executor pool thread use.
- OneTest performance sample script for B2C store
- The ability to mimic concurrent user demand is an important component of performance testing. The Emerald Store - OneTest Performance sample script provides you with a sample project to generate and simulate user traffic against the Emerald (B2C) Store.
- Elasticsearch performance tuning guide
- You have many options for tuning Elasticsearch, and detailed guides and examples are now provided for you. Everything from indexing to buffers and hardware scaling is covered.
Defect fixes
See HCL Commerce 9.1.8.0 and HCL Commerce 9.1.8.1 in Fixes that are included in HCL Commerce releases for a detailed list of defects that were fixed in this release and its associated fix pack.
Supported companion software
| Commerce | Companion software | Database | Browsers |
|---|---|---|---|
| HCL Commerce Version 9.1.8.1 |
|
|
|
7.12.0
7.8.0