Upgrade to 2.0.2

Table of Contents

Requirements
Notable Changes
- Fixes for override determination in direct-to-production CUD operations.
- Fixed OrderCreatedEvent and VoucherGenerationCompletionEvent becoming too large
Security
Frontend Compatibility and Release Notes
Service-level Release Notes
- Services
- Common Libraries
Third Party

Tip	The 2.x versions are Spring Boot 3 compatible.

Requirements

Java 17 is required since 2.0.0-GA.

Notable Changes

Enhanced StorageProvider interface to handle InputStream instead of just Files
- Includes optional GoogleCloudStorageProvider that may be enabled in place of the default FilesystemStorageProvider.
- See Asset Services 2.0.1.
Added a generic attributes map to Asset entities to allow for custom attributes to be added to assets
When an image is uploaded to the admin, the image’s dimensions are now stored in the attribute map for the asset

Fixes for override determination in direct-to-production CUD operations.

In most cases, create/update/delete (CUD) operations in Broadleaf occur in a sandbox context by default and are subsequently promoted/deployed to production. In some cases, however, it’s possible for CUD operations to directly target a production context and bypass the promote-deploy flow. For example, it’s possible to import products directly into production.

The logic to determine whether a change is an override (ex: application-catalog-level override of a tenant-catalog-level product) was not correct specifically in the direct-to-production flow.

This led to unexpected 'override' labels appearing in the admin for such operations.

There were also issues observed with 'delete' overrides not being correctly created in direct-to-production flows, both for sandboxable and non-sandboxable entities.

Important

Addressing this issue required breaking changes to a few method signatures, outlined in Data Tracking 2.0.2 release-notes.

Fixed `OrderCreatedEvent` and `VoucherGenerationCompletionEvent` becoming too large

Prevented an issue where a large number of order items and/or fulfillment items can cause OrderCreatedEvent and VoucherGenerationCompletionEvent message payloads to bloat to the point that it exceeds the message broker’s maximum message size limit. This is done by not populating the Order object and OrderFulfillment collection on these events, and instead, providing links to optionally retrieve this data via API calls.

Important

If you have any custom listeners for OrderCreatedEvents or VoucherGenerationCompletionEvents that require the order or fulfillments, they’ll need to be updated to read these entities using the OrderCreatedEvent.links or VoucherGenerationCompletionEvent.links values. For an example, see usages of the readAllByOrderFulfillmentLink and/or readByOrderLink components referenced below.

See Order Operation Services 2.0.2 release notes for more information.

Security

To review the security related content, see 2.0.2 notes.

Tip

You will need your login credentials originally provided for accessing the Broadleaf nexus. Security fixes often involve dependency updates to remediate issues being tracked in external OSS components. It is worth considering adopting releases with security fixes (even Broadleaf Severity LOW) to avoid any possibility of transitive exposure in your codebase.

Frontend Compatibility and Release Notes

Microservices release 2.0.2 is congruent with:

AdminWeb 1.10.8
- Required.
Auth JS SDK 1.6.1
- Recommended.
Commerce JS SDK 1.6.2
- Required for updated externally-executed 3DS/HPP checkout pattern
Commerce Quote UI 1.0.0 (unchanged)
Payment JS SDK 1.3.0 (unchanged)
NextJS Starter 1.6.2
- Recommended.
Open Api 2.0.2-1.0
- Recommended.

Service-level Release Notes

Common Libraries

Data Tracking 2.0.2
- Contains breaking changes - please review the release notes for more information.
Customer Client 2.0.1
Common Extension 2.0.2
Common Messaging 2.0.2
Metadata 2.0.2
Rules Engine 2.0.1
Translation Common 2.0.1