Broadleaf Microservices
  • v1.0.0-latest-prod

Upgrade to 2.0.2

May 6, 2024

Tip
The 2.x versions are Spring Boot 3 compatible.

Requirements

  • Java 17 is required since 2.0.0-GA.

Notable Changes

  • Enhanced StorageProvider interface to handle InputStream instead of just Files

    • Includes optional GoogleCloudStorageProvider that may be enabled in place of the default FilesystemStorageProvider.

    • See Asset Services 2.0.1.

  • Added a generic attributes map to Asset entities to allow for custom attributes to be added to assets

  • When an image is uploaded to the admin, the image’s dimensions are now stored in the attribute map for the asset

Fixes for override determination in direct-to-production CUD operations.

In most cases, create/update/delete (CUD) operations in Broadleaf occur in a sandbox context by default and are subsequently promoted/deployed to production. In some cases, however, it’s possible for CUD operations to directly target a production context and bypass the promote-deploy flow. For example, it’s possible to import products directly into production.

The logic to determine whether a change is an override (ex: application-catalog-level override of a tenant-catalog-level product) was not correct specifically in the direct-to-production flow.

This led to unexpected 'override' labels appearing in the admin for such operations.

There were also issues observed with 'delete' overrides not being correctly created in direct-to-production flows, both for sandboxable and non-sandboxable entities.

Important
Addressing this issue required breaking changes to a few method signatures, outlined in Data Tracking 2.0.2 release-notes.

Fixed OrderCreatedEvent and VoucherGenerationCompletionEvent becoming too large

Prevented an issue where a large number of order items and/or fulfillment items can cause OrderCreatedEvent and VoucherGenerationCompletionEvent message payloads to bloat to the point that it exceeds the message broker’s maximum message size limit. This is done by not populating the Order object and OrderFulfillment collection on these events, and instead, providing links to optionally retrieve this data via API calls.

Important
If you have any custom listeners for OrderCreatedEvents or VoucherGenerationCompletionEvents that require the order or fulfillments, they’ll need to be updated to read these entities using the OrderCreatedEvent.links or VoucherGenerationCompletionEvent.links values. For an example, see usages of the readAllByOrderFulfillmentLink and/or readByOrderLink components referenced below.

Security

To review the security related content, see 2.0.2 notes.

Tip

You will need your login credentials originally provided for accessing the Broadleaf nexus. Security fixes often involve dependency updates to remediate issues being tracked in external OSS components. It is worth considering adopting releases with security fixes (even Broadleaf Severity LOW) to avoid any possibility of transitive exposure in your codebase.

Frontend Compatibility and Release Notes

Microservices release 2.0.2 is congruent with:

  • AdminWeb 1.10.8

    • Required.

    • @broadleaf/admin-components 1.10.8

    • @broadleaf/admin-stripe-components 1.10.8

    • Other modules: 1.10.7 (unchanged)

  • Auth JS SDK 1.6.1

    • Recommended.

  • Commerce JS SDK 1.6.2

    • Required for updated externally-executed 3DS/HPP checkout pattern

    • @broadleaf/commerce-browse 1.5.10 and 1.6.2

    • @broadleaf/commerce-cart 1.5.10 and 1.6.2

    • @broadleaf/commerce-content 1.5.10 and 1.6.2

    • Other modules: 1.5.9 and 1.6.1 (unchanged)

  • Commerce Quote UI 1.0.0 (unchanged)

  • Payment JS SDK 1.3.0 (unchanged)

  • NextJS Starter 1.6.2

    • Recommended.

  • Open Api 2.0.2-1.0

    • Recommended.

Third Party