broadleaf:
content:
content-item:
resolver:
whitelisted-service-callers:
- catalogbrowseclient
- v1.0.0-latest-prod
September 16, 2024
A patch release of starter parent pom is available at version 2.1.3.1-GA. If your project inherits from Broadleaf’s starter parent, you should make sure to use this version instead of 2.1.3-GA.
September 10, 2024
|
Tip
|
The 2.x versions are Spring Boot 3 compatible. |
|
Tip
|
If coming from a version prior to 2.0.0-GA, then see the 2.0.0 upgrade guide. |
Introduced the Adyen Payment Gateway Module
To review the security related content, see 2.1.3 notes.
|
Tip
|
You will need your login credentials originally provided for accessing the Broadleaf nexus. Security fixes often involve dependency updates to remediate issues being tracked in external OSS components. It is worth considering adopting releases with security fixes (even Broadleaf Severity LOW) to avoid any possibility of transitive exposure in your codebase. |
Now supports Node 18. Node 14 has reached end-of-life and we recommend upgrading to Node 18 as soon as possible since Node 16 reaches end of life in September 2023.
Upgrading Node is not required to use this update.
If building your own images of Admin Starter, it is required to add a new dependency to your project on luxon, which was introduced to address timezone issues in date-pickers.
Run yarn add luxon.
Updated Nested Content to display an Unsaved Changes modal whenever attempting to exit out of the Nested Content view with form changes.
Added handling for ENUM as a new Content Field type option, which allows the user to define a lookup field with custom enum options with corresponding values and labels.
Made PromotionDeployImmediatelyField component overridable.
Added a toggle titled Promote & Deploy Changes Immediately? to the Application Create & Update form that determines the default value of the "Do you wish to deploy immediately?" toggle that appears in the Promote modal for promoting any changes under that application.
Introduced MakeReusable action to allow embedded content items to become reusable.
Added the ability to make ActionListGridFacets collapsible based on the filtersCollapsed state, whose default value is determined by collapseFiltersByDefault metadata attribute.
Added a DynamicFieldTranslationProvider to be able to translate fields and children of dynamic components in the admin.
Added a Sandbox select field when performing bulk actions.
Added inline action to clone content items.
Updated existing implementation that reverts conflicting change summaries before deleting a sandboxable entity to include the scenario where a sandboxable entity with any amount of UPDATE Sandbox change entries is attempted to be deleted.
Previously, the implementation only considered the scenario where a sandboxable entity with any amount of CREATE Sandbox change entries is attempted to be deleted.
Added new ListGridColumnSortMode constant and property, listgrid.sort.mode.
Introduced logic in useCollectionState#combineSorts() that uses the new ListGridColumnSortMode to determine how the nextSort and `siblingSorts should be combined.
Fixed issue where the generic error message title was being displayed as the loading error message for the TreeView component instead of the global error message.
Fixed issue where the filters applied to the grid in the Export modal were not being reset when the modal closes.
The grid filters were being appended to the URL, and the grid would read the URL to apply filters. The solution was to not append filters to the URL if the filters from the grid inside the Export modal specifically.
Fixed missing asterisk to denote required Content Model Fields of type 'ASSET_DROPZONE' in the Content Model create form.
Fixed casting exceptions thrown when decimal fields were set to an empty string instead of null.
Removed "Equals" and "Not Equals" date filters.
Fixed bug where change summaries to add a nested content item created through a parent ContentView were being dropped after leaving the NestedContentView.
Prevents refetching of parent content items when its formik or when it’s nested content item’s formik is dirty.
Made lookup fields non-createable by default to prevent dropdowns from being forced to accept an entry, resulting in an error.
Fixed z-index of the HTML Editor’s link tool.
Increased the supported Node.js version to include Node 20.
No migration or code changes required.
Node 14 and Node 16 have reached end of life and Node 18 will reach it in May 2025.
Increased the supported React version to include Node 18.
No migration or code changes required.
Increased the supported Node.js version to include Node 20.
No migration or code changes required.
Node 14 and Node 16 have reached end of life and Node 18 will reach it in May 2025.
Updated API to support the Adyen payment gateway.
Made the content client’s ContentResolverRequest#requestId optional.
Increased the supported Node.js version to include Node 20.
No migration or code changes required.
Node 14 and Node 16 have reached end of life and Node 18 will reach it in May 2025.
Increased the supported React version to include Node 18.
No migration or code changes required.
Increased the supported Node.js version to include Node 20.
No migration or code changes required.
Node 14 and Node 16 have reached end of life and Node 18 will reach it in May 2025.
Increased the supported React version to include Node 18.
No migration or code changes required.
Introduce support for the Adyen payment gateway
The new modules for integrating
@broadleaf/adyen-payment-services-api
@broadleaf/adyen-payment-services-react
|
Note
|
Includes changes in 2.0.4-GA |
As of Broadleaf Release Train 2.1.3-GA, all microservices have been upgraded to Spring Boot 3.3
This version includes all changes up to 2.0.4 Release Notes
Added null-safe handling for allowing custom fields on rule builders
|
Tip
|
The 2.x versions are Spring Boot 3 compatible. |
|
Note
|
Includes changes in 2.0.4-GA |
As of Broadleaf Release Train 2.1.3-GA, all microservices have been upgraded to Spring Boot 3.3
This version includes all changes up to 2.0.4 Release Notes
Added max-attempt limits and lockout configuration for change password and reset-password flows.
These settings can be configured on a per-Authentication Server basis.
Added support to identify and process PersistenceMessage payloads for extended entities from Customer, Admin and Tenant services.
This should eliminate the need to override the supportedSimpleTypeNames array or getSupportedSimpleTypeNames() method in PersistenceHandler implementations.
The PersistenceHandler now utilizes the _baseClass attribute of the PersistenceMessage to identify the underlying JPA class and thereby the extended entity.
This logic is congruent with the existing logic to identify the overrides/extensions of Indexable entities like Order and Product.
The protected method DefaultUserLockoutService#throwIfLocked had its signature updated to now include int attemptsAllowed as a parameter.
This allows you to pass different limits for whatever action that may lock a user’s account that is being evaluated, such as login attempts or change/reset password attempts.
Fixed a long-standing issue where a value of maximum login attempt count would be allowed to be exceeded by one
For example, with the maximum attempt number of '2' a third request was allowed and, if successful, would change the password
broadleaf.auth.user-lockout.failed-reset-password-attempts-allowed
Description: How many failed reset password attempts are allowed before a user is locked out.
Default value: null (designates unlimited attempts)
broadleaf.auth.user-lockout.failed-change-password-attempts-allowed
Description: How many failed change password attempts are allowed before a user is locked out.
Default value: null (designates unlimited attempts)
broadleaf.auth.user-lockout.reset-password-fail-decay-minutes
Description: How long, in minutes, it takes for failed reset password attempts to "decay". Failed reset password attempts that have decayed will not be taken into account when determining if a user should be locked out. Null indicates attempts never decay.
Default value: null (designates attempts never decaying)
broadleaf.auth.user-lockout.change-password-fail-decay-minutes
Description: How long, in minutes, it takes for failed change password attempts to "decay". Failed change password attempts that have decayed will not be taken into account when determining if a user should be locked out. Null indicates attempts never decay.
Default value: null (designates attempts never decaying)
|
Tip
|
The 2.x versions are Spring Boot 3 compatible. |
JDK 17 is required for Broadleaf release trains 2.0.0-GA, and beyond.
|
Note
|
Includes changes in 2.0.2-GA |
Fix bug where idempotency key of the CheckoutCompletionEvent was being sent as a random ULID, instead of the Cart id.
By sending the Cart id, re-sending the same CheckoutCompletionEvent is able to be done without the risk of the message being re-processed by a given listener.
For example, the event may have only failed for OrderOps but not in OfferServices. Previously, re-sending the CheckoutCompletionEvent would cause all listeners to re-process. With these changes, only listeners that did not receive the event, or failed to process the event, would process the message.
|
Tip
|
The 2.x versions are Spring Boot 3 compatible. |
|
Note
|
Includes changes in 2.0.4-GA |
Added a ContextInfo parameter to methods in CartItemConfigurationService to facilitate validation decisions based on multi-tenancy
This was done in a backwards-compatible way by calling the now-deprecated versions of the updated methods (without ContextInfo)
Note that the method CartItemConfigurationService.validateCartItem(Cart, CartItem, CatalogItemList<? extends CatalogItem>, String) was replaced with the method that has a new ContextInfo parameter. This can cause backward-compatibility issues for clients that have customizations calling this method.
Added a flag shouldCalculateTaxes in CartPricingService#calculateTotals to prevent the tax calculation logic from being executed twice during the price cart flow.
Also, deprecated the CartPricingService #calculateTotals(Cart, ContextInfo) method in favor of the new method CartPricingService#calculateTotals(Cart, boolean, ContextInfo).
Improve logic creating FulfillmentPricingItems in DefaultFulfillmentOptionRequestService.
Use typeFactory to create the pricing items
Set the sku and inventoryType fields on the objects from cart items
Improvements to support the Adyen payment integration
Added an ability to send the additional data in the CheckoutProcessRequest, needed to execute payment transactions, esp. properties that should not be persisted to the Payment#paymentMethodProperties.
See CheckoutProcessRequest#sensitivePaymentMethodData
Enhanced checkout to be more robust by utilizing Spring RetryTemplates to finalize the payments and update the cart. Additionally more logging was added to help debug checkout in case of further issues.
Populate offerUses field on the Adjustment object when retrieving non-item adjustments from OfferServices using ExternalOfferProvider
Fix incorrect quantity validation logic that used counts per sku for bundles, which usually do not have sku fields.
Instead, validate quantities for bundles using productIds
Fixed the ExternalPaymentInteractionMessagingAutoConfiguration being guarded by the catch-all broadleaf.basic.messaging.enabled property
This can cause the listener to not be registered due to the basic messaging being disabled in certain flexpackage compositions (e.g. Cart flexpackage)
It can now be enabled via broadleaf.cartoperation.checkout.messaging.active
broadleaf.cartoperation.checkout.messaging.active should also be used for CartCheckoutMessagingAutoConfiguration as well for consistent naming, instead of broadleaf.cart.checkout.messaging.active (still usable for backwards compatibility)
Resolved a bug where a failed payment transaction causes the PaymentSummary in the CheckoutResponse to be out of date
|
Important
|
This release includes a potentially breaking change if you have an override/implementation of one of the following methods:
If this effects your project, you’ll encounter a compilation issue. These compilation issues should be simple to resolve - ie look to gather data from the provided In short, these method signature changes within the CartOps were needed to effectively pass the This change was also made to future-proof these method signatures by passing objects, rather than simple params. |
|
Tip
|
The 2.x versions are Spring Boot 3 compatible. |
JDK 17 is required for Broadleaf release trains 2.0.0-GA, and beyond.
This version now requires DataTracking 2.0.3+
Add attributes field to the AttributeChoice domain.
Enable a one-off cache activation for Catalog Access Policies at the earliest context request hydration phase.
Include the authenticationAttributesConverter in the CatalogContextRequestHydrator for the most correct user type detection.
Fixed the pagination issue that did not display data beyond the first page in the Products and Variants tabs of Advanced Tags in the Admin.
Removed sorting by Name and SKU within the Advanced Tags' Products and Variants grids as it was never supported.
Removed unnecessary validation in the ProductEndpoint that prevented the PromotionalProduct#relatedProduct from being updated.
Added validation to verify that the new relatedProduct exists prior to update.
Fixed catalog access policy cache not engaging
Fixed JpaNarrowExecutor building 'IN' clause with unbounded number of explicit values for unpaged queries even when a limit is specified.
Added missing paging to the narrowing repository when reading production product IDs.
Added filtering for bulk operations in different contexts in the CatalogBulkOperationsEndpoint.
Added missing metadata to render nameOverride field in the Option Template create form.
Fixed bug where products using an Item Choice Multiple Variations option template could not be resolved in storefront.
Fixed validation error appearing when attempting to create an Item Choice Single Variation Option Template.
Fixed rendering issue in Category Products Membership Rules
Added allowCustomFields attribute to product membership rule metadata
Added ENUM as a new Content Field type option, which allows the user to define a lookup field with custom enum options with corresponding values and labels.
Added a new boolean param addressableByUri to the /content-items endpoint to retrieve all content-items with a non-empty uri.
Added caching configuration to the DefaultContentItemHydrationService to improve performance.
Added metadata introducing MAKE_REUSABLE secondary action to make embedded content items reusable.
Added column to Content Field grid to display required boolean field.
Improved extension accessibility for JpaCustomizedContentItemRepository by making getManagedType() protected instead of private.
Added metadata to support inline content item cloning.
Added a discrete cache invalidation
This new feature allows invalidating the caches when one of the entities is changed/deleted so that the new changes will be immediately available without needing to wait until the cache has expired.
Set broadleaf.content.cache.invalidation.active=true to enable it.
Fixed a bug with the Content Model create form in which the Are content items of this model addressable by URL? toggle is missing on page-load.
Introduced properties to configure the names of other microservices that may send requests to Content as trusted to allow passing additional information in the ContentContext that would normally expect to be derived from the access token.
broadleaf.content.content-item.resolver.whitelisted-service-callers
Default only includes catalogbrowseclient.
broadleaf:
content:
content-item:
resolver:
whitelisted-service-callers:
- catalogbrowseclientFixed an issue where database data representing FieldData#value was mistakenly converted into a ContentItemAsset, resulting in empty content item fields.
Modified conditions within FieldValueConverter#convertToEntityAttribute to accurately identify instances of ContentItemAsset.
Fixed instances where nested content was not hydrated correctly as it was not accounting for non-map objects.
Fixed validation discrepancies across embedded and non-embedded content items.
|
Tip
|
The 2.x versions are Spring Boot 3 compatible. |
Added EntityValidator for FulfillmentOptionRequest to replace annotation-based validation on the same domain.
This will result in better error messages presented to callers and is extensible.
Fixed NPEs when a fulfillment address does not have an address.
Added support for FulfillmentCalculators#matchesAddress to skip comparing the destination address to the fulfillment address if FulfillmentCalculatorConfig#destinationType is null or ANY since then the destination does not matter.
This better supports using Virtual inventory type and Virtual or None fulfillment types where an address is likely not required or used.
Fixed getManagedType() not pointing to JpaFulfillmentPricingConfigRepository preventing logic to find derived class
Fixed issue where updating the active end date would result in a NPE.
Fixed the MonetaryException issue when there are two offers (one which has applicable to items on sale as FALSE and the second which has applicable to items on sale as TRUE along with stackable as TRUE and having an offer currency which is not the same as system default) and both offers are applied to the same item.
Fixed issues where an OfferCodes were considered to be used multiple times when they should not.
OfferCodes will now count as being used once across an entire offer when applied in certain situations, preventing the maxUsesPerUser flag from triggering incorrectly. An example is when a single OfferCode is used across multiple items in a cart, it counts as a single offer usage.
Changed to count OfferCode usages based on OfferAuditDetail transactionReferenceId.
Previously, if an OfferCode was applied to an Order that has an ItemOffer applied to all items, one OfferAuditDetail is created for each use (which is expected), but when checking for OfferCode usages, it was counting all the OfferAuditDetails.
Fixed an issue where maxUsesPerUser wasn’t being correctly persisted for generated campaign codes and provided a default value for maxUsesPerUser on the domain.
Addressed backwards and forwards compatibility for Spring Boot 3.1.x and 3.2.x.
Updated the extensibility of many Jpa classes in Offer by formatting them in line with other calls to the getManagedType() method.
|
Tip
|
The 2.x versions are Spring Boot 3 compatible. |
Introduced the ability to pass line item data to PaymentTransactionServices as part of the TransactionExecutionRequest for all transaction types. This is conditionally enabled using the following property: broadleaf.orderoperation.service.payment.include-line-items-in-transaction-request.{GATEWAY_TYPE}.
Note: This property can also be declared on a per-payment-method-basis. For example, this should be set to true when using Klarna with Adyen. Therefore, we’d declare broadleaf.orderoperation.service.payment.include-line-items-in-transaction-request.ADYEN.KLARNA=true.
Add the ability to archive existing payments as part of the create payment request. This is meant to simplify the requests that the frontend must make when the customer chooses to declare a different payment method, esp. after their initial payment method’s checkout transaction failed. See CreatePaymentRequest#shouldArchiveExistingPayments & CreatePaymentRequest#gatewayTypesToArchive.
Fixed an issue when the 3DS/HPP callback token cannot be validated because the failed payment is archived, & that failed result was already recorded/applied via the webhook, before the callback endpoint is engaged.
Improvements to support the Adyen payment integration
Added an ability to send the additional data in the TransactionExecutionRequest, needed to execute payment transactions, esp. properties that should not be persisted to the Payment#paymentMethodProperties
Introduced the ability to pass line item data to PaymentTransactionServices as part of the TransactionExecutionRequest for all transaction types.
Enhanced the data passed via the PaymentInfo object to payment gateway resources, including the owning entity id & initial transaction amount data.
Introduced plumbing to update the payment gateway’s representation of a payment, along with a request to update the PaymentTransactionServices payment. Note: this also includes providing the gateway’s update response as part of the PaymentTransactionServices endpoint response.
Introduced logic allowing updates of supplemental payment data (e.g. the billing address) without requiring that the payment is cloned and archived.
Updated DefaultPaymentAccessValidationService logic to potentially allow updating a payment if only supplemental data is provided (thus not changing the underlying payment method, initial transaction amount, etc.) while the payment has the CUSTOMER_MUTABILITY_BLOCKED_FOR_PAYMENT_FINALIZATION access restriction.
Introduced the broadleaf.paymenttransaction.service.allow-supplementary-updates-while-mutability-blocked-for-payment-finalization property declaring whether updating supplemental data is allowed in this state.
Introduced plumbing around PaymentGatewayTransactionService#identifyTransactionReferenceIdOverrideForInitialTransaction to support custom logic for declaring the transactionReferenceId for an initial checkout transaction.
Introduced plumbing around PaymentGatewayPaymentSummaryService#buildNextActionFromPayment for building a PaymentSummary#nextAction based on payment data, rather than transaction data. Note: this is meant to be used if the payment does not yet have any transaction data.
Updated payment update endpoints to ensure that the payment id provided as a path variable aligns with the payment id in the request payload.
Addressed backwards and forwards compatibility for Spring Boot 3.1.x and 3.2.x.
Updated the extensibility of JpaPayment, JpaPaymentTransaction, and JpaSavedPaymentMethod by formatting them in line with other calls to the getManagedType() method.
|
Tip
|
The 2.x versions are Spring Boot 3 compatible. |
This version includes all changes up to 2.0.5 Release Notes
Add index in JpaChangeSummary for the combination of LAST_DEPLOY_RELATION, SANDBOX, and STATE columns to improve change summary querying.
As of Broadleaf Release Train 2.0.4-GA, all microservices have been upgraded to Spring Boot 3.3
The ChangeDeploy unschedule feature now works for failed deployments marked with the ERROR_DEPLOY status
This effectively removes the deployment failure from the deployment screen in the admin
The failed deployment header message will also be removed from the one or more entity forms associated with the deployment
ChangeDetails associated with the failed transition sandbox entities in the resource tier are marked obsolete in order to make them inactive
If all ChangeDetails are made inactive, the sandbox state for the entity is archived
This serves as a method to remove deploy failures from visibility in the admin. The feature is usually engaged via the unschedule button in the deployments screen in the admin under the scheduled tab.
|
Tip
|
The 2.x versions are Spring Boot 3 compatible. |
Search-redirect logic should be disabled in admin context
Fixed issue with gathering products for rule-based categories where these requests would previously return no results
Fixed a bug where a mismatched value for the Variant Type field was displayed when reading a Field Sort entity on the Admin’s Sort Options Form.
Updated the getRepositoryDomain() service methods and getDomainType repository methods in SearchServices to return the extended JPA classes rather than out-of-box classes.
Fixed an issue with ordering search facets where the API endpoint returned all facets, including unordered, in the selection. The API endpoint did not take the supplied isSorted parameter into consideration.
It is only possible to reorder an item after/before already sorted items.
Added an Is Sorted column to the Admin Facets grid.
Fixed NullPointerException when reindexing Order and OrderFulfillment without filters (full reindex)
Fix catalog sync and search group settings creation race condition
Don’t fail persistence of search group settings if the catalog does not already exist.
Added missing paging metadata for Search Settings groups.
Fixed issue where it was only possible to reorder an item after or before the already sorted item. Also added an "Is Sorted" column to improve UX.
Fixed incorrect paging issue when running large bulk operations on admin grids.
Added a default sort on ID when we run a solr query, the items in the document should always be in the same order and prevent items from being in multiple pages.
Fixed getManagedType() not pointing to JpaSearchSettingsRepository preventing logic to find derived class
Also removed final keyword from getManagedType() method for improved extension accessibility.
broadleaf.search.solr.sort.defaultAdminSortEnabled
Boolean denoting whether sorting is enabled by default
Default is true
broadleaf.search.solr.sort.defaultAdminSortField
Default field to sort by
Default is id
The protected method RSQLSolrQueryContributor#getCategoryProductMembershipFilter had its signature updated to now include ContextInfo as a parameter. This was done to fix an issue where Category Product Membership filters were not being applied correctly to the Search Solr query as they were missing the correct query locale. The ContextInfo parameter can be passed in order to identify the default Tenant locale as part of the LocaleHelper#getQueryLocale method that identifies the correct query locale.
|
Tip
|
The 2.x versions are Spring Boot 3 compatible. |
Initial release of Broadleaf’s Adyen payment integration module, including support for:
Authorize, AuthorizeAndCapture, ReverseAuthorize, Capture, & Refund transactions
Saving payment methods for future use via Adyen
3DS support
Digital wallets (GooglePay, ApplePay, & PayPal)
Support for express checkout using digital wallets
Klarna
The 2.x versions are Spring Boot 3 compatible.
Updated MappableCrudEntityHelper and CrudEntityHelper to fix a bug where if multiple SortTransformer components existed, only the result of applying the last one was returned to the caller.
Now, as expected, the result of each transformer is passed to the next in a chain, and the cumulative result is what gets returned.
Multiple user translation creates for the same field can result in duplicates when deployed
Now detect duplicate creates for the same translation target at deployment and archive all but the latest
Updated PostToMeConverter and RuleInspector to avoid using reflection on non-introspectable types such as Java types and Enums.
Previously, this prevented clients using a specific subset of functionality from removing --add-opens Java flags.
Auto-remediate change type mismatch when detected for DELETE operations
Although still unknown how it occurs, it is possible for the sandbox changeType and ChangeDetail operationType to be out of sync for a delete operation. Specifically, the sandbox changeType can be reported incorrectly as UPDATE.
When this case is detected, the sandbox changeType is autocorrected to be DELETE.