- v1.0.0-latest-prod
Added URIs, predicates, and filters for Audit and Workflow Services for Admin and Commerce Gateways.
Advance base dependencies version with the spring boot 3.5 upgrade
Rewrote OAuth2ClientCredentialsGatewayFilterFactory to use a fully non-blocking mechanism for all logic related to obtaining a new access token
Previously, this filter would defer to a worker thread and execute synchronized/blocking logic to fetch the access token. In scenarios where clients had attached the Elastic APM agent to the gateway for instrumentation, the agent would cause the blocking work to be executed in an event loop thread, which would throw an error on the blocking logic.
With the rewrite, the flow is now fully non-blocking, and the Elastic APM agent can be used with the gateway.
This change should also produce a positive impact on performance for all anonymous storefront requests, as a variety of inefficiencies have now been eliminated in this flow.
Fixed issue where caching could not be turned off in the commerce gateway due to a lack of null-checks against CacheStateManager
Fixed a bug where the commerce gateway’s default properties were setting the cache type to 'simple', even though the actual configuration uses and configures Ignite. The cache type property is now removed, preventing a confusing contradictory combination of defaults.
Rewrote the application token resolution logic in commerce gateway to fix a few different bugs
Since ThreadLocals are unsafe in reactive flows, removed the use of CacheContext and added a custom CacheStateConfigurer to force-set the cache enabled value to true for the relevant app token cache flow
Rewrote the ApplicationTokenGatewayFilterFactory and ExternalApplicationResolverService to move blocking cache interactions off of the event loop thread and into worker threads.
Furthermore, added strong concurrency control to enforce only one thread at a time will make a request for any given application token, fixing a bug where multiple requests could have previously been fired off all at once to the downstream service.
Enabled ApplicationToken filter for services that were missing them
audit
billing
catalog
notification
workflow
Enabled Anonymous filter for services that were missing them
fulfillment
offer
orderoperation
pricing
This release contains security updates. For more details, please visit Broadleaf Security and review the security advisories page.