Elastic Path 7.3.0 Release Notes
Elastic Path 7.3.0 Release Notes
Shipping Calculation API
The Shipping Calculation API enables integrating third-party shipping providers APIs, such as FedEx, UPS, with Elastic Path commerce. With this integration, customers can view the available shipping options and cost associated with each one during the checkout flow.
Cortex API Capabilities
- Added a link from the items resource to the purchase-line-item resource in the Cortex API.
- Added a new Cortex API resource, purchase-lookup-form.
- Added a new Cortex API resource, navigation-lookup-form.
- Configured JMS messaging to use persistent VirtualTopics to provide messaging to fulfilment center after purchasing an order.
- Added links between cart items and dependent cart items.
Front-end Integration Support
- Introduced new query parameters, standardlinks and zoom.noself, which return a smaller Cortex API response.
- Introduced support for the Hypertext Application Language (HAL) API Response Format.
Enhanced Security and Extensibility
- Upgraded multiple open source libraries used in Elastic Path Commerce to address known security vulnerabilities. For more information, see Third-Party Library Changes and Upgrades.
- Created a Maven bill-of-materials module to simplify importing Elastic Path library dependencies and adding dependencies for extension projects.
Announcements and Notices
Elastic Path constantly evaluates product capabilities and architecture, and over time will plan to replace capabilities with new versions, new implementations, or new partnerships based on customer and market feedback.
Backwards compatibility for existing customers investments is a key factor in decisions to deprecate and remove features. Where possible, features will be announced as deprecated, and then removed in a future release. This will allow customers at least one release cycle to adjust their implementation to the replacement capability before removal.
|MySQL 5.6 support||Oracle premier support for MySQL 5.6 ended Feb 2017.|
|Storage of non-tokenized credit cards||Credit cards should always be stored in tokenized form for PCI DSS compliance and security.|
|Cortex /events endpoint||The /events endpoint exposed a security vulnerability and was difficult to customize. Projects using Cortex Trusted Header Mode should use the /mergeprofiles resource from the Trusted Header Mode Accelerator.|
System Requirements and Compatibility
Elastic Path Commerce 7.3.0 is compatible with the following Elastic Path releases:
|Elastic Path Component||Version||Location||Branch or File name|
|Elastic Path CloudOps for AWS||3.0.x||http://code.elasticpath.com||release/3.0.x|
|Elastic Path Commerce Demo Package||7.3.0||http://support.elasticpath.com||EP-Commerce-Demo-7.3.0.zip|
|Elastic Path Commerce for Adobe||1.7||http://support.elasticpath.com||Internal release available upon request.|
New in This Release
- Removed stored credit cards support. Customers can use the payments framework in Commerce Engine to use credit card functionality.
- Introduced shipping calculation API to support integration with third-party shipping providers such as FedEx or UPS.
- Improved extensibility of the ShoppingCartRepository class.
- Integrated the the ep-health-monitoring-plugin-core module into Elastic Path Commerce source code.
- Integrated the data-population tool into Elastic Path Commerce source code.
- Integrated the health-monitoring tool into Elastic Path Commerce source code.
- Rationalized add-to-cart and purchase validations and improved validation extensibility through the implementation of a Validator interface.
- Renamed the Money.getAmountUnscaled() method to Money.getRawAmount().
- Configured JMS messaging to use persistent VirtualTopics.
- Improved extensibility of Selenium framework system tests. Selenium tests can now be overriden from the extensions module.
Enabled reading of TextMessage message objects from ActiveMQ by the ep-jms-test-support module.
- Enabled injection of system setting values into Elastic Path Spring Beans by implementing a custom Spring bean element, <settings:setting>.
- Replaced Use of Spring Modules Valang with JSR-330 validation.
Removed Apache Commons VFS and Commons HttpClient libraries.
- Removed support for MySQL 5.6
- Rationalized POM hierarchy of ep-commerce modules:
- Implemented a Maven bill of materials in the bill-of-materials module to centrally index module dependencies and dependency versions.
- Removed unreasonable duplication in POM files.
- Introduced Elastic Path Query analyzer to test database query performance.
Automated Data Sync Tool data sync between author and live environments.
Removed remote mode from Data Sync Tool.
- Changed location of default Cortex configuration files:
- Cortex configuration files are now located in the /extensions/database/ext-data/src/main/resources/environments/ directory.
Redundant configuration files are removed from the /extensions/database/ext-data/src/main/resources/environments/<environment name>/files directory for other environments.
Removed deprecated Builder.builder() methods from Identifier classes.
Removed the -XX:MaxPermSize JVM parameter from the following Elastic Path Commerce modules as it is no longer used in Java 8:
- Enabled the creation of a deployment package specifically for performance testing using the /ep-commerce/extensions/packager/ext-deployment-package module
- Added a link to the items.item resource from the purchases.purchase-line-item resource.
- Enabled the addition of dependant line items when a bundled item is added to the cart.
- Updated the Helix API generator maven plugin to Maven 3.3.9.
- Removed the cortex-dce module. Cortex configuration files are now located in the /extensions/database/ext-data/src/main/resources/environments/ directory.
- Created structured error messages for invalid and expired coupon codes in the Cortex API.
- Created a link from the /lookups resource to the /navigations resource. A user can look up the specific category by using category code as part of navigations form resource.
Created the lookups.purchase-lookups-form resource. A user can look up an order by the order number.
- Removed groovy-eclipse-compiler configurations in the cortex-resources module.
- Simplified Cortex JSON responses and improved performance by removing the self, rev, type, and uri fields from responses.
- Removed item price lookup in the PriceExistsProductSkuValidatorImpl ckass, Item price is now injected into the ProductSkuValidationContext class.
- Cortex now displays dependent line items for a cart item.
- Provided product item price into add-to-cart and purchase validations to avoid validators making database calls.
- Provided structured messages for invalid and expired coupon codes.
- Provided structured messages for invalid and expired promotions.
- Enabled transitioning of a user from the PUBLIC role to REGISTERED while persisting pertinent information, like their cart.
- Removed the /events jaxrs resource.
- Introduced different icons for source category and linked categories to make each category easily distinguishable.
- Enabled extensibility of the Condition Builder.
- Replaced Customer ID labels with User ID.
- Removed Solr shipping service level indices, indexing, and querying classes.
- Enabled extensibility of system tests for the web admin console and Cortex.
- Introduced related changes in web admin console for the Shipping Calculation API.
Enabled extensibility of system tests for the web admin console and Cortex. Customers can now extend these system tests in the /extensions/system-tests module.
Provided test coverage for data policies and change sets.
Enabled overriding of chrome driver options in the /extensions/system-tests module instead of the Selenium framework accelerator.
Created tests for verifying JMS message content in the web admin console.
Integrated Data Sync Tool tests with web admin console selenium change set tests.
Stabilized web admin console intermittent test failures.
- Additional Cortex Cucumber test coverage for structured messages for coupon codes and shipping service calculation.
- Added logging capability to Selenium tests.
The Upgrade Guide provides general instructions on upgrading Elastic Path projects. The upgrade instruction specific to 7.3 release are listed in the following sections:
The following changes are made in the database. For more information, see core-changelog.7.3.0.xml in the commerce-engine/liquibase module.
- Updated the TSETTINGDEFINITION table with the
- Setting definitions of type boolean are changed to type Boolean.
- Updated the data type of multiple search-related settings from String to either Integer or BigDecimal to match their usage in code.
- Changed the COMMERCE/SYSTEM/MESSAGING/ settings to allow multiple overrides.
- Changed the following settings to default to
- Renamed the SHIPPING_SERVICE_LEVEL_GUID column to SHIPPING_OPTION_CODE in the TCARTORDER table.
- Updated the TORDERSHIPMENT table with the following:
- Removed the TORDERSHIPMENT_SHIPLEVEL_FK constraint.
- Renamed the SERVICE_LEVEL_GUID column to SHIPPING_OPTION_CODE.
- Renamed the SERVICE_LEVEL column to SHIPPING_OPTION_NAME.
- Renamed the CARRIER column to CARRIER_CODE.
- Added the CARRIER_NAME column.
- Added default cache settings for shipping calculation results in the TSETTINGDEFINITION and TSETTINGMETADATA tables.
- Renamed the shippingServiceLevelCode field to shippingOptionCode in the TRULEPARAMETER table.
- Removed the shippingservicelevel row in the TINDEXBUILDSTATUS table.
- Updated the following settings to default to
VirtualTopic values in the
- Updated the TORDERPAYMENT table with the following:
- Update the TCARTITEM and TORDERSKU
- Added BUNDLE_CONSTITUENT column.
- Deleted the following tables:
Third-Party Library Changes and Upgrades
|Library||New version||Old version|
|Apache Commons BeanUtils||1.9.3||1.8.3|
|Apache Commons CLI||1.4||1.0|
|Apache Commons Codec||1.11||1.7|
|Apache Commons Collections||3.2.2||3.2|
|Apache Commons CSV||1.5||0.1|
|Apache Commons Email||1.5||1.3.1|
|Apache Commons FileUpload||1.3.3||1.2|
|Apache Commons IO||2.6||2.1|
|Apache Commons Lang3||3.7||3.4|
|Apache Commons Validator||1.6||1.3.1|
|Felix Config Admin||1.8.16||1.8.10|
|Felix Event Admin||1.4.10||1.4.6|
|Felix File Install||3.6.4||3.5.0|
|Felix Web Console||4.3.4||4.2.12|
|Felix Web Console DS||2.0.8||2.0.2|
|Felix Web Console Event||1.1.8||1.1.4|
|Felix Web Console Memory Usage||1.0.8||1.0.6|
|Felix Web Console Package Admin||1.0.4||1.0.2|
|Spring Batch (Apache ServiceMix bundles)||4.0.1||2.2.7|
|Spring Framework (Apache ServiceMix bundles)||4.3.16||3.2.14|
|Spring LDAP (Apache ServiceMix bundles)||2.3.2||1.3.2|
|Spring Security (Apache ServiceMix bundles)||4.2.6||3.2.8|
|Spring Security OAuth2 (Apache ServiceMix bundles)||2.3.3||1.0.5|
Upgraded Maven to 3.5.2
Rationalized POM Hierarchy
The POM hierarchy is modified. All Elastic Path modules now inherit from a common commerce-parent at the root of the ep-commerce project.
Dependency management is now centralized in a bill-of-materials POM along with the related artifact version properties using the Maven Bill of Materials pattern. However, version properties for Maven plugins remain in the commerce-parent POM to allowinheritance of version properties by plugins.
This modification also enables the consolidation of reversioning scripts into a single script.
- Be aware that customizations to POMs might not merge smoothly because of the large number of POM changes.
- Remove unnecessary <dependencyManagement> definitions and version properties from all modules.
- Fix the parenting for customization extension modules.
- Adjust the set-ep-versions.sh script.
- Update CI jobs to build the bill-of-materials module before any other modules.
Updated Solr Schema
The shipping calculation search index is removed.
The customer search index is updated to improve searching by user id, phone number, and postal code.
Moved Cortex Configuration Files from Deployment Package
The default Cortex configuration files are now located in the database/ext-data/src/main/resources/environments/default directory instead of the ext-deployment-package/src/main/resources/config directory. This centralizes environment configuration.
Removed Cortex /events Endpoint
Implemented Unambiguous Cortex Permission Patterns
Support for implicit wild cards in Cortex permission strings is removed to remove a security vulnerability. Existing implied wild cards now terminate the permission string. For example, READ /carts/ID/lineitems/ID2 is no longer allowed by the READ carts:ID permission.
When you upgrade:
Update resources that rely on the implicit wild card to declare their wild card explicitly. This is straightforward as exact warnings are emitted about permission strings that have changed behaviour.
Permission String 'create,read:orders' in resource 'purchases' does not explicitly end with EOL or a wildcard, this is a deprecated pattern and should be removed. To ensure more than necessary permissions are not given an implicit EOL will be added.
Start Cortex and address all warnings by adding explicit wild cards to ensure existing functionality is preserved.
Elastic Path recommendchecking whether an EOL is more suitable instead of a wild card.
Local Time Zone Support in Commerce Manager
Commerce Manager users can now configure the time zone in which they want to see date and time fields. To enable this, a ep.database.timezone is created to pass the database timezone, JDBC's serverTimezone property, to Commerce Manager. The default timezone is UTC.
- If your local database timezone is not set to UTC, override the ep.database.timezone property in your ep.properties file. Valid values are the timezone IDs returned by Timezone.getAvailableIDs(), such as, GMT, PST, Etc/GMT-4. The default value is UTC.
- For Aurora and MySQL databases, set the
connectionProperties in the
jdbc/epjndi resource in the webapp server's
context.xml file if the database timezone is
not UTC. For example,
connectionProperties=serverTimezone=PST;useLegacyDatetimeCode=false indicates that the timezone of the database server is PST.
- Oracle and MS SQL Server currently have to method of formatting responses to a different timezone. For these servers, ensure that the system timezone of the webapp server matches the database timezone.
- For databases in Amazon RDS, the default setting must be UTC. Elastic Path does not recommend changing the time zone for databases in Amazon RDS. For more information, see Amazon AWS's documentation.
Implemented Settings Inversion of Control
System settings are now injectable into Spring beans by using the SettingValueProvider<T> class and a new custom Spring element:
<settings:setting path="PATH/TO/THE/setting" context="optional"/>
This change enables system setting value updates to be made without downtime of the application.
Customizations made in the platform code might result in merge conflicts as this change impacts all default settings. For any existing custom settings, Elastic Path recommends changing to this new method.
This change also renames the ep-settings.xml Spring configuration file to plugin.xml. Customizations made to include the ep-settings.xml file can be reverted, as plugin.xml should already be included.
- Inspect custom import/export data sets for setting definitions of type boolean. Change any setting definitions with a type of boolean to a type of Boolean.
- Assess the operational process of updating existing settings. You can now modify the settings with caching without restart. Earlier, an application restart was required due to use of SettingFactoryBean.
- Settings-related bean definitions are moved from ep-core/service.xml to the ep-settings module. Any customizations to these core definitions might require refactoring.
Default message channels defined as settings now use VirtualTopic. as a prefix. This notifies ActiveMQ to treat the topic as a virtual destination. Consumer channels now use the ActiveMQ consumer convention of Consumer.xyz.VirtualTopic. as a prefix where xyz is a consumer identifier.For example, Consumer.orderConfirmationEmailHandler.VirtualTopic.ep.orders.
Added Shipping Calculation API
This release introduces a new Shipping Calculation API.
When you upgrade, customizations to how shipping calculation methods are invoked and customizations or additions to the stock shipping calculators need to be checked.
The introduction of the Shipping Calculation API refactored shipping related classes out into separate projects and affected many key classes that are dependent on them.
- The majority of classes in the com.elasticpath.domain.shipping package are now in the shipping-calculation-epcommerce module.
- Classes in the com.elasticpath.service.shipping package are now in the shipping-calculation-epcommerce module. This package now hosts new classes in support of the API.
- The following table columns are renamed. Any customizations depending on these columns will need to be refactored.
- The following key classes have their shipping cost code refactored
and any customizations in these classes related to shipping needs
- ShoppingCart, ShoppingCartImpl
- ShoppingCartPricingSnapshot, ShoppingCartPricingSnapshotImpl
- PromotionRecordContainer, PromotionRecordContainerImpl
- CheckoutService, CheckoutServiceImpl
- The following are changed:
- ShoppingCart.getShippingCost() returns 0 if no shipping option is selected.
- An empty list of shipping options will be returned when given a ShoppingCart object which doesn't have a shipping address.
- The ShoppingCart removes the available and selected shipping option if the shipping address is changed.
Customized calculators based on the ShippingCostCalculationMethod class that leverage default parametrization and do not make external service calls can be upgraded by creating a new module in the extensions module, which extends for shipping-calculation-epcommerce and porting the customized calculator to the new extension module. The shipping-calculation-epcommerce bean definitions are included using plugin.xml. Ensure that the ported bean definitions override them.
Added Extensible Add to Cart and Purchase Validation Strategies
Validation of add to cart and purchase validation is refactored to enable easier extension and better organization of validation during a purchase operation.
- Advisor functionality is now used extensively for validating add-to-cart, update cart, and purchase submission operations. Invalid requests that returned a 409 Conflict HTTP response might return different error codes along with a more rich response body utilising the advisor framework now. It might be necessary to update Cortex client applications to handle the new error response codes and to parse the new advisor responses.
- Additional validation checks are introduced that disallow the addition of items to cart or the submission of a purchase under certain scenarios.
- Certain validation logic are moved from Cortex into Commerce Engine Core. Extensions of these classes need be moved and extend the new validators.
- Certain validation logic are moved from com.elasticpath.sellingchannel.director.impl.CartDirectorImpl to classes within the new validation framework. Extensions of these classes need to be moved and reworked instead of extending the new validators.
- Many advisor implementation classes involved in cart, order, and purchase operations are removed. Extensions of these removed classes need to be corrected.
- Custom validation logic introduced to Cortex must be moved and refactored to make use of the new validation framework. This provides simpler, more testable code, as well as a richer Cortex client experience that utilises advisors.
Upgraded Spring to 4.3
The version of the Spring Framework used by Elastic Path is upgraded to 4.3.16, along with upgrading Spring Security to 4.2.6, Spring Security-OAuth2 to 2.3.3, and Spring Batch to 4.0.1.
- Update custom Spring XML files so that the schemaLocation references refer to the 4.0.xsd, not the 3.0.xsd. The URL for these references is http://www.springframework.org/schema/beans/spring-beans-4.0.xsd.
- Note that the dataSource property is no longer a part of the entityManagerFactory bean. The dataSource is now configured using the defaultDataSource property of the persistenceUnitManager bean. Any projects that override the entityManagerFactoryBean bean to set the dataSource property must override the persistenceUnitManager bean.
- Use the SimpleTriggerFactoryBean and CronTriggerFactoryBean beans for Quartz XML configuration files instead of SimpleTriggerBean and CronTriggerBean.
- Change <ref local=…/> elements to <ref bean=…/> elements.
Upgraded Apache Camel to 4.3
Replaced Spring Modules Valang Validation with Spring Expressions
Elastic Path’s tagging framework, uses a validation framework to prevent users from setting invalid tag values. The underlying validation framework is changed from Spring Validation Language,or Valang, to Spring Expression Language (SpEL).
A custom Liquibase extension is created to migrate any stored validation expressions to the new syntax.
When you upgrade:
- Ensure that no modules are referencing the spring-modules-validation or spring-modules-jakarta-commons modules.
- Run the Liquibase changeset 7.3.0-convert-valang-to-spring-expression against your database. This is part of the 7.3.0 changelog. This changes any existing stored constraints to the new syntax.
Removed Stored Credit Card Support
Elastic Path no longer supports storage, encryption, or import/export of credit card details due to PCI DSS risk. All code related to this was deprecated in 6.17.0 and is now removed.
- CardEncrypter, CardEncrypterImpl
- CreditCardEncrypter, CreditCardEncrypterImpl
- MaskUtility, MaskUtilityImpl
- StringEncrypter, StringEncrypterImpl
- CustomerCreditCard, CustomerCreditCardImpl
- Customer, CustomerImpl
- OrderPayment, OrderPaymentImpl
- OrderSku, OrderSkuImpl
The impact must be minimal to customizations in a project that uses PCI compliant payment methods, such as tokenization.
- Any extension code referencing the removed classes must be changed.
- Any extension subclasses or re-implementations of the CustomerImpl, OrderPaymentImpl or OrderSkuImpl classes must remove any references to the deleted methods.
- Customizations to Commerce Manager's user interface for dealing with payment gateways might not merge smoothly as credit card related user interface elements are removed.
- Fixed discounts applied to split shipments. Discounts are now split evenly between shipments after the order is created and before the shipments are released.
- Fixed RuleService.getAllowedLimit() method to not present a ClassCastException.
- Fixed order behaviour to release the order lock saving an order modification.
- Fixed failures presented when building Elastic Path Commerce for the first time.
- Fixed availability of the Wakaleo Schemaspy artifact by hosting it on Elastic Path's Nexus repository.
- Fixed build failures when building Elastic Path Commerce with a SNAPSHOT version specified, clean .m2 directory, and no Nexus snapshot. Building Elastic Path Commerce now succeeds under these conditions.
- Fixed an error presented when performing an add to cart function in Adobe Experience Manager.
- Fixed the Data Sync Tool's product graph to reduce the amount of memory it requires.
- Fixed integration server to not present a velocity template error when rendering an email.
- Fixed build error presented by the javax.servlet-api library.
- Fixed the search server's indexing indicator page to display the correct search indexing status.
- Fixed intermittent test failures when building the commerce-examples module.
- Fixed the Data Population tool. The data population tool now works with MSSQL and an RDS snapshot is uploaded to AWS.
- Fixed error when running the search server.
- Fixed externalization of Apache Solr indices. The JVM -Dsolr.solr.home=<solrHomePath> parameter now works.
- Fixed the driver not found error message in the Data Population tool. Each exception now presents a more descriptive error message.
- Fixed registration of a new customer using an existing email address if an account is shared across multiple stores.
- Fixed accessibility of the rest-schema.xsd files. The rest-schema.xsd files are now accessible at http://elasticpath.com/schema/rest/0.x. The latest version of the schema is https://www.elasticpath.com/schema/rest/0.5.
- Fixed the error message presented if a <relationship><to> element in a Cortex resource definition points to a non-existing resource to provide more helpful information.
- Fixed error presented when adding a nested bundle to cart.
- Fixed Cortex Studio's log files to display an error message when a zoom operation fails.
- Fixed the purchases.purchase-line-item URI to display the encoded Order SKU GUID instead of the SKU GUID.
- Fixed the ShoppingCartRepositoryImpl object's constructor. ShoppingCartRepositoryImpl now has a public constructor.
- Fixed Cortex billing address and profile address links. The billing address link and the profile address link now return correct values.
- Fixed support for multiple shopping carts for a single user by implementing ShoppingCartRepository.getShoppingCart(String) method. Introduced the getDefaultShoppingCartGuid() method to replace ShoppingCartRepository.getDefaultShoppingCart().
- Fixed JSON responses to support null values for a field. Fields with a null value are now shown in the response and are able to be updated.
- Resolved an exception when extending Form Submit Prototype.
- Fixed warnings generated during building the cortex-resources module.
- Fixed an insufficient inventory error when updating a quantity of a line item in a cart.
- Fixed Cortex Studio's standard links functionality to work for non-zoom queries.
- Fixed display of shipment discount information. Shipment discounts and costs are now correctly displayed in the Less Shipment Discount and Shipping Cost fields .
- Fixed inaccurate time zone display. Commerce Manager now shows dates in the user's local time zone.
- Fixed inaccurate display of amount in the Order Details tab's Invoice Price field.
- Fixed Order Details tab in the web admin console to include a Discount column to display discounts for e-shipments.
- Fixed extensibility of BaseAmount objects and display of extended objects in the web admin console.
- Fixed partial search functionality for all fields in the Customer Service tab.
- Fixed permissions to restrict users from creating price list assignments for stores they do not have the correct permissions for.
- Fixed test failures.
- Fixed intermittent display of inconsistent date/time formats.
- Fixed Role Permissions dialog to display permissions assigned to a user in groupings based on the permission's category.
- Fixed display of Edit Pricing Tier dialog box in the web admin console.
- Fixed Split Shipment dialog to allow the moving of an item from one shipment to another when splitting a shipment.
- Fixed display of incorrect names for shipping methods.
- Fixed display of localized strings. Localized strings are now displayed based on the locale of the user's browser.
- Fixed a Problem Occurred error when creating an exchange for an order.
- Fixed system test dependency. System tests no longer depend on the com.elasticpath.cmclient package.
- Fixed display of shipment discounts for e-shipments.
- Fixed the type displayed for system settings. System settings now display the correct underlying data type.