Introduction

Welcome to Intershop Commerce Management 11.

This Public Release Note contains information about the latest features of Intershop Commerce Management. In addition, it serves as a quick reference for the latest documentation.

References

For further documents related to ICM 11, refer to Overview - Intershop Commerce Management 11.

New & Noteworthy

Intershop Commerce Management 11 comes with unique scaling options where the required infrastructure is provided fully automatically based on the required computing power. Kubernetes is used to orchestrate the application’s individual (Docker) containers.

Maintenance-related downtimes are drastically reduced and monthly releases enable ongoing technical and functional optimizations. In times of rising cybercrime and, therefore, an increasing need for data protection, ICM 11 will provide an infrastructure that is always state-of-the-art and secure.

Release Documents

Feature List

Please see our feature list for more details about the new release:

• Feature List - Intershop Commerce Management 11.0

Guides, Concepts & Cookbooks

For a list of all available ICM 11 documents, use the ICM 11 filter in our Knowledge Base.

Migration Guides

For migrations within ICM 11 versions, refer to:

• Overview - ICM 11 Patch Migration

Intershop provides Migration Guidelines to ease the migration from 7.10 to 11:

• Overview - 7.10 - 11 Migration

Changelog

Minor Update Release 11.9.0

Technology Changes:

• (DB)Preparer can now trigger a page cache reset for sites, so template changes can be pushed/forced to customers after the deployment.

• Fix: Login of ICM and SMC back office does not work after deployment

Minor Update Release 11.8.0 CANCELED

• The back office login pages have a new look and feel.

• You can now handle catalog categories, product links, and product attachments with the Product and Catalog Management REST API, see Reference - Intershop Commerce Management 11 REST API.

• Fix: Correct calculation of cache misses if value for a key was null

Technology Changes:

• Job configurations imported by DBPrepare can now contain attribute values of type “Multiple String”.

• DBPrepare will now skip preparation steps in case the execution failed multiple (three) times to avoid unnecessary downtimes on production systems. The behavior can be overruled by:

  • intershop.dbinit.breakOnError and

  • intershop.dbmigrate.breakOnError

• Improved logging for JGroups message delivery, retrieval, and acknowledgement

• Fix: Login pages do no longer reveal why the login failed to avoid giving information to potential attackers.

• Fix: Job executions do not protocol process execution duration time

Patch Release 11.7.4

• Fix: Storing audit transaction items failed, because identifier needs to be truncated by database as provided ID was too long

Patch Release 11.7.3

• Fix: DBPrepare migration steps were not marked for Oracle only, that leads to issue under Microsoft SQL server

• Fix: Staging ORM connection is now closed before staging hooks are executed. This avoids automatically closed connections by the database.

Patch Release 11.7.2

• Fix: Delete user in case the user is already marked as to be deleted

Patch Release 11.7.1

• Fix: JDBCSequence keeps result set longer as expected; this leads to Out Of Memory

• Fix: Avoid current read of product attribute names

Minor Update Release 11.7.0

• A new price provider webhook has been introduced which allows for retrieval of prices from external systems, see Concept - Price Service Webhook.

• Order REST API 1.5.0 contains search parameters on line item level now, see Reference - Intershop Commerce Management 11 REST API.

• Now you can handle product images with the Product and Catalog Management REST API (Beta version).

Technology Changes:

• A new metric provides the running jobs so that long running jobs can be identified.

• When using login or the “forgot password” functionality, you will receive a generalized message that does not give any hints about whether an existing user login was found or not. Attackers cannot guess a correct user login with this security measure.

• Fix: Previous log file locations have been removed in order to prevent log messages from being written pointing to those locations.

• Fix: Users can no longer accumulate excessive transient session cookies from different application servers. To avoid oversized http headers, "unused" transient session cookies are removed after the count surpasses five. This may cause lost sessions during manual testing when multiple browser tabs are open on various sites. In addition, the web adapter removes duplicate http headers after collecting headers from remote includes.

Minor Update Release 11.6.0

• You can now handle product assignments to a category with the Product and Catalog Management REST API (Beta version).

• The Shop REST API has been broken down into the following REST APIs for greater clarity. Apart from the documentation, the APIs are unchanged. See Reference - Intershop Commerce Management 11 REST API:

  • Attachment

  • Configuration

  • Contact

  • Internationalization

  • Store

Technology Changes:

• The Swagger library update produces a version conflict with slf4j, see Guide - 11.6.0 - Migration Library Updates. ICM 11 still sticks to slf4j version 1.x, so all slf4j version 2.x must be explicitly excluded.

• Now the Docker image contains JDK tools to create heap and thread dumps of the application server if the pod terminal can be attached. This facilitates the creation of a heap or thread dump of the ICM application server in case the application is unresponsive.

• Fix: QueryORMObjectCollection to avoid resource leaks in case of using size and iterator methods, see Guide - 11.6.0 - JDBCQueryProcessor changes

• Fix: The global cache reset was removed, and in the event of a global cache reset the caller stack trace is logged at warn level now. A global cache reset should only happen in rare replication or migration scenarios. Previously, session table and business caches were cleared every hour.

• Fix: DBPrepare now calculates the correct initialization mode in case the DBPrepare process was interrupted.

Minor Update Release 11.5.0

• New Product and Catalog Management REST API (Beta version) has been introduced.

  • Supporting major actions for managing products and catalogs in Intershop Commerce Management

  • Subject to changes. More functionality will be added iteratively.

• New REST endpoint GET /mediaassets that provides access to content images and other content media files has been introduced. It allows browsing through directory structures and provides a paging mechanism, see Reference - Media Assets Management REST API 1.0.0 (Beta).

• A new configuration value was added to the Shop REST API, see Reference - Shop REST API 1.5.0.

  • New flag "EnableNewsletterSubscription" in configurations REST endpoint

• New standard basket and order attributes on line item level have been introduced: "Partial Order Number" & "Customer Product ID", see Online Help | Managing Shopping Cart Preferences.

• Configurable basket, order, and line item custom fields that are automatically displayed in approval and order confirmation e-mails

• Channel-/application-specific display toggles for common basket, order, and line item attributes. The toggles are available in new version of /customer REST endpoint.

• Update: Order REST API 1.4.0 contains search parameters “ICM order number”, “Customer Order ID” & “time-frame” (date), and supports paging now, see Reference - Order REST API 1.4.0.

Technology Changes:

• The PID (process identifier) file has been moved to a location inside the pod because the /intershop/logs directory, where it was previously stored by the Web Adapter, is indented to be mounted or exposed as a volume. /intershop/logs can be mounted to provide Web Adapter request logs.

  • The fix is not related to that ICM update directly; it is included in WA version 2.4.7.

• Initial DBPrepare is now marked with serverImpact=SHUTDOWN, so that the server impact is declared correctly. The DBPrepare uses an additional locking to prevent initialization from different application servers at the same time.

Patch Release 11.4.1

• Enabled heartbeat for shared read connection pool

• Cleaned shared read connection pool from dead connections

Minor Update Release 11.4.0

• Contact Center REST API now provides Co-Browsing URL for PWA, see Reference - Intershop Commerce Management 11 REST API.

• Channel information was added to the product and catalog export in order to provide SPARQUE integrations with this information.

Technology Changes:

• The default build directory has been changed from “target” to “build”, see Guide - 11.4.0 - Usage of Standard Build Directory.

• The runtime-lib was no longer used, so that library and library path were removed from build and Docker image.

• Fixed Webadapter ConfigurationServlet communication in case of errors during data retrieval

Patch Release 11.3.1

• Improved logging around staging and job processing (avoid duplicate information, increase context information of info logs)

• Fixed staging synchronization issue between edit and live server

• Fixed resource leaks of failed sftp file transfers

Minor Update Release 11.3.0

• New security feature: The content media file upload is now restricted for all locations in the back office, including the TinyMCE text editor. This is done by checking the file extension against the MIME type.

• Some code artifacts of the Customer REST API were reworked. Customers or partners who customized the existing REST API need to adapt their implementation, see Guide - 11.3.0 - Rework Customer REST API Code Artifacts.

• An optional query parameter has been added to the Basket REST API, see Reference - Basket REST API 1.4.0.

• DBPrepare will be executed for this update, see Concept - DBPrepare:

  • Fix the table name in sp_deleteOrders.sql for Oracle DB

Technology Changes:

• Since ICM 11 does not need a license file to run, the usage of license key has been removed from several business logic, like auditing or revenue reporting.

• Now an automated process updates used Docker images (JDK update to 17.0.7_7-jre). This update will contain only minor or patch updates of the JDK. These automated updates of the JDK will happen on minor ICM version only. Previously, updates of the JDK came on request or on a scheduled basis.

• We added the New Relic Agent for APM and performance tracing (contains pipelines, pipelets, templates now)

• The resource loader supports resources inside the jar, i.e. configuration can be loaded from java resources now. Previously, cartridge-specific logging extensions could be provided, but after moving these resources to the cartridge-jar file, a customization could not extend the logging configuration.

• Fixed NPE at Authentication (ApiTokenModule)

• The ConfigurationServlet now returns with http status codes instead of containing error messages/keys in the response, so the WA can handle errors on status and does not need to parse the body of the message.

• Staging environments are still for development purposes only. The staging index files are now stored in the sites/root folder, which is mounted with an external volume. Previously, the staging processor created index files at a directory inside the container, which is very limited and should not be touched.

Patch Release 11.2.1

• Fixed staging process state mapping

Minor Update Release 11.2.0

• New security feature: The content media file upload is now restricted for all locations in the back office, which are not inside the TinyMCE text editor. This is done by checking the file extension against the MIME type. See , see Online Help | Managing Image Files.

• Enriched JWT access token with attributes user and customer in order to support protected search queries for SPARQUE integrations

• The maximum number of public wish lists returned by the GET /wishlists request has been limited, see Reference - Wish List REST API 1.1.0.

• DBPrepare will be executed for this update, see Concept - DBPrepare:

  • Updated views: ieproductcategoryassignment, V_PRODUCTSHARING

Technology Changes:

• This release provides initial configuration for staging/replication environments for non-production systems. So developers can start developing for such environments.

• Improving operations of ICM 11, the SMC and Operations now display K8s pod name and namespace, so that a semantical assignment to infrastructure information is given.

• Since ICM 11 does not need a license file to run, pages about license report have been removed from the SMC.

• To avoid duplicated effort, the new DBPrepare will execute all migration steps inside a new cartridge in case dbinit.properties does not exist, see Guide - ICM 11 API Changes. Previously, a cartridge needed to support the migration and initialization processes of DBPrepare with different files (dbinit.properties and migration*.properties).

• Fix: ResponseStatisticsFilter execution duration measurement swallows exception

Patch Release 11.1.5

• Fix: ProductLink SQL statement takes 50% of the time

Patch Release 11.1.4

• Added NewRelic sub-pipeline and template spans

Patch Release 11.1.3

• Fix: SLDSystem and bc_backoffice in intershop.REST application

Patch Release 11.1.2

• Fix: Missing cartridge runtime dependency of app_sf_headless

Patch Release 11.1.1

• Fix: Missing cartridge runtime dependency of app_sf_headless

Minor Update Release 11.1.0

• New Inventory REST API 1.0.0 has been introduced

  • The new separated Inventory REST API call allows to receive availableStock and inStock information for SKUs. See Reference - Inventory REST API 1.0.0 (ICM 7.10).

• Extension of Product and Category REST API 1.7.0

  • For the ProductsResource the following extended attributes are supported: customAttributes, reviews, shippingMethods, averageRating, roundedAverageRating. For the ProductListResource the endOfLife and lastOrderDate were added as requestable attributes for the attrs parameter.

  • For scenarios using 3rd-party inventory backend services with expensive calls, it is now also possible to remove these attributes (availableStock and inStock + their corresponding backend calls) from the product detail call by configuration. See Reference - Product and Category REST API 1.7.0 on product detail call: view and attrs query parameter.

• Changes affecting multiple REST APIs: the read-only properties externalId and externalUrn have been added to the address resource object. This compatible change affects the following APIs:

  • Address Check REST API 1.1.0

  • Basket REST API 0.2.0

  • Customer REST API 1.2.0

  • Order REST API 0.2.0

  • Subscription (Recurring Order) REST API 1.1.0

Technology Changes:

• The customization now only ships libraries that are not delivered by the icm-as standard container. Previously, each customization shipped the entire set of libraries used by the customization.

• Syntactical Javadoc errors (wrong references to java classes, methods, or parameter) have been fixed.

• The server shutdown is consolidated and consistent now. Previously, the server shutdown had been split in several shutdown processes, aka onShutdown listener.

• New health checks can now be tested at production systems. Now the dry run enables the health check, the result of the health check is written to the log, but the server will not react on the result of such check. Previously the server health check could be enabled or disabled, which made testing it on production impossible.

• The server now starts without checking the license at server startup. The license file is still required at this version, e.g., for auditing signature algorithm initialization.

• The ClassLoaderResourceTools now frees resources (like jar files and input-streams).

• If the database connection is closed or disconnected (usually due to server or network problems), the import thread will now attempt to reconnect and run the import task again.