As of version 4.2 of the Broadleaf Commerce Framework, we are officially changing our Community License from Apache 2 to the the “Broadleaf Commerce Fair Use License”.
The Broadleaf framework 4.0.0 release candidate is now available.
Broadleaf 3.1.13-GA and 3.0.16-GA are released on Maven Central. This contains a patch to a security vulnerability in the Broadleaf admin panel that allowed an admin user to hijack another admin user's account. Customer-facing logins were unaffected. We recommend immediate upgrades to these latest versions of Broadleaf in order to patch this security vulnerability. See the details for full release notes.
New Broadleaf CE releases for 3.1.10-GA and 3.0.15-GA have been published to Maven Central. Release notes for those respective releases:
These releases were in response to critical bugs present in 3.1.9-GA and 3.0.14-GA. We recommend skipping those releases and upgrading straight to 3.1.10-GA or 3.0.15-GA.
New Broadleaf CE releases for 3.1.9-GA and 3.0.14-GA have been published to Maven Central. Release notes for those respective releases:
Edit on December 3, 2014: These releases contain a critical bug. We recommend skipping these releases and go straight to 3.1.10-GA or 3.0.15-GA instead. Those 2 releases contain all of the fixes in 3.1.9-GA and 3.0.14-GA, along with the critical bug fix.
The latest patch releases in the 3.0 and 3.1 lines have been released!