Documentation Home

BroadleafCommerce - 5.0.3-GA

Released on August 24, 2016

This is the 3rd patch release for Broadleaf Commerce 5.0 framework.

An at-a-glance view of the issues that were closed in this release:

Critical Bugs(2)

  • Add Instanceof check before casting Media as Status for Non-Enterprise compatibility
  • Fixed issue where categories do not appear in a Synced Catalog with Enterprise using the Multi-Tenant module

Major Bugs(6)

  • Added Visibility Enum for explicitly hidden fields
  • Encode untrusted javascript before insertion using ESAPI
  • Fixed structured content service cache on invalidation
  • Fix bug that prevented ListGrid filtering
  • Added OWASP, ESAPI, HTTPUtilities and Encoder for CRLF neutralization
  • Fixed sandboxing around primary media removal

Minor Bugs(11)

  • Remove cmsUrlPrefix from thumbnail creation to eliminate Null in static asset source URL
  • Fixes Search Facets and excluded Search Facets to update properly after change
  • Map the correct set of roles and user details to Admin User
  • Add DirectCopyTransformTypes.AUDITABLE_ONLY annotation for community classes
  • Fixed translation link not appearing
  • Modified listGrid's external links to properly redirect to admin sections if the admin section exists
  • Fixed issue where Redactor improperly rendered content for text areas in admin
  • Fixed mediaListGrid.html template from breaking for media that is read only for user
  • Fixed how IncomingURL regex patterns are wrapped in regex anchors (e.g., "", "$")
  • Added protection against XXE attacks by disallowing DTDs


  • Format price/money to correct decimal places.
  • Change EntityManager to protected to allow implementors to access it.
  • Create AdminAnnotation to control No Value Selected enum option
  • Enhanced shop as Guest/Assisted shopping functionality
  • Extracted a method for creating a section crumb to be used downstream
  • Feature product type

Total Resolved Issues: 24