Documentation Home

Broadleaf Commerce 5.2.11-GA

Release date: May 28th, 2019


This is the 11th patch release for Broadleaf Framework 5.2.x. To upgrade a 5.2.x application to the 5.2.11-GA release, it should only require updating the parent pom.xml broadleaf-boot-starter-parent to 5.2.11-GA.

New and Noteworthy

Library upgrades

  • jQuery to 3.4.1
  • Spring social to 1.1.6.RELEASE

JQuery Upgrade

Due to potential XSS vulnerabilities, jQuery was upgraded to latest version which is 3.4.1 (from 2.1.1). Unfortunately there were no options for upgrade to the latest 2.1.x version as the fixes for XSS vulnerabilities were only made available in the 3.4.0 or above.

NOTE: There are breaking changes introduced in jQuery 3.0. It is recommended to test all pages thoroughly to verify compatibility with jQuery 3. More detailed information can be found here

Using the Spring social

If your current project is using spring social, modify applicationContext-social.xm and add these lines:

<bean class="">
    <constructor-arg name="connectionFactoryLocator" ref="connectionFactoryLocator" />
    <constructor-arg name="connectionRepository" ref="usersConnectionRepository" />

More information on Spring social can be found here

An at-a-glance view of the issues that were closed in this release:

Major Bugs(2)

  • Fixed issue where 'Add buttons' were missing in global admin pages.
  • Fixes issue where using "After Cart Pricing" option in cartRule causes error if item is out of stock

Minor Bugs(6)

  • Fixed js errors in admin pages.
  • Fixed Potential XSS vulnerability, antisamy filter doesn't react on javascript in plain string
  • Fixed an issue related with ProductOption values special character
  • Fixed issue where saving product with XSS script causes error
  • Fixed an issue where deleting a product does not archive the associated skus
  • Tuned eager fetching when querying for ChallengeQuestion


  • jQuery upgraded to latest version 3.4.1 due to XSS vulnerabilities
  • Spring social upgraded to 1.1.6.RELEASE due to security vulnerabilities
  • Added Admin Approver only role
  • Added an EntityIdentifierUtil class to use Reflection to find the Identifier (@id) field in an entity bean

Total Resolved Issues: 12