24.5 Release

Enable the Allow-List feature on the Limit Storefront Order Access setting if you aren’t yet limiting Storefront Order Access at all. This feature enhances security and control over who can access orders and which controllers can access order functions.

When: Starting with the B2C Commerce 24.5 release, the allow list is available to test your storefront order access settings without blocking access to controllers that aren’t on the allow list. Controllers that access orders but aren’t included on the allow list are posted in the alert section of the Business Manager.

How: In Business Manager | Orders | Order Preferences. Set the Limit Storefront Order Access dropdown to Allow List. Enter allowed storefront controllers as a comma-separated list. Only the controllers on the allow list can access customer orders.

Beginning with the B2C Commerce 24.8 release, the allow list is functional and controllers not listed on the allow list are blocked from storefront order access.

B2C Commerce announces the upgraded version of our eCDN, now featuring WAFv2, bringing a host of advanced security features to safeguard your online presence.

When: With the B2C Commerce 24.5 release, the WAFv2 features are available exclusively for net new zones. For existing customer zones using WAFv1, a self-service migration option to WAFv2 is scheduled for release during the second half of 2024.

Here’s what you can expect with eCDN WAFv2:

• Open Web Application Security Project (OWASP) Ruleset Integration: The eCDN OWASP Core Ruleset integrates the latest OWASP ModSecurity Core Rule Set (CRS). Your CDN provider routinely monitors for updates from OWASP based on the latest version available from the official code repository.
• eCDN Managed Rules: Provide fast and effective protection for all your applications. The rule set is frequently updated to address emerging vulnerabilities and reduce false positives.
• eCDN Exposed Credentials Check: A managed ruleset of pre-configured rules for well-known CMS applications. The ruleset conducts a check against a public database of stolen credentials.
• Configurability via Business Manager UI and CDN Zones API: With this update, configuring the eCDN WAFv2 settings is now accessible through the Business Manager UI and for new zones, through the CDN Zones API.
• Reduced False Positive Detections: The upgraded WAFv2 includes updated managed rulesets that reduce false positives. The rulesets enhance threat detection accuracy while minimizing disruptions to your normal operations.

A minimum period of five minutes is now enforced for retrieving WAF logs. This enhancement prevents setting the end time for log requests within 5 minutes of the current time.

How: Log entries are made for 60-minute increments of traffic requests to your storefront. For example, The current time is 2 pm. To retrieve a 60-minute increment log file, set the start time at 12:55 pm and the end time at 1:55 pm. The setting is for a 60-minute increment and the end time isn’t within 5 minutes of the current time (2 pm).

This change ensures improved accuracy and reliability in log retrieval and gives you more flexibility and control when querying WAF logs. Adherence to specified time frames is now guaranteed, enhancing the overall querying experience and making it easier for you to access information.

The Business Manager Promotion Refinements feature now offers expanded support for custom product attributes. With this update, users can now create refinable promotions that utilize custom localizable product attributes, as well as custom product attributes of type enum-of-string and enum-of-int. This enhancement addresses the previous limitation where Business Manager users could not set up refinable promotions with these specific custom attribute data types or localizable attributes.