This page provides details about the 8.18.7 release of the Infosys Equinox Commerce platform, which includes updates from versions 8.18.6 and 8.18.7. The release notes are organized into the following sections:

• Functional Changes
• Technical/API Changes
• Technology Maintenance & Upgrades

Click on the page contents below to navigate to the required sections:

13 September 2024 (8.18.7)

The following new features or enhancements have been added to the Infosys Equinox Commerce platform.

Functional Changes

Loyalty Enhancements

• Campaigns: Admin users can set up user-specific campaigns to provide rewards for a specified duration.
• Point Accumulation & Point Cap:
  • Admin users can accumulate the eligible orders count using the Reward Bank property.
  • Admin users can earn rewards based on accumulated orders using the Reward Bank property.
  • Admin users can set a point cap to earn maximum rewards using the Reward Bank property.
• Custom Duration:
  • Admin users can set up a custom duration to earn rewards under the profile property.
• Earn Rewards for Multiple Items:
  • Admin users can earn rewards for an array of items within orders based on the sum of quantity and count.
• Reward Break Up:
  • Admin users can view the breakdown of rewards for a transaction.
• Multiple Rewards & Transactions:
  • Admin users can support multiple reward types and multiple transactions simultaneously.
• Import:
  • Admin users can import users and transactions in bulk.
• Export:
  • Admin users can export Rewards Bank, User Statement, and Transaction History details.

Change Logs

• Admin users can now use Change Log to view a summary of changes made to the following services:
  • Catalog
  • Pricing
  • Subscription
  • Inventory

• Admin users can now view differences between the new and older versions using change logs.

Search Enhancements

• Admins can now search using custom attributes in the Accounts or Customers Admin console.
• Admins can create custom attributes in the Customer Admin console.

Loyalty Voucher Enhancements

• Admins can credit vouchers for consecutive subscription orders based on a monthly frequency.
• FAQs for Loyalty Vouchers are now viewable on the storefront and Customer Admin console.

BOGO – Bundle GWP

• Admin users and customers can now view all bundle products as “Free Gift with sub-items” in the cart and order details in both the Customer Admin console and storefront.

App Marketplace Enhancements

• When a payment method is set to inactive in the Payment Admin console, the payment method in the storefront is visible but not accessible by the user.
• Ability to support the fulfillment of items by multiple fulfillment providers or apps in an order.

Apps Enhancements

• A new capability has been added to set an app as the default app in a store for the “Tax,” “Address,” and “Fulfillment” categories.
• The Stripe app now supports the “Bank Redirect” option enabled by Stripe’s payment provider. This option is supported for certain banks in the EU region.

Platform Extensions

• A new extension has been added to the Notification service for sending notifications via email or SMS.

Ultra Admin Features

Customers / Accounts Features

• Allows adding or updating the country code and phone number as mandatory fields for a customer or account.
• A new store property, “phonenumberCountryCode,” has been added with the default value “US(+1)”. This property stores the country code values available for user selection on the user and account details pages when providing a phone number.
• Allows adding or updating the “Date of Birth” option for a customer on the Customer Details page.
• The Account ID under the Account Details section has been removed as it is already available in the Customer Details section.
• Enabled the CSR to view, upload, or download the supporting documents while creating and managing contracts for an account.

Orders

• In the Order view screen, the “View Label” and “Create Label” buttons were added to view or create shipping labels, allowing the fulfillment vendor to ship the order.
• In the Order view screen, the “DISCOUNTS” tab for a CSR Admin has been enabled to view order discount information.
• While creating an order, enabled the entry of order gift receipt text by a CSR Admin.
• In the Order creation page, while selecting the product, enabled the strikethrough of transaction price and additional price facets to show discounted prices when a promotion is applicable.
• In the Order Overview page, the “Order Placed By” is shown to the CSR Admin with the first name, last name, and email of the customer.
• In the Order view, enabled the “Print Order” functionality based on templates configured via the collection property “orderPrintformat” with the HTML value, allowing the order to be printed.
• Allows a CSR Admin to make payments using multiple cards for both new order creation and return orders.

Enterprise Admin

Accounts Admin Console

• Enabled the CSR to view, upload, or download supporting documents while creating and managing contracts for an account.

Foundation Admin Console

• Enabled the option for the Business Admin to resend invites to existing team members.

Ultra Admin Customization

• Account Module Customizations:
  • A new store property, “accountsExtension,” has been added. By providing a valid JSON, users can customize detail fields, search fields, custom user actions, grid actions, and more.
• Customer Module Customizations:
  • A new store property, “customerExtension,” has been added. By providing a valid JSON, users can customize detail fields, search fields, custom user actions, grid actions, and more.
• Order Module Customizations:
  • A new store property, “ordersExtension,” has been added. By providing a valid JSON, users can customize detail fields, search fields, price facets, custom user actions, grid actions, and more.
  • Enabled Bulk Custom Action in the Order Grid and Custom Action on the Order View Page, based on configurations.
  • Enabled customization to show additional or other properties in the order details on the order view page.
  • Enabled customization to use additional fields based on the configuration for the order’s quick and advanced search.
  • Enabled customization to generate order reports from a new page in the navigation menu using iFrame app configuration.
  • Enabled configuration to show the Dropship order checkbox based on defined validations in the configuration.
• Account Grid Customizations:
  • Enabled Bulk Custom Action in the Account Grid and Action on the Account Details Page, based on configurations.
  • Enabled customization to configure the fields or columns to be shown for the account’s customer data and order data tables.
  • Enabled customization to use additional fields based on the configuration for the Accounts’ quick and advanced search.
  • Enabled customization to configure additional fields to be shown on the account details card on the account details screen.
• Customer Profile Customizations:
  • Enabled customization to configure additional fields to be shown on the customer profile page.
  • Enabled customization to configure additional fields to be shown and edited for the customer details.
  • Enabled customization to use additional fields based on the configuration for the customer’s quick and advanced search.
  • Enabled customization with configuration to have OTP verification while updating the customer’s phone number using the iFrame app.
  • Allow editing of additional fields based on the configuration; for example, Person ID and Account ID.
• Navigation Menu Customizations:
  • For CSR navigation menu customizations, a new store property, “navigationExtension,” has been added. By providing a valid JSON, users can add or remove menu options and provide relevant page navigation.
  • Enabled customization to configure the left navigation menu options, allowing menu options to be removed or added.

Subscription Suggestions

• Ability to display subscription suggestions instead of a one-time purchase on the product detail page for storefront customers.
• The following store properties have been newly created to configure subscription suggestions:
  • SubscriptionMessage: With the value subscriptionSuggestion%d, this property shows the subscription message on the storefront’s product detail page.
  • UserSKUOrderHistoryCount: With a numeric value (e.g., 1 to signify the number of orders), this property indicates the count of items a user has purchased.
  • UserSKUOrderHistoryTime: With a numeric value (e.g., 1 to signify the number of items), this property indicates the number of items a user has purchased in a month.
• Similar Items:
  • Enabled storefront customers to view “Similar Items” on the product detail page.
• Analytics and Insights:
  • Admin users can click “Analytics and Insights” to navigate to the dashboard reports page from the left navigation panel or the StoreOps page.
  • The following store properties have been newly added to enable the Analytics and Insights for viewing dashboard/reports:
    • quicksightDashboardInfo: With the value true, this property displays the Analytics and Insights option on the admin page.
    • quicksightDashboardId: This property is used to configure the dashboard name and respective dashboard IDs to display them on the Analytics & Insights page.
      For example, to display inventory, catalog, promotion, order, subscription, and loyalty dashboards, the JSON value can be:

      { “inventory” : “15ae701e-1f37-442d-bb20-1aa90ede4b07”, “catalog” : “f54a4f08-ff3d-4ccc-9702-bac448bd780a”, “promotion” : “60ce61e8-8528-4a5f-90d0-ad46ecb5b4ab”, “order” : “e54e0203-96f4-42b8-b95b-d0bb8cdf0d48”, “subscription” : “dcc32190-40c7-4f72-81fe-a1cdc6af5e4a”, “loyalty” : “39aa5f6f-0504-4968-9de9-7b3822cdf40c” }

Password Policy Improvements

Here is a list of all the password policy improvements implemented for this release:

• Expiration Policy
• Authenticator MFA for Admins
• Super Admin Password Policy
• User Enumeration
• Breached Password Protection
• Password Expiry Configuration
• Password Encryption and Hashing Support
• Secure Account Creation with Expiring Passwords
• Minimum Password Age
• Minimum Password Length
• Enforce Complex Password
• Account Lock
• Enforce Password History

Expiration Policy

Implementation of expiration policy for login tokens and OTPs to ensure they cannot be reused for multiple session IDs.

Authenticator MFA for Admins

Integrated with Authenticator App (such as Google Authenticator, Microsoft Authenticator, etc.) to enable multi-factor authentication for admin users when these collection properties MFA_enabled and MFA_authenticator_enabled are set to true.

Super Admin Password Policy

• Super admin can edit the privileges for collection ID 1 under the Configurations tab. The Configurations tab is visible only for super admin users to edit collection ID 1 privileges for customer, auth, and notification.
• Restricted the use of default passwords for super admin users. Enforced password complexity requirements to ensure the use of complex passwords instead of default ones.
• Ability to reset MFA for all individual admin users by a super admin user via the Teams tab in the Foundation Admin console.
• Introduced a dedicated option for super admins to edit and update the privileges of business admins.

User Enumeration

When the account gets locked due to multiple incorrect attempts, an email communication is sent to notify the user (along with a reset password link) of the incorrect attempts made. This is configured in the collection property max_login_attempts with the value “3” for the number of login attempts.

Breached Password Protection

• The new password that is created is validated against the set of common/compromised passwords.

Password Expiry Configuration

Password expiry is to be configured as 60 days by default in the collection property “password_expiry_days” to define the number of days for the password expiration. Users receive an email notification 14 days before their password expires as per the configuration in the collection property “password_expiry_reminder_before_days“.

Password Encryption and Hashing Support

Supports one-way encryption or hashing for the stored passwords. The password cannot be decrypted into clear text to prevent their exposure to password-cracking utilities.

Secure Account Creation with Expiring Passwords

When a business user creates an account, the password should be random and secure, preset to expire upon login, and automatically sent securely to the user via SMS or email.

Minimum Password Age

This setting determines how many days a new password shall be kept before the user can change it. This setting is designed to work with the enforced password history setting so that users cannot quickly reset their passwords the required number of times, and then change back to their old passwords. As per the enforced policy, a user needs to keep the new password for a minimum of 5 days. which is configured in the collection properties: “password_change_interval” and “password_change_limit_interval“.

Minimum Password Length

Ability to maintain the minimum password length via the collection property “passwordMinLength”. The minimum password length is 8 characters.

Enforce Complex Password

This setting determines whether password complexity is enforced. If this setting is enabled, user passwords meet the following requirements: Password shall have at least three of the following types of characters:

• Lowercase alphabetical: Configure the collection property “requiredUpperCase” with the value true.
• Upper case alphabetical: Configure the collection property “requiredLowerCase” with the value true.
• Numerical: Configure the collection property “requiredNumber” with the value true.
• Special characters (Punctuations): Configure the collection property “allowedSpecialChars“; for example, !@#$%^&*_

Account Lock

This policy determines the number of invalid attempts made by a user:

• Admin User: For account lockout, configure the threshold to “3” by default for an Admin user in the existing collection property “max_login_attempts”.
• Domain Account Lockout Policy: The Domain Account Lockout policy setting is configured as follows:
  • For account lockout duration, configure the collection property max_login_attempts with the value “0” to lock the account permanently until it automatically unlocks after 24 hours, or via the super admin we should be able to unlock it.
  • For the account lockout threshold, configure the collection property max_login_attempts with the value “3” for the number of login attempts (for both the default & stringent accounts).
  • For the new collection property login_attempt_expiry_millisecs with the value in milliseconds (for example, 86400000 for 1440 minutes (24 hours), which helps to unlock the account based on the defined value.
• Flexible Account Lockout Policy: A stringent account lockout threshold is available for privileged users, high-profile users, and project users (based on the project requirement/compliance) and is assigned based on the requirement. The account lockout threshold is set as “3”. It’s applicable for both default and stringent accounts.
• Reset Account Lockout: Ability to reset the account lockout automatically once it permanently locks after “n” number of invalid logins. The Reset Account Lockout counter determines the number of minutes that shall elapse after a failed login attempt before the bad logon attempt counter is reset to “0” bad logons. The new collection property reset_account_lockout_counter is set as 86400000 (in milliseconds).

Enforce Password History

This setting determines the number of unique new passwords a user shall use before an old password can be reused. As per the enforced policy, a user is not allowed to reuse the last 12 passwords while changing the domain password. The default value for retaining old passwords is set to 12 in the collection property “last_password_check_count”. An alert message “Previously used 12 passwords cannot be reused.” is shown when trying to reset the password from the My Account profile page.

Technical Changes

Loyalty Enhancements

Campaigns Controller

• The Campaign controller has been introduced to manage campaigns using the following APIs.
  • Find All Campaigns
  • Create a Campaign
  • Find a Campaign by ID
  • Patch Update a Campaign

Loyalty Rewards Controller

• In the existing Loyalty Rewards controller, in the request and response, we have included the following functionalities in the existing JSON node.
  • Point Accumulation: This Point Accumulation option allows to accumulate the loyalty points for the users.
  • Point Cap: The point cap has been enabled for all action types to limit the number of points a customer can earn.
  • Custom Duration: This custom duration support, which allows a user to earn rewards for a specific period.
  • Continuous Subscription Months (CSM): Allows a business admin to provide rewards to a user based on continuous subscription orders.
• A new node, “breakup,” has been introduced under Get Loyalty Rewards to display the reward breakup with Rule ID, Rule Name, Rule Description, Reward Type, and Reward Value.

Transaction Controller

• In the Transaction controller, the “Create a Transaction” API now supports for multiple rewards and reward points break up.

Rules Controller

• In the Rules controller, the “Create a Rule by Ruleset ID” API now supports Accumulation fields to enable multi-array functionality.

Framework Changes

• Framework changes have been implemented to support the Accumulation field in the custom rule for multi-array support.

Account Controller

• In the Account controller, the “Find All Accounts” API now supports searching based on custom properties and indexing the results.

Customers (User) Service

• In the Users controller, the “Search All Users” API now supports searching based on custom properties and indexing the results.
• When the newly added parameter “excludePropertyCheck” is set to true in the API calls “Create a User” (using POST call) and “Update a User” (using PATCH call), it validates the custom properties based on the attribute identifier and field type. By default, this parameter is set to false.

Foundation Service

• The Change Logs controller with the “Load All Change Logs” API has been introduced to obtain all change logs for the defined service within the specified time range.

Order Service

• Support for configuring subscription frequency in the Loyalty condition.
• Support for redemption reversal and forfeit of Loyalty Vouchers for partial order returns.

Feed Job Service

• A new import feed has been introduced to import transaction and loyalty rewards bank data using the .xlsx file.
• A new export has been introduced to export transaction history and loyalty rewards bank details based on the following job parameters:
  • usermath
  • loyalty
  • transaction
  • transaction_reward_breakup

Admin Orchestration Services

• The Change Logs controller with the “Load All Change Logs” API has been introduced to obtain all change logs for the defined service within the specified time range.
• The “Find All Customers” API now supports searching based on custom properties and indexing the results.
• Ability to configure bundle items, SKU kit, or collections as “Gift Item” for normal product and other product types via the existing node of the following APIs:
  • Get a Cart by Cart Type (Carts Controller)
  • Search an Order by ID (Orders Controller)

• The Campaign controller has been introduced to manage campaigns using the following APIs.
  • Find All Campaigns
  • Create a Campaign
  • Find a Campaign by ID
  • Patch Update a Campaign

Storefront Orchestration Services

• Ability to configure bundle items, SKU kits, or collections as a “Gift Item” for a normal product and other product types via the existing node of the following APIs:
  • Get Calculating Cart (Carts Controller)
  • Load a Product by ID (Catalogs Controller)
  • Load an Order by ID (Orders Controller)
• Support for creating a cart quickly with a user’s default address, shipping method, and payment method using the new API “Cart Quick Checkout”.

App Marketplace Service Enhancements

API Changes in App Marketplace

• businessId is a mandatory parameter for the following APIs in the App Marketplace service.
  • GET method: MerchantApps/findAppInstallation
  • GET method: MerchantApps/findAllAppByStoreId
• The businessId node has been added to the Webhooks app controller in the App Marketplace service. For the API endpoints, businessId is now a mandatory parameter.
  • POST method: Create Details for a Webhook
  • PUT method: Update Details of a Webhook for a Subscription ID
• The App Marketplace’s Lambda authorization process has been updated according to the OAuth client credentials flow.

Payment Extension

• The payment extension names have been modified in the payment services’ app plugin.

API Changes in Address Services

• For the Validate an Address API endpoint in the Address service, a recommendations node has been added to the response object for the 400-status code.

API Changes in Foundation Services

• Updated the store creation API to add the store properties by default if the “Auto Create Collections” is enabled for the store.

API Changes in Order Services

• Updated the “Get Order By ID” API to get the order placed by first name, last name, and email details using the new node ‘orderPlacedBy‘ in the response from the admin.

API Changes in Customer Services

• Introduced an API “customerFindAllAttributes” for the CSR admin to get all the list of attributes irrespective of the page and size.

API Changes in Account Services

• Enabled the “getContracts” and “updateContract” APIs for a CSR to view, upload, or download the supporting documents while creating and managing contracts for an account.

Black List Item API Enhancements

• In the Customers (User) service, the APIs postBlackListItem, getAllBlackListItem, and deleteBlackListItem have been newly created under the “Black List Item” controller. This reduces the risk of unauthorized access and data breaches, enhancing the organization’s security posture.

Technology Maintenance & Upgrades

Security Improvement: Secret Key Rotation

In the Equinox Commerce platform framework, secret keys and credentials are utilized within the service instance itself to avoid frequent calls to AWS Secrets Manager. This allows for quicker retrieval of values from the instances. However, updates made in AWS Secrets Manager are not automatically reflected in the service instance.

To apply these updates, new Refresh APIs have been introduced for the components (such as MySQL, MongoDB, RabbitMQ, Redis, and Secret Manager). These APIs will clear the cached data from the service instance whenever triggered from the pipeline, ensuring that the latest key values are always used.

Open-Source Library Vulnerability Fixes

The unique security vulnerability that has been patched in the Infosys Equinox Commerce platform is 46 vulnerabilities.

The total number of vulnerabilities closed is: 322

Vulnerability severity levels are as follows:

• Critical – 18
• High – 43
• Medium – 256
• Low – 5

 

Revision History

2024-09-13 | JP – Added Release 8.18.7 content.