Framework Updates

The framework has been upgraded to JDK 21 and Spring 6 since the 2211-jdk21.1 version.

For customers running on the August 2025 update with JDK 17, the validity period of this SAP Commerce Cloud version will be extended from six to twelve months, and we will provide security fixes until the end of Q2 2026. The JDK 21 version will continue the series of updates, as usual, per our continuous innovation guidelines, including regular releases of new features. For more information, see Continuous Innovation in SAP Commerce Cloud 2211.

For more information about the framework update, see the Framework Update page and the FAQ document, which is updated periodically.

As part of the September 2025 update, SAP Commerce Cloud has rebuilt the OAuth capability on top of currently available Spring libraries.

The existing OAuth capability has been rebuilt on current Spring libraries, moving away from the existing Spring Security OAuth library (reached End-of-Life in 2022). The oauth2 extension has been removed and replaced with the new authorizationserver, resourceserver, and oauth2commons extensions while UI and APIs have been adapted to use more current Spring Security support for OAuth 2.0.

The Spring Authorization Server does not implement the Resource Owner Password Flow or Implicit Flow as they are deprecated and discouraged by current OAuth security best practices. As a result, these flows are not available in the rebuilt OAuth capabilities. Any existing usages of these flows needs to switch to the Authentication Code Flow. For more information on the upgrade to the new OAuth implementation, see OAuth.

Drools is upgraded from version 8 to version 10 in the 2211-jdk21.1 release.

The previous Drools version 8.44.0.Final is incompatible with Spring 6, as the Java EE API has been upgraded to the Jakarta EE API in Spring 6. Both Drools 8 and 9 are at risk of being out of maintenance, so it’s necessary to upgrade to the latest stable 10 version to ensure security and maintain compatibility.

For more information on library changes, see Library Changes.