January 2026 release

  • Updated

Release: 5.2.2601.315+sts

The following is a list of the release's bug fixes and enhancements. Some bug fixes may address existing support articles. A comprehensive list is at the bottom of this page.

The January 2026 release is now available for developers to download and work with locally or to request deployments.

Release highlights

  • One-page checkout – You can now use Google Pay and PayPal with one-page checkout.

Breaking changes

Low risk

  • Malformed HTML causes an unresponsive Product Detail page – A new method CleanHtmlContent was added to the non-extensible interface IHtmlContentProvider.
  • Unhandled error when selecting Save credit card information on the checkout page with Payment Service – Added an AccountIdentifier column to UserPaymentProfile's NaturalKey.
  • Sanitize any HTML that comes in for Spire share endpoints – This update includes the following:

    • The /api/v1/tellafriend endpoint now ignores the values for the following fields. They are instead looked up through product service v1 with the productId that is passed to the endpoint.

      • productImage
      • productShortDescription
      • altText
      • productUrl

      All other fields have html/urls/emails stripped. The email field is still allowed to be an email.

    • The share order/invoice endpoint (/.spire/shareEntity) strips HTML, URLs, and emails from all fields posted to the endpoint. The email field is still allowed to be an email.

Enhancements

  • Added the ability to use PayPal with one-page checkout.
  • Added the ability to use Google Pay with one-page checkout.
  • Improved the integration job details notification emails by adding a short description for the notification and a link to the job log entry.
  • Increased the Value column to nvarchar(max) for the following tables: IntegrationJobParameter, JobDefinitionParameter, and JobDefinitionStepParameter.
  • Updated Search Service Authorization to use the Commerce Product Instance Details to simplify and improve permissions validation.
  • Added an Ordered Product From Category Branch rule type for promotions and shipping rules. This lets you include subcategories.
  • *Added setCookie and removeCookie functionality during server-side rendering.
  • Improved security for Spire share endpoints. See the Breaking changes section for information.
  • *Updated the Button widget in Spire to be contextual.
  • *Added optional StartDate and EndDate parameters to the ODP export jobs and made LookBackDays optional. See Important notes in the integration documentation.
  • *Updated the ODP Order Sync to support custom order statuses through Order Status Mapping.
  • *Updated GetVmiBinCollectionHandler.CreateGetVmiBinResults to call IProductService, load all products at once, and get productDtos from this result. This means that the CreateGetVmiBinResult pipeline no longer creates ProductDto using catalogPipeline.CreateProductDto per line. GetVmiBinCollectionHandler/1100_CreateGetVmiBinResults.cs now does this at once for all products with single call to productService.GetProductCollection.

* These enhancements were included in hotfixes and are available for 5.2.2512 STS.

Bug fixes

  • *Fixed an issue with one-page checkout where a “Resource Forbidden” error displayed when you logged in after a guest checkout.
  • *Fixed an issue where the Recently Purchased list did not update immediately after order placement.
  • *Fixed an issue with Netcore where the GetIntergationJob failed because it was missing JobDefinitionStepFieldMap CustomProperties.
  • *Fixed an issue where the Shared With counter was incorrect when a Sales Rep user shared a list by billing address.
  • *Fixed an issue with one-page checkout where order notes did not display on the Order Approval Details page.
  • *Fixed an issue where builds failed with ForkTsCheckerWebpackPlugin memory issues.
  • *Fixed an issue where CreateOrderRequestCustomerOrder did not set the SiteContext from the Punchout CustomerOrder.
  • *Fixed an issue where removing a customer from a user’s assigned customers list did not remove them as the default customer in the Admin Console.
  • *Fixed an issue where the Transparent Gateway API v2 sent the default Content-Type, causing PaywareConnect transactions to fail.
  • *Fixed an issue in Netcore where IronPdf only used Docker on the storefront API.
  • *Fixed an issue where going to /redirectto/mobileauth/myaccountpage did not respect the current website CMS type and always looked for Classic URLs, which could result in an error.

* These bug fixes were included in hotfixes and are available for 5.2.2512 STS.

Related Support Articles

None.

Configured Commerce REST APIs

Cumulative breaking changes spreadsheet