April 2026

Release: 5.2.2604.558+sts

The following is a list of the release's bug fixes and enhancements. Some bug fixes may address existing support articles. A comprehensive list is at the bottom of this page.

Release highlights

• Promotions – Additional configurations are available for further promotions customization. See Database definitions to view the schema changes.
  • Allow Bulk Assignment of Products – Added a bulk means to assign and unassign Products within Rules and Results for promotion creation within the Admin Console.
  • Configure Max Discount Amount – Added the ability to set a Max Discount Amount to the following percentage-based promotion results so merchandisers can cap the total value of a discount regardless of cart size. When the cap applies across multiple order lines, the discount is distributed proportionally by line value. The field was added to Discount Percent Off Order, Discount Product, Discount Products in Brand, Discount Products in Category, Discount Products in Product Line, Discount Products of Vendor, and Discount Products with Price Code.
  • Add Discount Product List promotion result – Apply a discount promotion result to any order line whose product is in a configurable list of selected products. This extends single-product promotion targeting to multiple products without requiring multiple promotion records.
  • Apply Ordered Product List promotion rule result – Extend the Ordered Product rule to accept a list of products so that any match in the order triggers the promotion. The rule supports bulk assign, product import, and a paginated, two-column display with a Hide products detail toggle.
• Query Expansion Improvements for Commerce Search v3 – Added a Canonical Filter setting under Admin Console > Marketing > Search > Search General Settings > Search Query Expansion. When enabled alongside Query Expansion, Website, Language, and Restriction Group filters are passed to Google Cloud Retail Search and Shared Search descriptors so query expansion can distinguish organically poor results from results narrowed by a user filter. The setting does not change the final results displayed to customers and does not affect category browsing.

Breaking changes

Low risk

• Commerce Search v3 – Added CanonicalFilter field to the Insite.Search.Shared.ISearchRequest interface.
• Added SXe v11 connector for .NET8 – Added SX.e v11 support to the Configured Commerce .NET 8 (Core) build. SX.e v6.1, v10, and IFS remain unavailable on Core because their WSDL-generated classes do not compile on .NET 8. Customers upgrading to the Core build must configure SX.e v11. Other versions throw NotSupportedException at runtime.
• Custom property translations implementation – Added GetPropertyTranslations method to the IEntityTranslationService.
• Implemented nullable reference types in several core projects – Several unused classes and methods were removed. A number of unused constructor parameters were removed as well.

  • NaturalSortComparer

  • HttpContextBaseExtensions.GetUrlForLookingUpWebsite

  • HttpContextBaseExtensions.GetDomainPageUrl

  • WebsiteRepository.RunGetByDomain

  • WebsiteRepository.RunGetByMicroSite

Enhancements

• Added a Canonical Filter setting under Admin Console > Marketing > Search > Search General Settings > Search Query Expansion. When enabled alongside Query Expansion, Website, Language, and Restriction Group filters are passed to Google Cloud Retail Search and Shared Search descriptors so query expansion can distinguish organically poor results from results narrowed by a user filter. The setting does not change the final results displayed to customers and does not affect category browsing.
• Added graceful handling of Commerce Search Service rate-limit responses (HTTP 429) when Commerce Search v3 is enabled. Autocomplete requests return empty results so shoppers are funneled to the search page, and Search requests fall back to Elasticsearch until the rate limit resets. Rate-limit warnings are throttled to at most one log entry per minute to avoid log flooding. See Commerce Search v3 extensions for rate limiting details.
• Added a Use Top Level Domain For Authentication Cookie system setting under Admin Console > Settings > Security (website-specific, default off, requires a restart; restricted to ISC_System and ISC_Implementer). When enabled, the authentication cookie is scoped to the root domain derived from the request host so a signed-in user remains authenticated across subdomains.
• Improved sign-in continuity for Opti ID users launching the CMS editor for a different website in a multisite installation. Users are no longer prompted to sign in again when switching websites from the Admin Console on either .NET 4.8 or .NET 8 deployments.
• Improved tracking of website user activity so users with active Keep Me Logged In sessions are no longer incorrectly deactivated by the Deactivate Inactive User Accounts scheduled job.
• Added additional formatting options to the TinyMCE rich-text editor in the Admin Console to restore parity with the formatting toolbar previously available in CKEditor.
• Added a Product Line page variant rule type for Product List pages in Spire CMS. Merchandisers can now create Product List page variants that target Product List pages rendered from a Brand > Product Line.
• Added links to the user profile from the Created by and Modified by usernames in the Admin Console > Order History > specific order details tooltip.
• Added translation support for custom properties. Custom properties flagged as translatable in the Application Dictionary display the translation icon on entity detail pages in the Admin Console and return localized values in Storefront API responses.
• Added translation support for the Name, Shared By, and Description fields on Lists in the Admin Console so a single list can be published across multiple locales.
• Added an optional Payment Service Request/Response Logging setting under Admin Console > Order Management > Payment (website-specific, default off). When enabled, outgoing Payment Service requests and incoming responses are logged with sensitive data masked. Logging failures do not interrupt the payment flow.
• Restored the SXe v11 connector option on .NET 8 builds of InsiteCommerce. Implementations running on .NET 8 can now select SXe v11 for the Pricing Service, Order Submit Service, A/R Provider, Real Time Inventory Service, and Real Time Pricing Service. SXe v6 and v10 remain available only on .NET 4.8 because they depend on WCF-generated code that does not compile on .NET 8.
• Replaced the Proxima Nova font with Google Fonts Montserrat in the GSD Spire blueprint to resolve font-licensing concerns. Removed unused Proxima Nova references from the Admin Console and email templates.
• Upgraded the Spire frontend toolchain to TypeScript 6.0, with supporting upgrades to Jest and related dev dependencies.
• Improved performance of the order confirmation email pipeline by eagerly loading the customer order salesperson navigation property.
• Improved security for sign-ins and dependencies.
• *Added storage of the Payflow Pro ppRefvalue to the Token2 field on CreditCardTransaction records, providing access to the 17-character ppRef without replacing the existing pnRef value.
• *Added an Application Insights page view event tracking to the Spire storefront. Previously, page view telemetry was not emitted from the Spire site, leaving teams without visibility into storefront page traffic within Azure Application Insights. 
• *Added a binding redirect for Microsoft.IdentityModel.Tokens to resolve an assembly version conflict that caused deployment failures.

Bug fixes

• Fixed the unhandled error and long load time that occurred on the storefront Lists page when a shared list contained a large number of products with no category.
• Fixed the Website Cross Sell widget so it no longer displays variant products that are in a restriction group for the signed-in user. Clicking a restricted variant previously led to a "Page not found" error.
•  Fixed the intermittent failure of the Rebuild Index integration job on sites configured with Commerce Search v3. The Product Badge Rules Engine now uses a fresh unit of work during the rebuild.
• Fixed a privilege escalation issue where users in the `ISC_User` role could reach search-configuration pages (Synonyms, Stopwords, Term Redirects, Boosts) and their API endpoints by direct URL even though the menu was hidden. `ISC_User` is now denied permissions on search entities and on job export, import, and integration job cancellation endpoints.
• Fixed the inconsistent Criteria Object value shown on Admin Console > Rule Types > Promotion and Shipping, where the list view displayed a different value than the record detail view.Improved performance for databases with large product catalogs and product variants.
• *Fixed the TokenEx error that occurred when editing a saved credit card and then attempting to add a new card on the Save Payments page.
• *Fixed the issue where the newsletter subscription checkbox during checkout was not applied when the order was submitted through the order approval workflow.
• *Fixed an Index was outside the bounds of the array exception that occurred during payment gateway response parsing when a cardholder name contained an ampersand character. The response parser incorrectly split field values on the & delimiter, causing fields without an = separator to throw an index error. As a result, orders failed to create despite a successful payment authorization, leading to an incomplete checkout flow.
• *Fixed an error that occurred in the Rebuild Sitemap integration job when the GetDealerUrls pipe executed the ShouldAddDealerDetailsPages method with a null reference. The exception caused the sitemap post processor to fail, preventing successful sitemap generation. See Manually configured integration jobs.
• *Fixed an exception that prevented the application from starting. The error occurred in AsyncPipeline.Register when scanning the ExtensionsAssembly for types without exception handling, causing startup to fail before dependency registration could complete. 
• *Fixed a timezone-related issue where published CMS page versions appeared up to several hours in the future on Configured Commerce instances whose SQL server ran in a timezone with a negative UTC offset (for example, EST, CST, or PST). 
• *Fixed an error that prevented Vendor Managed Inventory (VMI) users from emailing order details from the VMI Order Details page. The VMI order details page was not included in the list of pages allowed for PDF generation, causing the email action to fail. Added the VMI Order Details page to the allowed list so that order confirmation emails can be sent successfully.
• *Fixed a Cannot access a closed file error that caused the S3 image upload integration job to fail. The Transfer method disposed file streams before the yielded async upload tasks completed, resulting in closed streams at the point of read. Restructured stream handling so that non-zip files open and close their own streams per upload, and zip archive entries are eagerly extracted into memory before the upload task executes, ensuring streams remain accessible throughout the upload operation.
• *Fixed an issue where page views on the 404 Page Not Found page were not tracked by Product Recommendations, preventing that page from contributing to recommendation data and behavioral analytics.
• *Fixed a regression in the Admin Console where the website-specific value indicator icon and tooltip no longer displayed on global default settings that had been overridden at the website level. 
• *Fixed an issue in SqlExecuteStoredProcedure where the commandTimeoutparameter was accepted but never applied to the underlying SQL command, causing all stored procedure executions to fall back to the default 30-second database timeout.

• cumulativebreakingchanges_configuredcommercecloud.xlsx60 KB