Vulnerability in EPiServer.Forms
I have found a bug or at least to me some unexpected behaviour of the use of DisableVersionSync="true" when using the Catalog Import. We are using commerce.13.16.x, but since the latest commerce tag in the forum is commerce.13.15.x I have tagged the post with this.
If DisableVersionSync is enabled in appsettings the related entries in the [ecfVersionProperty] are not updated when using the Catalog Import. Only the [CatalogContentProperty] table is updated.
The consequence of this is that the ContentLoader/ContentRepository, if no specific version is requested, returns the latest data. The Catalog UI however shows the latest data from the [ecfVersionProperty] table and hence it does not show the latest data to the editor.
What is even more unfortunate is that it has the "unintended" consequence that if an update is made on a single property through the Catalog UI, the property values in the [CatalogContentProperty] table are updated with all of the latest values from the [ecfVersionProperty] thereby overriding the latest data for all properties.
Steps to reproduce1. Set DisableVersionSync="true"2. Import a catalog.xml with variation entries.3. Do a property update in the Catalog UI on a variation.4. Import the catalog.xml again.5. See that in the Commerce Manager the value of the updated property has been updated to the value in the catalog.xml.6. See that in the Catalog UI the value of the updated property has not been updated.7. Update another property on the variantion in the Catalog UI.8. See that in the Commerce Manager the value of the originally updated property has been updated to the value which is was updated to through the Catalog UI in step 3.
I'm also hitting this issue now working with Commerce 13.16.
Did you find a resolution for this? I went through the bug list but couldn't find anything related to this issue.
No we never solved the issue, so we kept the DisableVersionSync to false. And as you can see Optimizely support has not responded on the issue. If you figure out a solution or get information that this is solved in a later release please let me know, since we would still like to be able to set DisableVersionSync to true.
That is actually as designed. My colleague epxlained it here (which I suppose you already read) Optional performance tweaks in EPiServer Commerce 8.9 (optimizely.com)
That is meant for cases like when your data is strictly from external system like PIM. You just import the data to be used by visitors, and no editing will be made by the editors.
It is a way to speed up catalog operations, but not meant to be used in your use cases (which is why it is not enabled by default)
And my apologies for a very late reply. No idea why I missed your original post back in 2020. Well, things happen I guess.