Back to Release Notes
SuiteCommerce
NetSuite 2024.2
2024-09-09

SuiteCommerce 2024.2: Public URL Bypass for Password-Protected Sites and Tooling Updates

SuiteCommerce 2024.2 adds a configuration property (overview.publicUrls) to whitelist URLs that bypass site-wide password protection. Node.js 20.10.0 remains the required version for developer tools.

Affects:SuiteCommerceSuiteCommerce AdvancedSuiteCommerce MyAccountSuiteCommerce Configuration Record

What changed

Public URL whitelist for password-protected sites

Sites using the Password-Protect Entire Site setting or running as SuiteCommerce MyAccount can now expose specific URLs to anonymous (unauthenticated) visitors. A new Public URLs table has been added to the SuiteCommerce Configuration record.

  • Configuration property ID: overview.publicUrls
  • Location in Configuration record: My Account tab > Overview subtab

Paths entered in this table are served without requiring login. Typical use cases include exposing a home page, a product category landing page, or a custom sign-up page on an otherwise locked-down storefront.

Node.js requirement unchanged

The Theme, Extension, and core SCA developer tools still require Node.js 20.10.0. No version bump was introduced in this release. If your CI/CD pipeline or local dev environment pins a different version, no action is needed beyond confirming you are already on 20.10.0.

Third-party libraries

No library updates were made in 2024.2.0.

Issue fixes

This major release rolls up all minor-release fixes, improvements, and security patches from the 2024.1.x line. Oracle does not itemize these in the major release notes — refer to the 2024.1.x Minor Releases page for the individual fix list.

What to do

  1. If you run a password-protected or MyAccount site and need anonymous access to specific pages: open the SuiteCommerce Configuration record, navigate to My Account > Overview, and add the desired paths to the Public URLs table. Test in a sandbox first — any path you add is fully unauthenticated, so verify no sensitive customer data is exposed on those pages.
  2. Review your CSP and WAF rules. Publicly accessible URLs on a previously fully-authenticated site may need updated Content-Security-Policy headers or WAF allow-lists if your security stack assumes all page loads carry a session.
  3. Confirm Node.js version: run node -v in your developer tools environment and verify it returns v20.10.0. The release notes are explicit about this exact version — minor patches (e.g., 20.10.1) are not mentioned as supported.
  4. Review 2024.1.x fix notes separately if you skipped any minor releases, as those fixes are bundled into this major release without individual call-outs here.

Source: Oracle NetSuite Release Notes

More in SuiteCommerce

SuiteCommerce
Unknown

SuiteCommerce: Gift Certificate Groups Mimic Matrix Items on PLP/PDP

The Gift Certificate Management extension adds a Gift Certificate Group record and new item-level fields that let you consolidate multiple gift certificates into a single PLP entry with item-option selection on the PDP, mimicking matrix-item behavior without using matrix items.

SuiteCommerce
2025.1

SuiteCommerce 2025.1.20 & 2025.1.30 Minor Fixes: Invoices, Wishlists, Facets, Order Status

Two minor SuiteCommerce patches fix My Account invoice filtering, wishlist deletion errors, canonical URL facet values, and the package-items toggle on sales orders.