Issues addressed with Miva Merchant patch component-1:

Errors from templates are now consistently being reported correctly.
Category_Code is now being hidden correctly in the product layout page.

Issues addressed with Miva Merchant patch core-1:

Inventory is correctly adjusted on Delete Expired Baskets and Delete All Baskets actions.
If the database engine did not create a store-specific directory, the Add Store action will create one for file upload and data export uses.
The Delete Store action will delete store-specific directories correctly.
Countries will now display in the correct order in at the domain and store level.
g.basehref ('&mvt:global:basehref;' in a template) is a new global variable to handle template base URL tags correctly.
Running remove.mvc on data files now deletes install.log.
Replaced '&mvt:global:baseurl;' with '&mvt:global:basehref' in template sources. This change will only show up in new stores, or if you delete and re-add a store.
A new setup.mvc being delivered will report correct "mmsetup" XML tags. This can currently only be observed by running remove.mvc and re-running setup.mvc.

Issues addressed with MIVA Merchant update core-2:

The update core-2 resolves issues with the installation of update production-2 failing to complete on UNIX systems using MySQL databases.
When the "Must Meet Both Minimums" check box is selected and MySQL is being used, the customer can no longer proceed through checkout without meeting both minimums.
At Setup, the user is no longer expected to put the "Merchant5/" prefix on the database location. The data subdirectory is now maintained completely within MIVA Merchant.
Affiliate session records are now correctly being deleted when "delete all baskets" or "delete expired baskets" actions are performed.
When exporting orders, using the MySQL database interface, the correct export directory will now be created if it did not exist previously.
A meaningful error message will now be displayed when OpenSSL is not configured when streaming updates are applied.
A meaningful error message will now be displayed if the user attempts to access the administration interface before Setup has been performed.
A meaningful error message will now be displayed if remove.mvc is executed before Setup has been performed.
When remove.mvc is executed, all files in the Merchant5 subdirectory are now removed.
The "Add Category" wizard will no longer generate duplicate category codes.
The "Add Custom Customer Fields" button no longer incorrectly states "Add Method".
Macedonia has been added to the list of countries.
The Checkout: Shipping/Payment Selection page (OSEL) no longer uses the obsolete &mvt:navbar:bgcolor; entity.
A User Interface Item can no longer be deleted if the item is still in use on one or more pages.
Clearing the version history when editing a User Interface Page no longer returns an error.
Some HTML code for the Checkout: Payment Information (OPAY) page has been corrected. If you have made custom modifications to this page, the patch may not be able to identify the area to repair. Please contact MIVA Customer Support for more information.
Product inventory tracking now can be successfully deactivated.
Updates are now correctly checked for once a day when Domain Settings / Upgrade Settings are set to "Check for Upgrades: Daily".
A store module that is also a component is now properly uninstalled in the case that component gets deleted.
The default URL for Verisign PayFlow Link has been updated. The current URL is "https://payments.verisign.com/payflowlink".
Changes to the BODY tag that were made in Advanced Mode on the Edit Store / BODY Tag screen will no longer be overwritten when the code for an individual page is edited in Advanced Mode.
CyberSource and MIVA Payment payment modules no longer give fatal MvUPDATE errors.
CyberSource and MIVA Payment payment modules no longer give "Unable to authorize payment: The following request field(s) is either invalid or missing: merchant_ref_number" errors.
Template updating functions now return useful errors, rather than aborting with fatal MvDO errors.

Issues addressed with MIVA Merchant update core-3:

Manditory security fixes to majority of templates

Issues addressed with MIVA Merchant update core-4:

Mandatory security fix to templates.

Issues addressed with MIVA Merchant update core-5:

Runtime errors caused by adding a Price Group with markup from cost have been fixed.
The feature Upsell Multiple Products should now upgrade properly to reflect the fixes from previous releases.
Inactive components no longer run in the store.
Modules with duplicate features can no longer be added.
Modules can now upload system modules properly.
Items can no longer be deleted when they are assigned to one or more pages.
Order Minimums should now work properly under MySQL
SystemModule_UIException() now interprets return codes properly for UIExceptions() and is now loaded before the Maintenance Mode check.
The system and logging modules are now properly loaded before the Shopping Interface is placed into Maintenance Mode.
Module refcount now works properly with multiple feature types.
You can no longer uninstall a StoreModule that is inactive.
The first feature type token in the Module Feature Hash is considered the primary feature. This is the feature from which the module will be installed/uninstalled. The install/uninstall process will be disabled in the configuration for all the secondary feature types with the exception of components.
Inventory is now being adjusted properly when the administrator deletes all expired baskets.
Module_Upgrade_Store() now receives a proper value for module_version.
If the process of deleting a module fails, you no longer see certain fields displayed with no values.
Creating a store via provisioning no longer packs the domain tables. Administrators are now required to pack the domain tables manually before upgrading from 4.x to 5.x.
The feature Upsell Single Product now takes either upsell:desc or upsell:descrip to output the product description.
Macedonia has been added to the Country List.
Updated various templates that were using improper encoding standards.

Issues addressed with MIVA Merchant update core-6:

Runtime errors, which were caused by adding a Price Group with markup from cost, have been fixed.
The feature Upsell Multiple Products should now upgrade properly to reflect the fixes from previous releases.
Inactive components no longer run in the store.
Modules having more than one feature of the same type (such as two shipping features) can no longer be installed. If such a module is encountered, an error message will be displayed informing the administrator of the problem.
Modules can now upload system modules properly (that is, modules having the feature type of system).
Items can no longer be deleted when they are assigned to one or more pages.
Order Minimums now work properly under MySQL.
SystemModule_UIException() now interprets return codes properly for UIExceptions() and is now loaded before the Maintenance Mode check.
The system and logging modules are now properly loaded before the Shopping Interface is placed into Maintenance Mode.
Module refcount now works properly with multiple feature types:
- You can no longer uninstall a StoreModule that is inactive. To uninstall an inactive module, activate it first, then uninstall as usual.
- The first feature type token in the Module Feature Hash is considered the primary feature. This is the feature from which the module will be installed/uninstalled. The install/uninstall process will be disabled in the configuration for all the secondary feature types with the exception of components.
Inventory is now being adjusted properly when the administrator deletes all expired baskets.
Module_Upgrade_Store() now receives a proper value for module_version.
If the process of deleting a module fails, you no longer see certain fields displayed with no values.
Creating a store via provisioning no longer packs the domain tables. Administrators are now required to pack the domain tables manually before upgrading from 4.x to 5.x.
The feature Upsell Single Product now takes either upsell:desc or upsell:descrip to output the product description.
Macedonia has been added to the Country List.
This core-6 update fixes several page templates that originally used improper encoding standards.
Now, when modules with multiple feature types are installed, they are assigned to a store from the primary feature type screen. After the core-5 update, if the secondary module features had not been assigned, the checkboxes that would have enabled the store administrator to assign them would be dimmed, so that they could not be assigned. At that point, when a store administrator would click Update on a configuration page for a secondary feature of a module, the entire module would be uninstalled from that store, and associated data would be lost. After this core-6 update, MIVA Merchant now correctly installs the secondary feature types in a store, for all modules that are assigned to the store. Components were not affected by the original issue, and will continue to be handled correctly after this core-6 update.
Previously, installations that used gzipped tar files (a way of packaging and compressing files, similar to a Zip file), did not correctly create a modules/system subdirectory. With this core-6 update, the subdirectory is correctly created.

Issues addressed with MIVA Merchant update core-7:

Clicking Update on the Encryption settings screen no longer generates a fatal error when the Encryption Prompt field has been changed.
The Create Store wizard now contacts the license manager via https POST rather than http. This ensures a secure connection and decreases security risks.
The Synchronize Products screen for Miva Marketplace no longer generates fatal errors if the login process fails.
Tax modules that required shopper input on the Order Information screen such as the Shopper Selected Sales Tax, no longer lose the value of that input on the following screens.
If a shopper enters a space before their text on the Search page in your store, such as " book", rather than "book", the leading space will now be ignored, and results for the intended search text will be found correctly.
When importing products from a flat file, "taxable", "active" and "track inventory" fields can now be imported using the following values: yes/no, true/false, 1/0.
When importing products from a flat file, attribute templates that are copied to a product (as opposed to being referenced) will no longer be imported twice.
Secondary feature types of modules that have been deactivated will now be installed properly into your store.
Domain-level Module Reference Counts were altered improperly in earlier versions of MIVA Merchant 5. They are now adjusted to display their proper value.
The MIVA Submit wizard now requires the administration interface to be in secure mode.
The Basket and Invoice store screens, and the Order Information screen of the administration interface, no longer show a one cent discrepancy between the total and items.
The Edit Customer screen now responds to a failed call to a customer module by displaying a MER-ADM-00001 error with description "Unknown Error Action = Screen = CUST"
Clicking Update on the MIVA Marketplace tab of the Edit Product screen no longer causes a fatal error.
On Affiliate screens, Add buttons now appear, even when Affiliate modules are assigned to the store. Assigning Affiliate modules to the store now does not cause an error on the Add Affiliate screen.
Clicking the "Terms of Use" link in the MIVA Submit wizard now correctly displays the Terms of Use.
Updating Quickcommerce configuration no longer returns "Array index must be a positive integer" error.
The copyright and license agreement in the administration interface now correctly reflect the company name of "MIVA Small Business, Inc., a division of MIVA, Inc."
The invoice page will now correctly display errors returned from attempting to send fulfillment emails at the top of the invoice page, rather than a fatal error resembling
Error Code: MER-UTL-00002
Description: Error connecting to 'smtpserver': Error looking up 'smtpserver'
Other Information:
The prices for products with multiple Price Groups are now displayed properly.
On the Affiliate Configuration screens, required fields are now correctly displayed in a bold font.
The "Voided/Adjusted By" values are now shown consistently on the Affiliate Earnings screen, under Edit Affiliate.
The MIVA Marketplace Configuration screen now requires a valid MIVA Marketplace account instead of silently failing.
When shoppers check out with nothing but a free item in their basket, MIVA Merchant no longer returns a fatal error, MER-00001. The error occurred only in stores where the administrator had not selected the "Require Shipping for Free Orders" option.
When attempting to upgrade one module with another having a different module code, the error message now correctly states the module name.
The Layout tab on the Create Store and Edit Store screens have been removed.
If an assigned, but deactivated, module is present on a configuration page, the store administrator can now assign or unassign modules without encountering an error. The list of modules, which formerly disappeared, now appears correctly on the Modules tab of the configuration page.

Issues addressed with Miva Merchant patch feature-aff-1:

Deleting payout no longer generates errors.
Changed default tab in admin to "Affiliates Batch".
Voiding batch payout will credit all affiliate's balances.
Adding affiliate earnings adjustment returns user to earnings tab.
Affiliate earnings adjustments no longer accepts a "$0.00" earning value.
An 'add+' button was added to the affiliate earnings adjustment add screen.
Affiliates passwords no longer update unless one is supplied.

Issues addressed with MIVA Merchant update feature-aff-2:

Pages that have Affiliate Create/Edit component assigned to them need to replace "&mvte:global:AffiliateOptions:terms;" with: "&mvt:global:AffiliateOptions:terms;". Any new pages that use this component will not have this issue.
Affiliate Commission "Percent of Order Total” will not properly calculate when subtotal mode is used.

Issues addressed with MIVA Merchant update feature-att-1:

Searches for Attribute Templates no longer generate runtime errors.

Issues addressed with Miva Merchant patch feature-cus-1:

After updating customer information the storefront screen that displays afterwards will show the welcome message with the changes.
You can now delete multiple customers in the administrative interface.

Issues addressed with MIVA Merchant update feature-inv-2:

Shoppers that updated the "product quantity" that is already in their basket, will no longer see the "Out of Stock" inventory message when it should not be displayed.

Issues addressed with Miva Merchant patch feature-mmp-1:

Resetting the Miva Marketplace statistics now works correctly.

Issues addressed with Miva Merchant patch feature-upg-1:

The interface now allows a small subset of HTML markup tags to be allowed, so the list of issues addressed doesn't have to be separated with "----".
Module_Upgrade now passes the correct number of parameters to the module being upgraded.

Issues addressed with MIVA Merchant update feature-upg-2:

This update provides improved ability to restart streaming updates in the case of an update failure.
Error messages have been improved to give clear instructions on resolving update failures. This includes errors caused by the script directory being read-only.
Streaming updates now report "Installation starting" after the update package has successfully been downloaded.
Formerly, under certain circumstances, a store administrator could get a "core-2 not installed because core-4 has already been installed" error upon streaming update installation. The streaming update process now correctly selects prerequisites for all streaming updates under consideration, regardless of whether they are explicitly selected for installation or not.

Issues addressed with Miva Merchant patch module-authnet-1:

The AuthorizeNet Fraud Detection Suite is now supported.

If a fraud filter is triggered and the response code comes back as approved and authorized (253), then the transaction still goes through as a successful order, and the module will notify the merchant that a fraud filter has been triggered. If the response code comes back as approved but not authorized (252), then the transaction fails and an error message will be displayed to the customer.

The CVV2 message now appears alongside the CVV2 input field during checkout for Authorize.net payment methods.
When the store administrator runs the wizard, the module correctly records the entire selection of payment methods to the database.
The wizard summary page includes the transaction key among the information displayed
The Authnet module no longer returns a "driver's license date of birth is invalid" error when a shopper enters their social security or tax id number for the "Electronic Debit" payment method.

Issues addressed with MIVA Merchant patch module-cmp-mmui-prodlayo-1:

The MMUI Product Display Layout item (product_display) now correctly passes the Category_Code in the "Add Product" form.

Issues addressed with Miva Merchant patch module-ics2-1:

The ICS2 payment module no longer gives "Unable to authorize payment: The following request field(s) is either invalid or missing: merchant_ref_number" or "MvUPDATE: Database 'ICS2' is not open" errors

Issues addressed with Miva Merchant patch module-igsgroup-1:

Innovative Gateway Solutions module now properly passes order total to gateway.
The module now properly requires CVV when configured to do so.
The module now records and displays AVS results.
The module now properly stores and displays partial credit card number when full card number is not stored.
The module now prevents storing full credit card numbers when order encryption is disabled.

The LinkPoint payment module v5.0202 fixes these problems:

LinkPoint payment module 5.0202 sends the chargetotal amount in the POSTAUTH request to LinkPoint. Users should no longer get the "SGS-002301" error.
The fields order_total, order_tax, and order_subtotal are now rounded to two decimal places.

When a store administrator processes orders that have been authorized, but not captured, the LinkPoint module version 5.0203 will send the "Order_shipping" and "Order_tax" values at POSTAUTH.The Lynk Systems payment module v5.0201 fixes this problem:

Payment methods now appear on Payment Information page.
The amount authorized is now being calculated correctly.

Issues addressed with Miva Merchant patch module-mmui-1:

The category tree now expands to the associated category when you are on the product display screen.

Issues addressed with MIVA Merchant update module-mmui-2:

Upsale now correctly allows multiple upsold products to be offered.

Issues addressed with MIVA Merchant update module-mmui-2:

Upsale now correctly allows multiple upsold products to be offered.

Issues addressed with Miva Merchant patch module-mvpay-1:

The Miva Payment payment module no longer gives "Unable to authorize payment: The following request field(s) is either invalid or missing: merchant_ref_number" or "MvUPDATE: Database 'MvPayConf' is not open" errors.

Issues addressed with Miva Merchant patch module-mvpay-2:

The MIVA Payment signup wizard now pre-validates credit card numbers correctly.

Issues addressed with Miva Merchant patch module-mvusps-1:

Country names sent to the USPS server were changed to match changes on that server to the names of "Korea, Democratic People's Republic of (North Korea)" and "South Korea".

Issues addressed with Miva Merchant patch module-paylink-1:

Changed the default Payflow Link URL from "https://payflowlink.verisign.com/payflowlink" to "https://payflowlink.verisign.com/payflowlink.cfm". Note that this patch will not alter any existing configuration of the Payflow Link module. Issues addressed with MIVA Merchant update module-paylink-2:

The Verisign Payflow Link module now supports the Fraud Protection Service (FPS) filters offered by Verisign. The module presents the store manager with a choice: if Verisign holds the transaction for review it sends MIVA Merchant a 126 response code or if it failed in its attempt to pass the transaction through the FPS filters it sends MIVA Merchant a 127 response code. The store manager can configure the Verisign Payflow Link module to have MIVA Merchant either reject or complete the order in such a case. If it is to complete the order, the FPS message from Verisign appears on the Edit Order: Payflow Link screen of the administration tool.
Shoppers checking out using a Verisign Payflow Link payment method no longer need to deal with the confirmation page at Verisign. They move directly to the approval/decline message.
The Verisign Payflow Link module now provides the store manager with an explicit configuration field for "Partner". This update will automatically check the query string of the "URL". It will move the Partner value from there to the new field. It will also move the login value from there to the "User ID" field.

Issues addressed with MIVA Merchant update module-paynet-1:

The Charge Method configuration is now loaded properly in Verisign PayFlow Pro Payment Configuration Settings.

Issues addressed with Miva Merchant patch module-paypal-2:

The module now complies with the PayPal API by specifying "return method=POST" instead of defaulting to "return method=GET". This resolves the "order not found" and "store not found" errors when using PayPal.
PayPal AutoReturn feature is now supported. The customer is shown an invoice even if the IPN notification has not yet arrived.
IPNs that arrive after the order has already been generated update the Order Payment status.
The module is now updated to verify non-AutoReturn POSTS and IPN results via the PayPal callback API.
The PayPal Payment details now display [Store name] Order #[order_id] instead of MIVA Merchant Order #[order_id].

The CVV2 message now appears alongside the CVV2 input field during checkout for PayQuake payment methods.
The Order Report now displays the correct final four digits on partially obscured credit card numbers, e.g. 378-2822-4631-0005 becomes XXXX-XXXX-XXXX-0005 for orders placed using PayQuake payment methods, not XXXX-XXXX-XXXX-1000.
Updating the PayQuake configuration no longer returns "Array index must be a positive integer" error.
Users can now successfully enter an MD5 Hash Security Code through the wizard.
When the store administrator runs the wizard, the module correctly records the entire selection of payment methods to the database.
The wizard summary page includes the transaction key among the information displayed
The PayQuake module no longer returns a "driver's license date of birth is invalid" error when a shopper enters their social security or tax id number for the "Electronic Debit" payment method.

The CVV2 message now appears alongside the CVV2 input field during checkout for E-Commerce Exchange/QuickCommerce payment methods.
The Order Report now displays the correct final four digits on partially obscured credit card numbers, e.g. 378-2822-4631-0005 becomes XXXX-XXXX-XXXX-0005 for orders placed using E-Commerce Exchange/QuickCommerce payment methods, not XXXX-XXXX-XXXX-1000.
Users can now successfully enter an MD5 Hash Security Code through the wizard.
When the store administrator runs the wizard, the module correctly records the entire selection of payment methods to the database.
The wizard summary page includes the transaction key among the information displayed
The QuickCommerce module no longer returns a "driver's license date of birth is invalid" error when a shopper enters their social security or tax id number for the "Electronic Debit" payment method.

The Rodopi Payment Gateway module will no longer try to execute the opposite transaction (online vs offline) from the configuration set by the store administrator.
Merchants using the Rodopi Payment Gateway can now choose not to store the entire credit card number regardless of whether they wish to operate in online or offline mode.
Stores using the Rodopi Payment Gateway now display the payment method name on the OPAY page instead of the comma separated list of payment methods.
Store administrators (for stores using the Rodopi Payment Gateway) can now deselect payment methods using the administration interface.
When partially obscuring credit card numbers, the RPG gateway now displays the final 4 digits correctly.

The UPS shipping module v5.0500 fixes these problems:

The rate tables have been updated for 2006.
Currently, the Intra-Hawaii rates are not correctly populated. This will be corrected in the near future.
The UPS shipping module uses a blank or non-blank "ship to company" name to determine if a residential surcharge is charged. If the "Ship to" company name is hidden at the "Edit Store >> Customer Fields" interface, the customer may be incorrectly charged this surcharge, even if they had previously entered a company name.
The "Additional Charges" values, in the administrative interface, now properly display two decimal places.

Issues addressed with MIVA Merchant update module-wtbship-1:

Additional per-product charges should now be calculated properly during checkout.

Issues addressed with MIVA Merchant update production-1:

Updates not appropriate for a given production release are not visible in the update wizard.
The update wizard now gives an error for "Not Found" or "Forbidden" pages.
User interface pages and items that are part of standard MIVA Merchant stores cannot be deleted. Store designers can elect to not display any given page or use any given item on a page, but they remain available for future use, if needed.

The production-1 update also installs various other updates, which address these issues:

Errors from templates are consistently being reported correctly.
Category_Code is hidden correctly in the product layout page.
Inventory is adjusted correctly when deleting expired baskets or deleting all baskets.
If the database engine did not create a store-specific directory, creating a new store with "Add Store" creates one for file upload and data export uses.
Deleting a store deletes store-specific directories correctly.
Countries appear in the correct order in lists at the domain and store level.
"g.basehref" ("&mvt:global:basehref;" in a template) is a new global variable to handle template base URL tags correctly.
Running "remove.mvc" on data files correctly deletes "install.log".
Replaced &mvt::global:baseurl; with "&mvt:global:basehref" in template sources. This change will only show up in new stores, or if you delete and re-add a store.
A new "setup.mvc" being delivered will report correct "mmsetup" XML tags. This can currently only be observed by running "remove.mvc" and re-running setup.mvc.
Deleting an affiliate payout no longer generates errors.
Changed the default tab in affiliate administration to Affiliates Batch.
Voiding a batch payout now credits all affected affiliate balances.
Adding affiliate earnings adjustment returns user to Earnings tab.
Affiliate earnings adjustments no longer accepts a $0.00 earning value.
Added an "Add+" button to the Add Adjustment for Affiliate screen.
Affiliate passwords are not updated to blank (null) passwords. They are only updated when a new password is supplied.
After updating customer information, the storefront screen welcome message reflects the changes.
You can now delete multiple customers in the administration interface.
Resetting the MIVA Marketplace statistics now works correctly.
The update wizard interface now supports a small subset of HTML markup tags, so listed issues addressed do not have to be separated with "----".
Module_Upgrade now passes the correct number of parameters to the module being upgraded.
The AuthorizeNet Fraud Detection Suite is now supported.
If a fraud filter is triggered and the response code comes back as approved and authorized (253), then the transaction still goes through as a successful order, and the module will notify the merchant that a fraud filter has been triggered. If the response code comes back as approved but not authorized (252), then the transaction fails and an error message will be displayed to the customer.
The category tree now expands to the associated category when you are on the Product Display screen.
Country names sent to the USPS server have been changed to match changes on that server to the names of "Korea, Democratic People's Republic of (North Korea)" and "South Korea".

Issues addressed with MIVA Merchant update production-2:

All fixes in production-1 are included in this update.
New MIVA Merchant graphics and colors are displayed.
Updates that have requirements of a specific Empresa version now correctly check the Empresa version number, and will not install when the Empresa version is less than the required version.
Deactivating inventory tracking on a single product now works correctly.
Modules are now uploaded to the module type described by the first feature in the feature list that matches a module type returned in l.module:features from Module_Description.
E.g., if the feature list starts with "viz_payment, payment", the module would be placed in the "payment" directory.
Updating inventory via flat file product import now works correctly.
Importing products from flat file with inventory and category codes now assigns product to category correctly.
Importing products from flat file with inventory and category code now correctly assigns the product to category.
Multiple group privileges now grants correct admin access to users.
Product links are now generated with appropriate action code.
The MIVA Mailer wizard sends emails without errors.
Standard templates for page codes OCST, OGW1, and OGWM are updated to correct some table HTML statements.
If you have altered these pages, you may need to make these changes by hand. You will need to search for and reverse those two HTML tags.
Customers using PayPal that do not hit the "Continue" button on the PayPal website screen will now correctly redirect the customer back to the invoice screen.
MIVA Payment and CyberSource payment modules now correctly send the card type to the payment gateway so that the credit card number is validated against the correct card type.
CertiTax has been removed from the MIVA Merchant distribution.
Products imported via flat file import can now be deleted without error.
Products imported via flat file import with inventory information no longer cause fatal errors.
Admin login attempts when the MIVA License Manager is unavailable no longer present a blank page.

Issues addressed with MIVA Merchant update system-1:

This update repairs a problem with installations that used gzipped tar files not correctly creating a modules/system subdirectory.