Announcement

Collapse
No announcement yet.

Miva Merchant 9.10.x is now available

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Miva Merchant 9.10.x is now available

    THIS IS A SECURITY RELEASE AND PER PCI-DSS REQUIREMENTS YOU MUST UPGRADE WITHIN 30 DAYS

    Miva Merchant 9.10.00 is now available


    New Features

    Browser Verification
    • When logging in from a new device/browser, a verification code will be emailed to the user. The user must enter this code to authenticate the browser they are using.
    Default Groups
    • New default groups have been created to make things easier for users.
    Two-Factor Authentication
    • Administrators and users with a developer license are now required to enable two-factor authentication. When logging in, if they do not have two-factor enabled, they will be directed to a new screen that forces them to enable two-factor authentication.
    • Administrator users will have the option to reduce their privileges instead of enabling two-factor.
    • Additional two-factor methods:
      • YubiCloud
      • WebAuthn/U2F support
      • Backup tokens
    Other Changes

    User/Group Improvements
    • Groups are now managed at the domain level instead of in each individual store.
    • The Add Userdialog has been modified to make it easier to create non-administrator users.
    • It is now (deliberately) more difficult to create an administrator user. Two-factor authentication must be enabled in order to give a user the administrator privilege.
    • Removed the "create other users" privilege
    Time-based One-time Password
    • TOTP settings are now configurable only through provisioning
    • Two-factor codes are now collected on a separate screen
    • Domain-level two-factor enablement flag has been removed
    • User email and cellphone fields have been added
    Subresource Integrity
    • Output integrity and crossorigin attributes for all JavaScript in admin and many JavaScript files in clientside
    Bugs Fixed

    25202: Setup Script: Remove remove.mvc from distributions
    26415: Module: customfields: Module: Custom Fields: Read_Product_ID/Code functions should support multi-text fields
    26527: Module: customfields: Custom Fields: Add / edit product screen: Multi-text custom fields values are not saved between tab switches
    26549: Core JSON: JSON_Image_Upload does not log successful uploads to the admin activity log
    26550: Core JSON: JSON_ProductImage_Upload does not log successful uploads to the admin activity log
    26551: Core JSON: JSON_Framework_Upload does not log successful uploads to the admin activity log
    26552: Customers: Customers: Shipping / Billing Information screen is susceptible to stored cross site scripting
    26553: Digital Downloads: Product: Digital Download Settings screen is susceptible to stored cross site scripting
    26554: Administrative Interface: Forced Password Changes are not being logged in the admin activity log
    26555: Module: stdschtasks: Module: Standard Scheduled Tasks: Add / edit scheduled task screen is susceptible to stored cross site scripting
    26570: Customers: Customers: Address Add / Edit Dialog is susceptible to stored cross site scripting
    26608: Administrative Interface: Upload of Digital Download files should check for the DDLS modify permission
    26610: Digital Downloads: Digital Downloads: The upload button on the edit product screen should only show when the user has the DDLS modify privilege
    26743: Module: ptbship: Editing a table to show a redundant ceiling does not display error
    26744: Module: wtbship: Editing a table to show a redundant ceiling does not display error
    26745: Module: canvat: Incorrect sorting on the Canadian VAT tab
    26746: MMBatchList: MMBatchList: Record_Changed should take item as a parameter in order to determine the correct column
    26779: Core JSON: JSON_ModuleList_Load_Query should not error when Module_Load_Features has no results
    26878: Administrative Interface: License validation error screens have unencoded outputs
    Last edited by Rick Wilson; 07-16-18, 08:13 AM.
    Thanks,

    Rick Wilson
    CEO
    Miva, Inc.
    [email protected]
    https://www.miva.com

  • Miva Merchant 9.10.01 is now available

    Bugs Fixed
    ----------
    26925: Administrative Interface: Image_FindOrInsert_RenameFile_NoDuplicates needs to determine the image type before determining the image dimensions
    26932: Administrative Interface: Rich text editor does not function when the Administrative interface is protected by HTTP authentication
    Thanks,

    Rick Wilson
    CEO
    Miva, Inc.
    [email protected]
    https://www.miva.com

    Comment


    • Miva Merchant 9.11.00 is now available

      THIS IS A SECURITY RELEASE AND PER PCI-DSS REQUIREMENTS YOU MUST UPGRADE WITHIN 30 DAYS


      Other Changes

      This patch enables browser verification for all administrative users.
      Thanks,

      Rick Wilson
      CEO
      Miva, Inc.
      [email protected]
      https://www.miva.com

      Comment

      Working...
      X

      This website uses cookies to identify visitors, track visitors to our website, store login session information and to remember your user preferences. By continuing to use this site you agree to our use of cookies. Learn More.

      This website uses cookies. By continuing to use this site you agree to our use of cookies. Learn More.

      Accept