Announcement

Collapse
No announcement yet.

Miva Merchant 9.10.x is now available

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Miva Merchant 9.10.x is now available

    THIS IS A SECURITY RELEASE AND PER PCI-DSS REQUIREMENTS YOU MUST UPGRADE WITHIN 30 DAYS

    Miva Merchant 9.10.00 is now available


    New Features

    Browser Verification
    • When logging in from a new device/browser, a verification code will be emailed to the user. The user must enter this code to authenticate the browser they are using.
    Default Groups
    • New default groups have been created to make things easier for users.
    Two-Factor Authentication
    • Administrators and users with a developer license are now required to enable two-factor authentication. When logging in, if they do not have two-factor enabled, they will be directed to a new screen that forces them to enable two-factor authentication.
    • Administrator users will have the option to reduce their privileges instead of enabling two-factor.
    • Additional two-factor methods:
      • YubiCloud
      • WebAuthn/U2F support
      • Backup tokens
    Other Changes

    User/Group Improvements
    • Groups are now managed at the domain level instead of in each individual store.
    • The Add Userdialog has been modified to make it easier to create non-administrator users.
    • It is now (deliberately) more difficult to create an administrator user. Two-factor authentication must be enabled in order to give a user the administrator privilege.
    • Removed the "create other users" privilege
    Time-based One-time Password
    • TOTP settings are now configurable only through provisioning
    • Two-factor codes are now collected on a separate screen
    • Domain-level two-factor enablement flag has been removed
    • User email and cellphone fields have been added
    Subresource Integrity
    • Output integrity and crossorigin attributes for all JavaScript in admin and many JavaScript files in clientside
    Bugs Fixed

    25202: Setup Script: Remove remove.mvc from distributions
    26415: Module: customfields: Module: Custom Fields: Read_Product_ID/Code functions should support multi-text fields
    26527: Module: customfields: Custom Fields: Add / edit product screen: Multi-text custom fields values are not saved between tab switches
    26549: Core JSON: JSON_Image_Upload does not log successful uploads to the admin activity log
    26550: Core JSON: JSON_ProductImage_Upload does not log successful uploads to the admin activity log
    26551: Core JSON: JSON_Framework_Upload does not log successful uploads to the admin activity log
    26552: Customers: Customers: Shipping / Billing Information screen is susceptible to stored cross site scripting
    26553: Digital Downloads: Product: Digital Download Settings screen is susceptible to stored cross site scripting
    26554: Administrative Interface: Forced Password Changes are not being logged in the admin activity log
    26555: Module: stdschtasks: Module: Standard Scheduled Tasks: Add / edit scheduled task screen is susceptible to stored cross site scripting
    26570: Customers: Customers: Address Add / Edit Dialog is susceptible to stored cross site scripting
    26608: Administrative Interface: Upload of Digital Download files should check for the DDLS modify permission
    26610: Digital Downloads: Digital Downloads: The upload button on the edit product screen should only show when the user has the DDLS modify privilege
    26743: Module: ptbship: Editing a table to show a redundant ceiling does not display error
    26744: Module: wtbship: Editing a table to show a redundant ceiling does not display error
    26745: Module: canvat: Incorrect sorting on the Canadian VAT tab
    26746: MMBatchList: MMBatchList: Record_Changed should take item as a parameter in order to determine the correct column
    26779: Core JSON: JSON_ModuleList_Load_Query should not error when Module_Load_Features has no results
    26878: Administrative Interface: License validation error screens have unencoded outputs
    Last edited by Rick Wilson; 07-16-18, 08:13 AM.
    Thanks,

    Rick Wilson
    CEO
    Miva, Inc.
    [email protected]
    https://www.miva.com

    #2
    Miva Merchant 9.10.01 is now available

    Bugs Fixed
    ----------
    26925: Administrative Interface: Image_FindOrInsert_RenameFile_NoDuplicates needs to determine the image type before determining the image dimensions
    26932: Administrative Interface: Rich text editor does not function when the Administrative interface is protected by HTTP authentication
    Thanks,

    Rick Wilson
    CEO
    Miva, Inc.
    [email protected]
    https://www.miva.com

    Comment


      #3
      Miva Merchant 9.11.00 is now available

      THIS IS A SECURITY RELEASE AND PER PCI-DSS REQUIREMENTS YOU MUST UPGRADE WITHIN 30 DAYS


      Other Changes

      This patch enables browser verification for all administrative users.
      Thanks,

      Rick Wilson
      CEO
      Miva, Inc.
      [email protected]
      https://www.miva.com

      Comment

      Working...
      X