PR6 has entered final testing and we've pushed back the release date to Monday July 13th.
Here are the release notes for PR6:
General
- The default country list has been updated with the current ISO-3166-1 list.
- Redesigned the mechanism used to install, remove, and register modules within a store in order to increase error tolerance and prevent stores from being inadvertently broken by removal of a component module.
- The SEO "Sitemap" page is now deleted when the Sitemap is disabled.
- Duplicate database queries have been eliminated during the checkout process.
- Timeout handling when processing large provisioning files has been improved.
- Attributes for items added to the shopping basket or displayed on an invoice are now displayed using the sort order configured for the product.
- A new page, "NTFD - Not Found" has been added. The software now routes requests for pages, products, or categories that do not exist to this page.
- The uninstall process now properly drops all database tables from MySQL installations.
- The install process now displays a validation error if the target MySQL database already contains a Miva Merchant installation.
- The maximum length allowed for the SEO settings short link custom prefix has been extended from 10 characters to 100.
- Modules implementing multiple "primary" features may now be installed or removed from any of the screens on which they appear.
- When attempting to remove modules that are used by Store Morph items, a message is displayed listing the items and pages which reference the module. The default configuration prevents removal of these modules. A new store setting, "Allow Modules Used by Store Morph Items to be Uninstalled", may be configured to allow the removal of these modules.
- Fixed a bug that would occasionally cause error messages of the form "mysql_stmt_prepare: Table 's01_Products' was not locked with LOCK TABLES" to appear in MySQL installations.
- Fixed a bug introduced in core-17 that caused both the primary and secondary address to be "optional" for newly created stores.
- The Miva Merchant Look & Feel module can now be updated from the "Edit Module" screen and readded to the domain if it was inadvertantly removed.
Administrative Interface
- The country list is now editable from the "Countries" tab of the "Domain Settings" screen.
- The existing color selector has been replaced with a new and improved version, which is now also available when editing template code.
- New-style numeric sorting controls are now available for Attribute Templates.
- Users may no longer change the code of an existing Store Morph item.
- The administrative login screen now sets the focus to the Username field on load.
- The "Parent Category" field is now properly reset when pressing the "Reset" button on the "Add Category" page.
- The "Order ID" and "Order Amount" fields are no longer displayed for Affiliate "Referral" transactions.
- If a framework is applied and one or more of the pages it contains do not exist, the pages are now automatically created.
- Fixed a bug that caused encrypted order data to be lost when processing orders with an invalid passphrase.
- Non-encrypted order data is now properly updated when editing an order containing locked encrypted data.
- Fixed encoding of the "Invoice Total" column on the "Order Processing" screen, so currency formats that contain special characters are now properly displayed.
- When creating a Store Morph item, the software now verifies that the referenced module implements the "component" feature.
- Module reference counts are now properly maintained when changing the module referenced by a Store Morph item.
- The "Edit Here" button on the "Products" screen now works properly when the product being edited contains special characters in its code.
Runtime Interface
- For new installations, the maintenance mode warning message is now displayed using the correct body font.
- The missing product attributes page now correctly routes the shopper to a secure or non-secure URL depending on their original destination.
- Fixed a bug that allowed duplicate affiliates with the same login to be created.
- For new installations, invalid color references have been removed from the AFAD and AFED pages.
- The "Account" button in the navigation bar on the INVC page now directs the user to the LOGN screen, instead of an empty account page.
- For new installations, fixed typos in the basket contents template that prevented textarea attribute text from being displayed.
- The fatal error displayed when a shopper attempts to modify a basket that has expired now displays a more descriptive error message.
- Payment Modules have been modified to properly display the payment method name instead of the internal code on the OPAY screen.
- When a shopper's basket expires during the checkout process, the shopper now receives a message stating that their basket is empty, instead of allowing them to complete the checkout process with an empty basket.
- Fixed a bug that prevented shoppers from checking out if the store was configured with a single country and an optional secondary address.
- The checkout process now properly errors if no payment methods are available, instead of previously checking only if one or more payment modules were configured.
- The "Require Shipping" option now prevents checkout if no shipping methods are available, instead of previously checking only if one or more shipping modules were configured.
PA-DSS (These changes do not affect existing installations unless explicitly configured)
- Database passwords in merchdb.dat are now encrypted.
- Administrative user passwords are now encrypted using SHA1 with 16 bytes of random data as a salt. Passwords for existing users will be encrypted with the new mechanism when those users change their password. This change also allows passwords longer than 8 characters to be used.
- The default Administrative Session Timeout is now 15 minutes.
- The default Failed Login Lockout Time is now 30 minutes.
- Options have been added to enforce password strength requirements. The default requirements for new installations are that passwords must be 7 characters or longer, contain at least one letter and one number or punctuation character, and not be the same as any of the prior 4 passwords used.
- Mandatory password changes may now be enforced on a configurable interval. Users are required to change expired passwords when logging into the administrative interface. The default setting for new installations requires a password change every 90 days.
Here are the release notes for PR6:
General
- The default country list has been updated with the current ISO-3166-1 list.
- Redesigned the mechanism used to install, remove, and register modules within a store in order to increase error tolerance and prevent stores from being inadvertently broken by removal of a component module.
- The SEO "Sitemap" page is now deleted when the Sitemap is disabled.
- Duplicate database queries have been eliminated during the checkout process.
- Timeout handling when processing large provisioning files has been improved.
- Attributes for items added to the shopping basket or displayed on an invoice are now displayed using the sort order configured for the product.
- A new page, "NTFD - Not Found" has been added. The software now routes requests for pages, products, or categories that do not exist to this page.
- The uninstall process now properly drops all database tables from MySQL installations.
- The install process now displays a validation error if the target MySQL database already contains a Miva Merchant installation.
- The maximum length allowed for the SEO settings short link custom prefix has been extended from 10 characters to 100.
- Modules implementing multiple "primary" features may now be installed or removed from any of the screens on which they appear.
- When attempting to remove modules that are used by Store Morph items, a message is displayed listing the items and pages which reference the module. The default configuration prevents removal of these modules. A new store setting, "Allow Modules Used by Store Morph Items to be Uninstalled", may be configured to allow the removal of these modules.
- Fixed a bug that would occasionally cause error messages of the form "mysql_stmt_prepare: Table 's01_Products' was not locked with LOCK TABLES" to appear in MySQL installations.
- Fixed a bug introduced in core-17 that caused both the primary and secondary address to be "optional" for newly created stores.
- The Miva Merchant Look & Feel module can now be updated from the "Edit Module" screen and readded to the domain if it was inadvertantly removed.
Administrative Interface
- The country list is now editable from the "Countries" tab of the "Domain Settings" screen.
- The existing color selector has been replaced with a new and improved version, which is now also available when editing template code.
- New-style numeric sorting controls are now available for Attribute Templates.
- Users may no longer change the code of an existing Store Morph item.
- The administrative login screen now sets the focus to the Username field on load.
- The "Parent Category" field is now properly reset when pressing the "Reset" button on the "Add Category" page.
- The "Order ID" and "Order Amount" fields are no longer displayed for Affiliate "Referral" transactions.
- If a framework is applied and one or more of the pages it contains do not exist, the pages are now automatically created.
- Fixed a bug that caused encrypted order data to be lost when processing orders with an invalid passphrase.
- Non-encrypted order data is now properly updated when editing an order containing locked encrypted data.
- Fixed encoding of the "Invoice Total" column on the "Order Processing" screen, so currency formats that contain special characters are now properly displayed.
- When creating a Store Morph item, the software now verifies that the referenced module implements the "component" feature.
- Module reference counts are now properly maintained when changing the module referenced by a Store Morph item.
- The "Edit Here" button on the "Products" screen now works properly when the product being edited contains special characters in its code.
Runtime Interface
- For new installations, the maintenance mode warning message is now displayed using the correct body font.
- The missing product attributes page now correctly routes the shopper to a secure or non-secure URL depending on their original destination.
- Fixed a bug that allowed duplicate affiliates with the same login to be created.
- For new installations, invalid color references have been removed from the AFAD and AFED pages.
- The "Account" button in the navigation bar on the INVC page now directs the user to the LOGN screen, instead of an empty account page.
- For new installations, fixed typos in the basket contents template that prevented textarea attribute text from being displayed.
- The fatal error displayed when a shopper attempts to modify a basket that has expired now displays a more descriptive error message.
- Payment Modules have been modified to properly display the payment method name instead of the internal code on the OPAY screen.
- When a shopper's basket expires during the checkout process, the shopper now receives a message stating that their basket is empty, instead of allowing them to complete the checkout process with an empty basket.
- Fixed a bug that prevented shoppers from checking out if the store was configured with a single country and an optional secondary address.
- The checkout process now properly errors if no payment methods are available, instead of previously checking only if one or more payment modules were configured.
- The "Require Shipping" option now prevents checkout if no shipping methods are available, instead of previously checking only if one or more shipping modules were configured.
PA-DSS (These changes do not affect existing installations unless explicitly configured)
- Database passwords in merchdb.dat are now encrypted.
- Administrative user passwords are now encrypted using SHA1 with 16 bytes of random data as a salt. Passwords for existing users will be encrypted with the new mechanism when those users change their password. This change also allows passwords longer than 8 characters to be used.
- The default Administrative Session Timeout is now 15 minutes.
- The default Failed Login Lockout Time is now 30 minutes.
- Options have been added to enforce password strength requirements. The default requirements for new installations are that passwords must be 7 characters or longer, contain at least one letter and one number or punctuation character, and not be the same as any of the prior 4 passwords used.
- Mandatory password changes may now be enforced on a configurable interval. Users are required to change expired passwords when logging into the administrative interface. The default setting for new installations requires a password change every 90 days.
Comment