Knowledgebase:
Miva Merchant 5.5 Production Release 8 Update 7
Posted by Wayne Smith, Last modified by Wayne Smith on 30 October 2018 10:18 AM
Miva Merchant 5.5 PR8 Update 7 Release Notes

New Features

NEW COMPONENT MODULE: Mini-Basket (cmp-mv-minibask)

Provides a persistent mini-basket in the shopping interface. This module is not installed by default and must be enabled manually.

NEW COMPONENT MODULE: Shipping Estimate (cmp-mv-shipestimate)

Allows a store to be configured to display shipping cost estimates for individual products or an entire basket. This module is not installed by default and must be enabled manually.

Customer Account Changes

  • All customer account passwords are now encrypted by default.
  • During import, if an unencrypted customer password is encountered it will automatically be encrypted.
  • New configuration settings allow store managers to control the minimum length and complexity requirements for customer passwords.
  • Customers may now log in using either their login or lost password email.
  • Lost customer passwords are now handled by sending the customer a password reset link via email (rather than their password, as in previous versions). When the customer clicks on the reset link, a new password is automatically generated and displayed over a secure connection.
  • The Lost Password Email is now sent as text/html rather than text/plain.
  • The following customer related changes have been made to the default templates for newly created stores:
    • All login screens prompt for email address instead of username.
    • Password and email address changes are handled on new screens that require the customer to re-enter their existing password.
    • The "Forgot Password" mechanism now uses a separate screen.
    • The Customer Create screen has been simplified.
    • The My Account screen now contains links to the Change Email Address and Change Password screens.
    • These changes are not applied to existing stores. Existing stores will retain their previous screen layout and functionality. The changes can be applied manually or by applying the default framework to the store.

Administrative Changes

  • To reduce UI clutter, all locations that previously displayed a grid of checkboxes to permit selection of custom fields now use a multiple select list.
  • CSS has been simplified to use consistent sizing and fonts across UI elements and to create fewer external resource loads.
  • To simplify the support process, a new mechanism has been introduced that allows support tickets to be created directly from the Administrative Interface. When a ticket is created in this manner, it automatically contains relevant technical information about the Miva Merchant installation.
  • Manage Orders and Manage Shipments now break ties by Order Number when sorting by a field other than Order Number.

Import/Export Changes

  • The attribute export module now exports the Inventory flag for attributes.
  • The product export module now allows you to select which standard and inventory fields are exported.
  • The product export module now allows exporting of product shipping rules and permitted shipping methods.
  • The product import module now supports import of product shipping rules and permitted shipping methods.

Provisioning Changes

  • A new oncomplete attribute may optionally be specified in the top-level <Provision> tag to control the behavior of the provisioning system after processing has completed. If oncomplete="delete", the provisioning file is deleted from the mivadata/directory after processing. Any other value causes the file to be archived as in previous versions.

Example:

  <Provision oncomplete="delete">
     <Store code="test">
        <Product_Add>...</Product_Add>
     </Store>
  </Provision>
  • The <Password> child of the domain-level <User_Add> and <User_Update> tags now accepts pre-encrypted passwords in SHA1, PBKDF1 or PBKDF2 format. This allows users to be created through provisioning without leaving a plaintext password in the provisioning XML. Passwords maybe encrypted using the mmenc tool, which is available from Miva Merchant upon request for hosting partners.

Setup Provisioning Changes

  • The <UserPassword> tag now accepts and passes through pre-encrypted passwords so that default administrative users can be created without potentially leaking a plaintext password. Encrypted passwords are automatically detected and plaintext passwords are handled as in previous versions. Passwords can be encrypted using the mmenc tool, which is available from Miva Merchant upon request for hosting partners.
  • The <Database_Password> and <PrivateKey_Database_Password> tags now accept an encryption attribute and pre-encrypted database passwords.

Example:

    <Database_Password encryption="rsa">...RSA encrypted password...</Database_Password>
  • If the encryption attribute is not specified or is any value other than "rsa", the password is assumed to be plaintext. Passwords can be encrypted in the RSA format using the mmenc tool, which is available from Miva Merchant upon request for hosting partners.
  • A new <Configuration> sub-tag, <DeleteSetupXML>, accepts a boolean value and when true, causes a site-specific setup.xml file to be delted from the mivadata/ directory after the completion of the setup process. The default behavior is to leave the file in place after setup has completed.

Example:

 <Configuration>
   ... normal configuration tags ...
   <DeleteSetupXML>Yes</DeleteSetupXML>
 </Configuration>

Payment Module Changes

  • The following deprecated payment modules have been removed for new installations and are no longer supported:
    • Amazon Simple Pay
    • Innovative Gateway Solutions
    • Payflow Link (Legacy)
    • Payflow Pro (Legacy)
  • All payment API passwords are now stored encrypted, as required by PCI-DSS.
  • Google Checkout module has been renamed Google Wallet to reflect the change in the service name.
  • Google Wallet now permits configuration of the currency used for transactions instead of automatically determining the currency based on the store's configured country.
  • Unused Seller Central Login/Password configuration fields have been removed from Checkout by Amazon.

Shipping Module Changes

The UPS Developer Kit Registration Wizard has been updated to use the latest UPS registration API, which enables the following features:

  • Management and authentication of multiple shipper numbers within a single Miva Merchant store
  • Streamlined enablement of negotiated rates
  • The UPS Ready® Tools module now allows users who do not have a UPS shipper number to generate and print shipping labels using a credit card.

API Changes

The custrt feature now contains two additional functions for new runtime customer actions:

  • Module_Customer_Runtime_ChangePassword( module var, customer var )
  • Module_Customer_Runtime_ChangeEmailAddress( module var, customer var )

Modules implementing the not_orderitem feature now receive notifications when order items are deleted through function Module_Notify_OrderItem_Delete( module var, orderitem_count, original_orderitems var, orderitems var ).

Other Changes

The Image Management module now verifies and updates master image dimensions when checking for updated images.

Order Provisioning Improvements

  • <OrderShipment_Add>:
    • Shipment code may be automatically generated
    • Shipment cost may be specified
    • If a list of products is not specified, all items not already in a shipment will now be included in the newly created shipment
    • Newly created shipments can be marked as shipped at creation
  • Shipments may be created and items assigned to shipments within an <Order_Add> tag.
  • New tags <Order_Add_Item> and <Order_Add_Product> allow items/products to be added to an existing order.

Administrative/Login Settings

  • A new configuration setting "Failed Login Delay" provides a rate limiting mechanism to prevent brute force password guessing. This delay, which requires Miva Empresa 5.17 or newer, is applied whenever an Administrative or Customer login failure occurs.
  • Administrative users can now be configured to expire at a specific date and time.
  • A new flag has been added to force administrative users to change their password at next login.
  • Administrative users must now re-enter their existing password when changing their password from the Edit User screen.

Encryption Changes

  • When running on Miva Empresa 5.17 or newer, the strongest ciphers supported by the local OpenSSL installation will now be used by default. This list can also be fine tuned using the new "Preferred Ciphers" configuration setting.
  • The new Create Encryption Key Wizard simplifies the creation of keys used for payment data encryption and automatically re-encrypts or archives payment data encrypted with obsolete keys, as required by PCI-DSS.
  • It is now possible to change the passphrase of an existing encryption key.

Bugs Fixed

  • 5409: SEO Settings: If .htaccess cannot be written, changing SEO settings results in fatal error
  • 5755: Module: paypalpro: Accumulated rounding error/transaction errors when BasketCharge amount fields extend to 3 decimal digits
  • 6489: Administrative Interface: All URL components should be attribute encoded, not entity
  • 7168: Module: cmp-mv-minibask: cmp-mv-minibask: Specification
  • 7236: Modules - Shipping: mvfedexsoap: JavaScript error when clicking on "generate new meter number" in webkit browsers
  • 7309: Administrative Interface: Confirmation message when deleting baskets should be more specific
  • 7382: Module: cmp-cssui-prodlist: Sort warning message says expensive sort options *reduce* page load time
  • 7383: Module: cmp-mmui-prodlist: Sort warning message says expensive sort options *reduce* page load time
  • 7384: Module: cmp-mmui-prodlayo: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7385: Module: cmp-mmui-prodlist: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7386: Module: cmp-mmui-basket: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7387: Module: cmp-mmui-invc-order: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7388: Module: cmp-cssui-invc-order: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7389: Module: cmp-cssui-basket: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7390: Module: cmp-cssui-prodlayo: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7391: Module: cmp-cssui-prodlist: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7392: Module: prodexp: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7393: Administrative Interface: Product Batch Edit Screen: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7394: Module: cmp-cssui-cattree: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7395: Module: cmp-mmui-cattree: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7396: Module: flatcat: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7397: Administrative Interface: Category Batch Edit Screen: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7398: Module: flatcus: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7399: Customers: Customer Batch Edit Screen: Convert grid-of-checkboxes for custom fields to a single multiple select input
  • 7401: Module: mvfedexsoap: Module_Product_Field_Name returns an empty name for custom field code "nonstdcont"
  • 7532: Module: chasepaytech: OrderID is not displayed in administrative interface
  • 7533: Module: cmp-mv-attributemachine: "Missing Radio Selection Message" never gets displayed.
  • 7541: Module: mvusps: "ship from" city and zip information is being sent for the "ship to" fields when generating labels
  • 7542: Module: cmp-cssui-invc-order: Tokens are not created for selected product custom fields
  • 7543: Module: categoryimport: Custom fields should be sorted by name
  • 7544: Module: customerimport: Custom fields should be sorted by name
  • 7545: Module: productimport: Custom fields should be sorted by name
  • 7551: Core Runtime: Empty g.PaymentMethod and g.ShippingMethod are not properly handled on transition off of the OSEL page
  • 7552: Module: tokenlist: Tokenlist is unable to display View All Tokens page when there is an unmatched > after a storemorph token
  • 7555: Module: mvfedexsoap: account rates are always used at checkout.
  • 7564: Framework Import/Export: After applying a framework there is a 1 hanging at the top of the screen.
  • 7565: Attribute Templates: attribute template reference count gets incremented when editing an attribute template from the edit product page.
  • 7595: Module: tokenlist: Function window.onresize throws an error if you resize before instantiating the tokenlist object
  • 7645: Module: mvusps: unable to generate international rates for packages under 1 once
  • 7706: Administrative Interface: Fatal Error in admin when editing customers if the user name contains a +.
  • 7720: Administrative Interface: Fatal Error in admin when editing categories if the category code contains a +
  • 7721: Administrative Interface: Fatal Error in admin when editing products if the product code contains a +
  • 7723: Administrative Interface: Fatal error when adding a category if the store code has a +
  • 7724: Administrative Interface: Fatal error when adding a product if the store code has a +
  • 7725: Administrative Interface: Fatal error when clicking on the customers link if the store code has a +
  • 7726: Administrative Interface: Fatal error when clicking on the reports link if the store code has a +
  • 7727: Administrative Interface: Fatal error when clicking on the "links" button on the product edit page if the product code has a +
  • 7728: Administrative Interface: Fatal error when clicking on the "links" button on the store edit page if the store code has a +
  • 7729: Administrative Interface: Fatal error when clicking on the edit product button on the if the store code has a +
  • 7730: Administrative Interface: Fatal error when clicking on the edit category button on the if the store code has a +
  • 7731: Administrative Interface: Fatal error when clicking on the link button on the edit product page if the store code has a +
  • 7732: Administrative Interface: Fatal error when clicking on the link button on the edit category page if the store code has a +
  • 7733: Module: paypalpro: XSS: g.Store:code output unencoded in "Delete PayPal Tokens" link
  • 7734: Administrative Interface: Fatal error when clicking on the “Import Data” link under utilities if the store code has a +
  • 7735: Administrative Interface: Fatal error when clicking on the legacy import module links under Import Data if the store code has a +
  • 7736: Administrative Interface: XSS in Launchpad on Store_Code
  • 7737: Administrative Interface: Fatal error when using the "Export Attributes to XML File" module under Export Data if the store code has a +
  • 7739: Administrative Interface: Fatal error when modifying Frameworks if the store code has a +
  • 7740: Administrative Interface: Fatal error when using the "Export Customers to Flat File " module under Export Data if the store code has a +
  • 7741: Administrative Interface: Fatal error when ordering Frameworks if the store code has a +
  • 7742: Administrative Interface: Fatal error when using the "Export Categories to Flat File" module under Export Data if the store code has a +
  • 7743: Administrative Interface: Fatal error when using the "Export Orders to Flat File" module under Export Data if the store code has a +
  • 7744: Module: cmp-cssui-buttons: Fatal error when clicking on the Show Code buttons on the Buttons tab if the store code has a +
  • 7745: Administrative Interface: Fatal error when using the "Export Products to Flat File" module under Export Data if the store code has a +
  • 7746: Administrative Interface: Fatal error when launching any Wizards from the left navigation bar if the store code has a +
  • 7747: Administrative Interface: Fatal error when configuring list display on the Countries screen if the store code has a +
  • 7748: Administrative Interface: Fatal error when configuring list display on the Groups screen if the store code has a +
  • 7749: Administrative Interface: Fatal error when configuring list display on the Group Users screen if the store code has a +
  • 7750: Administrative Interface: Fatal error when configuring list display on the Group Imports screen if the store code has a +
  • 7751: Administrative Interface: Fatal error when clicking on the "links" button on the category edit page if the category code has a +
  • 7752: Module: cmp-cssui-cattree: Fatal error when recalling versions on the Category Tree Template tab of the Edit Store screen if the store code has a +
  • 7753: Module: cmp-cssui-hdft: Fatal error when recalling versions on the Global Header & Footer tab of the Edit Store screen if the store code has a +
  • 7754: Module: cmp-cssui-head: Fatal error when recalling versions on the HEAD Tag Content/CSS tab of the Edit Store screen if the store code has a +
  • 7755: Module: cmp-cssui-html: Fatal error when recalling versions on the HTML Profile tab of the Edit Store screen if the store code has a +
  • 7756: Module: cmp-cssui-navbar: Fatal error when recalling versions on the Navigation Bar tab of the Edit Store screen if the store code has a +
  • 7757: Module: cmp-cssui-breadcrumbs: Fatal error when recalling versions on the Smart Breadcrumbs tab of the Edit Store screen if the store code has a +
  • 7759: Administrative Interface: Fatal error when configuring list display on the States screen if the store code has a +
  • 7760: Administrative Interface: XSS: g.Store:code in Affiliate_Navigation
  • 7761: Administrative Interface: Fatal error when configuring list display on the Pages screen if the store code has a +
  • 7763: Administrative Interface: Fatal error when configuring list display on the Items tab of the Pages screen if the store code has a +
  • 7764: Administrative Interface: Fatal error when configuring list display on the Pages tab of the Edit Item screen
  • 7765: Administrative Interface: Fatal error when recalling versions on the Page tab of the Edit Page screen if the store code has a +
  • 7767: Administrative Interface: Fatal error when configuring list display on the Items tab of the Edit Page screen if the store code has a +
  • 7768: Module: cmp-cssui-afae: Fatal error when recalling versions on the Affiliate Fields tab of the Edit Page screen if the store code has a +
  • 7769: Module: cmp-cssui-prodlist: Fatal error when recalling versions on the Product List Layout tab of the Edit Page screen if the store code has a +
  • 7770: Module: cmp-mv-imagemachine: Fatal error when recalling versions on the Product List Image Machine tab of the Edit Page screen if the store code has a +
  • 7771: Module: cmp-mv-attributemachine: Fatal error when recalling versions on the Attribute Machine tab of the Edit Page screen if the store code has a +
  • 7775: Module: cmp-cssui-basket: Fatal error when recalling versions on the Basket Contents tab of the Edit Page screen if the store code has a +
  • 7776: Module: cmp-cssui-prodlist: Fatal error when recalling versions on the Category Product List Layout tab of the Edit Page screen if the store code has a +
  • 7777: Module: cmp-mv-imagemachine: Fatal error when recalling versions on the Product Display Layout Image Machine tab of the Edit Page screen if the store code has a +
  • 7778: Module: cmp-mv-content: Fatal error when recalling versions on the Content tab of the Edit Page screen if the store code has a +
  • 7779: Module: cmp-cssui-custfields: Fatal error when recalling versions on the Customer Fields tab of the Edit Page screen if the store code has a +
  • 7780: Module: cmp-cssui-hdft: Fatal error when recalling versions on the Header & Footer tab of the Edit Page screen if the store code has a +
  • 7781: Module: cmp-mv-content: Fatal error when recalling versions on the Content (inline_css)tab of the Edit Page screen if the store code has a +
  • 7783: Module: cmp-cssui-invc-order: Fatal error when recalling versions on the Order Contents tab of the Edit Page screen if the store code has a +
  • 7785: Module: cmp-cssui-invc-custfields: Fatal error when recalling versions on the Customer Information tab of the Edit Page screen if the store code has a +
  • 7786: Module: cmp-cssui-orderlist: Fatal error when recalling versions on the Order History List Layout tab of the Edit Page screen if the store code has a +
  • 7787: Module: cmp-cssui-attributes: Fatal error when recalling versions on the Product Attribute Template tab of the Edit Page screen if the store code has a +
  • 7788: Module: cmp-cssui-prodlayo: Fatal error when recalling versions on the Product Display Layout tab of the Edit Page screen if the store code has a +
  • 7789: Module: cmp-mv-imagemachine: Fatal error when recalling versions on the Category Product List Image Machine tab of the Edit Page screen if the store code has a +
  • 7790: Module: cmp-cssui-prodlist: Fatal error when recalling versions on the Related Product List Layout tab of the Edit Page screen if the store code has a +
  • 7791: Module: cmp-mv-imagemachine: Fatal error when recalling versions on the Related Product List Image Machine tab of the Edit Page screen if the store code has a +
  • 7792: Module: cmp-cssui-prodlist: Fatal error when recalling versions on the Search Results Layout tab of the Edit Page screen if the store code has a +
  • 7793: Module: cmp-mv-imagemachine: Fatal error when recalling versions on the Search Results Image Machine tab of the Edit Page screen if the store code has a +
  • 7829: Core Runtime: Fatal error when using the navigation bar in runtime if the store code contains a +
  • 7832: Module: attrexp: fatal error when exporting attributes if the merchant5/sNN folder is missing
  • 7833: Module: afilexprt: fatal error when exporting Affiliates to Flat File if the merchant5/sNN folder is missing
  • 7834: Module: flatcus: fatal error when exporting Customers to Flat File if the merchant5/sNN folder is missing
  • 7835: Module: flatcat: fatal error when exporting Categories to Flat File if the merchant5/sNN folder is missing
  • 7837: Module: prodexp: empty product export if the merchant5/sNN folder is missing
  • 7838: Administrative Interface: Fatal error when viewing shipping label if the store code has a +
  • 7839: Core Runtime: Password recovery mechanism allows user enumeration
  • 7840: Core Runtime: Customer account creation allows username enumeration
  • 7841: Core Runtime: Customer login attempts are not rate limited
  • 7842: Administrative Interface: Administrative login attempts are not rate limited
  • 7871: Module: paypaladv: PayPalAdv_Call does not specify variable scope when constructing its field list
  • 7872: Module: authnet: authnet.mv: Fails to specify variable scope when constructing its field list
  • 7875: Module: google: Google Checkout has been renamed to Google Wallet
  • 8091: Administrative Interface: Numeric validation routines that permit negative numbers consider "-" valid
  • 8105: Module: paypaladv: The legacy paynet module sent COMMENT1 and COMMENT2 fields which are not sent by the new module
  • 8110: Administrative Interface: When Adding an admin user, password fields do not retain values after switching tabs
  • 8111: Administrative Interface: Admin users who only have the Create Additional Users privilege can not edit user name field
  • 8117: Administrative Interface: Image machine can create resized images with larger image dimensions than the original image.
  • 8123: Provisioning: User_Add generates errors in MySQL strict when the StartInSimpleMode subtag is not present
  • 8131: Module: paypaladv: To work properly with Synchro, PaymentModule_Report_Description must return the credit card type, not "PayPal Payments Advanced and/or Payflow Gateway"
  • 8132: Utility Library: StandardFields_Validate function does not check to see if the secondary address email is populated
  • 8451: Module: paypaladv: when paypals fraud filter tags an order the payment data fields do not display correctly in manage orders
  • 8452: Module: paypaladv: when PayPal fraud filter rejects/declines an order, the order is still created in Miva Merchant.
  • 8559: Provisioning: Creating a shipment through provision allows multiple shipments with same code
  • 8568: Module: authnet: Duplicate window duration field is not validated.
  • 8669: Module: paypalpro: fatal error when unchecking "use customers shipping address" in mysql strict mode.
  • 8670: Module: paypalpro: fatal error when unchecking "Send Order Details" in mysql strict mode
  • 8672: Module: paypaladv: placing an order with CC in the paypal hosted checkout causes a runtime error
  • 8682: Module: templateorderemails: Sparse array functions do not validate externally provided values before using them as array indexes
  • 8683: Core JSON: Runtime_ProductImageList_Load_Product_Variant does not properly handle the MultipleOnly flag
  • 8684: Core JSON: Runtime_ProductImageList_Load_Product_Variant does not verify the sanity of requested image dimensions
  • 8688: Module: google: "Google Wallet" left navigation link is not properly aligned
  • 8689: Module: google: "TM" in "Google Wallet" title on utility screen does not display correctly in UTF-8
  • 8903: Module: cbamazon: "Single Inventory Variant Behavior" should be renamed.
  • 8937: Administrative Interface: Modal window does not resize properly when changing browser window size
  • 8940: Affiliates: Fatal error when updating affiliate code for an affiliate with a non-expired basket referencing the affiliate
  • 8962: Module: flatcat: custom fields data stops exporting after a reset to avoid timeout.
  • 9147: Module: templateorderemails: Sorting emails by Enabled descending causes the title to wrap within the table cell (IE only).
  • 9283: Module: google: google order records are not properly entered when using mysql strict mode
  • 9334: Administrative Interface: Links pages do not attribute encode link text.
  • 9344: Module: endicialabels: Endicia labels does not properly report mysql errors during label generation.
  • 9352: Module: templatebatchreports: Printable invoice, errors when store code contains a +
  • 9353: Setup Script: When configuring the database with setup.xml, the plaintext database password is left on the server
  • 9356: SEO Settings: Multiple concurrent updates of the domain settings screen can corrupt or empty the .htaccess file
  • 9431: Setup Script: When specifying the default user name through setup.xml, pre-encrypted passwords should be permitted
  • 9437: Module: paypalpro: endpoint URLs are not correct in paypal pro
  • 9440: Module: cmp-mv-http-headers: http headers get wiped during a page template code compilation error.
  • 9441: Provisioning: Add an option to delete [pre-]provide.xml instead of copying it to -processed
  • 9442: Provisioning: pre-provide.xml files larger than 10240 bytes create an infinite loop of nested framesets
  • 9496: Provisioning: when using the sNN_ProductVariants table is not updated correctly.
  • 9498: Administrative Interface: Very long product code/name values cause text overflow during Manage Orders
  • 9546: Module: upsxml: Update UPS shield logo image
  • 9583: Module: upsdevkit: Table UPSXMLOptions is not updated upon finishing the wizard to update the "Ship From" fields
(1 vote(s))
This article was helpful
This article was not helpful

Help Desk Software by Kayako support.miva.com/supportsuite/index.php?