RSS Feed
News
Jul
10
Miva Merchant 9.10.00 is now available
Posted by Wayne Smith on 10 July 2018 11:03 AM

THIS IS A SECURITY RELEASE AND PER PCI-DSS REQUIREMENTS YOU MUST UPGRADE WITHIN 30 DAYS

 

New Features

 

Browser Verification

• When logging in from a new device/browser, a verification code will be emailed to the user. The user must enter this code to authenticate the browser they are using.

 

Default Groups

• New default groups have been created to make things easier for users.

 

Two-Factor Authentication

• Administrators and users with a developer license are now required to enable two-factor authentication. When logging in, if they do not have two-factor enabled, they will be directed to a new screen that forces them to enable two-factor authentication.

• Administrator users will have the option to reduce their privileges instead of enabling two-factor.

• Additional two-factor methods:

• YubiCloud

• WebAuthn/U2F support

• Backup tokens

 

Other Changes

User/Group Improvements

• Groups are now managed at the domain level instead of in each individual store.

• The Add Userdialog has been modified to make it easier to create non-administrator users.

• It is now (deliberately) more difficult to create an administrator user. Two-factor authentication must be enabled in order to give a user the administrator privilege.

• Removed the "create other users" privilege

 

Time-based One-time Password

• TOTP settings are now configurable only through provisioning

• Two-factor codes are now collected on a separate screen

• Domain-level two-factor enablement flag has been removed • User email and cellphone fields have been added

 

Subresource Integrity

• Output integrity and crossorigin attributes for all JavaScript in admin and many JavaScript files in clientside

 

Bugs Fixed

25202: Setup Script: Remove remove.mvc from distributions

26415: Module: customfields: Module: Custom Fields: Read_Product_ID/Code functions should support multi-text fields

26527: Module: customfields: Custom Fields: Add / edit product screen: Multi-text custom fields values are not saved between tab switches

26549: Core JSON: JSON_Image_Upload does not log successful uploads to the admin activity log

26550: Core JSON: JSON_ProductImage_Upload does not log successful uploads to the admin activity log

26551: Core JSON: JSON_Framework_Upload does not log successful uploads to the admin activity log

26552: Customers: Customers: Shipping / Billing Information screen is susceptible to stored cross site scripting

26553: Digital Downloads: Product: Digital Download Settings screen is susceptible to stored cross site scripting

26554: Administrative Interface: Forced Password Changes are not being logged in the admin activity log

26555: Module: stdschtasks: Module: Standard Scheduled Tasks: Add / edit scheduled task screen is susceptible to stored cross site scripting

26570: Customers: Customers: Address Add / Edit Dialog is susceptible to stored cross site scripting

26608: Administrative Interface: Upload of Digital Download files should check for the DDLS modify permission

26610: Digital Downloads: Digital Downloads: The upload button on the edit product screen should only show when the user has the DDLS modify privilege

26743: Module: ptbship: Editing a table to show a redundant ceiling does not display error

26744: Module: wtbship: Editing a table to show a redundant ceiling does not display error

26745: Module: canvat: Incorrect sorting on the Canadian VAT tab

26746: MMBatchList: MMBatchList: Record_Changed should take item as a parameter in order to determine the correct column

26779: Core JSON: JSON_ModuleList_Load_Query should not error when Module_Load_Features has no results

26878: Administrative Interface: License validation error screens have unencoded outputs

 

 

Docs

Two Factor Authentication - https://docs.miva.com/how-to-guides/two-factor-authentication

Browser Verification - https://docs.miva.com/how-to-guides/browser-verification

User Groups - https://docs.miva.com/how-to-guides/user-groups

 


Help Desk Software by Kayako fusion

This website uses cookies to identify visitors, track visitors to our website, store login session information and to remember your user preferences. By continuing to use this site you agree to our use of cookies. Learn More.

Accept