Release Notes
General
The default country list has been updated with the current ISO-3166-1 list.
Redesigned the mechanism used to install, remove, and register modules within a store in order to increase error tolerance and prevent stores from being inadvertently broken by removal of a component module.
The SEO "Sitemap" page is now deleted when the Sitemap is disabled.
Duplicate database queries have been eliminated during the checkout process.
Timeout handling when processing large provisioning files has been improved.
Attributes for items added to the shopping basket or displayed on an invoice are now displayed using the sort order configured for the product.
A new page, "NTFD - Not Found" has been added. The software now routes requests for pages, products, or categories that do not exist to this page.
The uninstall process now properly drops all database tables from MySQL installations.
The maximum length allowed for the SEO settings short link custom prefix has been extended from 10 characters to 100.
Modules implementing multiple "primary" features may now be installed or removed from any of the screens on which they appear.
When attempting to remove modules that are used by Store Morph items, a message is displayed listing the items and pages which reference the module. The default configuration prevents removal of these modules. A new store setting, "Allow Modules Used by Store Morph Items to be Uninstalled", may be configured to allow the removal of these modules.
Fixed a bug that would occasionally cause error messages of the form "mysql_stmt_prepare: Table 's01_Products' was not locked with LOCK TABLES" to appear in MySQL installations.
Fixed a bug introduced in core-17 that caused both the primary and secondary address to be "optional" for newly created stores.
The Miva Merchant Look & Feel module can now be updated from the "Edit Module" screen and re-added to the domain if it was inadvertently removed.
Administrative Interface
The country list is now editable from the "Countries" tab of the "Domain Settings" screen.
The existing color selector has been replaced with a new and improved version, which is now also available when editing template code.
New-style numeric sorting controls are now available for Attribute Templates.
Users may no longer change the code of an existing Store Morph item.
The administrative login screen now sets the focus to the Username field on load.
The "Parent Category" field is now properly reset when pressing the "Reset" button on the "Add Category" page.
The "Order ID" and "Order Amount" fields are no longer displayed for Affiliate "Referral" transactions.
If a framework is applied and one or more of the pages it contains do not exist, the pages are now automatically created.
Fixed a bug that caused encrypted order data to be lost when processing orders with an invalid passphrase.
Non-encrypted order data is now properly updated when editing an order containing locked encrypted data.
Fixed encoding of the "Invoice Total" column on the "Order Processing" screen, so currency formats that contain special characters are now properly displayed.
When creating a Store Morph item, the software now verifies that the referenced module implements the "component" feature.
Module reference counts are now properly maintained when changing the module referenced by a Store Morph item.
The "Edit Here" button on the "Products" screen now works properly when the product being edited contains special characters in its code.
Fixed a bug that could cause the user interface to respond slowly when the Miva Merchant update server was unavailable.
Runtime Interface
For new installations, the maintenance mode warning message is now displayed using the correct body font.
The missing product attributes page now correctly routes the shopper to a secure or non-secure URL depending on their original destination.
Fixed a bug that allowed duplicate affiliates with the same login to be created.
For new installations, invalid color references have been removed from the AFAD and AFED pages.
The "Account" button in the navigation bar on the INVC page now directs the user to the LOGN screen, instead of an empty account page.
For new installations, fixed typos in the basket contents template that prevented textarea attribute text from being displayed.
The fatal error displayed when a shopper attempts to modify a basket that has expired now displays a more descriptive error message.
Payment Modules have been modified to properly display the payment method name instead of the internal code on the OPAY screen.
When a shopper's basket expires during the checkout process, the shopper now receives a message stating that their basket is empty, instead of allowing them to complete the checkout process with an empty basket.
Fixed a bug that prevented shoppers from checking out if the store was configured with a single country and an optional secondary address.
The checkout process now properly errors if no payment methods are available, instead of previously checking only if one or more payment modules were configured.
The "Require Shipping" option now prevents checkout if no shipping methods are available, instead of previously checking only if one or more shipping modules were configured.
Changed "Diner's Club" to "Diners Club" for all payment modules supporting this card type.
Setup
Setup now properly deploys all files required for Google Checkout.
The install process now displays a validation error if the target MySQL database already contains a Miva Merchant installation.
PA-DSS (These changes do not affect existing installations unless explicitly configured)
Database passwords in merchdb.dat are now encrypted.
Administrative user passwords are now encrypted using SHA1 with 16 bytes of random data as a salt. Passwords for existing users will be encrypted with the new mechanism when those users change their password. This change also allows passwords longer than 8 characters to be used.
The default Administrative Session Timeout is now 15 minutes.
The default Failed Login Lockout Time is now 30 minutes.
Options have been added to enforce password strength requirements. The default requirements for new installations are that passwords must be 7 characters or longer, contain at least one letter and one number or punctuation character, and not be the same as any of the prior 4 passwords used.
Mandatory password changes may now be enforced on a configurable interval. Users are required to change expired passwords when logging into the administrative interface. The default setting for new installations requires a password change every 90 days.
Privileges
The "Orders" store privilege has been renamed to "Order Processing" to more closely match the user interface elements it affects.
Store Privileges are now displayed sorted by the privilege name on the "Add/Edit Group" screen.
The "Marketing Products" and "Marketing Reports" privileges have been removed.
Fixed a bug that prevented users with only the "Add Additional Users" privilege from being able to navigate to the "Add User" screen.
Fixed numerous minor bugs where elements were displayed that did not function due to privilege settings.
Fixed numerous minor bugs that prevented users with limited privileges from navigating to the area where the privileges are used.
Wizard: Set Up Payment
The signup process for Innovative Gateway has been streamlined.
The wizard now resizes itself to fit the content of the PayPal options page, and the alignment of the content on this page has been improved.
Bolding of "Available Payment Methods" has been made more consistent to indicate whether selection of at least one method is required.
Fixed bugs with numerous payment modules that prevented more than a single payment method from being selected.
Wizard: Set Up Sales Tax
An error message is no longer displayed on the first screen of the wizard if the current sales tax module does not support wizard configuration.
Wizard: Design Your Look
The wizard no longer readds the MIVA logo to the navigation bar.
Fixed a process flow bug that could leave a user on an empty step.
General
The default country list has been updated with the current ISO-3166-1 list.
Redesigned the mechanism used to install, remove, and register modules within a store in order to increase error tolerance and prevent stores from being inadvertently broken by removal of a component module.
The SEO "Sitemap" page is now deleted when the Sitemap is disabled.
Duplicate database queries have been eliminated during the checkout process.
Timeout handling when processing large provisioning files has been improved.
Attributes for items added to the shopping basket or displayed on an invoice are now displayed using the sort order configured for the product.
A new page, "NTFD - Not Found" has been added. The software now routes requests for pages, products, or categories that do not exist to this page.
The uninstall process now properly drops all database tables from MySQL installations.
The maximum length allowed for the SEO settings short link custom prefix has been extended from 10 characters to 100.
Modules implementing multiple "primary" features may now be installed or removed from any of the screens on which they appear.
When attempting to remove modules that are used by Store Morph items, a message is displayed listing the items and pages which reference the module. The default configuration prevents removal of these modules. A new store setting, "Allow Modules Used by Store Morph Items to be Uninstalled", may be configured to allow the removal of these modules.
Fixed a bug that would occasionally cause error messages of the form "mysql_stmt_prepare: Table 's01_Products' was not locked with LOCK TABLES" to appear in MySQL installations.
Fixed a bug introduced in core-17 that caused both the primary and secondary address to be "optional" for newly created stores.
The Miva Merchant Look & Feel module can now be updated from the "Edit Module" screen and re-added to the domain if it was inadvertently removed.
Administrative Interface
The country list is now editable from the "Countries" tab of the "Domain Settings" screen.
The existing color selector has been replaced with a new and improved version, which is now also available when editing template code.
New-style numeric sorting controls are now available for Attribute Templates.
Users may no longer change the code of an existing Store Morph item.
The administrative login screen now sets the focus to the Username field on load.
The "Parent Category" field is now properly reset when pressing the "Reset" button on the "Add Category" page.
The "Order ID" and "Order Amount" fields are no longer displayed for Affiliate "Referral" transactions.
If a framework is applied and one or more of the pages it contains do not exist, the pages are now automatically created.
Fixed a bug that caused encrypted order data to be lost when processing orders with an invalid passphrase.
Non-encrypted order data is now properly updated when editing an order containing locked encrypted data.
Fixed encoding of the "Invoice Total" column on the "Order Processing" screen, so currency formats that contain special characters are now properly displayed.
When creating a Store Morph item, the software now verifies that the referenced module implements the "component" feature.
Module reference counts are now properly maintained when changing the module referenced by a Store Morph item.
The "Edit Here" button on the "Products" screen now works properly when the product being edited contains special characters in its code.
Fixed a bug that could cause the user interface to respond slowly when the Miva Merchant update server was unavailable.
Runtime Interface
For new installations, the maintenance mode warning message is now displayed using the correct body font.
The missing product attributes page now correctly routes the shopper to a secure or non-secure URL depending on their original destination.
Fixed a bug that allowed duplicate affiliates with the same login to be created.
For new installations, invalid color references have been removed from the AFAD and AFED pages.
The "Account" button in the navigation bar on the INVC page now directs the user to the LOGN screen, instead of an empty account page.
For new installations, fixed typos in the basket contents template that prevented textarea attribute text from being displayed.
The fatal error displayed when a shopper attempts to modify a basket that has expired now displays a more descriptive error message.
Payment Modules have been modified to properly display the payment method name instead of the internal code on the OPAY screen.
When a shopper's basket expires during the checkout process, the shopper now receives a message stating that their basket is empty, instead of allowing them to complete the checkout process with an empty basket.
Fixed a bug that prevented shoppers from checking out if the store was configured with a single country and an optional secondary address.
The checkout process now properly errors if no payment methods are available, instead of previously checking only if one or more payment modules were configured.
The "Require Shipping" option now prevents checkout if no shipping methods are available, instead of previously checking only if one or more shipping modules were configured.
Changed "Diner's Club" to "Diners Club" for all payment modules supporting this card type.
Setup
Setup now properly deploys all files required for Google Checkout.
The install process now displays a validation error if the target MySQL database already contains a Miva Merchant installation.
PA-DSS (These changes do not affect existing installations unless explicitly configured)
Database passwords in merchdb.dat are now encrypted.
Administrative user passwords are now encrypted using SHA1 with 16 bytes of random data as a salt. Passwords for existing users will be encrypted with the new mechanism when those users change their password. This change also allows passwords longer than 8 characters to be used.
The default Administrative Session Timeout is now 15 minutes.
The default Failed Login Lockout Time is now 30 minutes.
Options have been added to enforce password strength requirements. The default requirements for new installations are that passwords must be 7 characters or longer, contain at least one letter and one number or punctuation character, and not be the same as any of the prior 4 passwords used.
Mandatory password changes may now be enforced on a configurable interval. Users are required to change expired passwords when logging into the administrative interface. The default setting for new installations requires a password change every 90 days.
Privileges
The "Orders" store privilege has been renamed to "Order Processing" to more closely match the user interface elements it affects.
Store Privileges are now displayed sorted by the privilege name on the "Add/Edit Group" screen.
The "Marketing Products" and "Marketing Reports" privileges have been removed.
Fixed a bug that prevented users with only the "Add Additional Users" privilege from being able to navigate to the "Add User" screen.
Fixed numerous minor bugs where elements were displayed that did not function due to privilege settings.
Fixed numerous minor bugs that prevented users with limited privileges from navigating to the area where the privileges are used.
Wizard: Set Up Payment
The signup process for Innovative Gateway has been streamlined.
The wizard now resizes itself to fit the content of the PayPal options page, and the alignment of the content on this page has been improved.
Bolding of "Available Payment Methods" has been made more consistent to indicate whether selection of at least one method is required.
Fixed bugs with numerous payment modules that prevented more than a single payment method from being selected.
Wizard: Set Up Sales Tax
An error message is no longer displayed on the first screen of the wizard if the current sales tax module does not support wizard configuration.
Wizard: Design Your Look
The wizard no longer readds the MIVA logo to the navigation bar.
Fixed a process flow bug that could leave a user on an empty step.
Comment