AbleCommerce 7.0.0 Service Release 2

Version: AbleCommerce 7.0.0 Asp.Net (build 10863)

Applies to: Build 9879 through 10152

Date:  11/14/2008

Download: ac70_b9879_to_b10863_patch.exe (download replaced by SR3)

2/10/09 - Service Release 3 is now available.  You can skip this patch and apply SR3 instead.  

 

DETAILS

Important Security Update

AbleCommerce strives to provide the most secure software possible.  As such, we are providing a security update that you should install as soon as possible.

After a complete review by PCI (Payment Card Industry) certification specialists, we discovered a few potential security issues in AbleCommerce 7.0.  After installing this update, AbleCommerce 7.0 will be PA-DSS (Payment Application Data Security Standard) compliant.

For your convenience, we have also included the files from the prior Service Release 1 update.  So, this cumulative patch will be compatible with AbleCommerce 7.0.0, builds 9879 through 10152.   

IMPORTANT:  If you have a version earlier than build 9879, you will need to upgrade to final build 9879 first, see Upgrading 7.x Asp.Net. To find your AbleCommerce build number, go to Help > About from the merchant administration page.

After downloading the exe file, extract the contents to a temporary folder.  Open the included readme.txt file for instructions.

 

 

CHANGE LOG - Service Release 2

Below is a list of issues fixed from build 10152 to 10863.  To view the issues fixed between builds 9879 and 10152, please see the change log for the Service Release 1a patch.

Issue ID

Description

6293

Product version in footer for all admin pages

6690

SQL truncation error saving page view data

7047

Limitation of SerialKeyProvider interface

7075

Unable to serialize the session state problem with SQLServer  and Custom Session State Modes

7145

SQL injection vulnerabilities in admin scripts

7320

Resolve FxCop warnings generated by Security Rules analysis

7411

Possible CRLF injection vulnerability

7450

PayPal Pay Now button using invalid URL