AbleCommerce 7.0.0 Service Release 2

Version: AbleCommerce 7.0.0 Asp.Net (build 10863)

Applies to: Build 9879 through 10152

Date:  11/14/2008

Download: ac70_b9879_to_b10863_patch.exe (download replaced by SR3)

2/10/09 - Service Release 3 is now available.  You can skip this patch and apply SR3 instead.  



Important Security Update

AbleCommerce strives to provide the most secure software possible.  As such, we are providing a security update that you should install as soon as possible.

After a complete review by PCI (Payment Card Industry) certification specialists, we discovered a few potential security issues in AbleCommerce 7.0.  After installing this update, AbleCommerce 7.0 will be PA-DSS (Payment Application Data Security Standard) compliant.

For your convenience, we have also included the files from the prior Service Release 1 update.  So, this cumulative patch will be compatible with AbleCommerce 7.0.0, builds 9879 through 10152.   

IMPORTANT:  If you have a version earlier than build 9879, you will need to upgrade to final build 9879 first, see Upgrading 7.x Asp.Net. To find your AbleCommerce build number, go to Help > About from the merchant administration page.

After downloading the exe file, extract the contents to a temporary folder.  Open the included readme.txt file for instructions.



CHANGE LOG - Service Release 2

Below is a list of issues fixed from build 10152 to 10863.  To view the issues fixed between builds 9879 and 10152, please see the change log for the Service Release 1a patch.

Issue ID



Product version in footer for all admin pages


SQL truncation error saving page view data


Limitation of SerialKeyProvider interface


Unable to serialize the session state problem with SQLServer  and Custom Session State Modes


SQL injection vulnerabilities in admin scripts


Resolve FxCop warnings generated by Security Rules analysis


Possible CRLF injection vulnerability


PayPal Pay Now button using invalid URL