AbleCommerce 7.0.0 Service Release 2

Version: AbleCommerce 7.0.0 Asp.Net (build 10863)

Applies to: Build 9879 through 10152

Date: 11/14/2008

Download: ac70_b9879_to_b10863_patch.exe (download replaced by SR3)

2/10/09 - Service Release 3 is now available. You can skip this patch and apply SR3 instead.

DETAILS

Important Security Update

AbleCommerce strives to provide the most secure software possible. As such, we are providing a security update that you should install as soon as possible.

After a complete review by PCI (Payment Card Industry) certification specialists, we discovered a few potential security issues in AbleCommerce 7.0. After installing this update, AbleCommerce 7.0 will be PA-DSS (Payment Application Data Security Standard) compliant.

For your convenience, we have also included the files from the prior Service Release 1 update. So, this cumulative patch will be compatible with AbleCommerce 7.0.0, builds 9879 through 10152.

IMPORTANT: If you have a version earlier than build 9879, you will need to upgrade to final build 9879 first, see Upgrading 7.x Asp.Net. To find your AbleCommerce build number, go to Help > About from the merchant administration page.

After downloading the exe file, extract the contents to a temporary folder. Open the included readme.txt file for instructions.

CHANGE LOG - Service Release 2

Below is a list of issues fixed from build 10152 to 10863. To view the issues fixed between builds 9879 and 10152, please see the change log for the Service Release 1a patch.

Issue ID	Description
6293	Product version in footer for all admin pages
6690	SQL truncation error saving page view data
7047	Limitation of SerialKeyProvider interface
7075	Unable to serialize the session state problem with SQLServer and Custom Session State Modes
7145	SQL injection vulnerabilities in admin scripts
7320	Resolve FxCop warnings generated by Security Rules analysis
7411	Possible CRLF injection vulnerability
7450	PayPal Pay Now button using invalid URL