Instructions before applying Service Patch
This service release patch will ensure that you have an additional layer of encryption to your existing encryption key. Before applying the patch, please take a backup of your existing key.
1. Find {website}\app_data\encryption.config
2. Make a copy of this file and place it in a different temporary folder. DO NOT CHANGE the file name or move to a new location.
3. Apply the patch by following the steps below.
Download and apply Service Patch
-
AbleCommerce Gold R10 WAP SR1 (build 8620): Gold_R10_SR1(WAP).zip
MD5: fa24933727980dc691292ab778aa7c2d -
AbleCommerce Gold R10 WSP SR1 (build 8620): Gold_R10_SR1(WSP).zip
MD5: 8ac7196e6c87bee92fc41d80cfbb0cf0
-
Determine the type of version you are using, WAP or WSP, and download the applicable file.
-
Using the MD5 checksum number provided, you can verify the integrity of the download before extraction (see below).
-
Extract the contents. Only changed files are included in the service pack.
-
Compare the new files with your original ones, and merge any custom changes if needed.
-
Copy all files to their respective locations.
-
Recompile the application if using the WAP version.
TO VERIFY THE DOWNLOAD:
1. Go to WinMD5.com or any other utility that can provide checksum validation.
2. Download and Run the utility.
3. Select the downloaded file.
4. In the field provided, past the original MD5 value provided by AbleCommerce help site, and click Verify.
5. If the validation fails, do NOT install the patch. Instead, contact support@ablecommerce.com for help.
Change Log (between builds 8302 and 8620)
|
ISSUE ID |
SEVERITY |
DESCRIPTION |
|
AC8-2926 |
Normal |
SSL must be enabled in order to view credit card data |
|
AC8-2920 |
Normal |
Clarify description if encryption key is restored from old backup |
|
AC8-2919 |
Normal |
Change session timeout in web.config from 30 min. to 15 min. |
|
AC8-2918 |
High |
encryption.config has unprotected hash |
|
AC8-2879 |
Normal |
Very slow retail side search due to product descriptions using special characters |
|
AC8-2899 |
Normal |
Discount dialog is missing from products that are associated to the discounted sub-category. |
|
AC8-2871 |
Normal |
Discount needs to be applied to basket sub-total only. |
|
AC8-2877 |
Normal |
Discount applied to a Kitted item only works if the products are hidden/required |
|
AC8-2838 |
Normal |
USPS International RateV2 needs to be updated by May 31st 2015 |
|
AC8-2836 |
High |
Security Risk in User.Migrate if admin user forgets to log-out during testing |
|
AC8-2810 |
Normal |
Disable mobile store not working properly |
|
AC8-2803 |
Normal |
Review Reminder emails not working as expected |
|
AC8-2801 |
Normal |
Product Finder (search.aspx) loses the category or manufacturer selection if sorting is changed |
NOTE: If you are entitled to the CommerceBuilder source code, and would like to receive the source code updates made with this release, then please make a request through your order. We will be happy to furnish this information to you through your secure account login.
Instructions after applying Service Patch -
IMPORTANT INFORMATION REGARDING NEW ENCRYPTION
If you experience a problem with the (payment, tax, or shipping) gateway configuration data disappearing after the server is restarted or application pool recycled, then follow one of the two remedies below.
The extra protection code for encryption key requires the Load User Profile setting to be enabled for the Application Pool. In order to solve above problem either this setting must be enabled or one must specify a machine key in web.config.
REQUIRED FOR RESPONSIVE TEMPLATES:
In new installs of Gold R10, the mobile store is supposed to be disabled by default because of the new responsive templates. The setting was not working properly, and as a work-around, it needed to be checked (enabled) to actually disable the mobile store.
If you had previously enabled the mobile store as a temporary work-around to fix issue AC8-2810 (Disable mobile store not working properly), then you need to undo that change after applying the service patch.
To do this, go to the Configure > Store > Mobile Settings page and check the box to disable the mobile store.
REQUIRED FOR PCI COMPLIANCE:
To be compliant with PA-DSS version 3.0, you must change the session time-out from 30 minutes to 15 minutes. This is a manual change if you are applying the service patch. This step is only required for production websites.
Open your web.config file and find the following lines of code:
CHANGE FROM -
<authentication mode="Forms">
<forms timeout="30" slidingExpiration="true" name="ACGOLD.ASPXAUTH"/>
</authentication>
<sessionState mode="InProc" timeout="30" cookieName="ACGOLD.SESSIONID"/>
CHANGE TO -
<authentication mode="Forms">
<forms timeout="15" slidingExpiration="true" name="ACGOLD.ASPXAUTH"/>
</authentication>
<sessionState mode="InProc" timeout="15" cookieName="ACGOLD.SESSIONID"/>
If you need to merge any customizations, we recommend that you use a file compare and merge utility such as WinMerge. WinMerge is an Open Source file compare and merge utility which runs on all modern Windows versions. Latest WinMerge version and other WinMerge information is available at http://winmerge.org 