Service Release for AbleCommerce Gold R10

Applies To: These instructions apply to installations running AbleCommerce Gold R10, build 8302 only.

Release Date: 09/21/2015

Make sure you are upgrading to the latest version available to you.

Click here to view the release history notes, and find the latest version of AbleCommerce Gold

Instructions before applying Service Patch

This service release patch will ensure that you have an additional layer of encryption to your existing encryption key.  Before applying the patch, please take a backup of your existing key.

1.  Find {website}\app_data\encryption.config

2.  Make a copy of this file and place it in a different temporary folder.  DO NOT CHANGE the file name or move to a new location.

3.  Apply the patch by following the steps below.

Download and apply Service Patch

 

  1. Determine the type of version you are using, WAP or WSP, and download the applicable file.

  2. Using the MD5 checksum number provided, you can verify the integrity of the download before extraction (see below).

  3. Extract the contents.  Only changed files are included in the service pack.

  4. Compare the new files with your original ones, and merge any custom changes if needed.

  5. Copy all files to their respective locations.

  6. Recompile the application if using the WAP version.

TO VERIFY THE DOWNLOAD:

1.  Go to WinMD5.com or any other utility that can provide checksum validation.

2.  Download and Run the utility.

3.  Select the downloaded file.

4.  In the field provided, past the original MD5 value provided by AbleCommerce help site, and click Verify.

5.  If the validation fails, do NOT install the patch.  Instead, contact support@ablecommerce.com for help.

Change Log (between builds 8302 and 8620)

ISSUE ID

SEVERITY

DESCRIPTION

AC8-2926

Normal

SSL must be enabled in order to view credit card data

AC8-2920

Normal

Clarify description if encryption key is restored from old backup

AC8-2919

Normal

Change session timeout in web.config from 30 min. to 15 min.

AC8-2918

High

encryption.config has unprotected hash

AC8-2879

Normal

Very slow retail side search due to product descriptions using special characters

AC8-2899

Normal

Discount dialog is missing from products that are associated to the discounted sub-category.

AC8-2871

Normal

Discount needs to be applied to basket sub-total only.

AC8-2877

Normal

Discount applied to a Kitted item only works if the products are hidden/required

AC8-2838

Normal

USPS International RateV2 needs to be updated by May 31st 2015

AC8-2836

High

Security Risk in User.Migrate if admin user forgets to log-out during testing

AC8-2810

Normal

Disable mobile store not working properly

AC8-2803

Normal

Review Reminder emails not working as expected

AC8-2801

Normal

Product Finder (search.aspx) loses the category or manufacturer selection if sorting is changed


NOTE:  If you are entitled to the CommerceBuilder source code, and would like to receive the source code updates made with this release, then please make a request through your order.  We will be happy to furnish this information to you through your secure account login.


Instructions after applying Service Patch -

IMPORTANT INFORMATION REGARDING NEW ENCRYPTION

If you experience a problem with the (payment, tax, or shipping) gateway configuration data disappearing after the server is restarted or application pool recycled, then follow one of the two remedies below.

The extra protection code for encryption key requires the Load User Profile setting to be enabled for the Application Pool. In order to solve above problem either this setting must be enabled or one must specify a machine key in web.config.

REQUIRED FOR RESPONSIVE TEMPLATES:  

In new installs of Gold R10, the mobile store is supposed to be disabled by default because of the new responsive templates.  The setting was not working properly, and as a work-around, it needed to be checked (enabled) to actually disable the mobile store.

If you had previously enabled the mobile store as a temporary work-around to fix issue AC8-2810 (Disable mobile store not working properly), then you need to undo that change after applying the service patch.  

To do this, go to the Configure > Store > Mobile Settings page and check the box to disable the mobile store.

 

REQUIRED FOR PCI COMPLIANCE:

To be compliant with PA-DSS version 3.0, you must change the session time-out from 30 minutes to 15 minutes.  This is a manual change if you are applying the service patch.  This step is only required for production websites.

Open your web.config file and find the following lines of code:

CHANGE FROM -

    <authentication mode="Forms">

      <forms timeout="30" slidingExpiration="true" name="ACGOLD.ASPXAUTH"/>

    </authentication>

    <sessionState mode="InProc" timeout="30" cookieName="ACGOLD.SESSIONID"/>

CHANGE TO -

    <authentication mode="Forms">

      <forms timeout="15" slidingExpiration="true" name="ACGOLD.ASPXAUTH"/>

    </authentication>

    <sessionState mode="InProc" timeout="15" cookieName="ACGOLD.SESSIONID"/>

 

If you need to merge any customizations, we recommend that you use a file compare and merge utility such as WinMerge.  WinMerge is an Open Source file compare and merge utility which runs on all modern Windows versions.  Latest WinMerge version and other WinMerge information is available at http://winmerge.org

 

Copyright © 1994 - 2017 AbleCommerce.com, All rights Reserved | Privacy Policy

A division of Able Solutions Corporation - Vancouver, WA