From: Jon Jensen To: interchange-announce@icdevgroup.org, interchange-users@icdevgroup.org Subject: [Interchange-announce] Interchange 5.4.2 released Date: Tue, 6 Feb 2007 21:51:16 -0700 (MST) The Interchange Development Group is pleased to announce the release of Interchange 5.4.2, the latest production-ready version of our web application server. This is a maintenance release and upgrading from versions 5.4.0 or 5.4.1 should present no compatibility problems. The main changes are: * Fixed a DoS exploit caused by carefully crafted HTTP POST requests. * Worked around apparent Perl bug that allowed code called by DispatchRoutines to overwrite the routines arrays themselves. * Fixed [sql-quote] sub-tag of the [query] tag, which didn't work for multi-line column data. * Fixed masking of unencrypted credit card numbers to work with a custom MV_CREDIT_CARD_INFO_TEMPLATE that does not match the regexp. Also fixed the regexp so it removes the CVV2 value from the unencrypted data. * Fixed shipping problem with the temporary mv_shipping cart, which could cause trouble in cart recalculations. * Made get_option_hash return a copy when passed a reference. * Don't run check_sub on POSTAUTH for Linkpoint. * Made &and and &or profile commands work when alone on a line between two profile checks. * Increased XHTML compatibility and fixed some CSS. * Various admin, Standard demo, and Debian package fixes. The software and a more detailed change log are available here: http://ftp.icdevgroup.org/interchange/5.4/ Detached PGP signatures of the packages (signed by my key, ID DCCAC084) are in the download directory. Cryptographic hashes for interchange-5.4.2.tar.gz are: MD5: 15e706c472ce7bae28e85e61291d4a46 SHA1: 7bded027ad7720059e26b6dd5e1d513108d92663 Further information and links to documentation and the user discussion mailing list are at: http://www.icdevgroup.org/ Jon Jensen Interchange Development Group PGP key: http://ftp.icdevgroup.org/keys/jon-jensen-dccac084.txt