Actions

Difference between revisions of "Release notes/10.0.9"

From Convention Master Documentation

(Removed "Current verison")
m
Line 27: Line 27:
 
* Mantis 962 - Created a permission exclusive for downloading the database.
 
* Mantis 962 - Created a permission exclusive for downloading the database.
 
* Mantis 990 - Deprecate PayPal CSV Checker
 
* Mantis 990 - Deprecate PayPal CSV Checker
* Mantis 1019 - SECURITY - Remove command line printing injection vulnerability. This patch fixes a issue that a staffer might be able to actually inject command line arguments or syntax into the command line. This could only be done by a staff user loged in with printer admin permission "SYSTEM_MANAGE_PRINT".
+
* Mantis 1019 - SECURITY [Admin Required - Post Authentication] Command Execution / Injection Vulnerability - Remove command line printing injection vulnerability. This patch fixes a issue that a staffer might be able to actually inject command line arguments or syntax into the command line. This could only be done by a staff user loged in with printer admin permission "SYSTEM_MANAGE_PRINT".
 
* Mantis 1022 - SQL Slow Query Indexes
 
* Mantis 1022 - SQL Slow Query Indexes
 
* Mantis 1028 - Elimination of tempfile needs for CUPS printer method
 
* Mantis 1028 - Elimination of tempfile needs for CUPS printer method

Revision as of 02:23, 2 March 2020

< Release notes


Convention Master 10.0.9 Released on February 23 2020. This is an important upgrade and bugfix release. This release is focused on bug fixes and other improvements. We are now confident in recommending that customers upgrade their production websites to 10.0.9. Please see the upgrade information below.


Security Note: This update contains a security patch for CM.


Upgrade Note: CUPS printing changes: This upgrade changes the way printing works so that it no longer requires temporary file folders for CUPS. This change requires curl to be installed on the server. This is a standard package and you can install it if it is not already by the following command:

sudo apt install curl

Upgrade Note: Theme Style Sheet If you are using a custom theme or a theme other than Redmond please update your main css file with a new class for the new buttons for username login. located in theme/redmond/styles.css on line 1097: .bluebutton class.



The following changes and or features were added

  • Mantis 899 - Kiosk: Username Login - Allow new accounts on existing emails
  • Mantis 926 - Corrected issue that caused credit card CVV to be shown to paying user on receipt. Was not stored and only showed on the screen after payment to the person paying.
  • Mantis 961 - Added the ability to print receipts to PDF printers
  • Mantis 962 - Created a permission exclusive for downloading the database.
  • Mantis 990 - Deprecate PayPal CSV Checker
  • Mantis 1019 - SECURITY [Admin Required - Post Authentication] Command Execution / Injection Vulnerability - Remove command line printing injection vulnerability. This patch fixes a issue that a staffer might be able to actually inject command line arguments or syntax into the command line. This could only be done by a staff user loged in with printer admin permission "SYSTEM_MANAGE_PRINT".
  • Mantis 1022 - SQL Slow Query Indexes
  • Mantis 1028 - Elimination of tempfile needs for CUPS printer method
  • Mantis 1029 - Replacement of Python EPL printing method with native PHP method
  • Mantis 1030 - Remove the requirement that an attendee must have a membership in order to record a payment.
  • Mantis 1031 - Kiosk - change reset password link into two buttons
  • Mantis 1032 - Legacy dealers den shows up errorusly.
  • Mantis 1034 - unpack script calls /bin/php5 rather than /bin/env php
  • Mantis 1035 - Replace /usr/bin/php in shell scripts with /usr/bin/env php
  • Mantis 1037 - event_id in the header fails to populate in the AUP pdf.
  • Updated send_CUPS_label job to use a regex to determine content type for defining printing defaults.
  • Updated send_PDF job to support html being sent to it.
  • Updated AUP_PDF to always output a PDF even when it errors.
  • added events_event_id to $aup_data array
  • Updated Error message on EPL printing.
  • Added better commenting and error handling to bash portion of this PrinterSync and PrinterCalibrate both check inputs now. Added Comments to PrintBadge.sh, PrinterCalibrate.sh, and PrinterSync.sh
  • Change password reset button into two buttons on username kiosks
  • Added FEATURE - The ability to sell products through cash register (to attendees) If you are in the cash register application, if you first scan in n attendee, then add in product UPC's, the system will add ONE of those products to the attendee's shopping cart.
  • Corrected Bug that made it so automated tasks only processed one payment at a time. (include_once vs include)
  • Modified automated tasks manager to have a last carriage return on last line of output.
  • Modified a error message sometimes thrown in account_functions.
  • Ensured that the Automated Tasks Paypal system could support customers paying without a membership.
  • Allow people who have only-products (and no membership) to be able to be checked out at the cash register.
  • Re-enable the lookup of products in the barcode scanning.
  • Upgraded the UI of the cash_register script, this now matches more of the rest of CM.


Upgrading

Before starting an upgrade, we recommend that you backup your Convention Master database and files.

To perform the upgrade, run a Subversion update in the folder that contains your Convention Master installation:

$ svn up /path/to/convention_master


When this has completed, log in to the staff console [yoursite.com/console] with an account that has the "Perform DB and System Upgrades" permission to automatically trigger any pending schema updates. DO NOT FORGET THIS STEP, otherwise it will leave your install in a locked upgrade state.

For fuller/more complete information on upgrading your Convention Master installation, please see our upgrade documentation.

If you have any questions or comments, please email us at support@civetsolutions.com.

Categories