The Interchange Development Group is pleased to announce the release of
Interchange 5.4.2, the latest production-ready version of our web
Users of Interchange 5.4.0 and 5.4.1 are encouraged to upgrade to this version,
and should find no compatibility problems in doing so.
Users of earlier releases should also plan to upgrade,
rather than be left behind.
The main changes include:
- Fixed a potential DoS issue, which could be exploited with a carefully crafted HTTP POST request.
- Worked around an apparent Perl bug which allowed code, called by DispatchRoutines, to overwrite internal array data.
- Fixed the [query] tag's [PREFIX-quote] sub-tag, which didn't work for multi-line column data.
- Fixed masking of unencrypted credit card numbers to optionally work with a custom-supplied MV_CREDIT_CARD_INFO_TEMPLATE that does not match the regex.
Also fixed the regex so that it removes the CVV2 value from the unencrypted data.
- Fixed shipping problem with the temporary "mv_shipping" cart, which could cause trouble with cart recalculations.
- Made "get_option_hash" return a copy when passed a reference.
- The Linkpoint payment module no longer runs "check_sub" during POSTAUTH requests.
- Made "&and" and "&or" profile commands work when alone on a line between two profile checks.
- Increased XHTML compatibility and fixed CSS problems in the Standard demo.
- Various admin system, Standard demo and Debian package fixes.
As usual, Interchange can be downloaded from either of the following locations: