Interchange News

Marco Pessotto joins Interchange core developer team
Posted on August 26, 2020 by Jon Jensen

We are happy to announce that Marco Pessotto recently joined the Interchange core developer team! Marco’s involvement with Interchange dates back to 2013 or earlier. He has contributed several core code commits and worked on many Interchange stores.
You can find Marco also involved at his web home or working on his CMS/wiki engine/publishing software called amusewiki.
We look forward to working even more closely with Marco in the future!
Admin XSS security vulnerabilities fixed (CVE-2020-12685)
Posted on May 14, 2020 by Jon Jensen

The Interchange admin in versions 4.7.0 through 5.11.x (before 2020-05-15) was vulnerable to cross-site scripting (XSS) injection attacks in the help and quicklinks pages.
Attackers could use browser JavaScript to steal client-side credentials such as a session cookie or delivered page data. The attack type is reflected XSS, active for a single page request via tainted link, not stored in the database or in page files or reusably in the session.
This was found and reported by Sean Fernandez. Thank you very much! It has been assigned the identifier CVE-2020-12685.
To resolve the problem, apply the patch from commit 243ab0eea0a, or download the new versions of the 2 corrected files:
```
u1=https://raw.githubusercontent.com/interchange/interchange/243ab0eea0ae1d8d8f3e333128349f104b7e04bf
u2=$u1/dist/lib/UI/pages/admin
curl --remote-name-all $u2/help.html $u2/quicklinks.html
```
Then copy them into place in your global admin installation:
```
cp help.html quicklinks.html /path/to/interchange/lib/UI/pages/admin/
```
If you made catalog-local copies to customize those files, you will need to apply the fixes there manually in /path/to/catalog/pages/admin/.
Restarting the Interchange daemon is not necessary.
The nightly build now includes the fixes, as will the upcoming 5.12.0 release.
Project website refresh
Posted on April 25, 2020 by Jon Jensen

This Interchange project website has gotten a refresh to its design and organization, to prepare for the Interchange 5.12 release.
Zed Jensen and Seth Jensen updated the design with a new logo, home page banner, typeface, and more pleasant design. They also added a list of recent commits from GitHub on the home page to give prominent visibility into code changes.
I updated the site organization to combine the two separate link menu components to make navigation more consistent, and make more important pages easier to reach. The Interchange history page now includes more key events from recent years, and the Interchange news page once again shows history prior to 2005 that was lost in the last site reimplementation.
If you run into any problems, please let us know by opening a GitHub issue!
Interchange 5.12.0 release candidate 1
Posted on March 1, 2020 by David Christensen

The Interchange Development Group is preparing the latest release of Interchange, 5.12.0. As such, we are announcing the initial release candidate. If you are able, please test this release in a non-production environment and provide any additional feedback.
The changes in this version are extensive, and include multiple years’ worth of development, bug fixes, and improvements. For details on this release, please see the WHATSNEW file for this release.
Get the rc1 download, detached signature (signed by key id DF9B65B8), which have these SHA-1 sums:
```
95719fea81883fa3e15ca4b35b21af2d39d57012  interchange-5.12.0-rc1.tar.gz
e82705c5f7b8273fb7449c8c0468aa28eeb11d36  interchange-5.12.0-rc1.tar.gz.asc
```

News archive

2020-08-26: Marco Pessotto joins Interchange core developer team
2020-05-14: Admin XSS security vulnerabilities fixed (CVE-2020-12685)
2020-04-25: Project website refresh
2020-03-01: Interchange 5.12.0 release candidate 1
2018-11-22: Domain and server move
2016-01-06: Interchange 5.10.0 Released!
2015-12-30: 2015 Perl Dancer Conference reports
2015-08-20: New template for Interchange
2015-08-18: 2015 Perl Dancer Conference
2014-10-13: Core team changes
2014-08-22: Perl::Dancer Conference 2014
2014-07-07: Interchange 5.8.2 stable release
2014-07-02: Interchange6::Cart Hackathon on 14 July 2014
2014-06-25: Perusion developers release two new Bootstrap based templates for use with Interchange
2014-03-13: Interchange 5.8.1 stable release
2014-02-26: Interchange 6 Hackathon
2013-10-30: Ecommerce Innovation conference report
2013-07-19: Interchange 5.8.0 stable release
2013-03-18: eCommerce Innovations 2013 Conference
2013-02-13: Extensive Hall of Fame updates
2012-12-28: Josh Lavin joins Interchange core team
2011-06-12: Interchange 5.7.7 development release
2011-04-14: IRC Meeting Report
2011-03-28: Interchange IRC Meeting: April 14, 2011
2010-03-24: Interchange security releases: 5.7.6, 5.6.3, 5.4.5
2010-02-23: Interchange 5.7.5 development release
2009-12-09: Interchange 5.7.4 development release
2009-11-05: Interchange 5.7.3 development release
2009-09-17: Interchange security releases: 5.7.2, 5.6.2, 5.4.4
2009-08-23: Next Interchange community meeting
2009-08-13: David Christensen joins core team
2009-08-12: Payflow Pro legacy API retirement on September 1
2009-05-25: Interchange source code migrated to Git
2009-05-19: LinuxTag 2009
2009-05-13: Experimental UTF-8 branch
2008-12-05: JT Justman joins the Interchange core team
2008-11-13: Interchange 5.4.3, 5.6.1, 5.7.1 released
2008-06-01: Back from LinuxTag
2008-05-21: Interchange 5.6.0 released
2008-05-17: Interchange 5.5.3 development released
2008-05-08: Interchange at LinuxTag 2008!
2008-04-29: Interchange 5.5.2 development release available
2007-08-21: Interchange 5.5.1 development release available
2007-08-08: Bug Squashing Party
2007-06-18: New Debian Packages (5.4.2-3)
2007-06-13: Debian Packages for Etch
2007-04-05: Interchange goes to LinuxTag!
2007-02-27: Ron Phipps joins the Interchange core team
2007-02-07: Interchange 5.4.2 released
2006-08-28: New Developers pajamian and thunder
2006-05-26: Interchange 5.4.1 released
2006-03-28: Improved search system on www.icdevgroup.org
2006-03-27: [/page] and [/order] macros
2006-03-25: XMLDOCS documentation
2006-01-31: Development tree notice
2005-12-31: Interchange 5.4 release
2005-12-12: Interchange 5.3.3 developer release
2005-12-12: New ICDEVGROUP website
2005-11-23: Interchange 5.3.2 beta release available
2005-11-08: PayPal Pro Payments Module
2005-10-18: Interchange 5.4 (stable) release schedule
2005-09-23: Security flaw found in Interchange demo
2005-06-07: Admin UI Documentation
2004-05-05: Interchange 5.2.0 released
2004-04-20: Interchange 5.1.1 beta now available
2004-04-20: Business::OnlinePayment support for Interchange
2004-04-12: Interchange 5.1.0 beta released
2004-03-29: Interchange 5.0.1 and 4.8.9 released
2003-12-15: Interchange 5.0 released
2003-11-12: Interchange User fMRIDC.org in Infoworld Top 100
2003-10-31: Interchange 4.9.9 released
2003-06-19: Interchange 4.9.8 released
2003-01-30: Interchange 4.8.7 released
2002-12-19: Interchange Documentation Wiki
2002-12-12: interchange.rtfm.info
2002-12-12: Interchange 4.9.5 Released
2002-12-02: Interchange 4.9.4 released
2002-11-14: Order Fulfillment: The E-Commerce Deal Breaker
2002-10-28: Interchange on front cover of Linux Magazine
2002-10-28: Some docs for Interchange 4.9
2002-10-26: Whither Red Hat?
2002-10-21: New web site look and feel, new server provider
2002-09-25: Interchange 4.9.3 Nightly Build Available
2002-08-18: Interchange 4.8.6 released — IMPORTANT upgrade
2002-07-22: Interchange 4.9.1 alpha released
2002-05-06: Interchange 4.8.5 released
2002-05-02: Interchange 4.8.4 patch
2002-04-30: Interchange 4.8.4 released
2001-12-04: Updates to the Developers Site
2001-11-28: Interchange Application Server WebCast
2001-11-28: Interchange 4.8.3 released
2001-11-19: WebTechniques reviews Red Hat E-Commerce Suite
2001-11-08: ZDNet Review of the Red Hat E-Commerce Suite
2001-10-16: Linux-Magazin (German) Interchange article
2001-09-24: Red Hat E-commerce Suite available for purchase
2001-09-20: IDC white paper on Red Hat e-commerce available
2001-09-20: Upcoming Webcast on Interchange
2001-09-19: Interchange 4.8.2 released
2001-08-14: Printed Interchange documentation available
2001-08-13: Interchange 4.8.1 released
2001-07-26: Interchange 4.7.7 beta released
2001-07-18: Interchange 4.7.6 beta released
2001-07-03: Development release of Interchange 4.7.5
2001-06-16: Development release of Interchange 4.7.4
2001-06-12: Development release of Interchange 4.7.3
2001-06-12: Interchange Training Classes
2001-05-10: Development release of Interchange 4.7.2
2001-04-17: Interchange 4.6.5 released
2001-04-01: Interchange 4.6.4 released
2001-03-28: Development release of Interchange 4.7.1
2001-03-19: About Interchange
2001-03-01: Interchange Surveys
2001-03-01: Interchange Tutorial
2001-02-09: Interchange 4.6.3 released
2001-02-08: Interchange 4.6.2 released
2001-02-06: Red Hat Acquires Akopia and Interchange
2001-02-04: #interchange channel on IRC
2000-12-03: Interchange 4.6.1 released
2000-10-27: Interchange 4.6.0 released
2000-10-20: Interchange 4.5.8 beta released
2000-10-19: Overhauled documentation available
2000-10-06: Interchange 4.5.7 beta released
2000-09-26: Interchange 4.5.6 beta released
2000-08-10: Akopia Developer Resource site launched