Skip to main content.

Interchange News

  • Interchange 5.4.2 released

    Posted on February 7, 2007 by Stefan Hornburg

    The Interchange Development Group is pleased to announce the release of Interchange 5.4.2, the latest production-ready version of our web application server. This is a maintenance release and upgrading from Interchange 5.4.0 should present no compatibility problems.

    The main changes are:

    • Fixed a DoS exploit caused by carefully crafted HTTP POST requests (CVE-2007-2635).
    • Worked around apparent Perl bug that allowed code called by DispatchRoutines to overwrite the routines arrays themselves.
    • Fixed [sql-quote] sub-tag of the [query] tag, which didn’t work for multi-line column data.
    • Fixed masking of unencrypted credit card numbers to work with a custom MV_CREDIT_CARD_INFO_TEMPLATE that does not match the regexp. Also fixed the regexp so it removes the CVV2 value from the unencrypted data.
    • Fixed shipping problem with the temporary mv_shipping cart, which could cause trouble in cart recalculations.
    • Made get_option_hash return a copy when passed a reference.
    • Don’t run check_sub on POSTAUTH for Linkpoint.
    • Made &and and &or profile commands work when alone on a line between two profile checks.
    • Increased XHTML compatibility and fixed some CSS.
    • Various admin, Standard demo, and Debian package fixes.

News archive