[ic] Interchange 5.4.2 released

Jon Jensen jon at endpoint.com
Tue Feb 6 23:51:16 EST 2007

The Interchange Development Group is pleased to announce the release of 
Interchange 5.4.2, the latest production-ready version of our web 
application server. This is a maintenance release and upgrading from 
versions 5.4.0 or 5.4.1 should present no compatibility problems.

The main changes are:

* Fixed a DoS exploit caused by carefully crafted HTTP POST requests.

* Worked around apparent Perl bug that allowed code called by
   DispatchRoutines to overwrite the routines arrays themselves.

* Fixed [sql-quote] sub-tag of the [query] tag, which didn't work for
   multi-line column data.

* Fixed masking of unencrypted credit card numbers to work with a custom
   MV_CREDIT_CARD_INFO_TEMPLATE that does not match the regexp. Also fixed
   the regexp so it removes the CVV2 value from the unencrypted data.

* Fixed shipping problem with the temporary mv_shipping cart, which could
   cause trouble in cart recalculations.

* Made get_option_hash return a copy when passed a reference.

* Don't run check_sub on POSTAUTH for Linkpoint.

* Made &and and &or profile commands work when alone on a line between two
   profile checks.

* Increased XHTML compatibility and fixed some CSS.

* Various admin, Standard demo, and Debian package fixes.

The software and a more detailed change log are available here:


Detached PGP signatures of the packages (signed by my key, ID DCCAC084) 
are in the download directory. Cryptographic hashes for 
interchange-5.4.2.tar.gz are:

MD5: 15e706c472ce7bae28e85e61291d4a46
SHA1: 7bded027ad7720059e26b6dd5e1d513108d92663

Further information and links to documentation and the user discussion 
mailing list are at:


Jon Jensen
Interchange Development Group
PGP key: http://ftp.icdevgroup.org/keys/jon-jensen-dccac084.txt

More information about the interchange-users mailing list