Beyond the security fixes listed below a great many bug fixes have been released in this build which improve the overall security and consistency within the Platypus Billing System. It is highly recommended that anyone planning to upgrade to Build 2137 read the Platypus Revision History before performing the upgrade.
Important Notices
- Code Signing: To improve the overall security of the Platypus Billing System, new binaries are now digitally signed. The binaries that are digitally signed are listed in the revision history. Future releases will continue this trend and will include additionally signed binaries.
- Install Set Cleanup: To reduce the overall size of both the Platypus Client install set and the Platypus Server install set, many dll's have been removed because they are now considered part of the Windows operating system. With this change, the Platypus Billing System will no longer be able to run on an operating system older than Windows 2000.
- Microsoft Security Bulletin MS08-070: Security fixes in this bulletin have now been included in both the client and server install sets. For details on this security update, please read the Microsoft Security Bulletin and the Microsoft Knowledge Base Article.
- Microsoft Security Bulletin MS08-052: Security fixes in this bulletin have now been included in both the client and server install sets and will be installed exclusively on machines running Windows 2000. Newer operating systems, such as Windows XP include GDI+ as a system component and updates are automatically included with Windows Update. For details on this security update, please read the Microsoft Security Bulletin and the Microsoft Knowledge Base Article.
- Microsoft ActiveX Controls: The comdlg32.ocx and mscomctl.ocx files have been updated with the files distributed as part of Microsoft Visual Studio 6.0 Service Pack 6.
- Wombat Email Templates: When parsing metatags in an email template, some fields are now considered restricted, meaning that the values are now completely masked or partially masked when sent from the Platypus client. The fields that are completely masked include <<staff_assigned.password>>, <<staff_updated.password>>, <<staff_created.password>>. The fields that are partially masked include <<customer.ccnumber>> and <<customer.acctnumber>>. Note: This change only affects the Platypus client and API. This does not affect emails sent out from the emailer as partof an automated message such as, Ticket Creation or Survey Notification or any email sent as part of the Wombat Email Notification.
- Wombat Knowledge Base API: Many of the API calls used by the Platypus PHP Web Package for displaying the Knowledge Base have been updated to fix SQL injection issues. The severity of these flaws should be considered severe and it is highly recommended that anyone using the Wombat Knowledge Base from the Platypus PHP Web Package immediately upgrade to this release.
- New Security Tags: Several new security tags have been included with this release to improve the overall security of the product. These tags will help protect passwords on staff and customer and will help protect customer credit card numbers and bank account numbers, as well. These tags include the following
- Mask Customer-Credit Card Number - This security tag when unassigned, will partially mask credit card numbers - by masking all but the last 4 digits - from a variety of places in the Platypus client and web. Unlike Field Level-Credit Card Number, having this tag unassigned will not prevent the Staff Member from editing the value.
- Field Level-Account Number - This security tag when unassigned, will either hide or partially mask bank account numbers - by masking all but the last 4 digits - from a variety of places in the Platypus client and web. For example, a Staff Member who does not have this tag assigned will no longer be able to edit the Account Number field in Customer Maintenance.
- Mask Customer-Account Number - This security tag when unassigned, will partially mask bank account numbers - by masking all but the last 4 digits - from a variety of places in the Platypus client and web. Unlike Field Level-Account Number, having this tag unassigned will not prevent the Staff Member from editing the value.
- Mask Customer-Password - This security tag, when unassigned, will completely mask the password field in Customer Maintenance.
- Mask Staff-Password - This security tag, when unassigned, will completely mask the password field in Staff Maintenance.
- Platypus API Configuration: When the Platypus Server is installed on Windows Vista, running this utility may crash on shutdown and prompt the user to see if the program was installed correctly. This has been fixed with a complete rewrite of the utility with a manifest forcing a UAC prompt.
- Wombat Services Configuration: When the Platypus Server is installed on Windows Vista, running this utility may crash on shutdown and prompt the user to see if the program was installed correctly. This has been fixed with a complete rewrite of the utility with a manifest forcing a UAC prompt.
- Versioning: Starting with this release, versions of various components are now syncronized with the version of the client. This will allow for easier troubleshooting and documentation. These components include: "Platypus API Configuration", "Wombat Services Configuration", "Platypus API" service, "Wombat API" (ticket2.dll).
Schema Changes
Build 2137 includes the first schema changes since build 2124. So, anyone upgrading must upgrade their database along with all clients and the API.
- qdetail.qd_category_id: This field has been added to allow categories to be set on line items on quotes. Previously, any line items added to a quote lost any category or subcategory settings. So, when converting a quote to an invoice, no categories or subcategories were saved.
- qdetail.qd_subcategory_id: This field has been added to allow subcategories to be set on line items on quotes. Previously, any line items added to a quote lost any category or subcategory settings. So, when converting a quote to an invoice, no categories or subcategories were saved.
- Invoice Window: In addition to the schema change above, it is now possible to modify the category and subcategory on any line item, regardless of whether that line item is on an invoice or quote, by simply opening an invoice and right-clicking on the line item and selecting "Edit Line Item Properties".
|
|
