RSS Feed
Miva Merchant 9.10.00 is now available
Posted by Wayne Smith on 10 July 2018 11:03 AM



New Features


Browser Verification

• When logging in from a new device/browser, a verification code will be emailed to the user. The user must enter this code to authenticate the browser they are using.


Default Groups

• New default groups have been created to make things easier for users.


Two-Factor Authentication

• Administrators and users with a developer license are now required to enable two-factor authentication. When logging in, if they do not have two-factor enabled, they will be directed to a new screen that forces them to enable two-factor authentication.

• Administrator users will have the option to reduce their privileges instead of enabling two-factor.

• Additional two-factor methods:

• YubiCloud

• WebAuthn/U2F support

• Backup tokens


Other Changes

User/Group Improvements

• Groups are now managed at the domain level instead of in each individual store.

• The Add Userdialog has been modified to make it easier to create non-administrator users.

• It is now (deliberately) more difficult to create an administrator user. Two-factor authentication must be enabled in order to give a user the administrator privilege.

• Removed the "create other users" privilege


Time-based One-time Password

• TOTP settings are now configurable only through provisioning

• Two-factor codes are now collected on a separate screen

• Domain-level two-factor enablement flag has been removed • User email and cellphone fields have been added


Subresource Integrity

• Output integrity and crossorigin attributes for all JavaScript in admin and many JavaScript files in clientside


Bugs Fixed

25202: Setup Script: Remove remove.mvc from distributions

26415: Module: customfields: Module: Custom Fields: Read_Product_ID/Code functions should support multi-text fields

26527: Module: customfields: Custom Fields: Add / edit product screen: Multi-text custom fields values are not saved between tab switches

26549: Core JSON: JSON_Image_Upload does not log successful uploads to the admin activity log

26550: Core JSON: JSON_ProductImage_Upload does not log successful uploads to the admin activity log

26551: Core JSON: JSON_Framework_Upload does not log successful uploads to the admin activity log

26552: Customers: Customers: Shipping / Billing Information screen is susceptible to stored cross site scripting

26553: Digital Downloads: Product: Digital Download Settings screen is susceptible to stored cross site scripting

26554: Administrative Interface: Forced Password Changes are not being logged in the admin activity log

26555: Module: stdschtasks: Module: Standard Scheduled Tasks: Add / edit scheduled task screen is susceptible to stored cross site scripting

26570: Customers: Customers: Address Add / Edit Dialog is susceptible to stored cross site scripting

26608: Administrative Interface: Upload of Digital Download files should check for the DDLS modify permission

26610: Digital Downloads: Digital Downloads: The upload button on the edit product screen should only show when the user has the DDLS modify privilege

26743: Module: ptbship: Editing a table to show a redundant ceiling does not display error

26744: Module: wtbship: Editing a table to show a redundant ceiling does not display error

26745: Module: canvat: Incorrect sorting on the Canadian VAT tab

26746: MMBatchList: MMBatchList: Record_Changed should take item as a parameter in order to determine the correct column

26779: Core JSON: JSON_ModuleList_Load_Query should not error when Module_Load_Features has no results

26878: Administrative Interface: License validation error screens have unencoded outputs




Two Factor Authentication -

Browser Verification -

User Groups -


Help Desk Software by Kayako fusion

This website uses cookies to identify visitors, track visitors to our website, store login session information and to remember your user preferences. By continuing to use this site you agree to our use of cookies. Learn More.

ERROR: This domain name (, does not match the domain name in the license key file,

For assistance with your license, please contact the Kayako support team: