2020.3 Release 3, 2020.4 Release 1, 2 & 3
New FeaturesĀ š¤©
- New Webhooks management page in Apps & Add-Ons
- Launched scheduled import/export notification alerts
- Added loading animation to common action buttons/menus
- When a new custom shipping method is created, there is now an option to set it as 'Active' on the method, but 'Inactive' in the Custom Shipping Method Settings' for all stores. This way it can be added to desired stores later rather than having to go and mark it as inactive for all others individually at time of setup.
- Dashboard widget for Up/Down Indicator now shows +/- on number of orders not just revenue
- New merge codes for previous and next blog post: $$PREVBLOGPOST$$ $$NEXTBLOGPOST$$
- New field now available for Product Group Item so you can display what product group the item is related to. New merge for this field to show on product page sis $$RELATIONDESCRIPTION$$
- Export Order Items by warehouse
- Added formatting setting to all ##DATE merge codes
- New merge code for reward points expiration date and days until expiration: ##REWARDEXPIRATIONDATE[formatting]## and ##REWARDPOINTSEXPIREIN##
- Clone Menus capability was added
- Multi Factor Authentication is here, which brings us to...
New Security Stuff š
- We now force logging into admin on shared domain vs custom domain
- New user area to showcase verified Devices and IPs. Settings > Security > Users > Login Devices/IPs
- We no longer allow admin users to set passwords of other users when editing a userĀ
- User creation will now be invite based only where AC will send an email for the user to create their own password.
- New ability to "reset" a user. When a user is reset their password is reset, all saved IP's and devices are deleted and any active session is terminated.
- Ability to "disable" a user. When disabled, the user will not be permitted to login. Upon being disabled, the password will be cleared, active sessions terminated, and any approved devices/locations will be removed. The user may do a "forgot password" after being re-enabled to regain access.
- We will now expire all approved devices after a user hasn't logged in for 90 days
- New security alert email: Alert to store email (and user) when new user created/invited
- New security alert email: Alert to store email when a user's account is forced to re-verify
- New security alert email: Alert to store email (and user) when permissions changed
- New security alert email: Alert to store email (and user) when user phone number changed
- New security alert email: Alert to store email when a user's email is changed
- New security alert email: Alert to store email when logins occur from unexpected device/IP
- New security alert email: Alert to store email (and user)Ā when user passwords change
- We now support text based verification codes and give users choice when verifying device to use phone number or email
- We will now showcase warnings on login when users are missing email/phone records on their user account
- User passwords will now rotate every 90 days (PCI requirement)
Feature Improvements š
- Shared SSL removed as option during Go-Live process
- New app experience styling in place for apps (check QuickBooks Online)
- Added search in QBO Mapping list page
- Moved PayPal currency code to PayPal Checkout app page
- Concurrent session alerts no longer show in overlays
- BASE theme was made the default theme for all new accounts
- Various 404s & Reporting Issues/Fixes
- Fixed styling of some grid layouts on overlay pages
- Added new popup help sections for App pages
- Multi-Page Checkout is hidden unless you select the option to use it on your theme
- Removed reliance of sprites on blog roll widget
- AddThis now loads asynchronously
- API docs updated with Zapier information
- More Zapier testing
Bug Fixes š
- Deprecated Bing Cashback program
- Live Design fix in place now allowing moving widgets around after adding widgets
- Power features section in admin now display better on mobile/tablet
- Amazon orders not showing customers full name in shipping information
- Microstore redirect fix
- After deleting a microstore, that store is showing as associated with several customers
- Shipstation microstore issue fix
- Fixed permission level issues with Virtual TerminalĀ
- Fixed API logging error with /api/v1/customers/get_sso_key
- Fixed issue with import removing custom URL history
- Fixed an issue where user was unable to add linked products w/variants
- Fixed bug with product personalization not passing to order
- Fixed issue with overridden price changes each time order is opened
- Fixed issues when un-linking a grouped product
- Fixed issue with order payment error: DB Item Not Found
- After account creation, trials now properly removed from trial drip series emails
- Naked domain multiple cookie issue was fixed
- Fixed issue with API POST request getting an error
- Solved an issue with long wait time on one page checkout order
- Fixed spots where alternate layout ID loaded default layout
- Fixed default card populating when guest checkout is enabled
- Fixed issue where rule engine "new action" would error
- Saved Wishlists now display purchased qty.
- Fixed customer login widget not redirecting correctly after log in
- Fixed timeouts issues on Place Order
- Fixed issue where imported value for OrderNumber was not showing
- Fixed eProduct emails not sending when making change via API
- Fixed ShipStation XML where it will no longer pull null shipping information
- Amazon pay shipping issues fixed
- Fixed Error: Ambiguous column name ''catID'' when viewing product listĀ
- Fixed issues where orders submitted without payment
- Fixed issue where the overridden Tax Amount was calculating as negative
- Fixed issue were declined orders redirect to Index.htm or 404 page
- Fixed issue where phantom item in quote shows as deleted and causing error
- Fixed issue where gift certificate status was changing on save
- Fixed errors when viewing sales by date reports
- Fixed Issues when redirecting customer to assigned site and z param on wrong protocol/domain
- More corrections to QBO order payment syncing and item mapping
- Fixed issue where when editing linked product it lead to 404
- Fixed issue where sales person from quote was not applied to order
- Fixed issue where serial numbers were not getting pulled for eProduct
- Fixed a file upload error where errors was displaying "File too large"
-
Nice update. Couple of questions :
1/ With regards to "We now support text based verification codes and give users choice when verifying device to use phone number or email" ... could this new functionality be adapted for front-end customer orders too? For example the rule engine determines that a newly placed order has an increased risk of fraud, the system would then present a 'please verify your contact phone number' on the order confirmation page? Admin could then see whether the customer phone number has/hasn't been verified as part of the fraud checking workflow.
2/ Will the new "New Security Stuff' - confirming user accounts set up for the sole purpose of API integrations will not be negatively impacted? i.e. API integrations will not be broken due to forced password resets etc
Cheers
Ā
Ā
1 -
I had similar questions about the new security stuff....
What about passwords for ftp accounts? I currently have automated ftp uploads and downloads to resolve issues I have with the way AC tracks inventory. I hope I won't be seeing these fail every 3 months then need to stop everything and fix all my ftp scripts.
0 -
Great questions!
@Nathan
1/ We are still evaluating front end user or store customer MFA. The fact that we had to build some specific tools for this to work properly for AmeriCommerce does lay good foundational pieces if we decide to roll something out for customer accounts. I would encourage you to upvote that feature request if you haven't already. However, mid-checkout phone number confirmations isn't something we've seen a lot of requests for. Do you have an example of this on another store? That would be interesting to dissect.
2/ API integrations will not be broken due to this. We will be flagging SOAP API users as "Legacy API" users and will prevent admin logins with this user, but keep the API access unaffected. We will be warning users of this in the admin if they are attempting to login via a user with SOAP API access.
@Kathy
FTP accounts will not be affected by this rotation. Only user accounts. :)
0 -
Thanks for the clarification.
With regards to utilising MFA as a fraud mitigation tool on the front end, it would be something to implement AFTER the checkout has been completed, and only enacted on 'high risk' orders, determined by the store admin. (The store admin would determine what constitutes a 'high risk' orderĀ in the AC store rule engine.)
I'll create a feature request for it now.
Cheers
1
Please sign in to leave a comment.
Comments
4 comments