Installation/Upgrade Information


View this article for step-by-step instructions on upgrading MemberMouse


View this article for a list of known issues with MM 2.2.5

Security Audit

As part of our continuing commitment to provide a secure platform for our customers, we engaged Pritect.net to conduct a security audit on our full codebase. This release addresses multiple issues that were discovered, ranging from privilege escalation vulnerabilities to strengthening the source of entropy used in API key and password generation. Special thanks to James Golovich of Pritect.net for providing the security audit.


Summary

  • Tested against WordPress 4.5
  • Since the release of WordPress version 4.2.3, which included substantial changes to the Shortcode API, there have been a number of issues that have cropped up in relation to SmartTags (namely thesethis and this). In this version of MemberMouse we've built our own tag processor so that we are no longer as reliant on the WordPress shortcode system to process SmartTags and therefore less open to potential conflicts caused by other plugins or themes installed. (1302)
  • Added billingCountryName attribute to the MM_Order_Data SmartTag to enable outputting the printable country name instead of the country ISO code. (1337)
  • We recently moved to a new support center. In this version of MemberMouse, all support links have been updated and a new support widget has been added to the plugin to make it easier to access support resources and open a ticket. 
  • Added checkout link to purchase options dialog. (1353) 

  • Added a new filter which allows you to customize the information passed to Stripe along with a payment (mm_stripe_billing_statement_descriptor). Learn more. (1344)
  • Added a 'Please select your state' option to the billing and shipping state drop downs on the checkout form. If you're using the state drop down on your checkout page, this will ensure that customers can't submit the form without specifying a state. If you're not currently collecting the state on your checkout page everything will continue to function for you as it did in previous versions of MemberMouse. The only difference will be that the state for your members will default to no state instead of the first state in the alphabetical list of states (i.e. Alabama) (1318)

  • Previously if an existing customer attempted to make a purchase while logged out and entered an invalid password the following message was displayed: Incorrect username or password, please try again... This message caused confusion so it has been updated to: There is an existing account associated with the email email@domain.com but the password entered is invalid. Please try placing your order again using the correct password. Read this article if you'd like to customize this or other error messages on the checkout page. (1336)
  • Made it so that existing accounts in Error or Pending Activation status won't require their password to be validated when attempting to make a purchase when logged out.
  • Updated necessary links in preparation for Authorize.net's upcoming infrastructure changes. You can find more details here: Authorize.net Akamai FAQs. (1161)
  • Library used for Social Login (HybridAuth) updated to version 2.6.0.
  • Fixed issue where it was possible to delete a WordPress user that's associated with a MemberMouse member resulting in orphaning the member records. (1323)
  • Fixed issue where Free coupons couldn't be used in conjunction with Stripe.js. (1315)
  • Fixed issue where WordPress users with the Author/Editor role could not use the Grant Access functionality on pages/posts. (1308)
  • Fixed issue where the import wizard changed account permissions for administrators when the admin email was included in the import data. (1301)
  • Fixed issue where customer name wasn't being sent to Stripe for certain transactions when Stripe.js is being used. (1295)
  • Fixed issue where customer address wasn't being sent to Stripe when Stripe.js is being used. (1377)
  • Fixed issue where rebill dates are displaying incorrectly on the Member Details Subscriptions tab when multiple subscriptions are listed. (1289)
  • Fixed issue where refunds issued from PayPal and Authorize.net CIM were being added to Lifetime Customer Value (LCV) in the member details area as opposed to being subtracted. NOTE: this fix won't affect any LCV calculations made prior to upgrading to 2.2.5. It will only affect LCV calculations based on refunds going forward. (1341)
  • Fixed issue where pending cancellation date wasn't being calculated correctly if a subscription was canceled during a free trial. (1066)
  • Fixed issue where credit card number input on the checkout form wasn't working on Android devices. (1264)
  • Fixed issue where database errors starting with WordPress database error Column 'order_item_id' cannot be null for query INSERT INTO 'mm_transaction_log' appeared in the error log in response to a checkout. (1320)
  •  Fixed issue where the main dashboard intermittently showed "sales today" as 0, regardless of the number of sales. (1331)