Miva Merchant Empresa/Mia/Script Compiler v5.14 Release Notes
-------------------------------------------------------------

Bugs Fixed
----------
6411: 5.07 and newer assemblers generate MvLOCALIZED code that crashes 5.06 or older engines
6441: sha256 with openssl < 0.9.8
6449: Win32: file_read and [fs]time() create non-existent files
6454: 3.x Configuration causes segmentation fault when one or more required tag attributes are missing
6455: Floating point to string conversions occasionally include a NULL byte in the string
6456: MvSMTP: Write Error: Connection closed by remote host (windows server only)
6469: ISAPIApplication has no s.process_id
6482: ISNULL of a reference to a structure is always 1
6498: Free of uninitialized memory in Dictionary::Read when TaggedFile has no TF_DICT_ID section
6505: MvFOR without /MvFOR not caught by compiler
6519: Embedded bracket } causes compiler error [g.file].fn('}')
6546: Passing a database variable to a function by reference leads to a crash
6576: MvCALL does not verify server identity
6679: xml_parse when an xml_parse_section is present returns the section's content in root
6712: External function calls in MvDO expressions behave strangely when they reference functions that are not used in the MvDO'd file
6734: Hash-table collision based DOS with POSTed form data
6762: miva_array_deserialize outputs an array with a single empty element when passed an empty string
6799: Strings that contain ASCII NULL but begin with numbers are considered numbers

MySQL Connector Changes
-----------------------
- Only a single connection to the database server is used per VM instance, regardless of whether
  a script opens multiple views simultaneously or executes an MvQUERY when a view is open.
- The connector now supports caching of prepared statements for better performance.  The cache is
  disabled by default and may be enabled using the "statement_cache_size" db command.  Example:
          <MvDBCOMMAND NAME = "Merchant" COMMAND = "statement_cache_size" PARAMETER = "5">
  The value of PARAMETER controls the number of prepared statements that are cached.  The N most
  recently used prepared statements are retained.
- A new DBCOMMAND "autostorelimitqueries" causes the connector to automatically call
  mysql_stmt_store_results() whenever it sees the LIMIT keyword in an SQL statement used to open a
  view.

Other Changes
-------------
- Additional bits in MvCONFIG_FLAGS_SECURITY (securityoptions in the 3.x configuration) allow an administrator
  to control SSL certificate validation.
    MvCONFIG_SEC_SSL_NOVERIFY_CHAIN     0x00001000  4096
       Disables chain of trust verification
    MvCONFIG_SEC_SSL_NOVERIFY_HOSTNAME  0x00002000  8192
       Disables certificate commonName/subjectAltName checking when a connection is made using a hostname
    MvCONFIG_SEC_SSL_VERIFY_IP          0x00004000  16384
       Enables IP Address based subjectAltName checking when a connection is made using an IP address
- A new configuration setting MvCONFIG_TIMEOUT_POST (posttimeout in the 3.x configuration) allows an administrator
  to configure the maximum number of seconds that are permitted to receive and parse POST input from a client.
  The default value is 30 seconds, and this timeout does not apply to file uploads that have been accepted by a
  script.
- A new configuration setting MvCONFIG_MAX_POST_VARS (maxpostvars in the 3.x configuration) controls the maximum
  number of variables that may be present in a single POST request.  The default value is 2000.
- On Windows systems a new Options dialog is present to control the new configuration settings.  The Use Cookies
  setting has also been moved to this dialog.

Certificate Updates
-------------------
- The following new certificates have been added:
	7C4656C3061F7F4C0D67B319A855F60EBC11FC44.pem	Go Daddy Secure Certification Authority
    188590E94878478E33B6194E59FBBB28FF0888D5.pem    VeriSign Class 3 Secure Server CA
    D559A586669B08F46A30A133F8A9ED3D038E2EA8.pem    VeriSign International Server CA - Class 3