Support Advisories

Monetra 8.7.0 has been released and is available for immediate upgrade.

This upgrade is a security fix, so customers using Monetra are required to upgrade to this version within 30 days to maintain PCI compliance.

---

Monetra 8.7.0 released [security]
March 28, 2018
Effective 03/28/2017

Monetra 8.7.0 has been released to the public and is a feature enhancement release.
This release is highly recommended for all users of Monetra and should be considered the most modern and stable release available.

Changelog
Database Schema: v4.6 (compatible with v4.0)

Security:
OpenSSL has been updated to v1.0.2o to correct a moderate security flaw and a low severity security flaw. Due to the nature of the moderate security flaw, we do not believe this vulnerability applies. For more information please see:https://www.openssl.org/news/secadv/20180327.txt

Features:
The SQL backend has been replaced with the new mstdlib SQL subsystem. On upgrade, configuration will be automatically migrated to the new format. New features include:

• Automatic load balancing and failover between database nodes.
• Plugin auto-loading rather than configuring via modules.conf.
• Ability to split reporting operations to read-only replicas while sending transactional data to master db nodes.
• Connection-string style configuration so that the database plugins can provide more fine-grained options specific to the database in use.
• Bulk insertion support allows sending multiple rows for a table in the same request to speed import operations.

CardShield has been enhanced to facilitate full PCI P2PE validations with very little external support required:

• Supports the concept of device provisioning as a separate operation from activation.
• Tracks all device events through the lifecycle of the device, including reporting of suspicious activity and quarterly inspections.
• Automatic deactivation of devices upon suspicious activity or unencrypted data being sent out of an unencrypted device, with built-in email alerting to the merchant.
• Ability to mark a merchant as only supporting encrypted or tokenized transactions.
• Ability to lock a device to a specific merchant.

CardShield now supports additional encrypting device formats:

• Ingenico "Generic" DUKPT format
• BBPos Chipper 2X BT/Anywhere Commerce Walker C2X BT

HSM PKCS11 support has been enhanced:

• Make preferred key wrapping method CKM_AES_KEY_WRAP rather than CKM_AES_CBC_PAD.
• Support migration of hsmkeyload keys to passphrase keys and back again via the monetra_keygen utility.
• Support for PIN prompting to split username/password (such as for AWS CloudHSM), and for splitting password prompting for split knowledge as required by PCI P2PE.
• Initial support for external encryption providers such as BlueFin for outsourcing P2PE.
• The tokenization (DSS) subsystem has been enhanced to support "Groups", where a group can be created and all merchants within the group can share the same tokens. This is useful for merchants with multiple stores, or franchise groups taking online orders.

Support has been added for UniTerm v9:

• RSA key exchange support for Store and Forward
• RSA-AES parameter encryption used for Store and Forward
• Ability to download bulk data for client-side decisions such as BIN Ranges

New merchant parameters stored server-side rather than in UniTerm's configuration:

• emv_ctls_nocvm_limit - EMV Contactless NoCVM Limit
• merch_cashbackmax - Maximum Cashback amount
• merch_cashback_purchmin - Minimum cashback purchase amount
• merch_tippercent - Merchant tip percentages to display
• merch_msr_nosig_limit - Limit to not require a signature for MSR transactions.

Enhanced PaymentFrame iFrame support:

• Automatic splitting of account number during entry into groups as printed on card.
• Automatic display of card brand icon as user types in card number.
• More customizability of data required to be entered.
• Better out-of-the-box default styling for merchants who choose not to customize the look and feel.
• Allow cron tasks to be triggered to run immediately via action=admin,admin=cron,cron=run_task

Bin Range Updates:

• Jan 2019 China Union Pay
• April 2022 JCB

Certifications:

• Elavon EMV certification using Ingenico RBA devices with the 5.26 kernel and 1C (Pin, Sig, NoCVM attended) configuration. Supports contact, contactless, and common debit aid.
• First Data CardNet/Nashville North EMV certification using Ingenico RBA devices with the 5.26 kernel. All certifications include Contact, Contactless, and Common Debit AID. Configurations certified are:
  • 1C (Pin, Sig, NoCVM attended)
  • 10C (Sig, NoCVM attended)
  • 3C (NoCVM Unattended)
  • 11C (Pin, NoCVM Unattended)
• Chase Paymentech Tampa EMV certification using Ingenico RBA devices with the 5.26 kernel and 1C (Pin, Sig, NoCVM attended) configuration. Supports contact, contactless, and common debit aid.

Fixes:

• Handle cases where invalid track1 is passed but valid track2 exists.
• Automatically exclude expired CAPKs from device loading.

Integration Changes:

• Configuration for SQL has changed in prefs.conf. Please see documentation within prefs.conf itself.
• Possible Oracle and PostgreSQL schema breaks, please read: https://www.monetra.com/faqs/support/oracle-postgresql-schema-modifications

ThirdParty Library Updates:

• SQLite updated to 3.22.0
• C-Ares updated to 1.14.0

_______________________________________

Monetra Installer 1.1.1 released
March 28, 2018
Effective 03/28/2018

Monetra Installer v1.1.1 has been released to the public and is a maintenance release.
This release is strongly recommended for all users of Monetra and should be considered the most stable available.

Changelog

Features:

• Package signing for Windows and MacOS
• New logic for self-upgrade
• Unix installers are now .run scripts that can be executed directly rather than .tar.gz files.
• MacOS initial installation packages are now drag-and-drop DMG files.

_____________________________________

Monetra Manager v8.7.0 released
March 28, 2018
Effective 03/28/2018

Monetra Manager v8.7.0 has been released to the public and is considered a maintenance and feature related release.
This release is strongly recommended for all users of Monetra and should be considered the most stable available.

Changelog

• Add monetraiframe protocol to configuration list.
• Add option for "autofill_ordernumber".
• Update db configuration for Monetra 8.7+.

______________________________________
Monetra Administrator v8.7.0 released
March 28, 2018
Effective 03/28/2018

Monetra Administrator v8.7.0 has been released to the public and is considered a maintenance related release.
This release is strongly recommended for all users of Monetra and should be considered the most stable available.

Changelog

• Performance enhancements for listing a large number of merchant accounts
• Add only encrypted card data allowed setting.
• Add external encryption provider setting.
• Allow per-merchant terminal configuration, such as tip and cashback amounts.
• Support configuration of token groups.

_____________________________________________

Monetra Client v8.7.0 released
March 28, 2018
Effective 03/28/2018

Monetra Client v8.7.0 has been released to the public and is considered a feature and maintenance related release.
This release is strongly recommended for all users of Monetra and should be considered the most stable available.

Changelog

• Add unlock button for sub users.
• Fix adding recurring and installment payments.
• Fix disabling recurring tokens.