CMS Version 7.0 Pre-Release Notes

Introduction

Welcome to CMS version 7.0. By now you likely have had a little (or a lot) of exposure to PCI Compliance - perhaps even more than you ever wanted to know. If you're not familiar with it, in short, PCI compliance pertains to your adhering to the requirements of the Payment Card Industry (PCI) so that you are handling sensitive credit card data in a secure and responsible manner. These requirements are spelled out in their PCI DSS (data security standard). We've published an article on PCI Compliance which we recommend you read to learn more.

In version 7.0 we have added security features and capabilities to address many aspects of your PCI compliance. CMS version 7.0 has also been validated to meet the PCI Council's specifications for payment applications (PA) which they call PA-DSS. In fact, one of your requirements for your PCI compiance is that you are using a PA-DSS validated payment application by July 1, 2010.

Installing version 7.0 is just one piece of the puzzle, however. You'll also need to follow guidelines for proper setup and usage of your payment application (CMS). These guidelines, along with an explanation of all PA-DSS requirements is included in a new CMS manual called the CMS PA-DSS Implementation Guide. In addition to reading these Release Notes, you'll want to follow this new guide so you are aware of each requirement and how to address it in CMS. In some cases a requirement does not apply to CMS in others CMS handles it without you having to do anything, but most importantly, there are cases where you have to change how you setup or use CMS. If you do not follow this guide you cannot become PCI compliant.

Version 7.0 is the result of a year's worth of research and development work to help ensure you have a secure and compliant application as the foundation of your business for years to come. In future updates, if the PCI requirements change or we have PCI-related modifications, we will always make mention of such changes in our Release Notes and will provide updated copies of the CMS PA-DSS Implementation Guide. Please read on to learn the specifics of all of the changes introduced in version 7.0.

READ BEFORE INSTALLING 7.0 - Important information to prepare you for the transition to your new version of CMS.

MINIMUM SYSTEM REQUIREMENTS - CMS 7.0 employs encryption techniques that are not supported by Windows 2000. You must upgrade any Windows 2000 machines to currently supported operating systems. In addition, older versions of Windows XP suffer the same problem but can be made compatible with CMS 7.0 by updating to XP Pro SP3 (service pack 3.) If you're unsure which service pack you are running, you can check by going to Control Panel>System>General.

New Installer - The installation software has been rewritten and will look rather different than what what you're accustomed to. Don't be afraid. The flow of the install and the information you'll be asked for is largely the same and you should find it intuitive to use. It does, however, take a little longer to get started due to a validation check it performs before beginning the installation. This check may take ~15-30 seconds. You will also be asked to read and accept the license agreements which requires scrolling down to the bottom and then clicking the box before clicking Next to proceed.

Release codes - During the installation of version 7.0 you will be asked to enter your 7.0 release code. Release codes from versions previous to 7.0 will not work. You can access your 7.x release code by logging into the Support Downloads section of our web site. Just enter your customer number and zip code to log in.

Server updates - Server updates may take quite a bit longer than normal, overnight in some cases. Please plan accordingly.

Workstation updates - Workstation updates are optional but recommended. The workstation installs will update the Help system which is installed locally on each machine. You may instead just install on the server and manually copy the CMS.chm file from the server to each workstation's local \NewHaven Software folder. This will ensure each user has access to the latest CMS Help. Help has been updated to include features introduced through this release so we do recommend updating the Help file on the workstations, one way or the other.

Release Notes from previous versions can be accessed by clicking HERE. If you are upgrading from a version earlier than 7.0 please take the time to review the release notes from previous releases for valuable information.

PCI Compliance - This is a new section of the Release Notes and will appear in every release in the future so you can quickly assess if and what changes have been made in CMS that may affect your PCI compliance. As stated earlier, after the installation of 7.0 you will need to follow the instructions in the new CMS PA-DSS Implementation Guide for information on how to properly configure and use CMS to become PCI compliant.

Insurance settings - We have revamped how UPS insurance is handled in version 7.0 to better address the free insurance for the first $100 of package value. These changes require that you reconfigure your insurance settings in Setup>Shipping>Shipping Choices>UPS after installing 7.0. If you do not insure packages over $100, there is nothing you need to do.

NHS Explorer - The NHS Explorer database access utility is no longer included with CMS. In fact, this utility will be removed from your system when you install version 7.0. If you'd like to continue to use this utility you may download it from our FTP or Support Downloads sites (no installation required.) PA DSS, however, prevents us from including it with our CMS installations presently. We do expect to find a way to include NHS Explorer in a future release.

Database Changes - No fields have been deprecated. Access to PCI sensitive data including CHARGEINFO, AUDITLOG and EMPL tables will be restricted to the 'dbo' database administrator user and not available to the 'cmsuser' database user account for any ODBC connections to your database.

The following fields have been added:

AUDITLOG table - table added to log access and events pertaining to sensitive settings or data

EMPL table - field used by CMS for managing Employees

• LAST_PW_CHANGE
• FORCE_PW_RESET
• LOCKOUT

UPSPackages and FedExPackages views - changes to the view created which UPS Worldship connects to for keyed imports

• Added date range so only packages from the last 365 days will be included. This will improve performance for many companies using the keyed import method with UPS Worldship or FedEx ShipManager.

XML changes - Fields added to CMSXML.xsd - No changes in 7.0

Integrations - Comments on the status of assorted CMS integrations:

eCMS - If you are using inventory control on your eCMS site, you can now control which warehouse's inventory is considered when uploading quantity available and quantity on order. This setting is found in Setup>Inventory>Warehouses

For products with SKU's (sizes and colors), earlier versions of CMS did not upload SKU's to eCMS in the "sort order" you may have defined in the SKU Wizard. That sort order controls how the SKU's are displayed to your operators in Order Entry. In version 7.0, we are now uploading SKU's in your select sort order.

UPS Worldship - Corrected an issue with insurance not being set on some imported orders. We have also improved the integration with Worldship to ensure packages whose value is $100 or less is taking advantage of the free insurance UPS offers. You will need to reset you insurance settings in Setup>Shipping>Shipping Choices>UPS if you insure packages over $100.

FedEx Ship Manager - We are currently testing a new CMS shipping method to work with the FedEx SmartPost service. Please contact us if you are interested in using this service.

FedEx has recently announced they will discontinue support for their Ship Manager software in the year 2012. At that time they expect all shipments to be processed through one of the various web tools they offer. We have started evaluating those web tools and will come up with a replacement integration solution some time before Ship Manager is no longer supported.

New versions of Ship Manager have been found to be incompatible when running on the same machine as the CMS dataserver. This configuration would almost never happen in a network environment but single-user installations could be affected. This problem is due to a software change in the FedEx Ship Manager software which now conflicts with CMS. We have asked FedEx to reverse this change and are currently exploring what options may be available.

Operating Systems - Microsoft will end support for Windows 2000 Professional on July 13, 2010. Windows 2000 is also not compatible with CMS version 7.0. If you still have workstations or servers running on Windows 2000, please migrate immediately onto one of these supported operating systems:

Workstations - Windows XP Pro (only SP3), Vista Business Edition SP2, Vista Ultimate SP2, 7 Professional, 7 Ultimate
Servers - Windows Server 2003 R2, Server 2008 R2
*64-bit vs 32-bit - Many Windows operating systems are available in either a 32-bit or 64-bit version. Either will work with CMS but the 64-bit version also does not offer any benefits to CMS over the 32-bit counterpart. If you're looking at XP, Vista or 2003 Server we'd recommend sticking with the 32-bit editions. If you're considering Windows 7 or 2008 Server you should safely be able to opt for either 32 or 64-bit.


READ BEFORE USING 7.0
Important changes to existing features in CMS that may affect your day to day use of CMS.

Usernames - On the login screen you will no longer see a field for initials. It has been renamed to Username and can now accept usernames up to 50 characters. In Setup you will find your usernames have been set to the initials that were used previously so there is nothing you need to do to continue logging into CMS as you have been. You can, however, change the login usernames from the intials to something else if desired.

'Admin' removed from text menu - 'Admin' has been removed from the top text menu in CMS. Its functions have been renamed, removed or moved. Please see the list of enhancements below for more details.

Administrator privileges have changed! - After installing version 7.0 you will need to reconfigure your employee's access rights. Please see the list of enhancements below for more information on these changes and the steps you should take after installing version 7.0.

CMS Version 7.0 New Features List:

1. PCI and PA-DSS Compliance
2. CMS PA-DSS Implementation Guide
3. Admin menu removed
4. Administration section
5. Administrator rights
6. PCI Administrators
7. Employee Passwords
8. PCI administration
   1. Data Retention Policy
   2. Credit Card Encryption
   3. Credit Card Masking
   4. Option to not store credit cards
   5. Password resets and options
   6. Audit logging
9. New Installer
10. Digitally signed software
11. NHS Explorer moved
12. Support for Windows 2008 Server
13. Performance enhancements
14. Apply Payments improved
15. Option to prevent allocation for proformas/temp saves
16. Interface improvements
17. Help now includes Setup and PCI
18. Setup Manual updated
19. Updated Reports
20. New Reports
21. Bug Fixes

7.0 ENHANCEMENT DETAILS

1. PCI Compliance and PA-DSS- CMS version 7.0 has been validated by Coalfire Systems, a Payment Application-Qualified Security Assessor (PA-QSA) company, to meet the PA-DSS version 1.2 requirements from the PCI Council. Visa and other members of the PCI Security Standards Council require that all merchants that access their cards be using a PA-DSS compliant payment application as of July 1, 2010. Using a PA-DSS compliant application, like CMS, is an important part of your overall PCI DSS compliance. For more information on PCI DSS compliance please see our related wiki article or contact your processor for more details.
   
   The PA-DSS validation that CMS has received is for version 7.0 but this validation will be maintained for future releases as well. Any time we make a modification to CMS that affects PCI requirements, those changes will be assessed and tested by Coalfire to ensure that you will always be able to deploy CMS in a PCI DSS compliant manner. We will keep you apprised in future Release Notes of any such modifications.
   
   
2. CMS PA-DSS Implementation Guide - This version 7.0 update requires you perform many steps after the installation to ensure CMS is configured properly to allow you to become PCI DSS compliant. Please read the accompanying CMS PA-DSS Implementation Guide (found on your CD or installed into your \NewHaven Software\Docs folder) for details on the steps and configuration needed. Please consider these procedures required.
   
   The CMS PA-DSS Implementation Guide provides a great overview of what PCI and PA Data Security Standards are, how they are related and what you must do to deploy CMS in a compliant manner. The document explains each PA-DSS requirement, which corresponding PCI DSS requirement it address and how CMS addresses it. You may find this to be a very handy reference when completing your self-assessment questionairre (SAQ).
   
   The changes described in the Guide will affect how your employees and administrators are defined, how their passwords are managed, how credit card data is managed, and more. This is of critical importance to your use of CMS and our instructions must be understood and followed. The specifics of the new features and settings in CMS are all described in greater detail below. Between this document and the CMS PA-DSS Implementation Guide you should have a good understanding of what changes you need to make in your CMS configuration and processes. Please contact us if you require any assistance.
   
   If you will be distributing the CMS PA-DSS Implementation Guide to anyone, you should add your company name to the two places on the bottom of page 1 in place of <Company Name Here> to identify this document is sensitive and only to be used by and for your company.
   
   
3. Admin menu removed - To better group PCI-related settings in CMS, we have removed 'Admin' from the top text menu in CMS and replaced it with 'Setup'. The items previous found under Admin have all been moved to other locations, primarily under Setup>Company>Administration. Here is a list of items that were previously listed under Admin and where they can now be found:
   
   
   
   • Administrator's Window - This is where you would set the message seen by operators when logging into CMS, displayed just below their user name and password. This has been renamed to 'Message of the Day' and can now be found under Setup>Company>Message of the Day.
     
   • Advertising is now accessible from the Reports menu. There is still a section for Advertising in Setup for the configurations of ad codes, ads, catalogs and such. This Advertising section which was moved from Admin to Reports inlcudes options for reporting on all of the Advertising components.
     
   • Inventory is available under Setup.
     
   • Database Maintenance has been moved to a new section called Administration found in Setup>Company.
     
   • Housekeeping - This was an internal scheduler to perform automated tasks in CMS but it was never fully implemented. It has been removed in 7.0 and may be redesigned and reintroduced in a future version.
     
   • Today's Report is now available under the Reports menu. Please see the Help system in CMS if you'd like more information on this report.
   
   
4. Administration section - A new section called Administration has been added to Setup and this is where you will configure CMS for PCI-related and other administrative settings. Access to this section is limited to PCI Administrators only. Please refer to items 5 and 6 below for more information on PCI Administrators and changes to the administrative rights in CMS in 7.0.
   
   You will find the following items under Administration, some of which used to appear under the Admin menu (see above):
   
   • Company List - List of company databases to be made available to your operators. For many installations this is limited to just your live database and a test/training database unless you are using CMS's Multi-Company Module.
     
   • Daily Backup - Configure CMS to create a copy of your live database file in a location where your nightly backup can access it. If you do not have this enabled yet, please consider this required. Backups must be done to a local drive on your server and these settings should only be made on your server.
     
   • EDC - Here you can indicate which payment gateway you are using and what your merchant account numbers are and set some charge processing options. This was moved here from the Payment section in Setup.
     
   • Logging - Options logs can be enabled here but generally would only be done at the request of a NewHaven Software technician. PCI audit logging is also displayed here. More information on this below.
     
   • Passwords - Previously located under Database Maintenance, this section is where you change the Admin and User database access passwords. These are the passwords used by other applications, like UPS WorldShip or Crystal Reports, to connect to your database. They do not affect how CMS connects to its database or the passwords employees use to log into CMS.
     
   • PCI - The remaining PCI-related settings are here. This section is explained in more detail below under the heading of PCI Administration.
     
     
5. Administrator rights - To address PCI administration needs, we have removed the administrator checkbox in the Employee>Access section and created new access controls for everything that used to be controlled by the Administrator checkbox. Please review the following changes and adjust your employee permissions accordingly. We recommend you do this immediately after installing 7.0 to ensure your administrators and other users continue to have access to the sections and functions in CMS that they need.
   
   Before version 7.0 , the administrator flag controlled the following:
   
   • Delete a Customer Record
     
   • Choose between email accounts (when sending email through CMS)
     
   • View What's New info (in the Help menu, see an abbreviated version of the Release Notes)
     
   • Set the Message of the Day
     
   • View Today's Report
     
   • Check For Updates (have CMS connect to our web site to see if a newer version is available for download)
   
   All of these are now separate controls in Setup>Company>Employees and can be found under the Access tab of any employee's record. These new options are at the bottom of the right list titled 'This Employee May...'
   
   
   
   You will need to set these on any employee that you want to have these access rights.
   
   
6. PCI Administrators - PCI DSS makes an important distinction between normal users who only have access to one credit card at a time (entering orders, for example) and administrative users who can control security, access to credit card data and critical system settings. To address these requirements, we have removed the checkbox for 'administrator' and created a new employee permission called PCI Administrator.
   
   When you install version 7.0, a new employee called PCI Administrator will be created and this will be your first PCI admin type employee. When you first log in as PCI Administrator you will be prompted to set a strong password (7+ characters including both numbers and letters) for this user. After logging in as PCI Administrator, you may then create other users (employees) with the PCI Administrator access. You should in fact create one for each person that you want to have access to PCI Administration so each person's activities can be logged uniquely. (PCI requires that you do not share user credentials.)
   
   PCI Administrators will only have access to the Administration section and Employee sections of CMS Setup. Access to the rest of CMS should be done through normal employee accounts that you already have setup in CMS.
   
   Also, per the PA/PCI DSS requirements, PCI Administrator users will:
   
   • be forced to change their password when first logging into 7.0 and that password must be a strong password (7+ characters and contain both alpha and numeric characters.)
     
   • have access to sensitive PCI-related settings
     
   • be automatically logged out of CMS after 15 minutes of inactivity (CMS will close)
     
   • be forced to change their password every 90 days (and cannot re-use any one of the last four passwords used)
     
     
7. Employee Changes - CMS will no longer display an employee's password in their employee record. The display of the employee password has been replaced by a button that can be clicked to reset the password immediately or you can click a checkbox to force the user to create a new password the next time they log in (they still need to enter old pw first.) In short, there is no way to retrieve a lost password, only reset it.
   
   Also, if an employee has failed a login six times in a row, CMS will lock that user out of attempting logins for 30 minutes. You can log in as a PCI Administrator and clear this lock and then set a new password. To clear the lock you would click on a button called 'Override Lockout' which appears under the employee's Access tab during their 30 minute lockout.
   
   To facilitate longer user names, like PCI Administrator, we have converted from using initials for the employee login to Username. You may continue to use initials for your logins as you always have but you now have the flexibility to use longer usernames as well.
   
   
8. PCI Administration - The following PCI-related options have been added in CMS under Setup>Company>Administration
   
   
   
   
   • Data Retention Policy - PCI DSS requires that you create a data retention policy to establish how long you will retain card holder data (namely credit card numbers.) You are allowed to store card holder data as long as you have a business need to but you must also have a plan in place to remove that data after the period defined in your data retention policy has passed.
     
     This section of CMS lets you specify the number of days you will be storing card holder data. CMS will automatically remove credit card numbers each day according to the 'Time to Purge' option you set here. CMS will only purge card numbers from orders that are complete. If you have an order that has back order or future ship items on it and that order goes beyond your data retention period, CMS will retain the charge number until the order is completed. Once completed, that order's card number will be purged during the next daily purge cycle.
     
     Your data retention policy can be as long as you have a compelling need to store the data. You might consider using your return period, plus a little padding, to make sure you have the card number available if you need to refund the payment. After the card number has been purged, if you needed to perform a refund or any other charge with that card again in the future you would have to call the customer to get it.
     
     
   • Credit Card Encryption - For years CMS has used Triple DES encryption for storing your credit card data (if you had the encryption option turned on.) In version 7.0, however, we have improved the encryption in a number of ways. CMS is now using AES, a much stronger encryption method. You'll see in the PA-DSS Implementation Guide that encryption is now required so please be sure to run the encryption routine after installing. You can do this by clicking on the Encrypt button. All users should be out of CMS when encrypting or re-encrypting.
     
     For PCI DSS, you are supposed to change your encryption keys on a regular basis and control who has access to those keys. We've eliminated the need for key management in CMS by employing 'dynamic keys', so called because they change with every record. CMS uses a unique portion of the payment information to create part of the key. This means that the encryption is different for every credit card. Even if someone was able to break the encryption, they would still only have access to one credit card, not all of them.
     
     While you have no need to manage encryption keys, you do have the option of re-encrypting the credit card data with the Re-Encrypt button. Please make sure everyone is out of CMS when encrypting or re-encrypting.
     
     
   • Credit Card Masking - The credit card masking feature works the same as it has in previous versions of CMS but the setting has moved from Order Entry Options to PCI Administration. With this option enabled, credit cards will only be displayed as they are entered. As soon as you leave the credit card number field, all of the digits except the last four will be 'masked' with X's; for example, XXXX XXXX XXXX 4448. This option helps address PCI DSS requirement 7 for restricting access to cardholder data.
     
     PCI does not consider the last four digits to be sensitive card holder data so you are allowed to store and display that number without encryption or masking.
     
     
   • Option to not store credit card data - Instead of a data retention policy, you may decide that you do not want to store credit card data any longer than is necessary to complete the order. We've added a setting labeled 'Drop credit card numbers after fulfillments are complete.' This setting will override your data security policy and delete the credit card number as soon as the last item on the order has been fulfilled and charged.
     
     Using this option is not required for you to become PCI compliant but it may allow you to fill out a shorter, more manageable self-assessment questionnaire (SAQ) required by the standards. Please check with your processor or QSA to confirm if using this setting would benefit you.
     
     
   • Password reset and options - There are two sets of password you must manage in CMS - your employees and your database passwords. In Setup>Company>Administration>Passwords there are settings related to both.
     • Database passwords - These are the passwords used by CMS (behind the scenes) and other applications to connect to your database. The 'Administrator' user name is dbo and the 'User' user name is cmsuser. The default passwords for these users are the same as the corresponding user names. These passwords must be changed here. CMS will enforce the creation of strong passwords - 7+ characters containing both letters and numbers.
     • Employee passwords - Here you have the option to determine how long an Administrator can go (in days) between password changes. PCI compliance dictates that administrators change passwords every 90 days so that is the highest value that can be entered. You can force administrators to change passwords more regularly.
       
       The policy you establish here for administrator password changes can also be enforced for all employees if desired by clicking the checkbox below for 'Apply policy to all employees.' This is not a requirement, however, of PCI DSS version 1.2.
       
       
   • Audit logging - CMS will record the CMS employee number, date/time, Windows computer name and Windows Username for every event required by PA-DSS. These events include:

• All login attempts, successful or not
• Automatic log off of administrator due to inactivity
• The creation, edit or deletion of an employee account
• Changes to the data retention policy
• Re-encryption of credit card data
• Disabling of the Credit Card Masking option
• Viewing of the audit log
• Enabling the Request Level Logging
  

The audit log cannot be disabled.

The audit log can be viewed from within CMS under Setup>Company>Administration>PCI>Logging>Audit

9. New Installer - The installer was redesigned to handle issues with installing on newer Windows operating systems like Vista, 7 and 2008 Server but still works well on older operating systems as well. You'll also find it useful for updating additional databases and updating your license codes. You will notice when starting an update that the installer performs a validation check which may take 30 seconds or so. While the installer is running, you'll also be presented with an image/link to click on if you'd like to review the Release Notes while waiting for the installation to complete.
   
   
10. Digitally signed software - Software you receive from NewHaven Software, specifically CMS.exe and any installation software (example - a CMS update) will all be digitally signed. With the use of a digital signature, you can be sure that the software you are running is from NewHaven Software (a dba of BrodieWare, Ltd.) This is accomplished by our having purchased a digital certificate from a company who validates we are who we say we are (our certificate is through Comodo.com) and they then give us a token to build into our executables allowing you or Windows to verify the publisher of the software you are running. It also ensures the executable has not been altered by hackers after it has left our hands.
    
    Part of our PA-DSS certification is to ensure that updates can be delivered from us to you in a secure fashion. While our support downloads site does ensure this, we also must help you verify that the software you are installing or running is not malicious and is in fact from us. You can now right-click on any exe from NewHaven Software and select Properties>Digital Certificate to see that the software is in fact from us and is unaltered.
    
    
    
    
11. NHS Explorer removed - NHS Explorer is the tool we've long provided which gives you direct access to your database for table review, editing and running SQL queries. Part of CMS's PA DSS validation included limiting and tracking who may access your database, so we had to remove NHS Explorer from version 7.0. It will be removed from your server when you update to version 7.0.
    
    The good news is NHS Explorer will still be available as a separate application and download from our Support Downloads site. We will be working on ways to either build NHS Explorer into CMS or include it with future CMS installations, but for now, it will only be available as a stand-alone application.
    
    
12. Windows 2008 Server Support - We have tested CMS, Sybase and the new installer on Windows 2008 Server with great success. We cannot yet recommend running CMS via terminal services on 2008 but otherwise you should feel free to migrate your server to Windows 2008 Server whenever you like. Please make note of the setting mentioned below and contact NewHaven Software Technical Support for guidance and an appointment to assist with migrating CMS to a new server.
    
    Settings - Most companies do not use the server as a CMS workstation, but if you expect to be performing eCMS uploads or downloads on a Windows 2003 or 2008 server, you'll need to change one setting to enable CMS to make web service calls.

    When running directly on a Windows server (2003 and up), CMS will not be able to make web service calls until certain configuration changes are made.

    • Go into Control Panel->System->Advanced->Performance->Performance Settings
    • Choose the Data Execution Prevention tab.

    The default setting is "Turn on DEP for all programs and services except those I select" and there is no reason to change it for CMS. However, you need to add CMS to the exception list.
    

13. Performance enhancements - Using some new tools and techniques we have improved the speed of the following processes:
    
    • Loading data in drop downs (combo boxes)
    • Scrolling through customers, orders and products
    • Handling larger data sets (examples - retrieving a customer with tens of thousands of orders, retrieving a payment that was applied to hundreds of orders, working with a product that has hundreds of SKUs, etc.)
    • Retrieving package data for UPS and FedEx when performing 'keyed imports' from the carrier's software (e.g. Worldship or Ship Manager.)
      
      These are just the start - expect to see performance enhancements in other areas of CMS in future versions.
      
14. Apply Payments screen redesigned - We've improved the Apply Payments screen in the following ways:
    
    Customer financials displayed - You can now see the total a customer owes for all open invoices, their Available Credit (so you know if you can use the Scrip payment method to redeem their credit), their Credit Limit and their Terms if you've established either for this account.
    
    There is a new grid used to display all open invoices. You can double-click to apply a payment to an invoice or manually type in the amount. Multi-select options are also supported in this grid (shift or control+click) after which you can click on the "Apply to Selected" button to have CMS apply the payment to all of the orders, oldest to newest, for you.
    
    Right-click options in the grid are available to view the selected invoice, Select All, Revert Applied Amounts or, as with almost all of the grids in CMS, export the grid data to a file. You can also click on the button with the image of a pair of glasses on it to view the selected invoice.
    
    Editing payments, particularly those that were applied to multiple orders is much easier. Also, applying a payment even to hundreds of invoices can be done very quickly.
    
    
15. Allocations on Proforma and Tempsave orders - In Setup you will find a new Order Entry option called 'Allow proforma/temp orders to allocate on save?'. If this option is enabled, when entering a new order and you click Save As and select Proforma or Temp Save, you will also have the option to allocate (reserve) stock for this order. If you prefer that your operators never allocate stock to these types of orders, remove the checkbox and they will never have the option to allocate when saving.
    
    
16. Interface improvements - The most notable interface changes are in the Products screen.
    
    Products - There we have added an Apply button which allows you to save without closing the window. The new Cancel button will cancel any edits but also not close the window. Apply and Cancel buttons will only be active after you've made an edit. We've also added a + button on the Products screen for creating a new product.
    
    We will be adopting the Apply and Cancel buttons in other CMS screens as well, mostly in Setup. To be clear on the difference between Apply, Cancel and Close - wherever you see a Close button, this will both save and then close the window while Apply or Cancel will not close the window.
    
    Customer History - Improved and expanded the grid. Also improved load time and scrolling speed. Operator filter option moved to the bottom of the screen to facilitate the grid being widened.
    
    Batching Invoices - In Form Printing, Batching Invoices and the Edit Existing Batches windows, the grid now displays the Invoice Date (date invoice was created) instead of its fulfillment date. Fulfillment dates are blank (12-30-1899) for unfulfilled orders which can be confusing. Invoice Date should be more intuitive. Also, in Batching Invoices, the sort order is now ascending so the oldest invoice is at the top. This will make it easier to use the 'batch next X' feature and better facilitates first in first out processing. Also improved the sort order of the batches in the Edit Existing Batches sceen.
    
    Email Accounts - In Setup>Company>Email Accounts we've Improved the field labels to clarify what each field means.
    
    
17. Help - The context sensitive Help system built into CMS (press F1 or click Help) has been updated to include 7.0 enhancements. We have also updated the CMS User Guide, available in PDF format, which you can find in your \NewHaven Software\Docs folder along with other software manuals.
    
    
18. Setup manual - Previous versions of our online Help system included all sections of CMS except Setup. In version 7.0 all of the documentation for Setup has been incorporated into our context sensitive online Help system.
    
    
19. Updated Reports - Below is a list of existing reports that have been improved followed by a brief comment from the developer on the fix or improvement made. If a report you use has been modified, please try it in version 7.0 and give us your feedback.
    
    1. Batch Status Report - Updated Summary Data and made sure numbers were correct.

    2. Fulfilled Order Status Report - Updated Report after seeing duplicate records appear. Fixed that and some other minor cosmetic updates.

    3. Physical Inventory Report - Added Vendor Info back into report based on customer feedback. Also updated/added some additional info for the subreports

    4. Customer Multi-Ship List - Summary of Multi-Ship Orders by Customer. Updated to include all the line items of the shipments too.

    5. Check Refund Report - Updated based on customer feedback. Was not including check refunds created from customer credit ledger - fixed.

    6. Cust List Dupe Report - I've added the ability to choose between searching for dupes based on Address or by Email.

    7. Order Processing Summary - Updated to refine the corresponding Product Sales Detail to better allow decimal quantities to subtotal and to provide better product sales summary information.

    8. Payment Audit Report - Updated based on Customer feedback. We also added the term discounts to the report when they are applied to an order along with the payments.

    9. Payments Received/Applied Report - Added "Term Discount" info to the report so it displays when applied with the payment.

    10. G/L Summary by Date Range (Beta) - Further revised to add term discount info to totals.

    11. Product Sales and Return Analysis by Vendor - (Beta) - This is a good report!!!!! It's been kicked around a bit and updated after reviewing it with customers. The one we currently have is called ProductReturnAnalysisbyVendor, but this new version has a more appropriate name.

    12. Product Sales Demand by Choice - (Beta) - Updated and fine-tuned after review with some customers.

    13. Statement of Account - Updated after review and customer feedback. Added A/R Aging to report.

    14. Taxable Sales Report - Continue to refine and update this report based on customer feedback and new tax changes.

    15. Taxes Collected Report - Updated and refined based on customer feedback and for new taxes changes.

    16. Kit Component Sales Summary - Updated to better summarize items with decimal quantities.
    
    17. Product Sales Detail Report - This stand-alone report was updated to include the decimal quantity changes to more accurately reflect the sales numbers for companies that use products sold in decimal quantities (example 0.75). It had been using integer values in the past and was not accurately summarizing numbers if they were sold in decimal quantities.
    
    18. ReturnsbyReasonCode - This was updated based on customer feedback. I've added canceled orders to this list too as it was reported that not all the data was appearing as it should.
    

20. New Beta Reports - Two new reports added to the Beta folder which can be run in CMS from Reports>Use Custom. Please try these reports and let us know how you like them or if you think they could be improved in some way to make them more useful for you.
    
    1. Fulfillment Summary Report - This new report tracks the orders fulfilled in a date range allowing you to check on the fulfillment and shipping status of each. This report was designed with the oerpations manager in mind, providing a summary of how many invoices were created, how many of those orders have been batched, charged, printed and shipped. This report also provides drill-down capabilities to see invoices in different states. This is a good end-of-day check and balance type report.
    
    2. Proforma Order Summary Report - A new report for looking up and keeping track of Pro-Forma orders. We have more and more customers using pro-forma orders and we have never had a report available for users to be able to look up review them. We've also added a product summary to see which items have been order and which (if any) have inventory allocated to them.
    
    

    
    Bug Fixes - LIST OF FIXED BUGS (versions 6.0.1.140 - 7.0.0.25) – If you've reported a bug or asked for a software change and we provided you with a case number, this number refers to the case number in our Request Tracker (RT) software. RT is the software we use internally to manage our bugs and enhancement requests and replaces our previous solution called TaskTracker. In the list of changes below, you'll often see a number following it and that is the RT number for more current issues or TaskTracker/TT number for older issues:
    

    7.0.0.12
    
    PA-DSS related changes. Please refer to the CMS PA-DSS Implementation Guide.doc for details.
    
    6.0.3.189

    Error reporting was not fully engaged.

    6.0.3.188

    Printing : Crystal Invoices ignored workstation specific printer override. 22074

    Setup : Inventory : Products : Warehouse specific settings (Bin location, Resupply, etc) were failing to be retained within the session, and failed to be saved. 22392

    6.0.3.187

    Fulfillment : Import Orders : AOP : imported product groups did not have "warehouse" set on the items, so BO/FS items would not show up in Fulfillment Manager. 22262

    6.0.3.186

    Order Entry : UPS Delivery Confirmation charges no longer subject to Fuel Surcharge percentage. 21815

    Manifest : more support for printing Customs forms from Endicia (ContentsType field).22344
    
    6.0.3.185

    Manifest : added support for printing Customs forms from Endicia. 20969

    6.0.3.184

    Test for DB version was not working. 22284

    6.0.3.183

    Order Entry : when using Past Items, error regarding NON_INV field is generated.

    Order Entry : changes to address Amex encryption errors. 22194

    Reports : "Customer Purchase Totals" was not accessible. 21770

    6.0.3.182

    Fulfillment : Fulfillment Manager : Future Ships, deselecting an item failed to stop the processing of deselected item, and upon refresh the item is still selected. 22136

    Reports : "Product Sales Demand" 21953

    6.0.3.181

    Help file (chm) and CMS User Guide (pdf) updated.

    Reports : "POS Receipt" updated. 22006

    UPS : CMSPackages.dat fix for weight. 22047

    6.0.3.180

    Internal only

    6.0.3.179

    Fulfillment : Import Orders : Automated Order Processing, "Do not process orders with BO's" rule was being ignored. 21507

    Reports : updated "AR Aging By Customer", "Order Processing Summary", "Product Sales Demand", "Lot Adjustments", "Taxes Collected", "Taxable Sales".

    Inventory : Products : possible for multi-select to update all SKU names to same. 21658

    Inventory : Products : new section to support Customs/International shipping, includes "Country Of Origin", "Harmonized System Code", and "Product Description". 21673

    Shipping : UPSXML : added support for Third Party Billing 21657

    Shipping : UPSPACKAGES view and CMSPACKAGES.DAT (UPS Integration) updated with Signature Required fields

    Inventory : Products : error when hitting the "Copy To All Locations" button for warehouse...further modifications were made for better understanding of this functionality. 21631

    Fulfillment : Manifest : when using UPSXML, there was no way to say 'Cancel' when prompted to print the label. 21661

    Inventory : Products : Variable Kits now have new setting for "Option Default", to allow Optional components to default to include or exclude. 21087

    eCMS : added support for user specified namespace (issues with AE integration). 21640

    Shipping : UPSXML : added support for 'SpecialInstructionsForShipment'. 21888

    Order Entry : In stock value was incorrect for variable kit, allowed kit to be added without forcing BO. 21776

    Fulfillment : Import Orders : new rule for Automated Order Processing, "Do not process orders with $0.00 item". 15485

    eCMS : Product Upload : better support for inventory control within CMS by passing new value 'InventoryOnOrder' and more relevant 'NextDeliveryDate'. 21683

    6.0.3.178

    Fulfillment : Manifest : UPS XML now supports Declared Value and Signature/Adult Signature Required. 21104

    6.0.3.177

    Order Entry : added support for 'Signature Required'. 21210

    Fulfillment : Manifest : using Address Validation effectively disconnected a package from the items it contained, thus CMS would fail to show the package in Order Entry. 21189

    Inventory : Products : modifications to SKU Wizard for multi-select and size/color names. 21024

    Order Entry : packages could get attached to the wrong recipient by editing a saved multi-ship, deleting/adding items to generate new packages. 20929

    eCMS : better handling of eCMS "In Process" flag. 20809

    Order Entry : erroneous "Ship Override" in package contents memo box. 21607

    Order Entry : checkbox for "Apply change to existing packages" under default ship method was being erroneously clicked because of width. 21556

    Fulfillment : Manifest : "Adult Signature Required" flag was being lifted as a result of adding package to the manifest. 21514

    Order Entry : Invoice shipped date not getting set when setting package level shipped date. 21528

    6.0.2.176

    CMS error logging issue fixed.

    6.0.2.175
    
    Order Entry : attempt to resolve error payment related A/V when loading payment data into order.

    Order Entry : bad performance when entering large kits. 21328

    Order Entry : under some circumstances, Fedex zones could be missing from CMS lookup tables.
    

    6.0.2.174

    Printing : various invoice templates added. 21148

    6.0.2.173

    Integrated American Eagle support, etc.

    6.0.2.172

    January 2010 Shipping Rates Update

    Order Entry : size/color grid now hiding inactive sku's with no stock. 20893

    Fulfillment : Manifest : Endicia processing, now using Endicia PostMarkDate to set shipped date, fixes issue with "Date in Advance". 20513

    Fulfillment : Manifest : F7 key now prints label. 20491

    Fulfillment : Import Orders : potential to generate error "There was an error adding new customer flags" caused by deleted customer description codes assigned to products. 20461

    6.0.1.171

    Order Entry : in-stock amount for variable kits is not being properly displayed. 20720

    Orders : Payment : Payment Maintenance : Payment Problems : hidden exception made it impossible to make alternate payment. 20994

    6.0.1.170

    Order Entry : on multi-recipient orders, possibility for package numbers/address identifiers to get saved incorrectly when deleting/re-adding items. 209

    6.0.1.169

    Setup : General : Workstation : printer overrides are being ignored (regressive 6.0.1.166). 20905

    Setup : Inventory : Products : SKU list not refreshed after making modifications in SKU Wizard. (regressive 6.0.1.167) 20914

    6.0.1.168

    Setup : Inventory : Products : scheduled discount was not accepting decimals. 20523

    6.0.1.167

    Setup : eCMS : eCMS Options : Web service ID field has been moved from its incorrect hierarchical position, allowing users to set it outside the scope of automatic downloads. 20628

    Customers : Maillist : Email : customers were not getting tagged with specified CDC for non-merged emails. 16141

    Order Entry : Exactor "Get Tax" was causing an error when Alternate ID's represented large integers; no longer handling as integers. 19916

    Order Entry : incorrect UPS cost calculations caused by erroneous addition of Extended Area Surcharge. 20779

    6.0.1.166

    Order Entry : Returns : now printing POS sales receipt for POS Module. 20725

    6.0.1.165

    Printing : CMS form printing was not recognizing the printer specified in the form definition. 20750

    Setup : Inventory : Products : SKU list not refreshed after making modifications in SKU Wizard. 20294

    6.0.1.164

    eCMS : Product Upload : Access Violation fixed, also memory consumption issues addressed. 20599

    6.0.1.163

    eCMS : when downloading orders/catalog requests, CMS would only process catalog requests if there were also orders needing to be downloaded. 20633

    6.0.1.162

    Order Entry : editing an order with some fulfilled, some back ordered, when using spending table, if edit made that would
    cause an invoice update (notes, for example), the shipping formulas would look at total of back ordered items as (order qty x price) instead of (sent qty x price),
    resulting in the -1 getting the entire amount of shipping calculation, and subsequent back order fulfillments getting zero. 20454

    6.0.1.161

    Fulfillment : Imports : AVM support for order imports. 20249

    6.0.1.160

    Order Entry : Fault message after trying to enter a product that was a large kit (101 items or more). 20540

    6.0.1.159

    Shiprush : when printing from Shiprush EOD, package status was getting set to shipped when package status should have remained unchanged. 20317

    6.0.1.158

    Customers : Contact Manager : long delay when saving customer if changed bill/ship. 20414

    Customers : Maillist : Catalogs : printer selection was being ignored. 19741

    6.0.1.157

    Order Entry : Returns : Scheduled Discounts now supported for Exchange items. 18666

    Purchasing : Saving a PO no longer closes the window. 19900

    Fulfillment : Manifest : scanning unknown barcode results in unexpected message. 19619

    Order Entry : email field navigation restored. 20329

    Fulfillment : Manifest : now always including the 'AutoPrintCustomsForms=YES' attribute for Endicia. 19891

    Order Entry : Invoice View screen, Items grid, changed highlight color to light gray (was dark blue) 20261

    Orders : Payments : Apply Payment : when paying with previously saved credit card, if the credit card expiration date was invalid, an error would be generated when entering the credit card field. 20214

    6.0.1.156

    Order Entry : One Time items were not displaying or printing descriptions. 20310

    6.0.1.155

    Order Entry : BDE error when trying to edit/save an existing order. Regressive from 6.0.1.152

    6.0.1.154

    Reports : Inventory : "Product Discount Groups" report not found. Regressive from 6.0.1.147. 20147
    
    Fulfillment : Import Orders : now support Third Party Billing for UPS, Fedex via DefaultShipMethod.ThirdPartyBillingID 18781

    Fulfillment : Import Orders : packages getting wrong carrier/service level when importing multi-ship orders. 20369

    6.0.1.153

    Fulfillment : Import Orders : the checkbox labeled "Create Order Confirmations" was not being recognized during import. 20205

    6.0.1.152

    eCMS : fulfillment date issue regarding time zone difference. 19575

    Setup : Shipping : Shipping and Handling : error ""Record/Key deleted" when trying to edit a spending table. 17501

    Employee Todos : now filtering 'Void' todo's as 'Finished'. 19608

    Setup : Payment : EDC : added Authorize.NET option to change IP address.

    6.0.1.151

    eCMS : Auto-download/order status upload options added. 19692

    Address Validation Module added.

    6.0.1.150

    Printing : Print task "Payments - Charge Card Number" now masks the credit card number.

    Order Entry : when editing an order where multiple invoices of that order were paid off using the same payment, a negative Unapplied amount appeared and the payment amount was not being recognized properly. 20075

    6.0.1.149

    Order Entry : non-variable kits were not reducing component inventory. 20028

    6.0.1.148
    
    Internal only.
    
    6.0.1.147

    Reports : various reports updated.
    
    6.0.1.146

    Printing : order loading has been optimized to counteract slower printing introduced in v5. 19147

    eCMS : Order downloads now continue until all orders have been downloaded (instead of hitting the 40 order limit). 19692

    6.0.1.145

    Fulfillment : Import Orders : Customer flags ("Do Not Email", etc) were being set as True if any value, True or False, was in the XML tag. 19774

    Order Entry : Tax calculations were not in sync with the use of the Tax Exempt checkbox. 19783

    6.0.1.144

    Order Entry : Items : "Picture" button now disabled when no picture available. Also, picture should be in sync with current item. 19590

    Reports : Customers : "Customer Duplicate Check" report, state of Tennessee added.

    Order Entry : Kits : hitting space bar was not performing identically to double-click. 19191

    Setup : Products : creating a new product, the price entered for the first price category does not save. 19661

    Manifest : "Message Window" will now become active tab when any message added to it. 19609
    

    6.0.1.143

    XML Imports : Items mistaken for product groups because of existing product group id (but without use_product_group flag). 19639
    
    XML Imports : error 'Field not found: REMOVE_PRODUCT_GROUP_HEADER'. 19639

    Customers : Find Customer : error 'Field NOTES not found' when searching by Order ID. 19638

    Order Entry : Items : "Picture" out of sync for existing line items on previously saved order. 19590

    Fulfillment : Printing : Pick Tickets, package tasks not being filtered by warehouse. 19503

    Customers : Maillist : Catalogs : exporting error when trying to create a new folder AND trying to limit the number of exports. 19390

    6.0.1.142

    Setup : Inventory : Products : replaced +/- buttons with single button to launch SKU Wizard. 19588

    Fulfillment : Staging : item list now filters out items on invoices that are on hold. 19576

    Order Entry : Items : stock loss occurring when resetting existing future ships items to 'today', even though when saving it appears ok. 17840

    6.0.1.141

    Fulfillment : Fulfillment Manager : Order Holds : unable to filter by selected hold reason. 19506

    Setup : Customers : Customer Description Codes showing as duplicated rows. 16794

    Reports : Customers : Customer Duplicate Check report, state of TN added. 19560

    6.0.1.140

    Line item discounts
    Sale pricing / scheduled/non-expiring discounts
    Best Shipping
    Catalog request processing redesigned
    UPS Worldship XML integration
    Automated shipping label processing
    Future Ship enhancements
    Enhanced Variable Kits
    Enhanced item customization features
    Product Groups improved
    POS checkbox repositioned
    Alternate ID can now be your default search
    Custom Order Sources can be used as your default in Order Entry
    PCI Changes (error log masking, one-way encryption)
    eCMS Order Status
    Process shipping labels days in advance (Endicia)
    Help Menu additions (Online Resources)
    Support for eCMS "Sales Price"
    Addition of "ShippingCharges" to eCMS product upload.

    Printing : added new print task "Items Ordered - Line Item Discount". 19493

    Customers : Maillist : Catalogs : problem when doing real-time db switching.19433

    Order Entry : Past Items : status and line discount were not being cleared from past items.17438

    Contact Manager : Find Customer : CMS was assuming AltID was an integer, so non-integer data caused '...is not an integer' error. 18220

    Order Entry : Returns : Exchange items do not set the 'weightperitem' field in Itemsord. 18602

    Customers : Maillist : Catalogs : added Export functionality.19390

    Order Entry : Returns : Line Item Discount added to Exchange form. 18617

    Order Entry : Returns : added CVC field to payment section. 19362

    Contact Manager : Find Customer : added "Primary Notes" search. 19372

    Setup : Order Entry : added "Primary Notes" to default customer search selection.

    Order Entry : "Tax Exempt" checkbox was not handling the customer flag properly. 19062

    Setup : Company : Email Accounts : added Global BCC. 19373

    Order Entry : Returns : now properly initializing some important variables, the lack of which may have contributed to some strange Exactor tax values. 19292

    Customers : Maillist : Email : Error "qryCustCounter: Field 'FILT_CT' not found." when using a merge letter and filter returns no records. 19271

    CMS Install : path problem when doing server and workstation installs on the same machine.

    Orders : Payment Maintenance : Problem Payments : unable to resubmit bad CC payments. 17252

    Contact Manager : discounts saved with extended decimals. 17056

    Fulfillment : Verify Imports : improved handling of simultaneous multiple users (error message "cdsOrderXml: Record Not Found). 19321

    Customers : Maillist : Mail Filters : removed reference to 'Latest Ad Code' (changed to 'Ad Codes'). 18901

    ===========================