MX Merchant

This release includes the following adjustments:

Keycloak: User Creation Enhancements (Team Member Page): Enhancements have been made to improve the user experience when creating and editing team members. The "Mobile" text input field is now mandatory, the "Advanced" section expands automatically, and the "Default Grant Access" toggle is set to NO by default. If a username or email is already taken, a specific error message is displayed in red. New users without a provided password will receive a Welcome Email upon successful save. These changes streamline the process and ensure smoother workflows.
Update MX Merchant to Show Updated Logo: The MX Merchant branding has been updated on the homepage to feature the new logo. This update specifically affects the left-hand navigation bar, ensuring consistent and modern branding across the platform.
MX Account Updater for Fiserv North Product: The MX Account Updater service now supports Fiserv North merchants. When enabled, it appears on the MX Merchant Apps page and automatically updates vaulted cards when they expire or change. This reduces the manual effort required to manage expired or changed cards, improving efficiency and accuracy.

“What’s New” in MXM: The “What’s New” link in the left-hand navigation bar has been restored, directing users to a page showcasing the latest features and offerings in MX Merchant. This update ensures users have easy access to new information, enhancing user engagement and awareness.
Update MX POS App in MX Merchant with New Language and Imagery: The language and imagery for the MX POS App in MX Merchant have been updated for a more modern presentation. The AppStore grid preview image, Discover Button, new screenshots, and improved text formatting enhance the visual appeal and user experience.
MX Merchant UI Refresh Continued Work: The Payment Settings page in MX Merchant has been revamped using React components, replacing the old Angular components. This migration enhances code maintainability, debugging, and performance, ensuring a more efficient and modern user interface.
MXM to Share Merchant Passport Account Details with PIPE for Merchants on Standard Funding: MX Merchant now shares Passport bank account details with PIPE for merchants on standard funding, replacing the previous behavior of sharing external account details. This update improves the accuracy and efficiency of financial transactions.

IDOR on /checkout/v3/subscription Allows Overriding Every Subscription: A critical vulnerability that allowed unauthorized users to override every subscription in the application's database has been patched. Proper authorization checks have been implemented to ensure only authorized users can modify subscription data.
IDOR on PUT /checkout/v3/supplier/ID Allows Stealing Suppliers from Other Accounts: A vulnerability allowing attackers to access and reassign suppliers from other accounts has been fixed. Proper authorization checks are now in place to prevent unauthorized access and modifications.
MX ePay Logo Not Showing in Sandbox and UAT: An issue where the MX ePay logo was not visible in the sandbox and UAT environments has been resolved. All necessary logo assets are now correctly referenced, ensuring a consistent testing experience.
Enrich Route Errors from Bin Lookups: A bug causing users to be logged out due to unhandled exceptions in the BIN lookup API has been fixed. A try-catch block now handles errors appropriately, preventing user session disruptions.
Move Checkout to New Storage Broker: The Checkout service has been migrated to a new broker domain to enhance performance, security, and scalability. Domain references have been updated, and all functionalities have been verified to ensure a smooth transition.