---------------------------------------------------------
From: STARBASE-21
Sent: Monday, August 13, 2001 8:54 AM
To: Merchant Coders; Merchant-Users@Miva. Com; Miva-Users
Subject: OPENUI SECURITY ISSUE - IMPORTANT!
---------------------------------------------------------


ATTENTION OPENUI USERS:

OPENUI SECURITY ISSUE - IMPORTANT!
PLEASE MAKE THIS YOUR TOP PRIORITY!

A recent review of the OpenUI has revealed a security risk.  This
exists in the following versions of the OpenUI:

  OpenUI v2.68 and earlier
  OpenUI v3.12 and earlier
  OpenUI v4.08 and earlier

We believe all stores running the OpenUI module are vulnerable to 
this security risk.  At this point in time, there have been no 
reports of any incidents involving this exploit.

To remedy the situation, you must download and install the new
OpenUI releases immediately.  As an OpenUI user you should make 
this your top priority. Please adhere to the following steps to 
ensure proper remedy of this security risk:

  OpenUI Installer/Updater
  ------------------------
  If you are a user of the STARBASE-21 OpenUI Installer/Updater,
  follow these steps:

    1. Run the admin.mv
    2. Open the "Stores" branch
    3. Open the branch for the specific store
    4. Open the "Utilities" link
    5. Click on "OpenUI Installer/Updater(tm)"
    6. Press the "Process Update" button
 
  * If you would like to use the FREE OpenUI Installer/Updater, just
  browse to: http://miva.starbase21.com/pd.mv?pc=MIVA-OUIUPDR.


  Standard OpenUI Install
  -----------------------
  Go to the OpenUI website (http://www.openui.org/) and download the 
  latest standard installation version.  Follow the included 
  'openui.txt' instruction file.  If you get a timeout error, you will
  need to use the Alternate Install or the OpenUI Installer/Updater.


  Alternate OpenUI Install
  ------------------------
  Go to the OpenUI website (http://www.openui.org/) and download the 
  latest alternate installation version.  Follow the included 
  'openui_alt.txt' instruction file.


The updated versions of the OpenUI are as follows:

  OpenUI v2.70
  OpenUI v3.20
  OpenUI v4.10

This solution will fix the identified security risk and protect all
Merchant stores running in the same Merchant "domain".  No additional 
steps are available or necessary. If you have any questions or concerns,
please contact the OpenUI Consortium (http://www.openui.org/) or 
STARBASE-21, Inc. Technical Support (http://support.starbase21.com/).

Thank you for your prompt attention to this issue.