Do I need to upgrade to get security fixes?

If you are an xTuple customer who uses the Authorize.Net payment gateway to process credit card transactions in xTuple ERP, then you have probably heard about the security updates Authorize.Net is rolling out at the end of February 2018.

xTuple is prepared for this event, having taken steps to implement the new TLS 1.2 protocol in newer versions of xTuple ERP. Anyone running xTuple ERP versions 4.10.x or later (e.g., 4.11.x) should not be impacted by this change. However, older versions — including xTuple ERP 4.9.5 and earlier — of xTuple ERP may be affected.

Here is an excerpt from a recent announcement from Authorize.Net:

"As you may be aware, new PCI DSS requirements state that all payment systems must disable earlier versions of TLS protocols. These older protocols, TLS 1.0 and TLS 1.1, are highly vulnerable to security breaches and will be disabled by Authorize.Net on February 28, 2018."

Because of this, if you are running xTuple ERP 4.9.5 (or earlier) — and you process credit card transactions in xTuple using Authorize.Net — then you should consider upgrading as soon as possible, prior to the February 28 deadline.

Please reach out to your xTuple support representative, or the xTuple Professional Services Team, if you need assistance with this important upgrade or want to discuss alternative solutions.

Note: This advisory applies only to customers who are using the Authorize.Net payment gateway to process credit card transactions within xTuple.