You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently, we got an e-mail regarding the discontinuity of the HTTP-protocol for Bazaarvoice (API) url's.
I highly encourage this change, but that also means this module requires an update before August 30th.
"As part of our ongoing commitment to safeguarding your data and ensuring the highest level of protection, we are pleased to announce important updates that strengthen the security of our platform.
During recent security testing, we discovered that a number of clients were initiating calls to Bazaarvoice APIs using HTTP. Transmission of data using HTTP is not encrypted and, as such, is susceptible to compromise by malicious actors who have access to the network segments the data is traversing. To address this risk, we will begin enforcing the use of HTTPS (using TLS v1.2 or higher) for all connections beginning August 30, 2024.
Additionally, we have identified a number of weak encryption ciphers being allowed which we will be ending support for beginning August 30, 2024. A list of the encryption ciphers being supported can be found here.
Action required:
Any API calls to Bazaarvoice using HTTP must be changed to HTTPS by August 30, 2024. All API calls received using HTTP after August 30, 2024 will be redirected to an HTTPS connection. The continued use of redirection is not recommended as it can add latency and present residual security risks. Customers who continue to send API calls via HTTP after August 30, 2024 and do not allow redirects will likely experience issues receiving Bazaarvoice content.
Ensure server settings are configured to use TLS v1.2 and to use only strong ciphers (list here) like AES-GCM by disabling weak ones before August 30, 2024.
For any further assistance, please open a support case online and refer to this documentation."
Recently, we got an e-mail regarding the discontinuity of the HTTP-protocol for Bazaarvoice (API) url's.
I highly encourage this change, but that also means this module requires an update before August 30th.
"As part of our ongoing commitment to safeguarding your data and ensuring the highest level of protection, we are pleased to announce important updates that strengthen the security of our platform.
During recent security testing, we discovered that a number of clients were initiating calls to Bazaarvoice APIs using HTTP. Transmission of data using HTTP is not encrypted and, as such, is susceptible to compromise by malicious actors who have access to the network segments the data is traversing. To address this risk, we will begin enforcing the use of HTTPS (using TLS v1.2 or higher) for all connections beginning August 30, 2024.
Additionally, we have identified a number of weak encryption ciphers being allowed which we will be ending support for beginning August 30, 2024. A list of the encryption ciphers being supported can be found here.
Action required:
Any API calls to Bazaarvoice using HTTP must be changed to HTTPS by August 30, 2024. All API calls received using HTTP after August 30, 2024 will be redirected to an HTTPS connection. The continued use of redirection is not recommended as it can add latency and present residual security risks. Customers who continue to send API calls via HTTP after August 30, 2024 and do not allow redirects will likely experience issues receiving Bazaarvoice content.
Ensure server settings are configured to use TLS v1.2 and to use only strong ciphers (list here) like AES-GCM by disabling weak ones before August 30, 2024.
For any further assistance, please open a support case online and refer to this documentation."
Model/Feed/ProductFeed.php : constant: FEED_FILE_XSD
const FEED_FILE_XSD = 'http://www.bazaarvoice.com/xs/PRR/ProductFeed/14.7';
Model/Feed/PurchaseFeed.php
$writer = $this->openFile('http://www.bazaarvoice.com/xs/PRR/PostPurchaseFeed/5.6', $clientName);
If you want I can make a pull request with the updated URL's.
The text was updated successfully, but these errors were encountered: