Subscribe to Syndicate advisory (for march 21, 2016) does not affect Theatre Manager

Venues using may have received an 'important Security Notice' indicating that processing network had a security problem during their upgrade on the evening of March 21,2016 between 4:13 PM and 11:49 PM Pacific time. In the advisory, says they inadvertently sent back the full 'unmasked card number' during an authorization request. The advisory also says is is subject to their confidentiality agreement and cannot be distributed.

This does not affect Theatre Manager users

We know the first thing our venues will want to know is if they are at any risk. So we are posting the answer, in advance, that TM does not store the full response string from - it only tracks the authorization code and CVV2 response code. From what we've read in the security advisory, you may disregard it completely.

Authorize.Net was broken, appears to be fixed

Updated April 6, 2016

For venues using, the issues authorizing cards was caused by making production server changes and eliminating an important bit of deader information in the credit card authorization response send back to Theatre Manager. As noted in the developer comments for the day, they removed an important bit of information - the 'content-length' header which contains the size of the message being returned. This is a very important part of all https requests - and was restored towards the end of the day.

April 5, 2016

If you use and Theatre Manager 10.05.xx, you may be running into issues authorizing and/or settling your credit card batches. indicated they would throw the switch to require TLS 1.2 sometime after they sent a warning letter to merchants in September 2015. In that letter, said they would follow the PCI council mandate for TLS 1.2 before June 2016.

Well, April 4th, 2016 is as good a day as any. We've had a few venues (using TM 10.05.xx) tell us that does not like the settlement message we've been sending for years while others (using 10.06.xx) are working fine. The conclusion is that threw the switch to require TLS 1.2

First National Theatre Manager User Conference

First National Theatre Manager User Conference

Save the Date for a Proctors/Arts Management Collaboration

Mon, May 9 - Wed, May 11, 2016
at Proctors Theatre
Schenectady, New York.


An Invitation to Learning

Proctors, in association with Arts Management Systems, invites you to the First National Theatre Manager Conference.

For the past 5 years, Proctors and other presenting houses using Theatre Manager in the North East have hosted annual regional conferences. Attendees coming to these friendly informative sessions have steadily grown and we are excited to extend this platform to a national level.

These conferences are aimed at employees and volunteers engaged in box office, marketing, patron development, database and server management, accounting, web sales, ticket scanning and other topics.

Specific details will follow in about a week.


Conference Organization

Arts Management Systems, beleives passionately that the best user conference experience is one that is owned and organized by the users themselves.

While our staff will host some topics, the user community will present some other really interesting sessions. If the past is any guide, expect a lot of interaction with your peers as well as revelations about the extensive capabilities of Theatre Manager.

Theatre Manager 10.06 released

It is with pleasure that we announce the release of Theatre Manager Version 10.06. There are many under the hood changes and enhancements based on suggestions from customers.

There are some key things to know about this version:

  • Theatre Manager has been audited for compliance with PCI-PA DSS 3.1 and the report is being submitted to the PCI council for approval. Theatre Manager has implemented PCI compliance requirements for nearly 15 years. Since 2008, the PCI council requires external auditing of our code and processes by a third party and we have recently finished the 4th successful biennial audit with Security Metrics in Utah. It is a big occasion for all of us.
  • Security requirements change constantly in the face of threats. This version of Theatre Manager meets the most stringent requirements for authorizing credit cards using TLS 1.2 encryption. Banks require this by jun 2016, or earlier - all credit card authorizations must use this advanced encryption. It means you could have up to 6 months to install version 10.06. Plenty of time, but earlier is better.
  • The responsive web pages have been very well received by everybody who has implemented them. This version contains some tweaks from feedback and become the standard pages deployed with the second gen listener and apache installers. The older style pages will still work if you prefer them.
  • Online Subscription Renewals have a new feature to allow easy renewal of all subscriptions in a patrons package, including removal/including of optional events.
  • Very easy implementation of google analytics of your web pages accesses, providing free completion statistics and page tracking. get a far better handle on your customer usage of your site. Just add the account to your Web Listener Setup - or let us help you do it.
  • and more...

Refer to the full release notes and installation instructions for more information

Google dropping support for XP, Vista, OSX 10.8

There has been a concentrated effort by Google and other major players in the internet to move people away from older web browsers that are built on flawed security standards. Here are some of the recent initiatives and announcements.

Theatre Manager is keeping abreast of these changes, many times on a daily basis. We continually update all of our software components to work with the latest security requirements.

What does this mean to your patrons and why is this a good thing?

You will likely receive sporadic reports from customers indicating that they are unable to purchase tickets from your web site using their browser. The answer is to help them understand that, for their own safety, commerce relies on high security. Moreover, all the current browsers are implementing this requirement and removing support for older browsers.

This is part of a concentrated effort on the part of Google, FireFox, Safari, Opera and Microsoft Edge to move people to a place of safety.

In many cases, all that a patron needs to do is switch browsers from older, no longer supported ones to the most current available.

Theatre Manager works on El Capitan

We've been using Theatre Manager on the El Capitan developer Golden Master for a couple of days running through a number of the major tasks, including web sales.

At this time there are no known compatibility issues. However, it you wish to install El Capitan at your venue, we advise doing it to only ONE machine to start with and use it for a few days to find out if you have compatibility problems with other applications used in conjunction with Theatre Manager. We cannot say for sure if all your other important applications work, so best approach is one machine at a time.

Please do not update the postgres, apache, or second generation listeners servers at this time. Those servers also work with El Capitan - but save those for a couple of weeks.

Responsive Web Pages Released for all Venues

Arts Management has completed and released a set of responsive web page templates. The means that the web pages automatically adjust their size, contents, and orientation depending if your patrons are looking at them on a computer, smart phone (landscape or portrait), tablet or other device.

The responsive web pages are available free to all venues. If you would like to try them out on our test web site, click this link for

A number of venues are already using them.

Security Patch Released affecting 10.02.xx through 10.05.xx

Jun 15, 2015 An update was released that all venues should installed immediately. Venues that auto-update already have the change in place.


A way was found to show the name and address of a random patron who was not in your household via the account tab in web sales. No other data could ever be displayed (passwords and PCI information were never at risk). The worst possible outcome is that somebody, if they knew about the issue, could look up a name that they could find in the phonebook.

The issue was identified on Monday morning and a fix was auto-deployed by late afternoon the same day. Versions affected were TM 10.02, 10.03, 10.04, and 10.05 and a separate patch was issued for each version.

Version 10.05 - Pick your own and Web as a service

We've been hard at work improving the web services this past year and have some exiting things planned for future versions. This release notice is an aggregation of the some key things in the past year, most noticeably:
  • The availability of pick your own seats - which venues have been using with abandon since January
  • The Web Sales Module now runs completely as a service, so it starts automatically after machine restarts without attention
  • Auto updates simplify the process of keeping up to date with enhancements with almost no work and minimal impact to users and patrons.
  • And we now offer a hosted private cloud option if you prefer the servers to be at our data centre.
Theatre Manager has always been the most full featured integrated CRM for patron management, ticket sales, donations, financial accuracy and other administration needs. Since our focus is providing choice to a venue while constantly reducing the total cost of ownership, these recent efforts have focused on infrastructure and reducing IT needs (and the key feature we added - pick your own seats).

Watch our release notes and shortly. We have a sample site with responsive pages, with many thanks and contributions from some of our customers. They are being prepared for release to make it easy to update your pages if you want them -- or you can keep using your current pages if you prefer.

If you should have any questions or need assistance installing the latest version, please feel free to contact us -- happy to do it for you.

Version 10.01 - Released with easy Double opt-in mail list e-blasts

The Canadian Anti-Spam Law (CASL) is coming into effect on July 1st and we've spent the past 3 months fine tuning TM to support the law.

Initial support for single opt-in came on April 5, 2014 - essentially a default was changed so that patrons needed to add themselves to the 'send me emails' button. Double opt-in features were added in mid June to version 10.01 in response to inquiries and deeper understanding of the law from seminars, etc. Opinions vary whether a venues needs single opt-in or double opt in. One things is certain, double opt-in where the patron confirms that they wish to receive emails is far stronger process and help ensure accuracy of emails.

Theatre Manager now has an even easier double opt-in process based on mail lists where emails are sent automatically to patrons and mail list status codes are change to confirm the double opt in status automatically - with limited work on the part of the venue.


Subscribe to Arts Management Systems RSS