This information is relevant for you if you're using X-Cart of one of the versions affected:
Affected versions: 4.2.2 - 4.6.4 of all editions (Gold, GoldPlus, Platinum, Pro)
NOT affected: 4.2.1 and earlier ; 4.6.5 (the latest currently) ; all versions of X-Cart 5.x
Applying these patches is a must of you use:
*PayPal Advanced;
*UPS;
*AuthorizeNet - AIM (in older X-Cart versions through 4.4.5).
Two of the aforementioned services have already informed about the intention to disable the support of SSLv3 because of POODLE vulnerability (read more about it in the very end of this email). The timeframes differ, but once it happens, the current integation will stop working. It means that to continue using their services you must patch your store, the sooner - the better.
I don't use the above, do I need the patch?[/color]
Applying these patches is strongly recommended in any case, even if your store is not using the services listed above, because it may be using some other services that may also require the changes implemented by the patches.
What the patch does:
These patches provide updates for your HTTPS modules and help to avoid possible problems with https requests sent by your store to various services. The integrations with these services (inlcuding UPS, PayPal Advanced, Authorize.Net-CIM, but probably not limited to this list) may stop working in the nearest future when these services remove the support for the oudated and vulnerable SSLv3 protocol.
!!! If you
host with X-Cart and your plan includes free support, or if you have
X-Cart support subscription, please submit a ticket to have your store patched FOR FREE.
To apply the patch, follow the instructions below:
It is HIGHLY RECOMMENDED to back up your database and files before patching the store.
1)
Download the patch (the remove_ssl3-2014-10-30{version}.tgz archive file) from the "File area" section of your Qualiteam account.
You can find the patch at
X-Cart -> X-Cart supporting files for prev versions -> {Your X-Cart branch} -> {Your X-Cart version} -> Updates and patches
2)
Decompress the archive file.
The following files/folders will be extracted:
/DIFF-xcart - contains DIFF files for patching customized X-Cart files
/README - this README file
/xcart - contains already patched X-Cart files
DIFF-xcart.diff - contains all the DIFF files from the DIFF-xcart folder combined into one file
patch.sql - contains SQL changes
Note:
A DIFF file is a file that contains the differences between two files. In our case, DIFF file contains changes made to the current file compared to the former version of the same file.
3)Make sure the database backup is created, and
apply patch.sql to your database.
4)
Install the patch, there are 2 ways to do it:
4.a) replace the affected files in your software copy with the patched files;
If the files from the xcart directory are not modified in your X-Cart, you may use the first method of applying the patch. This
way, the files from the patch will overwrite the same files in your X-Cart.
You should copy the files from the patch to your X-Cart installation using FTP or other tool that you use for managing files on your web server. The copied files will replace the original ones that contain errors, thus the errors will be fixed.
NOTE: The patch will overwrite the files completely, i.e. the target files will have the default settings. If now you are using a
modified/customized version of the files, make sure to re-implement the changes after applying the patch, or just install the patch manually.
4.b) apply the patch manually using DIFF files.
If the files were modified, it is recommended to apply the patch manually using the DIFF files. Thus, you will keep your modifications intact. To learn about this installation method, please read the article in the X-Cart Knowledge Base.
NOTE:
* Use either the DIFF-xcart.diff patch or the DIFF files from the DIFF-xcart folder. Do not apply both.
5) Make sure your payment and shipping integrations work correctly.
If you encounter any problems during or after installation, feel free to contact our support team for help.
---------------------------------------------------------------------------------------
PS: A cute poodle here:
http://www.youtube.com/watch?v=Gw85SGlIo8Y