Re: Security bulletin 2008-25-12
 

Thanks QT for working on Christmas and for your "Santa had an accident" video! :-)

Question:
Since there were no security patches for 4.2 does that mean 4.2 was already protected?

Re: Security bulletin 2008-25-12
 

Yes.

Re: Security bulletin 2008-25-12
 

Great! Security in the main reason I upgrade. Thank you and have a wonderful day!

Paul

Re: Security bulletin 2008-25-12
 

Please check this thread also: http://forum.x-cart.com/showthread.php?t=42036

Re: Security bulletin 2008-25-12
 

Excellent Post!

#1 - Just implemented
#2 - Updated
#3 - Thank you!
#4 - Just implemented
#5 - Already done

Thank you Eugene!

Paul

Re: Security bulletin 2008-25-12
 

Yep - Glad I saw this list as well.

#1 - Just implemented
#2 - Updated as well
#4 - Done
#5 - Not sure I need to do this...? - CC's are not stored in my DB...

Re: Security bulletin 2008-25-12
 

If you don't store the credit card numbers, you don't need to enable this feature.

Re: Security bulletin 2008-25-12
 

I figured as much. Thanks!

Re: Security bulletin 2008-25-12
 

What a mess :(

I now have 4 patches to apply in order to make my store secure. Last week I applied the 3 patches from 7/2, 8/5 and 12/18. I then had to back these patches out as customers were complaining that they were not able to log in. Now we have yet another patch, but I am unable to apply it as I haven't and can't apply the previous patches.

Are Qualiteam going to fix the previous patches so I can get up to date with these security issues?

I have no idea what to do now, and I am concerned that our store is insecure and that people are already taking advantage of these security flaws.

Steve

Re: Security bulletin 2008-25-12
 

Steve,

I had not apply any patches until 2008-25-12, and did all four in order, for my 4.1.9 store.

I SIMPLY did this manually, doing a compare on a per-file basis - took 10 minutes to patch everything.

This is the "brute force way" but sure to work.