X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   News and Announcements (https://forum.x-cart.com/forumdisplay.php?f=28)
-   -   X-Cart 5.4.0 Public Beta is out (https://forum.x-cart.com/showthread.php?t=76913)

mvs 04-11-2019 09:39 AM

X-Cart 5.4.0 Public Beta is out
 
Hey everyone!

Please welcome X-Cart 5.4.0 Public Beta: x-cart.com/x-cart-5-4-0-public-beta-release.html

You’ll love the revised email notifications builder, brand-new upgrade system with one-click rollbacks, the updated webmaster mode and template editor, and many more improvements. Download the fresh v5.4.0 and tell us how much you like it.

tparmar 04-16-2019 10:40 AM

Re: X-Cart 5.4.0 Public Beta is out
 
Quote:

Originally Posted by mvs
Hey everyone!

Please welcome X-Cart 5.4.0 Public Beta: x-cart.com/x-cart-5-4-0-public-beta-release.html

You’ll love the revised email notifications builder, brand-new upgrade system with one-click rollbacks, the updated webmaster mode and template editor, and many more improvements. Download the fresh v5.4.0 and tell us how much you like it.


Not able to install or test beta version. It is saying service.php not found. Even though it is there.

Triple A Racing 04-17-2019 01:04 AM

Re: X-Cart 5.4.0 Public Beta is out
 
Quote:

Originally Posted by mvs
....You’ll love the revised email notifications builder, brand-new upgrade system with one-click rollbacks, the updated webmaster mode and template editor, and many more improvements. Download the fresh v5.4.0 and tell us how much you like it.

Great that this has been released as an advance pubic beta. Thanks for that.
We've downloaded it and will be taking a long good look at it over this coming weekend.

Meanwhile, one very important question? This is the default Content Security Policy that's applied (via ~/etc/config.php) in XC 5.3.*.* and which remains like this, unless edited / replaced by the XC store owner:

Code:

; Content-Security-Policy value
; For possible values see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
; Examples:
; content_security_policy = 'disabled' # prevent Content-Security-Policy header sending
; content_security_policy = "default-src 'self'"
; content_security_policy = "default-src 'self'; img-src *;"
content_security_policy = 'disabled'

Disappointingly, the exact same content is also provided in the XC 5.4.*.* public beta ~/etc/config.php

Code:

; Content-Security-Policy value
; For possible values see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
; Examples:
; content_security_policy = 'disabled' # prevent Content-Security-Policy header sending
; content_security_policy = "default-src 'self'"
; content_security_policy = "default-src 'self'; img-src *;"
content_security_policy = 'disabled'


"Disabled" is far short of aiding 100% site security and it does appear to have now possibly become an oversight, as this very item was raised some time ago, with the XC answer being... a forward reference to XC 5.4.*.* providing the necessary solution.

Could XC please post a tested, fully functional Content Security Policy on here (a CSP which can be used either within the site's http header or, in the ~/etc/config.php and/or the ~/etc/default.config.php - this location choice being the store owners' - as it is now) The CSP really should NOT include:

Code:

data: 'unsafe-inline' 'unsafe-eval';
but most importantly, the CSP must still allow XC5.4.*.* and/or any XC Modules, to continue to function 100% perfectly :wink:

Triple A Racing 04-17-2019 04:08 AM

Re: X-Cart 5.4.0 Public Beta is out
 
A second related question... What was the thought process behind XC 5.4.*.* only appearing to want to run on MySQL and not MariaDB? 8O

We can use MariaDB or MySQL, but our satisfaction level with MariaDB is way ahead of that with MySQL and we'd prefer to stay with it, which has never been an issue previously with XC 5.*.*.* prior to the current XC 5.4.*.* beta release.

It's made very clear at the download stage that XC5.4.*.* requires MySQL 5.7.7 or higher. That would usually be fine, as we're currently using MariaDB 10.2.* which is compatible with MySQL 5.7.* (see HERE for reference or in short: "...MySQL 5.7 is compatible with MariaDB 10.2...)

Whilst everybody knows that "compatible with" is NOT the same as "identical to" :lol: we still assumed that the XC 5.4.*.* beta release would install without any issues in our case, as a result of the XC5 historic suitability to both databases.

Unfortunately for us, it doesn't appear that's the case. The XC5 install process identifies the error as follows: "...MySQL version must be at least 5.7.7 (current version is 5.5.5-10.2.23 MariaDB...) This is an incorrect explanation (see the linked page above again for reference) as MySQL 5.5 was compatible with the much earlier Maria DB 10.0 release.... Hmmmmm

We could use MariaDB 10.3.* if we wanted*** but there's no point in changing anything at all, until XC provide an answer to the question... i.e. will XC 5.4.*.* only run on MySQL? If not, which release of MariaDB has it been tested on and will it run on?

We can alter PHP versions very easily by domain and we're very keen to use PHP7.3 with XC5.4.*.* but it's far, far, more difficult to run MariaDB on one domain and then MySQL on another domain, when both domains are hosted on the same server. Hence the questions in advance! Thanks :D/

Edit *** We now do use MariaDB 10.3.*

Triple A Racing 04-17-2019 06:27 PM

Re: X-Cart 5.4.0 Public Beta is out
 
Indeed, there's a third question too, which relates to Nginx.

THIS THREAD is connected, but specifically on this linked page; posts #21 #22 #23 and very clearly, the great post #24 made by @qualiteam which relates Nginx to future issues of XC5, hopefully :wink: starting with XC 5.4.*.*. If that's the case, surely there's an Nginx only version of the public beta too? :???:

Ruslan 04-19-2019 02:20 AM

Re: X-Cart 5.4.0 Public Beta is out
 
Hi Tony,

Thanks for your input, it's much appreciated.

About your question on MariaDB: X-Cart 5.4 is fully compatible with MariaDB 10.2.* and higher. It is just an issue with the requirements checker. We will fix it.

As to Nginx, you can find the "nginx.conf.sample" config in the root of your X-Cart store. It is an example of Nginx config for X-Cart 5.4. (It contains two versions of the config: with and without a web dir).
We are unable to remove the .htaccess files from the X-Cart distribution package, but those files are blocked by Nginx config rule
-----
location ~* (\.php$|\.htaccess$|\.git) {
deny all;
}
-----

As to CSP header, it is disabled by default because we cannot add rules for 3-d party modules. But we will prepare a tutorial with the proper directives for CSP in X-Cart 5.4.

Thanks again and sorry for the inconvenience this delay may be causing you.

Triple A Racing 04-19-2019 07:24 AM

Re: X-Cart 5.4.0 Public Beta is out
 
Quote:

Originally Posted by Ruslan
....About your question on MariaDB: X-Cart 5.4 is fully compatible with MariaDB 10.2.* and higher. It is just an issue with the requirements checker. We will fix it

That's great. Thank you. We're assuming that a slightly revised public beta will be available soon :wink:
Quote:

Originally Posted by Ruslan
As to Nginx, you can find the "nginx.conf.sample" config in the root of your X-Cart store. It is an example of Nginx config for X-Cart 5.4. (It contains two versions of the config: with and without a web dir).
We are unable to remove the .htaccess files from the X-Cart distribution package, but those files are blocked by Nginx config rule
-----
location ~* (\.php$|\.htaccess$|\.git) {
deny all;
}
-----

We did see that file, but to be fair and rightly or wrongly :mrgreen: we'd earmarked it as an configurable option, as opposed to a pure Nginx version of XC 5.4.*.* being made available for download (as per the previous forum link we'd posted). Not sure why there's any restriction in simply removing ALL the Apache .htaccess files and making a separate, pure Nginx only version available? As you know, all the .htaccess files won't work anyway, if the server setup is Nginx only, but they can still work perfectly well, with a couple of the available Nginx proxy / Apache setups, which is why we're assuming that XC have included the config rule.

The conventional approach to making different OS options being made available, is to provide separate, 'clean' downloads, which makes life easier for everybody (in our humble opinion anyway). As we're currently only at Public Beta stage, nobody would / could unintentionally, cause any XC 5 live store issues at this point in time, if the two different 'clean' downloads were made available could they? It is what it is currently however, so once the slightly revised public beta is made available, we'll run our own script to remove all the .htaccess files and create two clean versions. Meanwhile, thanks for clarifying the current Nginx position. Much appreciated.
Quote:

Originally Posted by Ruslan
As to CSP header, it is disabled by default because we cannot add rules for 3-d party modules. But we will prepare a tutorial with the proper directives for CSP in X-Cart 5.4

That's good news too, as this will slowly become a more important factor albeit people may still be unaware of that. A more encompassing option, might be... to include all the CSP data, as commented out text within the ~/etc/config.php file and/or the ~/etc/default.config.php file (as is the case with other items) But, with a link to the tutorial itself plus, a note advising users not to uncomment this data or, apply it via their own http header until a) they have read said tutorial and b) they have themselves verified, that any / all Non-XC provided XC5 modules will function as intended, when using this specific setup for CSP. Just a suggestion :D/

designtheweb 04-19-2019 04:45 PM

Re: X-Cart 5.4.0 Public Beta is out
 
It would be very helpful to include a link on how to actually upgrade to 5.4 and/or include an upgrade script on 5.3. I have to dig around now and work out how to do it.

Triple A Racing 04-19-2019 10:31 PM

Re: X-Cart 5.4.0 Public Beta is out
 
Quote:

Originally Posted by designtheweb
It would be very helpful to include a link on how to actually upgrade to 5.4 and/or include an upgrade script on 5.3. I have to dig around now and work out how to do it.

As the thread header says... It's a Public Beta Release of XC 5.4.*.* so nobody will be 'upgrading' hence there won't be any links etc When it's finally approved and officially released by XC, then, subject to whatever licence you have / where you've paid up to etc :wink: it would appear as an optional upgrade within your existing store's admin area.

This Public Beta Release of XC 5.4..*.* is suitable for any end-user (that wants too) to make a fresh, separate installation & carry out their own advance assessment / provide any feedback to XC etc which is what we (and probably quite a few others) intended to do :D/

Triple A Racing 05-02-2019 04:55 PM

Re: X-Cart 5.4.0 Public Beta is out
 
Still..... no news yet from XC about the availability of the revised Public Beta Release of XC5.4.*.* :D/ As well as the questions / answers posted previously in this thread on the initial release, others have posted issues in here: https://forum.x-cart.com/forumdisplay.php?f=59


All times are GMT -8. The time now is 11:33 AM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.