View Single Post
Old 04-25-2019, 07:21 AM
mvs mvs is offline

X-Cart team
Join Date: Nov 2018
Posts: 118

Default Re: X-Cart 4.7.11 and Security Patches


[*] 22 Feb 2019, aim - Improvement (Y:148789): Main page :: Edit languages admin/languages.php did not work when there was a language cookie like en_US. Fixed.[*] 31 Jan 2019, aim - Improvement (Y:148757): Multiple addresses are not allowed to be used in fields like 'Site administrator email address' / 'Users department email address' / '"From" email address'.[*] 29 Jan 2019, aim - Improvement (Y:148769): Warning related to updated for PHP7.1.x.
[!] 30 Jan 2019, aim - Bug (Y:148746): The Admin area did not work behind Cloudflare. Fixed. The error was 'It seems your IP address has changed. For security reasons your user session has been terminated by the session protection mechanism (PROTECT_XID_BY_IP)'.....
[!] 29 Jan 2019, aim - Bug (Y:148767): PHP Fatal error related to the 'Delete all orders' feature: Uncaught Error: Call to undefined method XCCostChange::deleteOrder() in include/orders_deleteall.php:106. Fixed.

[*] 11 Feb 2019, aim - Improvement (Y:148779): Login history is now IPv6 compatible.

[*] 10 Apr 2019, aim - Improvement (Y:148766): Apple Pay/Visa Checkout is now available through the new Elavon Converge Hosted Payments Page payment gateway.[*] 19 Feb 2019, aim - Improvement (Y:148783): [Socialize] Removed Google+ as deprecated. [Google plus][*] 12 Feb 2019, aim - Improvement (Y:148770): AuthorizeNet - SIM: Changed HMAC-MD5 to HMAC-SHA512 for Unique Transaction Fingerprint using a Signature Key[*] 09 Feb 2019, aim - Imrovement (Y:1487770: [Ingenico ePayments e-Commerce] (former Ogone - Web Based) updated to support UTF8 (International names).
[!] 14 Mar 2019, aim - Bug (Y:148797 B:0050537): [PayPal Payments Advanced / Partner Hosted with PCI Compliance][Payflow API] Error 'Field format error: Request is too large to process' for large carts. Fixed.
[!] 29 Jan 2019, aim - Bug (Y:148759): AuthorizeNet eCheck: Authorize.Net is phasing out the MD5 based hash use for transaction response verification in favor of the SHA-512 based hash utilizing a Signature Key. Adjusted.
[!] 11 Feb 2019, aim - Bug (Y:14877: [PayPal]. Sometimes orders failed with the error 'Declined: Payment amount mismatch: wrong order currency'. Fixed.
[!] 11 Feb 2019, aim - Bug (Y:148771): [PayPal] Website Payments Pro Hosted in mobile. Orders were declined sometimes. Fixed. Thanks to Chemisk.
[!] 01 Feb 2019, aim - Bug (Y:148739): [PayPal Express]. "Error Invalid Data: This transaction cannot be processed. The amount to be charged is zero". Orders paid partially with a Gift certificate were not processed via PayPal sometimes. Fixed. Thanks to Mixon.
[!] 29 Oct 2018, aim - Bug (Y:148728, B:0050101): [Sage Pay Go - Form protocol] did not work under PHP7.2/PHP7.3 with OpenSSL. Payment amount mismatch: wrong order total error related to VISA cards. Fixed.

[*] 26 Feb 2019, aim - Improvement (Y:148625 B:0043214): For defined methods, the total order weight is now taken into account when real-time shipping calculation is disabled (so that the shipping methods with weight limits will show only when total cart weight is within the limits).
[!] 14 Jan 019, aim - Bug (Y:148751): USPS Delivery to the United Kingdom/Swaziland/Guernsey/Isle of Man/Jersey/Tokelau was broken. Fixed.

[!] 19 Dec 2018, aim - Bug (Y:148740): [Amazon_Payments_Advanced] A wrong payment method was displayed in orders when the regular checkout flow was used. Fixed.

*Advanced Customer Reviews*
[*] 16 Jan 2019, aim - Improvement (Y:148755): Advanced Customer Reviews and Customer Reviews are IPv6 compatible now.
*Amazon Feeds*
[*] 15 Mar 2019, aim - Improvement (Y:148799, Y:148793): [Amazon_Feeds] supports United Arab Emirates (U.A.E.) now. Changes for Canada and Mexico endpoints.
[*] 25 Jan 2019, aim - Improvement (Y:148737): [Amazon Feeds] Added the categories CellularPhoneCase/ScreenProtector, LightMotor/LightMotorVehicle, NetworkAdapter, Industrial/AdhesiveTapes. [Amazon_Feeds]
*Amazon Payments Advanced*
[*] 22 Mar 2019, aim - Improvement (Y:148800): [Amazon_Payments_Advanced] Amazon Pay Strong Customer Authentication (SCA). . [Second Payments Services Directive (PSD2)]
*Detailed Product Images*
[*] 26 Oct 2018, aim - Improvement (Y:148729): [Detailed Product Images] jQuery Colorbox widget updated from v1.3.15 to 1.6.4. Retina display support added.
*EU Cookie Law / GDPR-friendly*
[!] 11 Feb 2019, aim - Bug (Y:148780): [EU_Cookie_Law GDPR] REGEXP_REPLACE does not exist sql error. Fixed.
*Flyout Menus*
[!] 23 Jan 2019, aim - Bug (Y:148760): [Flyout Menus] Wrong product count was shown for a category when the setting 'Show products which are out of stock' was disabled. Fixed.
*Gift Certificates*
[!] 01 Feb 2019, aim - Bug (Y:148772): [Gift Certificates] There was no ability to unset certificates if the module 'Discount Coupons' was disabled. Fixed.
[*] 07 Nov 2018, aim - Improvement (Y:148733): [Adv_Mailchimp_Subscription] A better text added on the 'Thank you for subscription' page. 'Please confirm subscription by clicking the "Yes, subscribe me to this list."....'
[!] 18 Dec 2018, aim - Bug (Y:148747, B:0050227): [Mailchimp] subscription was broken. "Timestamp_signup". "This value is not a valid datetime". Thanks to Joe Funderburg (Cherie).
[!] 18 Feb 2019, aim - Bug (Y:148782, B:0050472): [XMultiCurrency] Free API key is required now for service. Fixed. API version changed from v3 to v6.
*Product Notifications*
[!] 02 Apr 2019, aim - Bug (Y:148803, B:0050541): [Product Notifications] bug. Low stock notifications did not work. Fixed. [Product_Notifications]
[*] 16 Jan 2019, aim - Improvement (Y:148756): [Survey] module is IPv6 compatible now.
[!] 08 Apr 2019, aim - Bug (Y:148805, B:0050579): [TaxCloud] Duplicate Lookup API calls. Fixed.
*X-PDF Invoices*
[*] 09 Apr 2019, aim - Improvement (Y:148806): [X-PDF] works on PHP7.3 now. mpdf has been updated from version 6.1.4 to 8.0.0. It requires, at the minimum, PHP version 5.6, and has been tested with PHP version up to 7.3. [XPDF]. Minor. [PHP 73 compatible][PHP 72 compatible][PHP 71 compatible].

[*] 18 Feb 2019, aim - Improvement (Y:148786): [Detailed Product Images] Images are now not duplicated during import.

[*] 01 Apr 2019, aim - Improvement (Y:148802, B:0050565): Optimization for image.php.[*] 25 Feb 2019, aim - Improvement (Y:148792): Small storefront optimization.[*] 14 Feb 2019, aim - Improvement (Y:148784): [SEO] Google PageSpeed Insights improvement. Removed the 'combine,minify,optimize' option for the "Use speed-up tool for CSS" setting due to the changes in the 'Google PageSpeed Insights' algorithms.[*] 11 Feb 2019, aim - Improvement (Y:148776): The field xcart_products.rating is now not updated when an order is placed to avoid query cache invalidation. Thanks to Abr.[*] 04 Feb 2019, aim - Improvement (Y:148773): [Special_Offers] Huge optimization for the Special_Offers module.[*] 29 Jan 2019, aim - Improvement (Y:14876: Core optimization related to x_load and xcart_config - db_fetch_all.[*] 30 Oct 2018, aim - Improvement (Y:148730): Bot signatures updated. Added MJ12bot SEMrushBot and others. It helps to reduce the amount of MySQL queries.

[*] 25 Jan 2019, aim - Improvement (Y:148764): Possibility of SQL injection. Fixed.[*] 16 Nov 2019, aim - Improvement (Y:148736): Updated PHPMailer version from 5.2.26 to 5.2.27 . Fixed a potential security issue. (Stores with the setting 'Use SMTP server instead of internal PHP mailer' enabled are affected.)

[*] 14 Mar 2019, aim - Improvement (Y:14879: Renamed Macedonia to North Macedonia.[*] 14 Dec 2018, aim - Improvement (Y:148069): jQuery updated to version 3.4.0. (The previous jQuery version was shown to be a potential risk for Cross-Site Scripting attacks according to the results of a Trustwave scan performed by one of our clients. The update remedies the situation.)
[!] 04 Mar 2019, aim - Bug (Y:148742): PHP7.3 minor bugfix related to PCRE2. PHP7.3 critical bugfix related to PCRE2. Compilation failed: invalid range in character class at offset. Product_Options. Add option group. [PHP 73 compatible]
[!] 21 Feb 2019, aim - Bug (Y:14878: All the HTTPS modules except libCURL sometimes did not work correctly with the HTTP/1.1 100 Continue header. Fixed.
[!] 18 Jan 2019, aim - Bug (Y:148753): 'Automatically convert CSS to inline styles in HTML emails' did not work in PHP7.3 PHP73. Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in include/lib/cssin/vendor/simple_html_dom/simple_html_dom.php on line 1364. Fixed.
Max Slepuhov
Reply With Quote