| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
#21
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
Quote:
__________________
Manuka Bay Company X-Cart Version 4.0.19 [Linux] UGG Boots and other fine sheepskin products http://www.snowriver.com |
|||||||
#22
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
The 4.0.18 patch hard-codes the xcart/ subdirectory into the .diff file, so if you don't have your cart installed in that directory, you get a 'not found' for all the files.
Come on guys, can you please take the time to get these right? A security patch is important and shouldn't be this difficult to implement.
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#23
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
I installed the patch and got a lot of error messages across the top of the screen. I don't know enough about X-Cart to know what was wrong but reading this forum tells me the patch is messed up. I'll try it again once the patch works right.
|
|||||||
#24
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
It seems like this update is causing people quite a few headaches. Before I start the process of manually patching all of my clients' carts, can anyone tell me what the actual security issue is? All I got out of the email is that someone could use "SQL injection" to gain access to sensitive information. Do I need to waste an entire day fixing this, or are we all worried about nothing?
Thanks.
__________________
LiteCommerce - 10 Carts: --------------------------------- Version 2.1 Service Pack 2 XCart - 14 Carts: --------------------- Version 4.0.17 Version 4.0.18 Version 4.1.2 Version 4.1.3 |
|||||||
#25
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
Has anyone successfuy upgraded from 4.0.19 yet?
__________________
https://xskinz.com 4.0.19 linux PHP 4.4.2 MySQL server 4.1.21-standard MySQL client 4.1.21 Apache |
|||||||
#26
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
And why can't I even find a version of 4.18? All I see is 4.19? Ahhh... this should'nt be so difficult.
__________________
https://xskinz.com 4.0.19 linux PHP 4.4.2 MySQL server 4.1.21-standard MySQL client 4.1.21 Apache |
|||||||
#27
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
4.0.18 is in the .diff posted above, but it doesn't work as I mentioned. You are right though, this should be a no-brainer...people are going to do more damage with this patch then they'd do leaving the site alone
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#28
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
So basically Xcart just announced to the world that their app is insecure and that we have no way to upgrade other then building the site from scratch?
__________________
https://xskinz.com 4.0.19 linux PHP 4.4.2 MySQL server 4.1.21-standard MySQL client 4.1.21 Apache |
|||||||
#29
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
Quote:
Yes. And they announced this to the world before notifying their customers via email. I did not need to be doing this at the start of my busiest 60 days of the year.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#30
|
|||||||||
|
|||||||||
Re: security-patch-2007-10-29.tgz
Thank goodness they are providing DIFF files. I've been back and forth with a support person this past week about this. And they keep coming back with basically "sorry we aren't providing DIFF files but we can do it for you for 40 support points"
I also do not know why this security patch is of "moderate" impact status. It seems pretty critical to me that people could get sensitive data! Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
|
|||
X-Cart forums © 2001-2020
|