| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
#101
|
|||||||
|
|||||||
Re: X-Cart 4.5.5 released
Quote:
The full solution is 1 Disable the CHECK_CUSTOMERS_INTEGRITY in the config.php file 2 Change a one symbol for the lastname on the page like http://demo.x-cart.com/demo/admin/register.php?mode=update and click the 'Update' button. 3 Enable the CHECK_CUSTOMERS_INTEGRITY in the config.php file
__________________
Sincerely yours, Ildar Amankulov Head of Maintenance group |
|||||||
#102
|
|||||||
|
|||||||
Re: X-Cart 4.5.5 released
Quote:
None. It is a new store. Installed 4.5.4 just days before 4.5.5 came out. So I upgraded before it gets customers.
__________________
~Dani For version & mods installed, see post. |
|||||||
#103
|
|||||||
|
|||||||
Re: X-Cart 4.5.5 released
Quote:
The Blowfish key is main security feature to crypt your customer's password and order details in DB http://help.x-cart.com/index.php?title=X-Cart:Blowfish http://help.x-cart.com/index.php?title=X-Cart:FAQs#Should_I_re-generate_the_blowfish_encryption_key 1 4.5.5 upgrade packs add new security keys in addition to the $blowfish_key 2 There are some improvements related to the blowfish and new security keys So to use these security improvements you have to regenerate the blowfish key and security keys using this tool http://help.x-cart.com/index.php?title=X-Cart:Advanced_Tools#Re-generate_the_Blowfish_Encryption_Key
__________________
Sincerely yours, Ildar Amankulov Head of Maintenance group |
|||||||
#104
|
|||||||
|
|||||||
Re: X-Cart 4.5.5 released
Can someone tell me many times a year do these security updates or version upgrades come out?
__________________
Gold Plus 4.5.4 |
|||||||
#105
|
|||||||
|
|||||||
Re: X-Cart 4.5.5 released
Quote:
Security patches: rarely Updates: historically, 2-4 times a year. Sometimes more. Sometimes less. THE RANT: <sounding like a broken record> patches for bugs should not be bundled with new or improved features. The current security patch is really not a critical patch, but rather, new features/improvements that the xcart designers decided would be good. Calling it a security patch is a bit misleading and not an accurate representation of what a true security patch should be. The security of xcart 4.5.4 is just fine, if the store admin takes some basic security steps (lock down the admin at htaccess, constrain admin to specific IP addresses, use complex passwords, etc...) -- what the designers chose to ADD to 4.5.5 basically hardens xcart a bit (which is fine), but it SHOULD NOT have been bundled with the bug fixes that we've been waiting since October 2012 for!!!! Many of us in the forum have said this about 27 million times (approximately). This upgrade cycle tried to accomplish many things, all at once -- so it's not as simple as most bug-fix patches. WHAT THEY SHOULD HAVE DONE: 1. bug fix release 2. new version of x-payments and XPC 3. security enhancement release -- this should have been released on its own timeline, separate from the required bug fixes. Each of these could work without the other. BUT by making "x-cart 4.5.5" now all-inclusive, if we want the bug fixes, we get everything that comes with.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#106
|
|||||||||
|
|||||||||
Re: X-Cart 4.5.5 released
About Gold Plus version. Let's say there are bugs related to X-MultiCurrency module. One who bought this module for a Gold version, will get the updates in his Helpdesk area. One who bought this module as part of Gold Plus will have to wait for a new XC Gold+ release. Am I right?
If I am right, those with Gold+ are affected. QT should find a solution for this major issue, seeing that upgrades are nightmares in this 4 version of XC.
__________________
X-Cart Next: Business 5.2 (learning and testing) X-Cart Classic: Gold and Gold Plus 4.7 Lots of Modules and Customizations OS in use: Red Hat Enterprise, Fedora, CentOS, Debian, Ubuntu, Linux Mint, Kali Linux Ideas for Server configuration (basicaly): Nginx/Pound (reverse proxy), Apache/Nginx (webserver), Squid/Varnish (cache server), HHVM or (PHP-FPM + PHP 5.6 + opcache), MariaDB/Percona MySQL Server, Redis (storing sessions) You can catch my ideas here: http://ideas.x-cart.com |
|||||||||
#107
|
|||||||||
|
|||||||||
Re: X-Cart 4.5.5 released
Quote:
+1 1. Release one XC version per year - that way you have time to really develop wanted/needed new features and test them, and test them again; release beta to selected testers so they can tell you what needs improvement or fix; when released this upgrade should include all bug fixes and security patches to date 2. Release bug fixes every 2-3 months - this has to be as separate installs independent from XC upgrade release. Why do I have to upgrade to new XC version just to fix bugs? Bug fixes should NOT include any improvements or new features. 3. Release security patches immediately when needed. 4. Tie CHANGELOG and bugtracker - make them one and only; when I look at the bug # in the CHANGELOG that same number in the bugtracker should bring the bug description and how to fix. 5. ...more to come from others....
__________________
Steve Stoyanov CFLSystems.com Web Development |
|||||||||
|
#108
|
|||||||
|
|||||||
Re: X-Cart 4.5.5 released
Quote:
I am trying yet again to upgrade my 4.1.8 store--this time to 4.5.5. I never try to patch/upgrade. I am doing a clean install of 4.5.5. I have many orders and registered customers and want to transfer the data to my new store. I know the blowfish keys for each installation must match in order for the data to transfer properly. In the past, I have just copied the blowfish key of my live store to the config.php file of the new installation (BEFORE transferring any data). After that, I copy my admin profile from the old store's DB to the new DB and everything seems fine--I'm able to log in to my new store. However, 4.5.5 adds some new keys to the config.php file and you state here that further changes/enhancements have been made to the blowfish key. This has me worried about manually changing the blowfish key in my 4.5.5 config.php file. However, if I don't change it, how can I transfer my customer/order data?
__________________
X-Cart Gold 4.1.8 (Live) BCSE Shipping Estimator for FLC Mod BCSE Shipping Methods per Product Mod BCSE Customer Review Management Mod BCSE Catalog Order Form Mod X-Cart Gold 4.5.2 (Building/Testing) USA |
|||||||
#109
|
|||||||
|
|||||||
Re: X-Cart 4.5.5 released
4.5.5 upgrade is a colossal fail
http://forum.x-cart.com/showthread.php?t=66211 We need JUST the bug fixes. FUCK the so-called security enhancements. WHOEVER approved this needs to pull their head out of the sand (I was going to be much more graphic) and get a grasp on what your customers want. We want bug fixes. We don't want xcart to be the one-stop do-everything application. It's perfectly fine if X-cart tells the admin: "it is your responsibility to restrict the admin by IP, and to lock down and harden your server". I don't need you to destroy a perfectly fine cart attempting to solve the world's security problems. I expect that you will recall the 4.5.5 upgrade, since it is anything but stable for production (or upgrades).
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#110
|
|||||||
|
|||||||
Re: X-Cart 4.5.5 released
Another failure.
How am I supposed to edit the description? We are using the InnovaEditor and I clicked the upper left hand button in the editor bar to blow it up. Not cool! Eta: I will fix it on my own. But still not cool. .
__________________
~Dani For version & mods installed, see post. |
|||||||
|
|||
X-Cart forums © 2001-2020
|