Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls
 

X-Cart 5.4.0 Public Beta is out

 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #1  
Old 04-11-2019, 09:39 AM
 
mvs mvs is offline
 

X-Cart team
  
Join Date: Nov 2018
Posts: 118
 

Default X-Cart 5.4.0 Public Beta is out

Hey everyone!

Please welcome X-Cart 5.4.0 Public Beta: x-cart.com/x-cart-5-4-0-public-beta-release.html

You’ll love the revised email notifications builder, brand-new upgrade system with one-click rollbacks, the updated webmaster mode and template editor, and many more improvements. Download the fresh v5.4.0 and tell us how much you like it.
__________________
Max Slepuhov
X-Cart
Reply With Quote
  #2  
Old 04-16-2019, 10:40 AM
 
tparmar tparmar is offline
 

Member
  
Join Date: Jun 2018
Posts: 10
 

Default Re: X-Cart 5.4.0 Public Beta is out

Quote:
Originally Posted by mvs
Hey everyone!

Please welcome X-Cart 5.4.0 Public Beta: x-cart.com/x-cart-5-4-0-public-beta-release.html

You’ll love the revised email notifications builder, brand-new upgrade system with one-click rollbacks, the updated webmaster mode and template editor, and many more improvements. Download the fresh v5.4.0 and tell us how much you like it.

Not able to install or test beta version. It is saying service.php not found. Even though it is there.
__________________
Xcart 5.3
Reply With Quote
  #3  
Old 04-17-2019, 01:04 AM
 
Triple A Racing Triple A Racing is offline
 

X-Wizard
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 1,028
 

Default Re: X-Cart 5.4.0 Public Beta is out

Quote:
Originally Posted by mvs
....You’ll love the revised email notifications builder, brand-new upgrade system with one-click rollbacks, the updated webmaster mode and template editor, and many more improvements. Download the fresh v5.4.0 and tell us how much you like it.
Great that this has been released as an advance pubic beta. Thanks for that.
We've downloaded it and will be taking a long good look at it over this coming weekend.

Meanwhile, one very important question? This is the default Content Security Policy that's applied (via ~/etc/config.php) in XC 5.3.*.* and which remains like this, unless edited / replaced by the XC store owner:

Code:
; Content-Security-Policy value ; For possible values see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ; Examples: ; content_security_policy = 'disabled' # prevent Content-Security-Policy header sending ; content_security_policy = "default-src 'self'" ; content_security_policy = "default-src 'self'; img-src *;" content_security_policy = 'disabled'
Disappointingly, the exact same content is also provided in the XC 5.4.*.* public beta ~/etc/config.php

Code:
; Content-Security-Policy value ; For possible values see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ; Examples: ; content_security_policy = 'disabled' # prevent Content-Security-Policy header sending ; content_security_policy = "default-src 'self'" ; content_security_policy = "default-src 'self'; img-src *;" content_security_policy = 'disabled'

"Disabled" is far short of aiding 100% site security and it does appear to have now possibly become an oversight, as this very item was raised some time ago, with the XC answer being... a forward reference to XC 5.4.*.* providing the necessary solution.

Could XC please post a tested, fully functional Content Security Policy on here (a CSP which can be used either within the site's http header or, in the ~/etc/config.php and/or the ~/etc/default.config.php - this location choice being the store owners' - as it is now) The CSP really should NOT include:

Code:
data: 'unsafe-inline' 'unsafe-eval';
but most importantly, the CSP must still allow XC5.4.*.* and/or any XC Modules, to continue to function 100% perfectly
__________________
Dev Store & Live Store XC Business 5.4.1.35
Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian
Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33
Reply With Quote
  #4  
Old 04-17-2019, 04:08 AM
 
Triple A Racing Triple A Racing is offline
 

X-Wizard
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 1,028
 

Default Re: X-Cart 5.4.0 Public Beta is out

A second related question... What was the thought process behind XC 5.4.*.* only appearing to want to run on MySQL and not MariaDB?

We can use MariaDB or MySQL, but our satisfaction level with MariaDB is way ahead of that with MySQL and we'd prefer to stay with it, which has never been an issue previously with XC 5.*.*.* prior to the current XC 5.4.*.* beta release.

It's made very clear at the download stage that XC5.4.*.* requires MySQL 5.7.7 or higher. That would usually be fine, as we're currently using MariaDB 10.2.* which is compatible with MySQL 5.7.* (see HERE for reference or in short: "...MySQL 5.7 is compatible with MariaDB 10.2...)

Whilst everybody knows that "compatible with" is NOT the same as "identical to" we still assumed that the XC 5.4.*.* beta release would install without any issues in our case, as a result of the XC5 historic suitability to both databases.

Unfortunately for us, it doesn't appear that's the case. The XC5 install process identifies the error as follows: "...MySQL version must be at least 5.7.7 (current version is 5.5.5-10.2.23 MariaDB...) This is an incorrect explanation (see the linked page above again for reference) as MySQL 5.5 was compatible with the much earlier Maria DB 10.0 release.... Hmmmmm

We could use MariaDB 10.3.* if we wanted*** but there's no point in changing anything at all, until XC provide an answer to the question... i.e. will XC 5.4.*.* only run on MySQL? If not, which release of MariaDB has it been tested on and will it run on?

We can alter PHP versions very easily by domain and we're very keen to use PHP7.3 with XC5.4.*.* but it's far, far, more difficult to run MariaDB on one domain and then MySQL on another domain, when both domains are hosted on the same server. Hence the questions in advance! Thanks

Edit *** We now do use MariaDB 10.3.*
__________________
Dev Store & Live Store XC Business 5.4.1.35
Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian
Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33
Reply With Quote
  #5  
Old 04-17-2019, 06:27 PM
 
Triple A Racing Triple A Racing is offline
 

X-Wizard
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 1,028
 

Default Re: X-Cart 5.4.0 Public Beta is out

Indeed, there's a third question too, which relates to Nginx.

THIS THREAD is connected, but specifically on this linked page; posts #21 #22 #23 and very clearly, the great post #24 made by @qualiteam which relates Nginx to future issues of XC5, hopefully starting with XC 5.4.*.*. If that's the case, surely there's an Nginx only version of the public beta too?
__________________
Dev Store & Live Store XC Business 5.4.1.35
Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian
Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33
Reply With Quote
  #6  
Old 04-19-2019, 02:20 AM
 
Ruslan Ruslan is offline
 

X-Cart team
  
Join Date: Jul 2013
Posts: 30
 

Default Re: X-Cart 5.4.0 Public Beta is out

Hi Tony,

Thanks for your input, it's much appreciated.

About your question on MariaDB: X-Cart 5.4 is fully compatible with MariaDB 10.2.* and higher. It is just an issue with the requirements checker. We will fix it.

As to Nginx, you can find the "nginx.conf.sample" config in the root of your X-Cart store. It is an example of Nginx config for X-Cart 5.4. (It contains two versions of the config: with and without a web dir).
We are unable to remove the .htaccess files from the X-Cart distribution package, but those files are blocked by Nginx config rule
-----
location ~* (\.php$|\.htaccess$|\.git) {
deny all;
}
-----

As to CSP header, it is disabled by default because we cannot add rules for 3-d party modules. But we will prepare a tutorial with the proper directives for CSP in X-Cart 5.4.

Thanks again and sorry for the inconvenience this delay may be causing you.
__________________
X-Cart 5
Reply With Quote

The following user thanks Ruslan for this useful post:
Triple A Racing (04-19-2019)
  #7  
Old 04-19-2019, 07:24 AM
 
Triple A Racing Triple A Racing is offline
 

X-Wizard
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 1,028
 

Default Re: X-Cart 5.4.0 Public Beta is out

Quote:
Originally Posted by Ruslan
....About your question on MariaDB: X-Cart 5.4 is fully compatible with MariaDB 10.2.* and higher. It is just an issue with the requirements checker. We will fix it
That's great. Thank you. We're assuming that a slightly revised public beta will be available soon
Quote:
Originally Posted by Ruslan
As to Nginx, you can find the "nginx.conf.sample" config in the root of your X-Cart store. It is an example of Nginx config for X-Cart 5.4. (It contains two versions of the config: with and without a web dir).
We are unable to remove the .htaccess files from the X-Cart distribution package, but those files are blocked by Nginx config rule
-----
location ~* (\.php$|\.htaccess$|\.git) {
deny all;
}
-----
We did see that file, but to be fair and rightly or wrongly we'd earmarked it as an configurable option, as opposed to a pure Nginx version of XC 5.4.*.* being made available for download (as per the previous forum link we'd posted). Not sure why there's any restriction in simply removing ALL the Apache .htaccess files and making a separate, pure Nginx only version available? As you know, all the .htaccess files won't work anyway, if the server setup is Nginx only, but they can still work perfectly well, with a couple of the available Nginx proxy / Apache setups, which is why we're assuming that XC have included the config rule.

The conventional approach to making different OS options being made available, is to provide separate, 'clean' downloads, which makes life easier for everybody (in our humble opinion anyway). As we're currently only at Public Beta stage, nobody would / could unintentionally, cause any XC 5 live store issues at this point in time, if the two different 'clean' downloads were made available could they? It is what it is currently however, so once the slightly revised public beta is made available, we'll run our own script to remove all the .htaccess files and create two clean versions. Meanwhile, thanks for clarifying the current Nginx position. Much appreciated.
Quote:
Originally Posted by Ruslan
As to CSP header, it is disabled by default because we cannot add rules for 3-d party modules. But we will prepare a tutorial with the proper directives for CSP in X-Cart 5.4
That's good news too, as this will slowly become a more important factor albeit people may still be unaware of that. A more encompassing option, might be... to include all the CSP data, as commented out text within the ~/etc/config.php file and/or the ~/etc/default.config.php file (as is the case with other items) But, with a link to the tutorial itself plus, a note advising users not to uncomment this data or, apply it via their own http header until a) they have read said tutorial and b) they have themselves verified, that any / all Non-XC provided XC5 modules will function as intended, when using this specific setup for CSP. Just a suggestion
__________________
Dev Store & Live Store XC Business 5.4.1.35
Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian
Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33
Reply With Quote
  #8  
Old 04-19-2019, 04:45 PM
  designtheweb's Avatar 
designtheweb designtheweb is offline
 

Senior Member
  
Join Date: Mar 2005
Location: Sydney Australia
Posts: 132
 

Default Re: X-Cart 5.4.0 Public Beta is out

It would be very helpful to include a link on how to actually upgrade to 5.4 and/or include an upgrade script on 5.3. I have to dig around now and work out how to do it.
__________________
"The more you know - the less you pay"

Various websites using

4.66 Pro & 5
Reply With Quote
  #9  
Old 04-19-2019, 10:31 PM
 
Triple A Racing Triple A Racing is offline
 

X-Wizard
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 1,028
 

Default Re: X-Cart 5.4.0 Public Beta is out

Quote:
Originally Posted by designtheweb
It would be very helpful to include a link on how to actually upgrade to 5.4 and/or include an upgrade script on 5.3. I have to dig around now and work out how to do it.
As the thread header says... It's a Public Beta Release of XC 5.4.*.* so nobody will be 'upgrading' hence there won't be any links etc When it's finally approved and officially released by XC, then, subject to whatever licence you have / where you've paid up to etc it would appear as an optional upgrade within your existing store's admin area.

This Public Beta Release of XC 5.4..*.* is suitable for any end-user (that wants too) to make a fresh, separate installation & carry out their own advance assessment / provide any feedback to XC etc which is what we (and probably quite a few others) intended to do
__________________
Dev Store & Live Store XC Business 5.4.1.35
Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian
Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33
Reply With Quote
  #10  
Old 05-02-2019, 04:55 PM
 
Triple A Racing Triple A Racing is offline
 

X-Wizard
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 1,028
 

Default Re: X-Cart 5.4.0 Public Beta is out

Still..... no news yet from XC about the availability of the revised Public Beta Release of XC5.4.*.* As well as the questions / answers posted previously in this thread on the initial release, others have posted issues in here: https://forum.x-cart.com/forumdisplay.php?f=59
__________________
Dev Store & Live Store XC Business 5.4.1.35
Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian
Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33
Reply With Quote
Reply
   X-Cart forums > News and Announcements



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 07:29 PM.

   

 
X-Cart forums © 2001-2020