| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
#1
|
|||||||
|
|||||||
security-patch-2013-10-08
Dear X-Cart,
About a month ago, you dropped a security patch... security-patch-2013-10-08 May I ask WHY there were no announcements, no emails, no posts or notices of any kind about this? May I ask how you expected users to learn about this security patch? Quote:
SO -- does this mean that if we do not use these modules, we can skip it? Product_Configurator Feature_Comparison Hidden Categories Quote:
What modules? Under what circumstances? A thorough discussion of this patch would be appreciated.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#2
|
|||||||||
|
|||||||||
Re: security-patch-2013-10-08
Hi Jeremy,
I would like to comment on the announcements part. Actually, there were announcements. In particular, there was a newsletter sent Sent on Oct 08 (to entire list of our users subscribed to security updates and alerts). Some users have even discussed the patch on our forum (http://forum.x-cart.com/showthread.php?t=68019, http://forum.x-cart.com/showthread.php?t=67911). I have checked your HelpDesk profile and noticed that "Security updates and alerts:" checkbox in "Newsletter" section is not selected. As I know, by default the users are subscribed to this newsletter, which makes me think that you have either unchecked it manually or there was a technical problem at some moment. So I have added you to the list of subscribers with both subscription options, 'security updates' and 'company news', if you want to be excluded from the second one, please PM me. Another way I used to inform the customers is a 'news' in HelpDesk. It was shown on October, 8 - October 21st. Probably you haven't visited HelpDesk during that period, or haven't paid attention to the announcement. But I hope next time the news about security patch will not slip out of your attention. The technical part will be addressed separately, I have already shown this message to the engineers, so please expect an update shortly.
__________________
X-Cart team Last edited by Ksenia : 11-15-2013 at 01:00 AM. |
|||||||||
|
#3
|
|||||||
|
|||||||
Re: security-patch-2013-10-08
Quote:
Obviously, not something I would do. And if I were X-Cart, I wouldn't offer unsubscribing from security and alert emails as an option. Security alerts must be sent, even if the user doesn't want to receive them. PS -- I never unsubscribed from any xcart emails. If you are an x-cart cusotmer and reading this, I suggest you check your communications prefs in your account profile in case you were switched off too. Quote:
Quote:
I only visit the helpdesk home page, well, never -- I have deep links to the file area and communications center. THE ONLY WAY to reach everyone is mandatory email for these types of alerts (and a post in the news section of the forum here). I appreciate your response here -- and I look forward to discussing the technical aspects of this patch with engineering. Thanks! Jeremy
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#4
|
|||||||
|
|||||||
Re: security-patch-2013-10-08
I received a PM from engineering -- and in case anyone is reading this, the answer is, "do the patch" since there are many files that are involved. The engineer was very specific and asked me not to share every detail in public forum for security purposes. But after reviewing the files, we should all do this patch.
Thanks to X-Cart for fast answers.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
|
|||
X-Cart forums © 2001-2020
|