Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

X-Cart 5.4.0 Public Beta is out
 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #1  
Old 04-11-2019, 09:39 AM
 
mvs mvs is offline
 

X-Cart team
  
Join Date: Nov 2018
Posts: 5
 

Default X-Cart 5.4.0 Public Beta is out

Hey everyone!

Please welcome X-Cart 5.4.0 Public Beta: x-cart.com/x-cart-5-4-0-public-beta-release.html

You’ll love the revised email notifications builder, brand-new upgrade system with one-click rollbacks, the updated webmaster mode and template editor, and many more improvements. Download the fresh v5.4.0 and tell us how much you like it.
__________________
Max Slepukhov
X-Cart
Reply With Quote
  #2  
Old 04-16-2019, 10:40 AM
 
tparmar tparmar is offline
 

Newbie
  
Join Date: Jun 2018
Posts: 9
 

Default Re: X-Cart 5.4.0 Public Beta is out

Quote:
Originally Posted by mvs
Hey everyone!

Please welcome X-Cart 5.4.0 Public Beta: x-cart.com/x-cart-5-4-0-public-beta-release.html

You’ll love the revised email notifications builder, brand-new upgrade system with one-click rollbacks, the updated webmaster mode and template editor, and many more improvements. Download the fresh v5.4.0 and tell us how much you like it.

Not able to install or test beta version. It is saying service.php not found. Even though it is there.
__________________
Xcart 5.3
Reply With Quote
  #3  
Old 04-17-2019, 01:04 AM
 
Triple A Racing Triple A Racing is offline
 

X-Adept
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 687
 

Default Re: X-Cart 5.4.0 Public Beta is out

Quote:
Originally Posted by mvs
....You’ll love the revised email notifications builder, brand-new upgrade system with one-click rollbacks, the updated webmaster mode and template editor, and many more improvements. Download the fresh v5.4.0 and tell us how much you like it.
Great that this has been released as an advance pubic beta. Thanks for that.
We've downloaded it and will be taking a long good look at it over this coming weekend.

Meanwhile, one very important question? This is the default Content Security Policy that's applied (via ~/etc/config.php) in XC 5.3.*.* and which remains like this, unless edited / replaced by the XC store owner:

Code:
; Content-Security-Policy value ; For possible values see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ; Examples: ; content_security_policy = 'disabled' # prevent Content-Security-Policy header sending ; content_security_policy = "default-src 'self'" ; content_security_policy = "default-src 'self'; img-src *;" content_security_policy = 'disabled'
Disappointingly, the exact same content is also provided in the XC 5.4.*.* public beta ~/etc/config.php

Code:
; Content-Security-Policy value ; For possible values see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ; Examples: ; content_security_policy = 'disabled' # prevent Content-Security-Policy header sending ; content_security_policy = "default-src 'self'" ; content_security_policy = "default-src 'self'; img-src *;" content_security_policy = 'disabled'

"Disabled" is far short of aiding 100% site security and it does appear to have now possibly become an oversight, as this very item was raised some time ago, with the XC answer being... a forward reference to XC 5.4.*.* providing the necessary solution.

Could XC please post a tested, fully functional Content Security Policy on here (a CSP which can be used either within the site's http header or, in the ~/etc/config.php and/or the ~/etc/default.config.php - this location choice being the store owners' - as it is now) The CSP really should NOT include:

Code:
data: 'unsafe-inline' 'unsafe-eval';
but most importantly, the CSP must still allow XC5.4.*.* and/or any XC Modules, to continue to function 100% perfectly
__________________
Business XC 5.3.6.0 Live & Dev Store For Testing
Ubuntu 18.04.2 (HWE) / Plesk 17.8.11 / Nginx 1.14.2 /
Apache 2.4.29 (Backported) / MariaDB 10.2.23 / PHP 7.2.17
Reply With Quote
  #4  
Old 04-17-2019, 04:08 AM
 
Triple A Racing Triple A Racing is offline
 

X-Adept
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 687
 

Default Re: X-Cart 5.4.0 Public Beta is out

A second related question... What was the thought process behind XC 5.4.*.* only appearing to want to run on MySQL and not MariaDB?

We can use MariaDB or MySQL, but our satisfaction level with MariaDB is way ahead of that with MySQL and we'd prefer to stay with it, which has never been an issue previously with XC 5.*.*.* prior to the current XC 5.4.*.* beta release.

It's made very clear at the download stage that XC5.4.*.* requires MySQL 5.7.7 or higher. That would usually be fine, as we're currently using MariaDB 10.2.* which is compatible with MySQL 5.7.* (see HERE for reference or in short: "...MySQL 5.7 is compatible with MariaDB 10.2...)

Whilst everybody knows that "compatible with" is NOT the same as "identical to" we still assumed that the XC 5.4.*.* beta release would install without any issues in our case, as a result of the XC5 historic suitability to both databases.

Unfortunately for us, it doesn't appear that's the case. The XC5 install process identifies the error as follows: "...MySQL version must be at least 5.7.7 (current version is 5.5.5-10.2.23 MariaDB...) This is an incorrect explanation (see the linked page above again for reference) as MySQL 5.5 was compatible with the much earlier Maria DB 10.0 release.... Hmmmmm

We could use MariaDB 10.3.* if we wanted, as that's even compatible with MySQL 8.* but there's no point in changing anything at all, until XC provide an answer to the question... i.e. will XC 5.4.*.* only run on MySQL? If not, which release of MariaDB has it been tested on and will it run on?

We can alter PHP versions very easily by domain and we're very keen to use PHP7.3 with XC5.4.*.* but it's far, far, more difficult to run MariaDB on one domain and then MySQL on another domain, when both domains are hosted on the same server. Hence the questions in advance! Thanks
__________________
Business XC 5.3.6.0 Live & Dev Store For Testing
Ubuntu 18.04.2 (HWE) / Plesk 17.8.11 / Nginx 1.14.2 /
Apache 2.4.29 (Backported) / MariaDB 10.2.23 / PHP 7.2.17
Reply With Quote
  #5  
Old 04-17-2019, 06:27 PM
 
Triple A Racing Triple A Racing is offline
 

X-Adept
  
Join Date: Jul 2008
Location: Manchester UK
Posts: 687
 

Default Re: X-Cart 5.4.0 Public Beta is out

Indeed, there's a third question too, which relates to Nginx.

THIS THREAD is connected, but specifically on this linked page; posts #21 #22 #23 and very clearly, the great post #24 made by @qualiteam which relates Nginx to future issues of XC5, hopefully starting with XC 5.4.*.*. If that's the case, surely there's an Nginx only version of the public beta too?
__________________
Business XC 5.3.6.0 Live & Dev Store For Testing
Ubuntu 18.04.2 (HWE) / Plesk 17.8.11 / Nginx 1.14.2 /
Apache 2.4.29 (Backported) / MariaDB 10.2.23 / PHP 7.2.17
Reply With Quote
  #6  
Old Today, 02:20 AM
 
Ruslan Ruslan is online now
 

X-Cart team
  
Join Date: Jul 2013
Posts: 28
 

Default Re: X-Cart 5.4.0 Public Beta is out

Hi Tony,

Thanks for your input, it's much appreciated.

About your question on MariaDB: X-Cart 5.4 is fully compatible with MariaDB 10.2.* and higher. It is just an issue with the requirements checker. We will fix it.

As to Nginx, you can find the "nginx.conf.sample" config in the root of your X-Cart store. It is an example of Nginx config for X-Cart 5.4. (It contains two versions of the config: with and without a web dir).
We are unable to remove the .htaccess files from the X-Cart distribution package, but those files are blocked by Nginx config rule
-----
location ~* (\.php$|\.htaccess$|\.git) {
deny all;
}
-----

As to CSP header, it is disabled by default because we cannot add rules for 3-d party modules. But we will prepare a tutorial with the proper directives for CSP in X-Cart 5.4.

Thanks again and sorry for the inconvenience this delay may be causing you.
__________________
X-Cart 5
Reply With Quote
Reply
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 06:18 AM.

   

 
X-Cart forums © 2001-2018