IMPORTANT Security Fix for ALL versions of Zen Cart

Article Date(s): 09/30/2010 - 12/31/2035
From the zen cart developers - a new update is out - version 1.3.9g We will be scheduling people as they order this upgrade - 1 to 2 websites a week. For those using 1.3.8a or 1.3.7, the cost of an upgrade is $300 and does NOT include upgrade of any mods that might be installed. If a mod does not overwrite core coding, it will most likely work with version 1.3.9g. For those already on the 1.3.9 series - upgrade to current version is $50 - and again, if a core file that is in the new upgrade has been overwritten by a mod, additional charges will apply to merge coding for the new version. Upgrades are made in a separate directory and the database copied over so testing can be done to make sure everything is working properly prior to updating a live site. IMPORTANT to NOTE:One of the things version 1.3.9 addresses is PCI Compliance. If you accept credit cards on your website, you are strongly encouraged to upgrade! Changes on version 1.3.9g are as follows: What's New In v1.3.9g: Download available here: http://sourceforge.net/projects/zencart/files/ Contains new Security Fixes Updates include: * CHANGE-74 - Security: Fix LFI/FD threat * CHANGE-74 - Security: Fix bSQLi vulnerability * CHANGE-74 - Security: Fix multiple XSS vulnerabilities * BUGSFORUM-1514 - Added admin warning page to prevent admin use if admin folder hasn't been renamed. (For XSS prevention and other security reasons, to deter hackers.) * BUGSFORUM-1514 - Added admin warning page to prevent admin use if zc-install folder hasn't been deleted * BUGSFORUM-531 - Fix to prevent "2006 MySQL server has gone away" messages * BUGSFORUM-1116 - Fix htmlspecialchars problem in ezpages * BUGSFORUM-1422 - Fix intermittent PayPal Express Checkout error 10413 & 10417 with large quantities and items on sale * BUGSFORUM-1438 - Improvements to canonical support to minimize duplicate content reports * BUGSFORUM-1459 - Fix PayPal Express/Pro 10413 problem caused by rounding error with shipping taxes * BUGSFORUM-1472 - Set httpOnly attribute in session cookies, to minimize XSS risks * BUGSFORUM-1473 - Fix debug log problem * BUGSFORUM-1475 - Fix occasional Linkpoint problem when discounts/coupons are used * BUGSFORUM-1481 - Remove layout table in PayPal Pro VBV message * BUGSFORUM-1482 - Checkout Confirmation occassionally takes user back to log in after multiple purchases in one shopping session * BUGSFORUM-1490 - Fix PayPal Express Checkout quirk where customers selecting PP addresses for countries deleted from store would still be allowed to checkout * BUGSFORUM-1498 - Fix small Authorize.net quirk where debug history order numbers might have trailing additional digits in debug data * BUGSFORUM-1499 - Fix PayPal echecks problem where echecks wouldn't activate the order when cleared, due to a problem introduced when fixing a duplicate-orders issue in v1.3.9d * BUGSFORUM-1507 - Security: Fix multiple XSS vulnerabilities * BUGSFORUM-1515 - Security: Fix multiple XSS vulnerabilities * BUGSFORUM-1519 - uninitialized variable causing odd display results if an error condition occurs * BUGSFORUM-1520 - Fix error where deleting an order wasn't removing associated download records. * BUGSFORUM-1522 - Featured, Specials, What's New sidebox div correction * BUGSFORUM-1527 - PayPal display bug in admin when Transaction IDs start with 0 * ADDED: option added to disable PayPal Express Checkout shortcut button for those merchants whose customers are confused by it. However, it's best to leave it on for the added benefit of increased sales and conversions. * MINOR: small fix to Authorize.net modules to prevent a brief delay from occurring when drawing the admin modules->payments screen * MINOR: added .xsl to approved filetypes in /includes/.htaccess * Removed obsolete cache.php language file NOTE: If you're upgrading from v1.3.9a or b or c or d or e or f, you can simply update the files listed in EACH OF the various "Changelog for v1.3.9b" and "c" and "d" and "e" and "f" in the /docs/ folder of the download zip. (There are no database changes between v1.3.9a-b-c-d-e-f-g.) (there's no need to remove/re-install payment modules between "d" and "e" and "f" and "g")
Back

Shopping Cart

Your cart is empty.

Customer Reviews

Worth Every Penny

I took a leap of faith and had my website upgraded to version 1.5.5 as well as a new "Responsive Zen Cart Template". It was worth every penny. My...
Read More ->


Outstanding Knowledge of Zen Cart

Over the past several years, Judy and her team have provided an unparalleled level of technical support for my business. In the years prior to...
Read More ->


Don't hesistate!

I was having the worst problems with my web host, my site was down more then it was up. When it was up and running, it was very slow. I had Judy make...
Read More ->


great job again

Judy, once again you made my website better by adding the twitter and facebook links. thanks again Bill
Read More ->


Judy - Zen Cart Goddess!

If you've got Zen Cart, you GOTTA get Judy! We discovered her a couple of years ago when our former web designer went AWOL. Not only did she upgrade...
Read More ->


Who's Online

There currently are 5 guests online.
Copyright © 2004 - 2022 ZenCart Ecommerce Website Design
Zen Cart Templates Zen Cart Guru
Powered by Zen Cart