I had this one email and am surprised it isnt here on the forum,
BUt I get this error when trying to download the fix
any one else have problems
Hi johnbol1
I hope you have had some luck downloading the security fix.
I had to fetch mine from help centre but had no luck
trying to upload it ( cscart_v4.15.1.SP3 ) from my PC.
ErrorUnable to read package schema (schema.json)
So...I followed Step 2.
Find the "Security Fixes for 4.6.1 - 4.15.x" add-on in the "Updates" folder in the File Area in Help Desk. Download it and install the add-on from the archive. This add-on closes multiple security vulnerabilities in CS-Cart and Multi-Vendor 4.x.x.
Installed this add on but not sure if it alone did the trick because I still can't upload the fix
( cscart_v4.15.1.SP3 ) from PC.
Hi.
I can confirm that the email is legit. With security issues, we normally go “emails first, forum second” because of 2 reasons:
- Not everyone who uses CS-Cart uses the forum. This community is a very small part of CS-Cart user base.
- Someone who doesn’t use CS-Cart might still be using the forum to keep track of news, security issues included.
We had to temporarily pause the updates to 4.15.1.SP3, because despite our efforts to make the upgrade as hassle-free as possible, the SP still had compatibility issues with some third-party add-ons and themes. We’ll soon provide a solution that works better with the third-party add-ons and themes you might have.
The “Cannot download the upgrade package” issue may have occurred because the Upgrade Center received information that SP3 was available, whereas the updates were already paused. In such cases. The best way to check is to click the gear button and choose “Refresh available upgrades”. If the upgrade disappears
Do you mean that the following hasn’t offered me any protection ?
Find the “Security Fixes for 4.6.1 - 4.15.x” add-on in the “Updates” folder in the File Area in Help Desk. Download it and install the add-on from the archive. This add-on closes multiple security vulnerabilities in CS-Cart and Multi-Vendor 4.x.x.
Do you mean that the following hasn't offered me any protection ?
I mean exactly the opposite. The fix does offer protection. But currently, that protection comes at the cost of some third-party add-ons and themes not working properly (despite our efforts to the contrary). We seek to make the fix more compatible with third-party solutions, so that as many people as possible could apply it without issue.
Once that is done, we'll release this improvement as 4.15.1.SP4, update the add-on, and send an additional newsletter about it.
From Vasiliy ( from Help Desk )
Yes, that is correct. The security fix is applied after installing the Security Fixes for 4.6.1 - 4.15.x add-on.
Thanks Ivan.
The main thing is that I am ( for now ) protected.
I can't download SP3. See below. What's up?
[attachment=15593:cannot-download.jpg]
We put the SP3 on hold because it caused issues with third-party add-ons and themes (such as the popular UniTheme 2). We've fixed those issues with SP4, and will soon make the official announcement in a separate topic.
P.S. I've also changed the name of this topic, so that it wouldn't compete with the official announcement.
There's now [url=https://forum.cs-cart.com/topic/67769-critical-security-issue-in-cs-cart-and-multi-vendor-461-4151/#entry352903]another topic that has more up-to-date info on this matter[/url].