Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Cs-Cart And Multi-Vendor 4.3.9 Are Released Rate Topic   - - - - -

 
  • yakulakov
  • CS-Cart
  • CS-Cart Architects
  • Join Date: 26-Jan 15
  • 97 posts

Posted 15 July 2016 - 10:24 AM #1

Hello,

 

We’ve released a patch—CS-Cart & Multi-Vendor 4.3.9—with security, payment, shipping, and HiDPI fixes.

 

8RMc7Uz.png

 

As a patch, the new version doesn’t have new features for end users. It mostly fixes issues:

 

  • An important security fix. The problem was that hackers could gain access to your administration panel, if they knew your admin URL. Multi-Vendor had a similar issue: a vendor could create an admin account and gain partial access to your admin panel. Both vulnerabilities are present in CS-Cart and Multi-Vendor 4.0.1—4.3.8. We strongly recommend that you upgrade to 4.3.9 ASAP to seal those security flaws. We’ve also sent emails to all CS-Cart and Multi-Vendor license owners. Check your mailboxes now. Those emails contain instructions on how to eliminate the vulnerability.

 

  • PayPal partial refund works fine. Previously, when an admin changed the return request status for orders with multiple products, PayPal partial refund could be performed multiple times. It meant that one of the products in the order could be refunded over and over again. Now, the refund process works correctly.

 

  • The payment processor response for PayPal payments changes properly. A payment processor response notifies you of events related to transactions. You can see the response status on the order details page in the admin panel. Previously, when the payment processor received IPN in PayPal Express Checkout, the processor response wasn’t actualized. An admin had to manually check payment status for every order. Now, this issue is fixed and the response is actualized when IPN is received.

 

  • Taxes based on Unit price are calculated correctly for unauthorized users. Before, when a guest customer placed an order, the product prices at checkout and in the cart could be displayed without taxes. We fixed the calculation process and now taxes are correctly applied to all products for both authorized users and guests.

 

  • Tracking number is always displayed for a customer. Before the fix, a customer couldn’t see the tracking number on the order details page, if you didn’t specified a carrier for that order. Now, tracking number is always displayed for customers whether you specified the carrier in the admin panel or not.

 

  • The HiDPI displays support add-on doesn’t shrink product images, when you clone products. The add-on influenced the cloning process of products: when you cloned a product, the size of its image decreased twice with each new cloning. We’ve fixed the issue and now the size of images of the cloned products stays the same.

 

See what hooks we’ve added and what else we’ve fixed in the changelog.

 

 

How to Upgrade to Version 4.3.9

CS-Cart license owners with active upgrade subscriptions can upgrade as always—in the Administration → Upgrade center page of their admin panels. Since the upgrade fixes a critical security issue, we distribute the upgrade packages all at once. Please check your Upgrade centers now and upgrade ASAP.

 

Newcomers are welcome to download CS-Cart from our website. You’ll have 30 days to try CS-Cart without restrictions. If you liked CS-Cart, you can continue using it after you buy a license.



 
  • danieltj
  • Member
  • Trial users
  • Join Date: 24-Nov 15
  • 28 posts

Posted 15 July 2016 - 10:41 AM #2

How do you get the patch for the security flaw if you're on a lower version of CS Cart 4.x.x?

 

For example, those who use the free version (4.3.6 and below) haven't bought a license, it doesn't seem to show a download for the patch int he help desk area of the site.



 
  • yakulakov
  • CS-Cart
  • CS-Cart Architects
  • Join Date: 26-Jan 15
  • 97 posts

Posted 15 July 2016 - 11:23 AM #3

How do you get the patch for the security flaw if you're on a lower version of CS Cart 4.x.x?

 

For example, those who use the free version (4.3.6 and below) haven't bought a license, it doesn't seem to show a download for the patch int he help desk area of the site.

Hello,

 

Thank you for your question.

 

Free version of CS-Cart is no longer supported. Here's the post about it: http://blog.cs-cart....nger-available/



 
  • ThomH
  • Senior Member
  • Members
  • Join Date: 20-Nov 07
  • 1675 posts

Posted 15 July 2016 - 01:27 PM #4

Good news. Looking for the fix for the older paid versions ( 4.0.1-4.3.8 )


WebGraphiq offers a wide range of professionally developed, ready to use CS-Cart add-ons to provide additional functionality and boost your sales. The oldest active CS-Cart add-on development team. -- Since 2006 --


CS-CART ADD-ONS | FREE QUOTE | CS-CART DEVELOPMENT | @webgraphiq


 
  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 22818 posts

Posted 15 July 2016 - 02:02 PM #5

Good news. Looking for the fix for the older paid versions ( 4.0.1-4.3.8 )

 

Fix for old versions can be downloaded from CS-Cart HelpDesk. Check the File area


GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration | UniTheme and YOUPI
CS-Cart                USD 1210     Multi-Vendor              USD 1250    Multi-Vendor PLUS           USD 3100 (2775)
CS-Cart Ultimate  USD 4025     CS-Cart + YOUPI      USD 1459      Multi-Vendor Ultimate       USD 7500 (6000)


 
  • danieltj
  • Member
  • Trial users
  • Join Date: 24-Nov 15
  • 28 posts

Posted 15 July 2016 - 02:31 PM #6

Hello,

 

Thank you for your question.

 

Free version of CS-Cart is no longer supported. Here's the post about it: http://blog.cs-cart....nger-available/

 

So people using the Free Mode can't download the security patch? 



 
  • straygecko
  • Advanced Member
  • Members
  • Join Date: 01-May 13
  • 93 posts

Posted 15 July 2016 - 03:20 PM #7

Hello,

 

Thank you for your question.

 

Free version of CS-Cart is no longer supported. Here's the post about it: http://blog.cs-cart....nger-available/

I understand not supporting the free version anymore, but given the short time since the free version was discontinued and the simplicity of exploitng this security problem I think it would be a good idea to provide this fix to all 4.x users free or paid.  Lots of hacked free license cs-cart sites won't be good publicity for your product.  BTW, I have a paid license and don't use the free version.



 
  • yakulakov
  • CS-Cart
  • CS-Cart Architects
  • Join Date: 26-Jan 15
  • 97 posts

Posted 18 July 2016 - 07:34 AM #8

So people using the Free Mode can't download the security patch? 

 

 

I understand not supporting the free version anymore, but given the short time since the free version was discontinued and the simplicity of exploitng this security problem I think it would be a good idea to provide this fix to all 4.x users free or paid.  Lots of hacked free license cs-cart sites won't be good publicity for your product.  BTW, I have a paid license and don't use the free version.

 

Hi,

 

In several hours, all free version users will receive an email containing the direct link to download the fix. Please monitor your mailboxes for the email from Paul T., our CMO.



 
  • termalert
  • Senior Member
  • Members
  • Join Date: 14-Jan 09
  • 1023 posts

Posted 24 July 2016 - 01:04 AM #9

Regarding PayPal refunds.
I have fallen into the trap several times. Performing a partial refund

would cause all items in an order to return to stock.
We only sell single items so it was a mad race to edit all items to return

stock values to zero.

Does 4.3.9 still do this ???