Hello,
We’ve released a patch—CS-Cart & Multi-Vendor 4.3.9—with security, payment, shipping, and HiDPI fixes.
As a patch, the new version doesn’t have new features for end users. It mostly fixes issues:
- An important security fix. The problem was that hackers could gain access to your administration panel, if they knew your admin URL. Multi-Vendor had a similar issue: a vendor could create an admin account and gain partial access to your admin panel. Both vulnerabilities are present in CS-Cart and Multi-Vendor 4.0.1—4.3.8. We strongly recommend that you upgrade to 4.3.9 ASAP to seal those security flaws. We’ve also sent emails to all CS-Cart and Multi-Vendor license owners. Check your mailboxes now. Those emails contain instructions on how to eliminate the vulnerability.
- PayPal partial refund works fine. Previously, when an admin changed the return request status for orders with multiple products, PayPal partial refund could be performed multiple times. It meant that one of the products in the order could be refunded over and over again. Now, the refund process works correctly.
- The payment processor response for PayPal payments changes properly. A payment processor response notifies you of events related to transactions. You can see the response status on the order details page in the admin panel. Previously, when the payment processor received IPN in PayPal Express Checkout, the processor response wasn’t actualized. An admin had to manually check payment status for every order. Now, this issue is fixed and the response is actualized when IPN is received.
- Taxes based on Unit price are calculated correctly for unauthorized users. Before, when a guest customer placed an order, the product prices at checkout and in the cart could be displayed without taxes. We fixed the calculation process and now taxes are correctly applied to all products for both authorized users and guests.
- Tracking number is always displayed for a customer. Before the fix, a customer couldn’t see the tracking number on the order details page, if you didn’t specified a carrier for that order. Now, tracking number is always displayed for customers whether you specified the carrier in the admin panel or not.
- The HiDPI displays support add-on doesn’t shrink product images, when you clone products. The add-on influenced the cloning process of products: when you cloned a product, the size of its image decreased twice with each new cloning. We’ve fixed the issue and now the size of images of the cloned products stays the same.
See what hooks we’ve added and what else we’ve fixed in the changelog.
How to Upgrade to Version 4.3.9
CS-Cart license owners with active upgrade subscriptions can upgrade as always—in the Administration → Upgrade center page of their admin panels. Since the upgrade fixes a critical security issue, we distribute the upgrade packages all at once. Please check your Upgrade centers now and upgrade ASAP.
Newcomers are welcome to download CS-Cart from our website. You’ll have 30 days to try CS-Cart without restrictions. If you liked CS-Cart, you can continue using it after you buy a license.