Clarification On Versions...

General Installation & Upgrade
1

...hi all,

We are currently on version 4.10.4.SP2 with PHP 5.6.40 and our simple site runs fine, no bugs, no issues, and overall happy with CSCart.

Instead of paging through all of the changelogs, could someone comment on :

- with the recent release of 4.12.2 and prior releases, are there significant vulnerabilities or PHP compatibility issues we are at risk of, and should we upgrade? (realizing I would wait a few weeks for 4.12.2)

- I am not sure which exact version caused the stir with simple checkout, but our current version is running step-by-step deprecated...is that same step-by-step deprecated checkout operational by default in 4.12.2?

- does 4.12.2 fix the rumored vulnerabilities reported in the last few days?

Just looking to get the latest stable version and security fixes, but don't necessarily need any more features. Thank you for any thoughts, and thank you for this forum's users!

2

I don't think you will see any functional change going from 4.10.4 to 4.12.1 (can't speak to .2 yet).

However, I'd strongly recommend you upgrade your PHP to 7.3 or so. 5.6 is no longer supported and has known vulnerabilities.

3

Thank you for the reply, tbirn. My mistake...I think...cPanel stats show 5.6.40 which I did find strange when I first posted, but when I go into PHP manager it is showing our domain using 7.3. So, yes, definitely need to be on that. I know there was a URL or command I could use to find what we're actually running, so I'll make sure.

[EDIT : did a check, running 7.3.21, thanks again.]

Thanks again!

4

Go to Administration/Logs, click the gear-icon select PHP Info.

That's the surest way to see what version of PHP you're running and how it's configured (actually configured by the time it gets through the layers to your site). cPanel does some strange things sometimes.

5

We do not recommend to make upgrade up to 4.12.2 now. Wait for some time to make sure that this version is quite stable

6

Just looking to get the latest stable version and security fixes, but don't necessarily need any more features. Thank you for any thoughts, and thank you for this forum's users!


This part caught my attention, so I thought I could chime in.

If we discover a major security vulnerability in CS-Cart code, we usually announce it and provide a way to fix it even in older versions. Here is an example of how we do it.
7

tbirnseth - I checked by calling up the php file through url, but yes, forgot it was also hidden away in Logs. Thank you, running 7.3.21.

ecomlabs - yes, I don't usually go for the most recent version unless there is significant need, thank you for the advice.

ikoshkin - correct and thank you, appreciated that there are patches for older versions provided, have done that a few times.

Thank you again for the feedback, I will incrementally upgrade, but can do so with a bit more confidence now. Have a great rest of your week all!

8

If you're going to incrementally upgrade and you do not utilize a dev server, I suggest this process:

1 - close storefront(s)

2 - backup production site

3 - upgrade to 4.11.5

4 - test, test, test

5 - reopen storefront(s).

6 - let run for a week to verify in production capacity

7- close storefront(s)

8 - backup production site

9 - upgrade to 4.12.1

10 - test, test, test

11 - reopen storefronts

Recommend the pause between 4.11.5 and 4.12.1 because of the forced changes to option combinations and some addon incompatibilities I've discovered at my client sites (other developer's addons).

Best to have a written test plan in hand so you can accurately go through the process with repeatability. Add to the plan if/when you discover issues. Save the test plan for the future. It should become a living document.

9

Thanks again, said doc has been living since 1.3.x days. :grin: