Jump to content

CubeCart Recommends

Photo

Security Patch 28th August 2006


This topic has been archived. This means that you cannot reply to this topic.
No replies to this topic

#1 Al

Al

    CubeCart Founder

  • Staff
  • 5,067 posts

Posted 28 August 2006 - 12:26 PM

Multiple XSS vulnerabilities, file inclusion and MySQL Injection (on servers with Register Globals On) have been bought to our attention in all versions up to 3.0.12.

Please find the patch attached to this announcement which contains a change log for manual upgrade as well as the patched files.

We take any reported security issues with utmost importance and investigate at the first possible opportunity. This dedication can be seen by the fact our office was officially close today due to the August Bank Holiday. We have released a patch within a few hours of receiving the report.

Many thanks to all those who have been involved. We will release 3.0.13 later which includes this patch along with minor other changes. If you have already patched your store upgrade is not essential.

*3.0.13 will be released tomorrow (Tuesday 28th August) if you currently download and install 3.0.12 or lower you will need to apply this patch*

*3.0.13 will be delayed until we have a full 3rd party professional security audit carried out on CubeCart*

Attached Files


Edited by Al, 29 August 2006 - 11:00 AM.