-
Posts
6,672 -
Joined
-
Last visited
-
Days Won
125
Posts posted by Al Brookbanks
-
-
This is quite a good explanation https://www.adobe.com/creativecloud/file-types/image/raster/webp-file.html
-
Webp is the preferred web format now. Why don't you want this?
-
Good find Brian. You just need to upgrade @Gigi71
-
We can look at this but definitely upgrade to the latest version. We can do this whilst respecting any modifications.
If you want me to upgrade your store and fix the digital download links we can do this with technical support. More info here:
https://www.cubecart.com/technical-support
I hope we can work with you.
-
More recent versions of CubeCart will keep the old path with a permanent redirect so in theory editing the existing product should be fine. Your redirects can be managed in the Redirects & 404’s section of your back office.
-
Do you have an ES server?
-
Quote
Does that mean that CubeCart merchants without access to Elasticsearch are stuck at 6.4.10?
Not at all. This of it as just an extra (awesome) feature. Please upgrade to the latest version still there are a bunch of other bug fixes and smaller feature updates.
-
This screen isn't familiar at all? I've never seen this before let alone an order with missing gateway field value.
Is this a custom feature?
-
I've seen this before and I've spent days on end trying to reproduce it to no avail. Keep us posted.
-
Many thanks to Gen Sato from Mitsui Bussan Secure Directions, Inc. for responsibly reporting a number of security issues found in all version of CubeCart up to 6.5.3. Please note that these vulnerabilities are executable if a bad actor has authenticated into the back end of the victims store.
Vulnerabilities
- Directory traversal (any file download) - GitHub Issue #3410
- Directory traversal (deletion of arbitrary files and directories) - GitHub Issue #3409
- CSRF bypassing CSRF token checks - GitHub Issue #3408
-
OS Command Injection - This vulnerability concerns the ability for the Smarty template engine to be able to execute dangerous functions.
e.g.{system('echo ^<?php phpinfo(); > C:/xampp/htdocs/testout.php')}
No patch has been created for this vulnerability but instead we strongly recommend disabling dangerous PHP functions as recommended by our free CubeCart Security Suite. We suggest disabling the following PHP functions with your php.ini file then restarting the web server.
disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec
This release also patches a number of other maintenance updates.
Upgrading to 6.5.3 is highly recommended. If for some reason you are unable to upgrade to this version it is possible to find the code patches for each vulnerability within each GitHub issue above. If you require help, technical support is available.
Download: CubeCart-6.5.3.zip
-
Yes it should be fine with older versions
-
By design as the query could get too heavy and crash MySQL in many cases. It's not something you generally see in ecommerce stores for this exact reason.
-
I don't really want to get involved in that.
-
I've turned it off. Lets see howe we get on..
-
Annoying. Sorry about this.
-
Maybe we should turn it off. This forum software is poor at deterring spam.
-
Hmmm. Ok.
-
Yes it's probably a browser extension like AdBlock.
-
True. I've opened a support request with CloudFlare.
-
Thats exactly what this is.
-
Yes it's a pest. We are getting absolutely hammered with spam making the forums almost unusable if we turn attack mode off.
If anyone has any suggestions please let me know.
- 1
-
Sorry about this. Please see https://github.com/cubecart/v6/issues/3384
-
Hi Russ, I would think that's the "best choice". However I don't know to what extent it could be overkill and if version 5.2.0 requires any more of less resources or if it makes no difference.
I wish I understood a little more. There seems to be a lot of discussion as to utf8mb4_0900_ai_ci being a solid choice.
-
There has been very little resistance in general to upgrading to the new extension with our merchant base but there will always be outliers.
Product options not showing up on Cubecart 6.5.3
in Install & Upgrade Support
Posted
Did you clear the cache? The big orange button in the back end?