Al Brookbanks Posted May 20, 2021 Share Posted May 20, 2021 CubeCart 6.4.3 is now available which contains two important security updates. We strongly recommend upgrading to this version. Security Issue 1: PHPMailer (Object injection vulnerability). GitHub issue #2866 Security Issue 2: CubeCart Session Fixation. GitHub issue #2870. Many thanks to Piyush Patil for responsible disclosure. What else is new? 87 other issues have been resolved including: What3Words one click setup - Our new partner API integration takes away the need to register for an API key. To enable What3words just check the box in features tab of your stores settings. Language phrases can now be searched. Thanks to @bsmither Products can now have a maximum quantity as well as minimum on add to basket. Thanks to @bsmither Email log search filter. Thanks to @bsmither Release Notes If you are uncomfortable or not confident upgrading a customised store we can do this for you under our technical support & management service whilst retaining all customisations. If you really can't upgrade please; Delete the classes/PHPMailer folder and replace with the files and folders from 6.4.3 Patch the following code changes from GitHub issue #2870. Download: CubeCart-6.4.3.zip Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.