Jump to content

CubeCart 6.4.3 Released - Security Updates


Recommended Posts

CubeCart 6.4.3 is now available which contains two important security updates. We strongly recommend upgrading to this version.

Security Issue 1: PHPMailer (Object injection vulnerability). GitHub issue #2866
Security Issue 2: CubeCart Session Fixation. GitHub issue #2870. Many thanks to Piyush Patil for responsible disclosure.

What else is new?
87 other issues have been resolved including:

  • What3Words one click setup - Our new partner API integration takes away the need to register for an API key. To enable What3words just check the box in features tab of your stores settings. 
  • Language phrases can now be searched. Thanks to @bsmither 
  • Products can now have a maximum quantity as well as minimum on add to basket. Thanks to @bsmither
  • Email log search filter. Thanks to @bsmither

Release Notes
If you are uncomfortable or not confident upgrading a customised store we can do this for you under our technical support & management service whilst retaining all customisations. If you really can't upgrade please;

  1. Delete the classes/PHPMailer folder and replace with the files and folders from 6.4.3
  2. Patch the following code changes from GitHub issue #2870.

Download: CubeCart-6.4.3.zip

  • Like 1
Link to comment
Share on other sites

 Share

×
×
  • Create New...