Advance software forum
May 18, 2012, 08:22:39 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Advance software forum > Advance software Support > osCommerce support > Topic: osCommerce 2.2 Milestone 2 060817 Update Released
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: osCommerce 2.2 Milestone 2 060817 Update Released  (Read 1930 times)
0 Members and 1 Guest are viewing this topic.
Zergus
Administrator
Newbie
*****
Offline Offline

Posts: 11


be advanced!


View Profile WWW
« on: August 21, 2006, 04:52:41 AM »
Following post is from official osCommerce site:
An update to the osCommerce 2.2 Milestone 2 version has been released that addresses security related issues and bug reports that exist in the released version.

It is recommended for osCommerce 2.2 Milestone 2 store owners to apply the changes to their installations due to the security issues and bug reports that have been fixed. The changes involved are minimal, do not break compatibility with contributions, and further strengthens the security of the shop installation.

This update release focuses solely on security related issues and bug reports, and does not introduce any new features that have been made for the next development milestone release.

This release is a full release package containing updated source files (including the updates from the 051113 Update release), documentation, and information on what changes have been made to easily apply to existing installations.

This update release includes the following changes:

* Magic Quotes Compatibility Layer Fix
* Parse GET Variables In Cache Functions
* PHP 3 Session ID XSS Issue
* Product Attributes SQL Injection
* Resize Images To Round Numbers
* Use The Correct Country Name Value When Formatting Addresses
* Prevent The Session ID Being Passed In Tell-A-Friend E-Mails
* Properly Remove Deleted Products That Exist In Shopping Carts

The documented changes found inside the download package can be seen here:

http://www.oscommerce.com/ext/update-20060817.html

The 2.2 Milestone 2 060817 Update release involves the following file changes for the security and bug fixes made:

catalog/admin/includes/functions/compatibility.php (2 diffs)
catalog/admin/includes/functions/general.php (1 diff)

catalog/includes/classes/sessions.php (1 diff)
catalog/includes/classes/shopping_cart.php (2 diffs)
catalog/includes/functions/cache.php (4 diffs)
catalog/includes/functions/compatibility.php (2 diffs)
catalog/includes/functions/general.php (2 diffs)
catalog/includes/functions/html_output.php (1 diff)
catalog/shopping_cart.php (1 diff)
catalog/tell_a_friend.php (2 diffs)

We'd like to thank James Bercegay from GulfTech Security Research (http://www.gulftech.org) for bringing security issues to our attention.

This update release can be downloaded from:

http://www.oscommerce.com/solutions/downloads

This announcement can be discussed on the community support forums at:

http://forums.oscommerce.com/index.php?showtopic=223556
Note:you can also download it from our `Free Scripts` section.

Based on materials from http://www.oscommerce.com/about/news,124
Logged
God, give me the serenity to accept what cannot be changed, give me courage to change what can be changed and give me the wisdom to distinguish one from the other.
Pages: [1]   Go Up
  Print  
Advance software forum > Advance software Support > osCommerce support > Topic: osCommerce 2.2 Milestone 2 060817 Update Released
 « previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 3.1.1 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!