We have uploaded a patch for JShop Server to the registered users download area that covers the following:


Provides support for years greater than 2006 in the order search (other areas already have support for future years)
A potential security vulnerability has been found in fieldValidations.php when register_globals and allow_url_fopen are both enabled. This patch resolves this issue.


Please login to the download area to obtain the patch.

Emails are currently going out to remind people that this patch was made available. It appears that over the last 24 hours there has been a concerted effort to exploit the vulnerability and, despite our emails sent out on the 11th December and this notice placed on the forums, many users did not apply the patch.

If you have not already done so, please download the patch and apply it immediately.