JShop E-Commerce Forums

JShop E-Commerce Forums (http://forums.jshopecommerce.com/index.php)
-   News And Announcements (http://forums.jshopecommerce.com/forumdisplay.php?f=1)
-   -   Orders Search Year Patch + Security Update Now Available For 1.3.0 (http://forums.jshopecommerce.com/showthread.php?t=3272)

JShopSupport 11-12-2006 09:50 AM
Orders Search Year Patch + Security Update Now Available For 1.3.0
 
We have uploaded a patch for JShop Server to the registered users download area that covers the following:
  • Provides support for years greater than 2006 in the order search (other areas already have support for future years)
  • A potential security vulnerability has been found in fieldValidations.php when register_globals and allow_url_fopen are both enabled. This patch resolves this issue.

Please login to the download area to obtain the patch.

JShopSupport 11-01-2007 03:05 PM
Emails are currently going out to remind people that this patch was made available. It appears that over the last 24 hours there has been a concerted effort to exploit the vulnerability and, despite our emails sent out on the 11th December and this notice placed on the forums, many users did not apply the patch.

If you have not already done so, please download the patch and apply it immediately.


All times are GMT. The time now is 08:10 PM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
JShop, JShop Professional, JShop Server and DoublePadlock are ©1997-2009 Whorl Ltd.