VirtueMart 3.2.6 Release with Security Fixing and Overhauled Infrastructure

Tuesday, 28 November 2017 09:08

VirtueMart 3.2.6 has been released to address a minor XSS vulnerability present in previous versions as well as improve the infrastructure. It occurred when the features feeds and search were used together. It happened only for feed enabled, so administrators can close the leak by disabling the feed functions.

VirtueMart 3.2.6 Release with Security Fixing and Overhauled Infrastructure

The vulnerability has been addressed by using getCurrentUrlBy function, which works with a whitelist for variable names and it urlencodes any value.

 

VirtueMart 3.2.6 Improvements

  • Important patch to prevent memory leak when switching languages.
  • usermodel, extra check if the already loaded user has the right id.
  • Renamed order_done layout to orderdone to be able to create a menu item.
  • New feature customfield of type S and M have now a new parameter, which enables the added price as percentage.
  • Added redirect per system plugin "vmLoaderPluginUpdate" for register and login.
  • Shipment plugin shows now also multiple countries.
  • vmJsApi, fix for correct language of the datepicker.
  • mediahandler has now a deleteAllThumbs of a certain image function (works with regex, may delete accidently too much thumbs which is quite likely unimportant.
  • Vendor model getVendorAddressFields does not work with internal id anylonger.
  • BE category list keeps selected category.
  • Very important fix for multivariants, which lost in some conditions the parent option, when changing to a child.
  • Language dependent caching.
  • ins
 

cmsgadget Stats

We're serving 1074 free
and 3942 premium themes

Providers

All 3.0 Joomla wordpress Wordpress prestashop PrestaShop magento Magento oscommerce osCommerce drupal Drupal