osCommerce Community Support Forums: [NEWS] osCommerce 2.2 Milestone 2 060817 Update Released - osCommerce Community Support Forums

Jump to content

Corporate Sponsor


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

[NEWS] osCommerce 2.2 Milestone 2 060817 Update Released

#1 User is offline   Harald Ponce de Leon Icon

  • Icon
  • Find Posts
  • Group: Manager
  • Posts: 2,095
  • Joined: 31-August 02
  • Real Name:Harald Ponce de Leon
  • Gender:Male
  • Location:Solingen, Germany

Post icon  Posted 17 August 2006 - 11:23 PM

An update to the osCommerce 2.2 Milestone 2 version has been released that addresses security related issues and bug reports that exist in the released version.

It is recommended for osCommerce 2.2 Milestone 2 store owners to apply the changes to their installations due to the security issues and bug reports that have been fixed. The changes involved are minimal, do not break compatibility with contributions, and further strengthens the security of the shop installation.

This update release focuses solely on security related issues and bug reports, and does not introduce any new features that have been made for the next development milestone release.

This release is a full release package containing updated source files (including the updates from the 051113 Update release), documentation, and information on what changes have been made to easily apply to existing installations.

This update release includes the following changes:

Magic Quotes Compatibility Layer Fix
Parse GET Variables In Cache Functions
PHP 3 Session ID XSS Issue
Product Attributes SQL Injection
Resize Images To Round Numbers
Use The Correct Country Name Value When Formatting Addresses
Prevent The Session ID Being Passed In Tell-A-Friend E-Mails
Properly Remove Deleted Products That Exist In Shopping Carts

The documented changes found inside the download package can be seen here:

http://www.oscommerc...e-20060817.html

The 2.2 Milestone 2 060817 Update release involves the following file changes for the security and bug fixes made:

catalog/admin/includes/functions/compatibility.php (2 diffs)
catalog/admin/includes/functions/general.php (1 diff)

catalog/includes/classes/sessions.php (1 diff)
catalog/includes/classes/shopping_cart.php (2 diffs)
catalog/includes/functions/cache.php (4 diffs)
catalog/includes/functions/compatibility.php (2 diffs)
catalog/includes/functions/general.php (2 diffs)
catalog/includes/functions/html_output.php (1 diff)
catalog/shopping_cart.php (1 diff)
catalog/tell_a_friend.php (2 diffs)

We'd like to thank James Bercegay from GulfTech Security Research (http://www.gulftech.org) for bringing security issues to our attention.

This update release can be downloaded from:

http://www.oscommerc...tions/downloads

This post has been edited by Harald Ponce de Leon: 18 May 2007 - 11:37 AM

Harald Ponce de Leon
osCommerce, How's Business?
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic