VirtueMart 1.0.13 (Security Release) available!

Written by Soeren Eberhardt-Biermann

Tuesday, 09 October 2007 23:32

Shortly after the VirtueMart Project Team has been notified of a critical security issue in all current VirtueMart Versions, we have released a new version: VirtueMart 1.0.13, which fixes this and other uncritical bugs.

All users of VirtueMart are urged to update their installations of VirtueMart to this version. Failure to do this can seriously compromise your server's security.

You can download Patch Packages for each previous version of VirtueMart that allows you to quickly upload and overwrite just those files, which have changed.

Other changes have been introduced to achieve higher compatibility to Joomla! 1.5 and Mambo 4.6.x. VirtueMart 1.0.13 can be installed on Joomla! 1.5 in Legacy Mode. To enable the Legacy Mode in Joomla! 1.5 you need to publish the "System - Legacy" Plugin in the Plugin Manager.

You can use this version of VirtueMart without problems on all Joomla! 1.0 versions, including the latest version 1.0.13. Please note that you will still need to fix your installation of Joomla! 1.0.13 with this patch (just overwrite existing files via FTP).

Downloads

Changelog

Set as favorite

Bookmark

Email this

Comments (12) add comment

Subscribe to this comment's feed

Fresh Aspect: Specify security changes http://www.freshaspect.com

It's good to see security issues being rapidly fixed but it would be much more helpful if the changelog specified which files have been updated as part of a security fix. When running a heavily modified Virtuemart installation it's a non-trivial exercise to apply a patch and it would enable the critical security stuff to be applied quickly.

October 10, 2007
Votes: +1

FW_borderless: whats with the languages= http://border-less.eu

hi there, hows the language thing working? i would need the german file in the backend. i installed it - but it is not working. do i have to delete the english version anyway?

October 10, 2007
Votes: +0

tgrk: More details on security fixes http://www.wiso.cz

I have to agree with Fresh Aspect. While I am looking into ChangeLog I can see only very basic description of issue eg.
05.10.2007 gregdev
# Fixed security problem

It will be much more helpfull to add more details. I have to spend a lot of time with diff to detect changes smilies/sad.gif

October 10, 2007
Votes: -1

Soeren Eberhardt-Biermann: Don't give too much details

We don't publish details to keep your shops safe. The more detail we give, the quicker VirtueMart users would have a problem. Just use a Diff-Tool like WinMerge and you will easily see what has been changed.

October 10, 2007
Votes: +0

RospeNET: Good job http://www.rospenet.com

Thanks to all of you for your hard work!

October 10, 2007
Votes: +0

danny: ... http://onetomany

does this version fix the problems with using virtuemart with joomla verson 1.0.13 ?? and community builder 1.1 ??

October 11, 2007
Votes: +0

Patrice Plet: Were to copy these files http://www.pletform.eu

I am running Joomla 1.013.
There is no readme file in this patch.
Do I copy the index.php into the root, or in de administrator directory? Or both?
There are 2 joomla.php in my Joomla 1.013 installation. Do I replace both?

I performed the other patches (hotfix and admin session fix as well) But when I place an order in my VM and click "send registration" I get a message "you are not authorized to view...." and I can't get to the "complete order" section.

What do I do wrong?

October 12, 2007
Votes: +0

Henrik Gregersen: Glad to see more support for Mambo

I am happy to see that you have not abandoned support for Mambo. With all the troubles going on in the Joomla world, it is really nice to see that there could be other options for running Virtuemart, than to be stuck with Joomla.

Hope you will support the most promising version 4.7 of Mambo too