Shortly after the VirtueMart Project Team has been notified of a critical security issue in all current VirtueMart Versions, we have released a new version: VirtueMart 1.0.13, which fixes this and other uncritical bugs.

All users of VirtueMart are urged to update their installations of VirtueMart to this version. Failure to do this can seriously compromise your server's security.

You can download Patch Packages for each previous version of VirtueMart that allows you to quickly upload and overwrite just those files, which have changed.

Other changes have been introduced to achieve higher compatibility to Joomla! 1.5 and Mambo 4.6.x. VirtueMart 1.0.13 can be installed on Joomla! 1.5 in Legacy Mode. To enable the Legacy Mode in Joomla! 1.5 you need to publish the "System - Legacy" Plugin in the Plugin Manager.

You can use this version of VirtueMart without problems on all Joomla! 1.0 versions, including the latest version 1.0.13. Please note that you will still need to fix your installation of Joomla! 1.0.13 with this patch (just overwrite existing files via FTP).




#12 Griff 2008-01-22 08:22
I would love to upgrade from VirtueMart 1.0.12 to 1.0.13a, but the link to the patch from the downloads page brings up a blank page.
Report to administrator
#11 Paul Mark 2007-12-11 19:40
Would be nice to have upgrade instructions somewhere on site.
Report to administrator
#10 Bjorn Solstad 2007-11-08 20:27
I will notify our community members right away about the update. Thanks for getting the patch out so quickly.
Report to administrator
#9 Sergey Gorbachevsky 2007-10-22 14:39
need instruction step by step
joomla 12
Report to administrator
#8 Henrik Gregersen 2007-10-15 23:14
I am happy to see that you have not abandoned support for Mambo. With all the troubles going on in the Joomla world, it is really nice to see that there could be other options for running Virtuemart, than to be stuck with Joomla.

Hope you will support the most promising version 4.7 of Mambo too :-)
Report to administrator
#7 Patrice Plet 2007-10-12 10:59
I am running Joomla 1.013.
There is no readme file in this patch.
Do I copy the index.php into the root, or in de administrator directory? Or both?
There are 2 joomla.php in my Joomla 1.013 installation. Do I replace both?

I performed the other patches (hotfix and admin session fix as well) But when I place an order in my VM and click "send registration" I get a message "you are not authorized to view...." and I can't get to the "complete order" section.

What do I do wrong?
Report to administrator
#6 danny 2007-10-11 23:59
does this version fix the problems with using virtuemart with joomla verson 1.0.13 ?? and community builder 1.1 ??
Report to administrator
#5 RospeNET 2007-10-10 20:26
Thanks to all of you for your hard work!
Report to administrator
#4 Soeren Eberhardt-Biermann 2007-10-10 18:22
We don't publish details to keep your shops safe. The more detail we give, the quicker VirtueMart users would have a problem. Just use a Diff-Tool like WinMerge ( and you will easily see what has been changed.
Report to administrator
#3 tgrk 2007-10-10 17:21
I have to agree with Fresh Aspect. While I am looking into ChangeLog I can see only very basic description of issue eg.
05.10.2007 gregdev
# Fixed security problem

It will be much more helpfull to add more details. I have to spend a lot of time with diff to detect changes :sad:.
Report to administrator

Add comment

Security code