Latest News

...browse the latest news from the VirtueMart Project...
Print

Critical Security Leak in all Joomla Versions, please update immediatly

Written by Max Milbers on .

The Joomla! team released today a new version with some security hardenings and fixing a critical security leak in all joomla versions.

The critical security leak was already used in the wild. This means it is not a leak, which was disovered by an audit, it is security issue which is already exploited. Sucuri.net blogged about https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html

Protect Your Site Now

If you are a Joomla user, check your logs right away. Look for requests from 146.0.72.83 or 74.3.170.33or 194.28.174.106 as they were the first IP addresses to start the exploitation. I also recommend searching your logs for “JDatabaseDriverMysqli” or “O:” in the User Agent as it has been used in the exploits. If you find them, consider your Joomla site compromised and move to the remediation / incident response phase.

For securing your joomla 1.5/2.5 pages, just follow this link https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions. It is basically replacing one file.

We post this news, because some of our core members discovered this IPs in his logs. Not a VirtueMart page, but as far as we know it wouldnt make a difference.

Print

Point of Sale for VirtueMart

Written by Matej Dubovsky on .

pos for webshops - connect your virtuemart with your brick&mortar store

We are proud to offer the direct link between online and offline sales with VirtueMart & POS for Webshops.

Now there is a complete Point of Sale (POS) available for VirtueMart. When you have a physical store and a VirtueMart webshop you can sell goods with your Point of Sale without giving your sales staff access to the VirtueMart backend. All products / orders / calculation rules / customers will be synchronized into the POS.

The sales staff can check the VirtueMart weborders from the POS and take the goods from the store with the OrderPicker. After an order is picked it will change the order status in Virtuemart automatically into a pre-defined status like “Ready for Shipment”. When new goods arrive from the supplier you can add those to the (VirtueMart) stock just by scanning the product barcode in the Stockmanager.

Some of the Key Features

  • Direct sync with VirtueMart
  • Easy interface
  • Different logins
  • Use VM calculation rules and Shopper Groups
  • Add customer to an order
  • Use barcodes to add products to an order.
  • Customize the sync options with the Payment methods in the POS.
  • You can print receipts as well as invoices.
  • Orderpicker and Stockmanger included.
  • And much more…
Print

Security Release VirtueMart 3.0.12, plus new goal, new docs

Written by Max Milbers on .

More Security

The company Qualys.com found a new issue, a possible XSS. It misuses the array keys in the URL. Most servers prevent such an URL by default, but nevertheless we've added another protection. We also found and fixed some smaller bugs and glitches in advanced functions and last but not least we added missing backward compatibility for some cases. This release follows 3 release candidates with more than 2000 downloads altogether.

New Goal

Sticking to the Joomla API has emerged as an unlucky decision for us. The future plan is to write more for our own framework VMF, which will give us the freedom to also use other systems than Joomla. The idea is to write a small framework, so that extensions written for VirtueMart should also work on different platforms than Joomla. In other words, instead of developing a standalone VirtueMart, we will try to write an easily bridgeable VirtueMart. We already saw a VirtueMart running on Drupal, so it can't be too hard. But first we want to look into Wordpress. Of course we will need test users and suggestions from developers who are familiar with Wordpress and VirtueMart. So please join our forum if you have some experience with these. We also think about using the Joomla platform by the team of Johan Janssens https://github.com/joomlatools/joomla-platform for our next full installer.

New Docs

Due to our membership system http://extensions.virtuemart.net/support/virtuemart-supporter-membership-detail we did find some time to update our manual. We added a lot of pages, which explain general VirtueMart concepts at http://docs.virtuemart.net/manual/general-concepts.html - It's worthwhile to read them. Even VirtueMart veterans already found some new tricks in it!

Some New Features/Fixes:

  • different thumbnail sizes are possible now (actually a fix, but no one knew it anyway, for templates please read here http://forum.virtuemart.net/index.php?topic=132128.msg456671#msg456671)
  • cart should keep address data of the user, if an error happens like "email already taken"
  • use captcha only for guests
  • Added "None" option for some order status lists.
  • media handling per vendor
  • vmUploader checks uploaded files by MIME and may cancell the upload, controlled by ACL
  • vRequest is now also filtering the array keys (recursive)
  • enhanced synchronise Media (no 10k limit anylonger)
  • moved creation of virtuemart_userinfos and virtuemart_order_userinfos to install_essential_data.sql to prevent that changed fields are reverted updating vm
  • added hidden config updEngine to prevent changing of the table engine
  • added main controller missing for joomla3 to the AIO

The full bug fix list is available here this time: http://forum.virtuemart.net/index.php?topic=131898.0

We also updated VirtueMart 2.6. The new version got the security fixes, enhanced payment plugins and uses now mainly the vm3 table layout. It increases noticeable the performance

Templaters:

Please read here http://forum.virtuemart.net/index.php?topic=132128.msg456671#msg456671

Print

Release of 3.0.10

Written by Max Milbers on .

Release of 3.0.10

The last stable version vm3.0.8 was 5 months ago. Development has continued during this time, we just spent additional time testing and checking to deliver a more stable version.

We added the ajax script to the cart, so that the new cart is almost like an OPC, you will still add/edit addresses in a separate page. It is backward compatible as long any 3rd party developer/templater uses our javascript handler http://docs.virtuemart.net/tutorials/development/196-the-vm-javascript-handler.html

The ACL (Access Control List) has been extensively extended and modified. It now supports seperate settings for frontend and backend management.

Print

Summer promotion for Amazon Payments

Written by Valérie Isaksen on .

amazon christmas promotionYou still have until the end of this week to secure your first Christmas present!

Amazon Payments have launched their summer promotion, offering merchants their first Christmas present in August.

Merchants that register an account by 15 August and make the payment solution commercially available on their websites by 30 September do not pay any processing fees during December 2015. More information on the program is available.

Amazon Payments offer payment solutions that enable millions of customers to login to your website and pay with the details stored in their Amazon accounts.

The VirtueMart Pay with Amazon plugin is quick and easy to configure. Widgets ensure that a customer never leaves your site during the checkout process, ensuring a consistent brand experience. A complete tutorial is available to help you to configure the plugin.

If you have questions about the Pay with Amazon payment solution, please do not hesitate to contact Amazon Payments.

The VirtueMart Pay with Amazon plugin is available for VirtueMart Version 2.6.18 compatible with Joomla 2.5 and VirtueMart 3.0.8 compatible with Joomla 2.5 and Joomla 3.