- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 45767
As we mentioned in the last news, VirtueMart is audited by different security companies. We are very happy that they found the persistent XSS attack before we released vm3.0.8, so the version vm3.0.8 already contains the fix.
The vulnerability discovered by Fortinet’sFortiGuard Labs with CVE number “CVE-2015-3619” is a persistent XSS attack.
Read more: Release VM3.0.9, secured by Fortinet’s FortiGuard Labs
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 46702
Security release VM 3.0.8
Finally after some interim versions, here is the release of VirtueMart 3.0.8.
All fixes were already provided with VM 3.0.6. Additionally we released VM 3.0.6.2 to minimize problems due last security problem in PHP itself (https://github.com/80vul/phpcodz/blob/master/research/pch-020.md).
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 84898
In VirtueMart 3.0.6 we fine tuned the completely redesigned Multi Variants which were introduced in our previous release. Let me give you a short introduction.
One of the most advanced feature of an ecommerce store is the possibility to display different variants of one product in a clear structure. The typical example are the T-Shirt product variants. We have created a small example here: http://demo.virtuemart.net/default-products/vm-t-shirt-multi-variant-detail.
Not all colours are available for any size and due to aesthetic reasons the "blue" imprints are not available for the "blue" coloured T-Shirt. Any drop-down combination points to a real product. The handling is easy as most important product attributes are accessible from the parent product (variant attributes, Sku, price). So you can easily configure more than 50 product variants in a single view, with different stock levels, price and images. If you select an already existing attribute like length, weight, etc, then you can change the value directly using the drop-down matrix in the parent product. You can also modify the display (for example rounding).
We added a new configurable automatically selected shipment and payment if more than one is available. Also the long desired feature "register as admin in the frontend" got added. We also cleaned up the Custom Fields tab in the Product Edit view to give more room for Custom Field configurations. VirtueMart 3.0.6 is also a lot faster, due to new mysql keys and more caching. The administration menu is now still usable while being collapsed.
There is a new keepAlive script, which automatically extends the session for your shoppers if there is a product in the cart. It also automatically extends the session lifetime in all backend views. It is checking for input, so it is not running endlessly. As an example, if your session time is set to 30 minutes and your guest is checking out, leaving the computer (with open browser) and returning after 50 minutes, he is still logged in. If the user is now interacting with the screen (clicking, typing), then the keepAlive scripts directly fires a keepAlive and extends the session again. Lets assume the user stores his data after 70 minutes (searching for his/her credit card), the session is still alive.
We strongly recommend anyone using an older version of VM3 to update. The release is heavily tested and some changes and fixes were done especially for 3rd party developers.
There is also a small update for vm2.6 series. There are also new keys for the sql joins to speed up your store. Also the new js handler got added for easier compatibility between vm2.6 andd vm3 extensions.
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 43496
A bit earlier than expected, we have to release vm3.0.4 to close a vulnerability in the core. This is a real vulnerability, no exploit. The problem is a wrong error report setting, which can reveal the used server path for the real attack.
More and more people use php5.4 or php5.5, which has another default error handling and so they sometimes displayed Strict Errors (revealing the path). To prevent this, we added a function to disable the "Strict Standards" reporting for the "default" and "none" setting in Joomla. Unluckily, we left for a special debugging case the setting on enabled. So regardless the used configuration setting, you always got at least the "Simple" setting. Luckily it is not so easy to create warnings and errors in VirtueMart 3.
In case you don't want to update, here is the manual fix:
- open the file config.php at /administrator/components/com_virtuemart/helpers/config.php.
- Go to line 583 and replace
ini_set('display_errors', '1');
with
ini_set('display_errors', '0');
Or just download the new version.
The layout changes of the new version are just one important one for people who override the sublayout prices. The sublayout prices.php had a <div class="clear"></div> at the end, which got removed to increase the flexibility of the sublayout.
The new version contains a new sample product, the "child variant", which allows you to use up to 5 dropdowns to determine the product variant. It is similar to the stockable plugin, but allows also changing the variant data of any child directly from the parent. The handling of the feature is not perfect yet, but a good start. Feel free to share your ideas on our forum.
New features and bug fixes:
- cleaning of the code
- increased robustness
- increased consistency
- more j3 compatibility (minors)
- added js to fire automatically the checkout (without redirect) to show directly confirm
- link to manufacturer on the productdetail page calls the manufacturer, not any longer the product list of the manufacturer
- the rss feed in the controlpanel is now loaded by ajax, to prevent that the controlpanel isn't loaded if rss has problems
- custom media, related products and categories with image size parameter
- added var to vmview "writeJs", for example to prevent writing of js in pdfs
- added hash for categoryListTree
- changed calculator so, that default userfield parameters are better directly set if instantiated. Less problems with tax by country for guests
- fixed in vmplugin.php the function declarePluginParams
- fixed trigger plgVmDeclarePluginParamsUserfieldVM3
and some more.
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 41191
We are pleased to announce the release of VirtueMart 2.6.14 and VirtueMart 3.0.2.
Klik & Pay is a holistic secured payment solution accessible via PC, tablets and/or smartphone. Partners with many Banks and International acquirers, Klik & Pay assists its merchants for 15 years, in France, Europe and all over the World. Klik & Pay is:
- A global solution not requiring a DSA
- A competitive pricing, without monthly fees nor set-up fee
- An anti-fraud scoring linked to an account with or without 3D Secure
- A multi-lingual staff available by telephone and email
- A consulting service to help you to develop your business and assist you at an International level
Optimize your conversion rate:
- Multi currencies cashing
- Multi lingual payment pages
- 3DS and non 3 DS merchant account with trigger point
Increase Sales:
- Virtual Payment Terminal
- Payment by email
- Payment by SMS
Secure your activity:
- Anti-fraud scoring system
- Transaction Management
- Litigation support
Open an account or send us an email to
If you already have a Klik & Pay merchant account, you can directly set it up using our payment plugin Klik & Pay provided in VirtueMart.
We worked a lot on the new Virtuemart 3.0.2 . The update should be easy. There will be a lot database changes, but they are many, but minor. It will increase the speed of your page noticeable. Bugs fixed:
- increased consistency of the install.sql and reduced int size for better performance
- extra attachment should now be sent to the shopper and not vendor as intended
- added itemId to products
- fixed "typo" in calculationh.php
- vmJsApi the function addJScript is not anylonger overwriting the attribute "written" if exists already
- set CacheTime to minutes
- fixed javascript for tinyMce 4, removed the doubled // of the flag link
- fixed typo in plugin.php
- Better use of loading the xml parameter into the JForm (thx Kainhofer)
- enhanced modals (thx Spyros)
- sortSearchListQuery or products model uses getCurrentUser now to ensure that the correct id is set (Thank you Stan Scholtz)
- removed a lot deprecated getSetError(s)
- vmTable is not derived anylonger from JTable, derived functions added
- optimised joomla tables for fullinstaller
- Some more adjustments of VmTable for J3, using dummy interfaces
- fixed spec file font problem, if no spec files there
- users allowed to adminstrate shoppers can now also select shoppers in the cart
- removed old comments, vmdebugs,...
- changed all <span class="product-field-display"> to <div class="product-field-display">
We still support vm2.6 and there is also no EOL set yet. But new features will be found in VM3. The update to vm2.6.14 should be very user friendly. Bugs fixed:
- jQuery fix for automatically redirection to payment providers
- PDF works with diskcache now, less problems with images in invoice
- Authorize.net works now also with extra ST address
- small fixes, enhancements, removed typos for different payments