VirtueMart - Open Source eCommerce Software

The VirtueMart Developer Team has published VirtueMart 1.1.8 to fix a security issue. All VirtueMart users are urged to upgrade to this new version as soon as possible. 

• Download complete or update package at http://virtuemart.net/downloads
• Check other packages at http://dev.virtuemart.net/redmine/projects/virtuemart/files

Important: please read on before upgrading or installing!

About this release

This release includes three security fixes, one of them was already published with 1.1.7a patch, others were discovered recently. So please upgrade as soon as possible.

[Update]: VirtueMart 1.1.8 is the first VM release which supports MooTools 1.2, compatibility for it has been added.[/Update]

There are also a few more fixes for PayPal API payment method and other minor bugs (see the CHANGELOG.php file for full details).

Comments (7)

Subscribe to this comment's feed

mumba: VM1.1.4

I have in my site VM 1.1.4 with a lot of hacks, I can't apply the standard upgrades. I make ​​manual upgrades in the past, keeping the high level of security up to version 1.1.7a, Is possible to know which files and changes were made to maintain security (only security issues) to version 1.1.8? There is a thread about it? Thanks

1

• report abuse
• vote down
• vote up

March 26, 2011
Votes: +17

parvez: Changlog!

Hi,
Where is the changelog and before upgrade my site i want to check it. I'm running fully customization version of virtuemart.

2

• report abuse
• vote down
• vote up

March 26, 2011
Votes: +2

David-Andrew: Virtuemart PDF Billing and Invoicing http://www.chillcreations.com/joomla-extensions/ccvaom-virtuemart-advanced-order-management-invoice-

I think you guys want to have a look here:
http://dev.virtuemart.net/

3

• report abuse
• vote down
• vote up

March 26, 2011
Votes: +0

Bmusic: 1.1.7a upgrade?

I am looking forward to updating, but the the 1.1.7 patch does not work for 1.1.7a.

Any idea when a working patch will be released.

4

• report abuse
• vote down
• vote up

March 28, 2011
Votes: +2

Drew Patterson: Small 1.1.8 patch?

I have made numerous changes to the virtuemart system and it is a pain to upgrade to recent versions because of this. Are you able to provide small changes for just the security fixes and nothing else? The lesser amount of files touched the better!

Thanks for any help,

Drew

5

• report abuse
• vote down
• vote up

March 30, 2011
Votes: +3

neji: Security?

This is a security fix? If so, like you say that paypal use SQL INJECTION ( The ip paypal secure list is check before invoice use)

6

• report abuse
• vote down
• vote up

March 31, 2011
Votes: +3

kilian73: Still got an injection with Version 1.1.18

Hi Guys

There must still be a hole in fetchscript.
My Website got infected with your Version 1.1.18

7

• report abuse
• vote down
• vote up

April 03, 2011
Votes: +0

Name

Email

Website

Title

Comment

smaller | bigger

Subscribe via email (registered users only)

I have read and agree to the Terms of Usage.

Add Comment