Print

Security release: VirtueMart 1.1.8

The VirtueMart Developer Team has published VirtueMart 1.1.8 to fix a security issue. All VirtueMart users are urged to upgrade to this new version as soon as possible. 

Important: please read on before upgrading or installing!

 

About this release

This release includes three security fixes, one of them was already published with 1.1.7a patch, others were discovered recently. So please upgrade as soon as possible.

[Update]: VirtueMart 1.1.8 is the first VM release which supports MooTools 1.2, compatibility for it has been added.[/Update]

There are also a few more fixes for PayPal API payment method and other minor bugs (see the CHANGELOG.php file for full details).

Comments   

 
#7 kilian73 2011-04-03 16:57
Hi Guys

There must still be a hole in fetchscript.
My Website got infected with your Version 1.1.18

:sad:
Report to administrator
 
 
#6 neji 2011-03-31 11:58
This is a security fix? If so, like you say that paypal use SQL INJECTION :D :D( The ip paypal secure list is check before invoice use)
Report to administrator
 
 
#5 Drew Patterson 2011-03-30 14:37
I have made numerous changes to the virtuemart system and it is a pain to upgrade to recent versions because of this. Are you able to provide small changes for just the security fixes and nothing else? The lesser amount of files touched the better!

Thanks for any help,

Drew
Report to administrator
 
 
#4 Bmusic 2011-03-28 16:11
I am looking forward to updating, but the the 1.1.7 patch does not work for 1.1.7a.

Any idea when a working patch will be released.
Report to administrator
 
 
#3 David-Andrew 2011-03-26 17:33
I think you guys want to have a look here:
http://dev.virtuemart.net/
Report to administrator
 
 
#2 parvez 2011-03-26 08:13
Hi,
Where is the changelog and before upgrade my site i want to check it. I'm running fully customization version of virtuemart.
Report to administrator
 
 
#1 mumba 2011-03-26 05:02
I have in my site VM 1.1.4 with a lot of hacks, I can't apply the standard upgrades. I make ??manual upgrades in the past, keeping the high level of security up to version 1.1.7a, Is possible to know which files and changes were made to maintain security (only security issues) to version 1.1.8? There is a thread about it? Thanks
Report to administrator
 

Add comment


Security code
Refresh