Security release: VirtueMart 1.1.8

The VirtueMart Developer Team has published VirtueMart 1.1.8 to fix a security issue. All VirtueMart users are urged to upgrade to this new version as soon as possible.

Download complete or update package at http://virtuemart.net/downloads
Check other packages at http://dev.virtuemart.net/redmine/projects/virtuemart/files

Important: please read on before upgrading or installing!

About this release

This release includes three security fixes, one of them was already published with 1.1.7a patch, others were discovered recently. So please upgrade as soon as possible.

[Update]: VirtueMart 1.1.8 is the first VM release which supports MooTools 1.2, compatibility for it has been added.[/Update]

There are also a few more fixes for PayPal API payment method and other minor bugs (see the CHANGELOG.php file for full details).

Comments

#7 kilian73 2011-04-03 16:57

Hi Guys

There must still be a hole in fetchscript.
My Website got infected with your Version 1.1.18

:sad:

#6 neji 2011-03-31 11:58

This is a security fix? If so, like you say that paypal use SQL INJECTION

:D( The ip paypal secure list is check before invoice use)

#5 Drew Patterson 2011-03-30 14:37

I have made numerous changes to the virtuemart system and it is a pain to upgrade to recent versions because of this. Are you able to provide small changes for just the security fixes and nothing else? The lesser amount of files touched the better!

Thanks for any help,

Drew

#4 Bmusic 2011-03-28 16:11

I am looking forward to updating, but the the 1.1.7 patch does not work for 1.1.7a.

Any idea when a working patch will be released.

#3 David-Andrew 2011-03-26 17:33

I think you guys want to have a look here:
http://dev.virtuemart.net/

#2 parvez 2011-03-26 08:13

Hi,
Where is the changelog and before upgrade my site i want to check it. I'm running fully customization version of virtuemart.

#1 mumba 2011-03-26 05:02

I have in my site VM 1.1.4 with a lot of hacks, I can't apply the standard upgrades. I make ??manual upgrades in the past, keeping the high level of security up to version 1.1.7a, Is possible to know which files and changes were made to maintain security (only security issues) to version 1.1.8? There is a thread about it? Thanks

Refresh comments list
RSS feed for comments to this post