- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 52825
The Joomla! team released today a new version with some security hardenings and fixing a critical security leak in all joomla versions.
The critical security leak was already used in the wild. This means it is not a leak, which was disovered by an audit, it is security issue which is already exploited. Sucuri.net blogged about https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html
Protect Your Site Now
If you are a Joomla user, check your logs right away. Look for requests from 146.0.72.83 or 74.3.170.33or 194.28.174.106 as they were the first IP addresses to start the exploitation. I also recommend searching your logs for “JDatabaseDriverMysqli” or “O:” in the User Agent as it has been used in the exploits. If you find them, consider your Joomla site compromised and move to the remediation / incident response phase.
For securing your joomla 1.5/2.5 pages, just follow this link https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions. It is basically replacing one file.
We post this news, because some of our core members discovered this IPs in his logs. Not a VirtueMart page, but as far as we know it wouldnt make a difference.
- Details
- Written by: Matej Dubovsky
- Category: Latest News
- Hits: 49110
We are proud to offer the direct link between online and offline sales with VirtueMart & POS for Webshops.
Now there is a complete Point of Sale (POS) available for VirtueMart. When you have a physical store and a VirtueMart webshop you can sell goods with your Point of Sale without giving your sales staff access to the VirtueMart backend. All products / orders / calculation rules / customers will be synchronized into the POS.
The sales staff can check the VirtueMart weborders from the POS and take the goods from the store with the OrderPicker. After an order is picked it will change the order status in Virtuemart automatically into a pre-defined status like “Ready for Shipment”. When new goods arrive from the supplier you can add those to the (VirtueMart) stock just by scanning the product barcode in the Stockmanager.
Some of the Key Features
- Direct sync with VirtueMart
- Easy interface
- Different logins
- Use VM calculation rules and Shopper Groups
- Add customer to an order
- Use barcodes to add products to an order.
- Customize the sync options with the Payment methods in the POS.
- You can print receipts as well as invoices.
- Orderpicker and Stockmanger included.
- And much more…
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 51464
More Security
The company Qualys.com found a new issue, a possible XSS. It misuses the array keys in the URL. Most servers prevent such an URL by default, but nevertheless we've added another protection. We also found and fixed some smaller bugs and glitches in advanced functions and last but not least we added missing backward compatibility for some cases. This release follows 3 release candidates with more than 2000 downloads altogether.
New Goal
Sticking to the Joomla API has emerged as an unlucky decision for us. The future plan is to write more for our own framework VMF, which will give us the freedom to also use other systems than Joomla. The idea is to write a small framework, so that extensions written for VirtueMart should also work on different platforms than Joomla. In other words, instead of developing a standalone VirtueMart, we will try to write an easily bridgeable VirtueMart. We already saw a VirtueMart running on Drupal, so it can't be too hard. But first we want to look into Wordpress. Of course we will need test users and suggestions from developers who are familiar with Wordpress and VirtueMart. So please join our forum if you have some experience with these. We also think about using the Joomla platform by the team of Johan Janssens https://github.com/joomlatools/joomla-platform for our next full installer.
New Docs
Due to our membership system http://extensions.virtuemart.net/support/virtuemart-supporter-membership-detail we did find some time to update our manual. We added a lot of pages, which explain general VirtueMart concepts at http://docs.virtuemart.net/manual/general-concepts.html - It's worthwhile to read them. Even VirtueMart veterans already found some new tricks in it!
Some New Features/Fixes:
- different thumbnail sizes are possible now (actually a fix, but no one knew it anyway, for templates please read here http://forum.virtuemart.net/index.php?topic=132128.msg456671#msg456671)
- cart should keep address data of the user, if an error happens like "email already taken"
- use captcha only for guests
- Added "None" option for some order status lists.
- media handling per vendor
- vmUploader checks uploaded files by MIME and may cancell the upload, controlled by ACL
- vRequest is now also filtering the array keys (recursive)
- enhanced synchronise Media (no 10k limit anylonger)
- moved creation of virtuemart_userinfos and virtuemart_order_userinfos to install_essential_data.sql to prevent that changed fields are reverted updating vm
- added hidden config updEngine to prevent changing of the table engine
- added main controller missing for joomla3 to the AIO
The full bug fix list is available here this time: http://forum.virtuemart.net/index.php?topic=131898.0
We also updated VirtueMart 2.6. The new version got the security fixes, enhanced payment plugins and uses now mainly the vm3 table layout. It increases noticeable the performance
Templaters:
Please read here http://forum.virtuemart.net/index.php?topic=132128.msg456671#msg456671
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 58356
Release of 3.0.10
The last stable version vm3.0.8 was 5 months ago. Development has continued during this time, we just spent additional time testing and checking to deliver a more stable version.
We added the ajax script to the cart, so that the new cart is almost like an OPC, you will still add/edit addresses in a separate page. It is backward compatible as long any 3rd party developer/templater uses our javascript handler http://docs.virtuemart.net/tutorials/development/196-the-vm-javascript-handler.html
The ACL (Access Control List) has been extensively extended and modified. It now supports seperate settings for frontend and backend management.
- Details
- Written by: Valérie Isaksen
- Category: Latest News
- Hits: 38755
You still have until the end of this week to secure your first Christmas present!
Amazon Payments have launched their summer promotion, offering merchants their first Christmas present in August.
Merchants that register an account by 15 August and make the payment solution commercially available on their websites by 30 September do not pay any processing fees during December 2015. More information on the program is available.
Amazon Payments offer payment solutions that enable millions of customers to login to your website and pay with the details stored in their Amazon accounts.
The VirtueMart Pay with Amazon plugin is quick and easy to configure. Widgets ensure that a customer never leaves your site during the checkout process, ensuring a consistent brand experience. A complete tutorial is available to help you to configure the plugin.
If you have questions about the Pay with Amazon payment solution, please do not hesitate to contact Amazon Payments.
The VirtueMart Pay with Amazon plugin is available for VirtueMart Version 2.6.18 compatible with Joomla 2.5 and VirtueMart 3.0.8 compatible with Joomla 2.5 and Joomla 3.