CubeCart version 5.2.4 released – upgrade immediately.
Hot on the heels of the recent 5.2.3 release, another upgrade, 5.2.4 has been made available by the CubeCart development team but this time it is flagged as an important security release and ALL current V5 users are urged to upgrade to this version as soon as possible. If you also use PayPal as a payment gateway then this is also a very important upgrade as support for PayPal HTTP Protocol 1.0 was discontinued on the 7th October.
What functionality areas have changed in V5.2.4 from V5.2.3
- Important Security Update: Open Flash Chart has been removed and replaced with Google Charts. This is such an important security issue that manual patch instructions for this specific issue are given below for users that are not able to upgrade in full.
- PayPal HTTP 1.1 support – important as HTTP protocol 1.0 is no longer supported
- BillMeLater Support – this can now be enabled from the PayPal “Alternative Checkout” module configuration page. This is a PayPal service that lets you buy now and pay later and so it provides a secure, instant, and reusable credit line without the use of credit cards.
- SSL pages hook added – this is important for users of the shopdev Vector skin although it still needs a new release of the skin to be usable
- The setup directory is no longer automatically deleted if it exists when logging in as an admin user
- A few miscellaneous bug fixes
CubeCart V5 Upgrade
If you are already running CubeCart V5, then completing this upgrade can often be as simple as clicking on “Upgrade” within the Admin | Maintenance area. However there are some points to note specific to this version upgrade and if you are not comfortable with any of these then we strongly suggest that you order the CubeCart upgrade service from us.
- Put the store into maintenance mode and then always do a full backup before upgrading
- Always test the store immediately after the upgrade, before taking the store out of maintenance mode
- Check and make sure that the includes/lib/OFC directory has been removed
- If you use your own customised favicon file, then due to the fact that the standard CubeCart version is still delivered as part of an upgrade, your own version will need to be restored after the upgrade. We have been told that the CubeCart favicon will no longer be distributed in future releases
- The CubeCart setup folder, this again needs to be manually deleted via FTP as the automatic removal functionality released in version 5.2.3 has been removed due to too many people uploading the upgrade but then logging back in as an admin user before running the upgrade (see our posting regarding the CubeCart 5.2.3 upgrade). It is hoped that a future release will once again re-introduce this functionality
- If you have made any changes to core files or any of the core skin files then these will be over-written
- If you are using the 3rd party Vector skin then this requires a small change to one core file. This is still required even though the CubeCart team have now added a new hook but the Vector skin now needs to be upgraded to use this
For any customers that are running the Shopdev Vector theme that will be doing their own upgrade, please feel free to Open a Support Ticket if you would like us to make this small code change on your behalf.
Manual patch instructions for security issue with Open Flash Chart
If you have a customised version of CubeCart and are unable to undertake the full upgrade then you should at least manually perform the following
Our support team are available to perform this upgrade for any current V5 website whether you are already a customer of Havenswift Hosting or not – if you would like help or advice, then again please Open a Support Ticket or simply order the CubeCart Upgrade service from us.
The following two tabs change content below.
This is the main Havenswift Hosting company account that is used by different members of staff when making blog postings on behalf of the company rather than as individuals
There Are 2 Comments
Havenswift Hosting on 10 Oct, 2013
A quick update following the completion of several upgrades to 5.2.4 – the includes/lib/OFC directory that is the cause of the security update is NOT removed automatically so the point above about checking to ensure that this has been removed as part of the upgrade is vitally important
Peter Steer on 04 Dec, 2013
Having had a few questions following the recent upgrade to 5.2.4 I’m finding the new online chat facility very useful for the quick question that doesn’t warrant a support ticket.
Ticket response is fast, but chat response is even faster!