Jump to content


Photo

Recommended Security Patch


  • Please log in to reply
12 replies to this topic

#1 Ilya Vassilevsky

Ilya Vassilevsky

    Avactis Support

  • Administrators
  • PipPipPipPip
  • 198 posts

Posted 12 October 2010 - 04:28 PM

It is possible for an attacker to use a custom HTTP User-Agent header to damage Avactis Shopping Cart database.

To protect your store from this type of attack, please update the following script:

avactis-system/modules/reports/report-collectors/report_data_visitors_stat_collector.php

Do this by downloading the new script for your build of Avactis and placing it instead of the existing one:

Updated script for Avactis 1.9.1 build 8356: Attached File  report_data_visitors_stat_collector.php   14.45KB   374 downloads

Updated script for Avactis 1.9.1 build 8129: Attached File  report_data_visitors_stat_collector.php   14.45KB   299 downloads

Updated script for Avactis 1.9.0 build 7777: Attached File  report_data_visitors_stat_collector.php   15.6KB   297 downloads

Updated script for Avactis 1.8.3 build 6950: Attached File  report_data_visitors_stat_collector.php   15.38KB   300 downloads

Updated script for Avactis 1.8.2 build 6241: Attached File  report_data_visitors_stat_collector.php   15.38KB   309 downloads

#2 wbd

wbd

    Expert

  • Members
  • PipPipPipPipPip
  • 235 posts

Posted 12 October 2010 - 06:32 PM

Users of previous builds and versions are encouraged to upgrade to the latest build.


Would love to do this, but I've tried at least a dozen different things to get the upgrade to work - no luck, it stalls in the same spot each time.
So I'm stuck on v1.8.3 until v2.0 comes out in 3 weeks (assuming I think it's worth upgrading to v2.0).

#3 Ilya Vassilevsky

Ilya Vassilevsky

    Avactis Support

  • Administrators
  • PipPipPipPip
  • 198 posts

Posted 12 October 2010 - 06:45 PM

Will a diff file help you?

#4 wbd

wbd

    Expert

  • Members
  • PipPipPipPipPip
  • 235 posts

Posted 12 October 2010 - 06:53 PM

Will a diff file help you?

Hi Ilya,

Do you mean a different security patch or a different upgrade file?
(I'll assume you mean a diff security patch... :) )

Yes, it would be appreciated - the store I administer is working perfectly well at v1.8.3 and I have no compelling reason to upgrade it to v1.9.1 or v2.0 (but this may change if security issues are going to force me to take action).

Cheers,
Rohan

#5 RET88

RET88

    Novice

  • Members
  • PipPip
  • 28 posts

Posted 13 October 2010 - 07:15 AM

Ilya I am interested in the diff file. I have 1.9.1 build 8129. I have made a few changes and would like to know what changes there are between baseline 8129 and 8356 to see if any of my changed files are affected before I upgrade to take advantage of the security patch. Thanks RET88

#6 wbd

wbd

    Expert

  • Members
  • PipPipPipPipPip
  • 235 posts

Posted 14 October 2010 - 04:28 PM

Ask, and ye shall receive :lol:

Hi Ilya,

What version(s) does this alternative patch file support?

Cheers,
Rohan

#7 RET88

RET88

    Novice

  • Members
  • PipPip
  • 28 posts

Posted 14 October 2010 - 05:03 PM

Ask, and ye shall receive :lol:


Ilya

First, thanks.

Second, you say the patch is compatible with build 8356. Does this mean it will only work on this build? Will it work on build 8129? You encourage users to upgrade, and I understand there are probably good reasons, but is an upgrade required for the patch to function as intended?

Finally, Is there a diff file describing the changes between the builds? As I mentioned I am using 8129 and you mention 8356. I would like to know what functions have changed or been fixed since 8129...

I expect there will be a document describing the changes between 1.9.1 and 2.0 when it becomes available in a couple weeks?

Thanks
RET88

#8 Ilya Vassilevsky

Ilya Vassilevsky

    Avactis Support

  • Administrators
  • PipPipPipPip
  • 198 posts

Posted 15 October 2010 - 01:35 PM

OK I patched all recent releases myself and provided all files in their final form - in the first post.

#9 RET88

RET88

    Novice

  • Members
  • PipPip
  • 28 posts

Posted 15 October 2010 - 05:47 PM

OK I patched all recent releases myself and provided all files in their final form - in the first post.


Thanks Ilya!

Could you provide something that tells us what the differences are between build 8129 and 8356 of Version 1.9.1? If you recommend we upgrade I'd like to know what changes I might be bringing into my operating store.

Thanks!
RET88

#10 wbd

wbd

    Expert

  • Members
  • PipPipPipPipPip
  • 235 posts

Posted 15 October 2010 - 07:15 PM

I patched all recent releases


Thank you Ilya - appreciated :D

#11 Ilya Vassilevsky

Ilya Vassilevsky

    Avactis Support

  • Administrators
  • PipPipPipPip
  • 198 posts

Posted 16 October 2010 - 10:05 AM

Could you provide something that tells us what the differences are between build 8129 and 8356 of Version 1.9.1?

Subversion log shows 4545 changed and added files. Yes, I recommend upgrading. New releases have reasons behind them :)

#12 RET88

RET88

    Novice

  • Members
  • PipPip
  • 28 posts

Posted 18 October 2010 - 11:20 AM

Subversion log shows 4545 changed and added files. Yes, I recommend upgrading. New releases have reasons behind them :)


Thanks Ilya. 4545 updates are a lot between builds! Can you provide the list of modifications and changes between build 8129 and 8356? I need to see what was changed. I am concerned that if I upgrade my current build I will loose my changes. Without knowing what has changed between builds I am at risk of a lot of painful rework.

Thank you
RET88

#13 Ilya Vassilevsky

Ilya Vassilevsky

    Avactis Support

  • Administrators
  • PipPipPipPip
  • 198 posts

Posted 19 October 2010 - 07:45 AM

The list of changed files is attached. The number of files is smaller than previously mentioned 4K+ because those were all changes, including new developments not yet included into any release (new cool features for future versions!)

Attached Files