Recommended Security Patch, Protection against malicious requests Options

[Ilya Vassilevsky]

It is possible for an attacker to use a custom HTTP User-Agent header to damage Avactis Shopping Cart database.

To protect your store from this type of attack, please update the following script:

avactis-system/modules/reports/report-collectors/report_data_visitors_stat_collector.php

Do this by downloading the new script for your build of Avactis and placing it instead of the existing one:

Updated script for Avactis 1.9.1 build 8356:  report_data_visitors_stat_collector.php ( 14.45K ) Number of downloads: 300


Updated script for Avactis 1.9.1 build 8129:  report_data_visitors_stat_collector.php ( 14.45K ) Number of downloads: 228


Updated script for Avactis 1.9.0 build 7777:  report_data_visitors_stat_collector.php ( 15.6K ) Number of downloads: 225


Updated script for Avactis 1.8.3 build 6950:  report_data_visitors_stat_collector.php ( 15.38K ) Number of downloads: 231


Updated script for Avactis 1.8.2 build 6241:  report_data_visitors_stat_collector.php ( 15.38K ) Number of downloads: 236

[wbd]

Users of previous builds and versions are encouraged to upgrade to the latest build.

Would love to do this, but I've tried at least a dozen different things to get the upgrade to work - no luck, it stalls in the same spot each time.
So I'm stuck on v1.8.3 until v2.0 comes out in 3 weeks (assuming I think it's worth upgrading to v2.0).

[Ilya Vassilevsky]

Will a diff file help you?

[wbd]

Will a diff file help you?

Hi Ilya,

Do you mean a different security patch or a different upgrade file?
(I'll assume you mean a diff security patch... )

Yes, it would be appreciated - the store I administer is working perfectly well at v1.8.3 and I have no compelling reason to upgrade it to v1.9.1 or v2.0 (but this may change if security issues are going to force me to take action).

Cheers,
Rohan

[RET88]

Ilya

I am interested in the diff file. I have 1.9.1 build 8129. I have made a few changes and would like to know what changes there are between baseline 8129 and 8356 to see if any of my changed files are affected before I upgrade to take advantage of the security patch.

Thanks
RET88

[wbd]

Ask, and ye shall receive

Hi Ilya,

What version(s) does this alternative patch file support?

Cheers,
Rohan

[RET88]

Ask, and ye shall receive

Ilya

First, thanks.

Second, you say the patch is compatible with build 8356. Does this mean it will only work on this build? Will it work on build 8129? You encourage users to upgrade, and I understand there are probably good reasons, but is an upgrade required for the patch to function as intended?

Finally, Is there a diff file describing the changes between the builds? As I mentioned I am using 8129 and you mention 8356. I would like to know what functions have changed or been fixed since 8129...

I expect there will be a document describing the changes between 1.9.1 and 2.0 when it becomes available in a couple weeks?

Thanks
RET88

[Ilya Vassilevsky]

OK I patched all recent releases myself and provided all files in their final form - in the first post.

[RET88]

OK I patched all recent releases myself and provided all files in their final form - in the first post.

Thanks Ilya!

Could you provide something that tells us what the differences are between build 8129 and 8356 of Version 1.9.1? If you recommend we upgrade I'd like to know what changes I might be bringing into my operating store.

Thanks!
RET88

[wbd]

I patched all recent releases

Thank you Ilya - appreciated

[Ilya Vassilevsky]

Could you provide something that tells us what the differences are between build 8129 and 8356 of Version 1.9.1?

Subversion log shows 4545 changed and added files. Yes, I recommend upgrading. New releases have reasons behind them

[RET88]

Subversion log shows 4545 changed and added files. Yes, I recommend upgrading. New releases have reasons behind them

Thanks Ilya. 4545 updates are a lot between builds! Can you provide the list of modifications and changes between build 8129 and 8356? I need to see what was changed. I am concerned that if I upgrade my current build I will loose my changes. Without knowing what has changed between builds I am at risk of a lot of painful rework.

Thank you
RET88

[Ilya Vassilevsky]

The list of changed files is attached. The number of files is smaller than previously mentioned 4K+ because those were all changes, including new developments not yet included into any release (new cool features for future versions!)

Attached File(s)

 changed_files_8129_8356.txt ( 4.95K ) Number of downloads: 564