Your Cart is currently empty!
Product update
Coupon
add
Coupon code invalid! Please re-enter!
AJAX loader
You are here: HomeRead on BlogNews & UpdatesVirtueMart 3.2.6 Release with Security Fixing and Overhauled Infrastructure

VirtueMart 3.2.6 has been released to address a minor XSS vulnerability present in previous versions as well as improve the infrastructure. It occurred when the features feeds and search were used together. It happened only for feed enabled, so administrators can close the leak by disabling the feed functions.

VirtueMart 3.2.6 Release with Security Fixing and Overhauled Infrastructure

The vulnerability has been addressed by using getCurrentUrlBy function, which works with a whitelist for variable names and it urlencodes any value.



VirtueMart 3.2.6 Improvements

  • Important patch to prevent memory leak when switching languages.
  • usermodel, extra check if the already loaded user has the right id.
  • Renamed order_done layout to orderdone to be able to create a menu item.
  • New feature customfield of type S and M have now a new parameter, which enables the added price as percentage.
  • Added redirect per system plugin "vmLoaderPluginUpdate" for register and login.
  • Shipment plugin shows now also multiple countries.
  • vmJsApi, fix for correct language of the datepicker.
  • mediahandler has now a deleteAllThumbs of a certain image function (works with regex, may delete accidently too much thumbs which is quite likely unimportant.
  • Vendor model getVendorAddressFields does not work with internal id anylonger.
  • BE category list keeps selected category.
  • Very important fix for multivariants, which lost in some conditions the parent option, when changing to a child.
  • Language dependent caching.
  • install.sql, removed NULLs for product group booleans, like featured, discontinued, ...
  • More security for function getMyOrderDetails.
  • Enhanced search plugin.
  • Removed double // in function displayLogos in vmpsplugin.php. When the shipment/payment logo dissapeared in checkout, please read http://forum.virtuemart.net/index.php?topic=138927.0
  • Function changeShopper, address is not pre-filled with userdata of the switching user (in case the address is not provided).
  • Fixed frontend manager link permission in user accountmaintenance.

View full list of changes here

Thanks for reading!

Related items (by tag)

Love all our templates?

Join our membership clubs starting at $49 only for access to all of our templates

Join Now
Home Pricing
Your Cart is currently empty!
Product update
Coupon
add
Coupon code invalid! Please re-enter!
AJAX loader
SearchSupport
Magento Themes Magento Extensions Free Magento Extensions Prestashop Themes Prestashop Modules Magento 2 Themes