Update Hikashop 3.1.1 request for Hikashop 2.6.4

  • Posts: 53
  • Thank you received: 6
  • Hikashop Business
7 years 5 months ago #271140

-- HikaShop version -- : 2.6.4
-- Joomla version -- : 3.7.1
-- PHP version -- : 5.6.30
-- Browser(s) name and version -- : Firefox

Hi,
Do the security issue (correted by HS 3.1.1) exist on Hikashop 2.6.4? We are actualy bulding our new website on HS 3.xx but for many reason the old one online is yet, for few weeks, on HS 2.6.4. Any security pb on this version?
Best R

Please Log in or Create an account to join the conversation.

  • Posts: 82906
  • Thank you received: 13378
  • MODERATOR
7 years 5 months ago #271149

Hi,

Yes it does but only if you have a sort filter configured in the menu Display>Filters.
If you don't, then you're safe.
Note that in the blog article about it, we provide the patch if you don't want to update:
www.hikashop.com/home/blog/373-security-...kashop-business.html

The following user(s) said Thank You: GARANDET

Please Log in or Create an account to join the conversation.

  • Posts: 53
  • Thank you received: 6
  • Hikashop Business
7 years 5 months ago #271174

Again thanks for your infos and always quick answers despite of our sometimes naives questions. I didn't configure any filter in the display menu (Screenshot below)...


Thanks

Attachments:

Please Log in or Create an account to join the conversation.

  • Posts: 329
  • Thank you received: 94
7 years 5 months ago #271200

We likewise appreciate that HikaShop shared the patch for older sites. In an abundance of caution, we applied it to ALL of our older HikaShop sites, several of which may not be upgraded to the 3 series for a little while longer due to the extensive testing required for integrations and customization.

One never knows when a curious client might decide to play with the filter sorting feature and I don't want to have to worry about remembering that by enabling it later, we'd be opening a known security hole. Best approach is to apply the one line patch and know you're covered!

~ Deb Cinkus, CEO

Polished Geek: more with monday․com
eCommerce Business Process Automation Experts

Please Log in or Create an account to join the conversation.

  • Posts: 26159
  • Thank you received: 4028
  • MODERATOR
7 years 5 months ago #271177

Hello,

So, as Nicolas told you in the previous message ; the security issue does not concern your website.
In any case, if you want to be really safe in the case when you'll configure a filter in the future ; you can apply manually the patch (as explained in the link Nicolas gave you !)

Regards,

Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

Time to create page: 0.080 seconds
Powered by Kunena Forum