PDA

View Full Version : OSC MS2 Security Issue 20051112 -Important to Max users?



kenlyle
11-22-2005, 08:41 AM
This was about 10 days ago:

"An update to the osCommerce 2.2 Milestone 2 version has been released that addresses security related issues and bug reports that exist in the released version.

It is recommended for osCommerce 2.2 Milestone 2 store owners to apply the changes to their installations due to the security issues and bug reports that have been fixed. The changes involved are minimal, do not break compatibility with contributions, and further strengthens the security of the shop installation.

This update release focuses solely on security related issues and bug reports, and does not introduce any new features that have been made for the next development milestone release."

Do any of these issues apply to OSCMax 1.7 or 2.0? What, if anything, should we do?

Thanks,
Ken

michael_s
11-23-2005, 05:59 AM
Yes, I am sure it does apply, since we use the core osC codebase. I did not receive this mail, and I have not had a look at any of the changes. Can you post a link to the update package?

timbrrr
11-23-2005, 10:25 AM
This is for OSCOMMERCE ONLY, NOT FOR OSCMAX 2.2 to all those that happen across this link.
http://www.oscommerce.com/solutions/downloads

jpf
11-24-2005, 08:56 AM
Yes thi release does apply to OSCMAX but the changes has to be manually addin....

Micheal has a customized oscMax upgrade package (from myself) for these security issues submitted to him on Nov 14 (day after tne annoucement) - for testing...

Mike - have you not review/tested it?

I don't have much time at this time of the year to do testing so I left it up to Mike.....

michael_s
11-27-2005, 08:22 AM
The security patch is now available in the downloads section. I will be sending a mailinglist email regarding this patch later today...

Download here:
http://oscdox.com/Downloads-index-req-viewdownload-cid-6.html

The download name is:
osCMax-2.0RC2-update051112 patch