- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 43277
There is a security problem in the JUser model. Please update as soon as possible.
https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html
Joomla 2.5.x is not anylonger supported by the Joomla project, but we know that a lot people still use joomla 2.5. with VirtueMart. As promised, we provide a fix http://dev.virtuemart.net/attachments/download/1036/Joomla2.5.28-20161214PATCH.zip (Direct link).
This patch is just the one for j2.5.28 of last year extended by the new files. Update your joomal 2.5.x at least to the last version j2.5.28.
It is normal that an unpatched j2.5.28 logs you out. The patch should be still applied.
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 49449
This new VirtueMart 3 Version is completing the vm3.0 series. There won't be any new vm3.0.x updates other than if we have a security issue. Some of our developers are still developing on Joomla 2.5 to ensure the backward compatibility. But from now on, any new version will be developed on the most recent Joomla or WordPress releases. We won't break the compatibility by purpose, but we just cannot test any longer for older versions.
We have got VirtueMart running on WordPress already in our laboratory. WordPress opens a new market for shops which do not need a complex CMS setup. The last big task is at the moment only the router, which must be adjusted to the WordPress links. The ACL is at the moment only roughly translated, but it will be possible to make it more fine grained later, so that we can simulate 80% of the Joomla rights within Wordpress. Transforming VirtueMart to a cms-less system forces us to use an own user table. So in future we will have real Virtuemart users, not being based on the old Joomla table. The basic trick is that we still use a light version of the Joomla libraries, so extension developers can easily write extensions compatible to Joomla and WordPress. We hope that we can extend this technique to integrate VM into more CMS systems like Drupal. We plan to publish a beta before Christmas.
Since it is the last of its series, we added some of the membership features to the main version. So product variants work now also in the category browse view. Changing the ordering within a dropdown of a multivariant was quite painful. But we added a drag and drop for the children list, so it is very easy to adjust.
Here an incomplete list of the new features
New Features for shopowners
- Customfields of type S (String) and P (Property) can be used to automatically create a dropdown for search (like tags)
- Added ajax for child variants in category browse view - MV (MultiVariant) and GC (GenericVariant)
- Category view now has the same options for displaying additional VM content as were available in the virtuemart view (which is now deprecated)
- Update of com_tcpdf to tcpdf version 6.2.12
- Added drag and drop sorting of MultiVariants in product edit
- Already loaded grouped products are not displayed twice on the same browse view
- Product is now virtually added to the cart before the conditions are tested. So it works now also for weights and other conditions (not just price)
- User dependent currency for invoice, mail, and order view
- Currency can now use the "space character" in the display format
- Payment and shipment methods can now be edited in different currencies
- Changed addProductToRecent so that it always stores 10 product ids; can be adjust by hidden config max_recent_products
- Added a template vmbeez3 derived from beez3
- New VirtueMart/Joomla! 3 full installer
- Paypal accepts multiple currencies
- Amazon works now with the cart ajax and updated library
- Avatax taxfreightcode added
New Features for developer and templater
- shopfunctions::getLoginForm works now with a sublayout login, so it can be used in other views
- Added trigger plgVmOnCheckoutCheckStock
- Removed id tag from dropdowns to ensure that chosen can always generate a unique id
- Quite a lot of JS enhancements, more robust and faster
- Added function sendCurrForm, which simply fires the form if an input has the right class.
- Plugins can now define in the constructor which values should be handled as convertables
Important for shops with overrides
The new js for using ajax for reloading product content uses now always the same class. The class is "product-container". Just search for the div with "productdetails-view productdetails" and add "product-container". In case you want the ajax reload within a product modul, you need to adjust the overrides here also. Furthermore the layout login of the user view is now in the sublayout folder. Members who used the ajax for child variants within the browse view should change the layout back to default.
For a full list of all changes or more information how to adjust your overrides, please read here in our forum http://forum.virtuemart.net/index.php?topic=135402.0
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 71969
We are excited to announce the release of two different versions. The 3.0.14 is the direct succesor and is without VirtueMart Frame VMF. The new 3.1.0 is with new VirtueMart Frame VMF. Both versions include the addition of several notable new features.
VirtueMart is pleased to announce a new partnership with global payments provider, 2Checkout. 2Checkout enables merchants from nearly anywhere in the world to accept payments easily. Its checkout experience is optimized for mobile and other devices, and it provides top-tier security and fraud prevention, as well as dedicated customer support.
Tens of thousands of merchants already trust 2Checkout to help them maximize online sales conversions by providing global payments with a localized buying experience. Now VirtueMart’s merchants can enjoy the same service in just minutes. Once merchants download the new VirtueMart 3 extension, they can select 2Checkout as their payment provider and follow a few easy steps to set up a fully-integrated solution. For more information, please visit https://www.2checkout.com
VirtueMart helps online businesses around the world sell every day. Together with 2Checkout, we can now make this process even easier. Merchants can securely adapt to local languages, currencies and payment methods with just one, simple integration.
2Checkout is a global payment provider that makes it easy to accept payments from anyone, anywhere. Trusted by tens of thousands of merchants in 211 markets around the world, 2Checkout offers easy signup and implementation, with top-notch customer support. Businesses and organizations can accept payments using 8 payment methods and in 26 currencies, and settle in 25 home currencies. 2Checkout offers both hosted checkout forms and APIs, and integrates with more than 100 shopping carts. For more information, please visit https://www.2checkout.com.
Vm3.0.14 is a clean update for any older vm version. We fixed some bugs and added some new features paid by the membership system http://extensions.virtuemart.net/support/virtuemart-supporter-membership-detail
Highlights:
- Change order status of multiple selected orders in the order list using one simple click
- Create links without Category Name and/or without product suffix
- product parent id editing field in product edit, so products can be attached to patterns
- Product multivariants can use a radiolist instead of dropdowns
- PHP7 compatibilty
This is a very mature release. The maintrunk is already working with the new VMF system which should help to write a bridge for Wordpress. The vm3.1 version is for developers and eager early adopters. For the moment it is the goal, that the whole core works with the new abstraction layer, to concentrate and bundle the bridgeable code.
You should always take a backup of your database. The tableupdater has been strongly enhanced and should handle tables with broken or missing primary fields (fields with auto_increment) a lot better. Note that whilst this has been tested on numerous deployments of VM it is still relatively new.
Changes from vm3.0.12 - vm3.0.14:
- 2checkout added, fixed, and tested
- order filter keeps state
- printing of order within order edit
- added VmConfig::get( 'vm_num_ratings_show', 3 ) to getReviews function
- checkFixJoomlaBEMenuEntries enhanced and moved to core update script (was before in the AIO)
- small fixes for amazon
- fix for media json for the media handler and language
- added limitbox to top for product and category list for joomla3 compatibility
- unique ids for html field vmcategories dropdown
- fix for multiple useage of categoryListTree
- product parent id editing field in product edit, so products can be attached to patterns
- heidelpay update
- Paypal IPN in case payment type='cart' and payment_currency=order_currency
- Updated router, works now without product suffix
- Important code adjustment for avatax
- added ssl support for add to cart popup
- cache for language loading to prevent loading it twice.
- fixed mod_virtuemart_product, added divs for price js and added vmJsApi::writeJS() for cached modules content (cant be cached).
- php7 adjusted html.php, http://forum.virtuemart.net/index.php?topic=133113.msg461282#msg461282
- product filter in administrator view keeps entered values
- enhanced function getMyOrderDetails, also registered users can now visit a guest order, if they enter correct order pw
- fixed language loading of invoices
- enhanced table updater, better handling of auto_increment fields
- fixed small error in product listing shows media 0 if no media is attached.
- MultiVariant as radio selection
- new layout for category module
- cleaned css
- security and rights managment, (mainly already done for vm3.0.12)
- fixes for tos.php, to set it unrequired
- create Product Clone sets the clone unpublished and product_ordered, product_sales to 0
- Router has new option, to create links without CategoryName
- absolute urls for canonical
- alternative layotus for FE modules
- js validator also for shipment addresses
- Enhanced js validation of country/state combo
- max_cats_per_product
- added hidden config product.published, which determines if a new product is already published. (by default not published)
- browse page shows generic child variants
- Added perms for order editing to the model
- better and robust code for vmvalidator js
- Fix for vmuploader.php, when exif_imagetype is not supported
- added bulk set order status in order admin list
- captcha only for guests
- Added that the top category uses the set metadata
- added loading of product images for invoice
- orderDetails are now accessible in order_done.php
- enhanced tableupdater, also correcting missing Primary Keys
For the brave ones, a preview on vm3.1 (direktdownload): http://dev.virtuemart.net/attachments/download/997/com_virtuemart.3.1.0_extract_first.zip
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 52228
The Joomla! team released today a new version with some security hardenings and fixing a critical security leak in all joomla versions.
The critical security leak was already used in the wild. This means it is not a leak, which was disovered by an audit, it is security issue which is already exploited. Sucuri.net blogged about https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html
Protect Your Site Now
If you are a Joomla user, check your logs right away. Look for requests from 146.0.72.83 or 74.3.170.33or 194.28.174.106 as they were the first IP addresses to start the exploitation. I also recommend searching your logs for “JDatabaseDriverMysqli” or “O:” in the User Agent as it has been used in the exploits. If you find them, consider your Joomla site compromised and move to the remediation / incident response phase.
For securing your joomla 1.5/2.5 pages, just follow this link https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions. It is basically replacing one file.
We post this news, because some of our core members discovered this IPs in his logs. Not a VirtueMart page, but as far as we know it wouldnt make a difference.