I have posted the update archive in the downloads section of the website. I have not yet written an update script so there is no notification in the control panel yet. But I will be in the a few days. Those that are following along though in the forum, twitter, and this blog now have a heads up. You can download the update now.
The CF Shopkart main archive has also been updated.
See the forum or the included text file for fixes and changes.
Subscribe to:
Post Comments (Atom)
Posts
you have the only free cf shopping cart program that I found. your application is very robust but I am curious. From a security perspective, the application is vulnerable to SQL injection attacks or cross site scripting.
ReplyDeleteAlso, the category widget is how the user navigates through the products. the application doesn't contain a widget for top level categories. Is there a customization setting to display parent level categories in one widget (preferably at the top) and use the category widget only for subcategories.
I like what you've done with cfshopkart.
I have been trying to provide updates that improve security. If you know of any vulnerabilities please post them in the forum. I have people that will tell me about vulnerabilities like yourself, but you guys never provide any details about how a hacker can get in. I can't plug a security hole in the application if you don't provide me with the details of how you have determined that it has security holes. I provide this application free, and if you want to help out, please join the forum, because I do read it and respond to posts as often as I can.
ReplyDeleteIf you are referring to the report that is going around concerning CFSK 5.2, that security issue was resolved in 5.3.