View topic - Zen Cart Security

[Wayzgoose]

I see that version 1.38a was released on 1st December, 2007. As far as I know there was only ever the security patch and suggestions released earlier this year.

Version 1.39 was released on 2nd May, 2010 quickly followed by what can only be described as six panic releases with another one on the way.

Now if 1.38a lasted quite happily for almost two and a half years without change compared to 1.39 which lasted literally days, what is it about 1.38a that has those in the know saying that it's full of security holes?

[scotserve]

You have to be aware that security holes "appear" and may be found after several months or even years, another point is the scripts run on PHP and as PHP progresses then that may also open up holes in a script i.e. most servers in 2007 were still running release 4 of PHP in 2010 most are running PHP 5

1.3.8a is considered a security risk and not sure where you are coming from on the basis it was OK for 2 years, however a patched 1.3.8a is still 1.3.8a it is not an upgrade as such so how many sites are running patched 1.3.8a compared to those that are running original scripts/installs.

http://zencartguru.co.uk/bug-security-patches

[uvip521]

You can google 1.38 security patches and there will be several patches that you can install.

[laggardlady]

The thread is about a year old. Are you sure you're not just looking for posts so you can post your links?

[latief]

I already have Zencart 1.38a in one of my website, and my website hacked TWICE. Can someone tell me how to prevent that? If upgrade to 1.39 is very scary for me, because I have modified many on the zencart.

Thank you