• Zen Cart Experts
  • Web Sites
  • Training & Support
  • Content Management
  • Other Services

    • Zencart Upgrade Again and Again and Again – 1.3.9g this time.

    Okay, I admit it. I’m getting really tired of this. It doesn’t seem to stop.  Unfortunately, it has taken a lot of use of the new versions to get down to the really important part – major security fixes for Zen Cart.  I don’t know for sure but I suspect there simply weren’t enough volunteers to test the new version – I certainly didn’t offer to test it myself.  Since I’m a heavy user, it only makes sense that I would but I didn’t have enough time to install and watch and worry over a live site in beta testing.

    Complaining aside, I want to emphasize the important of Zen Cart 1.3.9g because of these fixes:

    Security: Fix multiple XSS vulnerabilities x3
    Security: Fix bSQLi vulnerability
    Security: Fix LFI/FD threat

    The Zencart team is getting more and more security conscious which is a good thing. They are now requiring changing the name of admin and deletion of the install folder before admin is accessible. Kind of a pain for me but a good warning for the average user.  That also means a little more technical work – making the cart not a not as user friendly install as it has been.  The automatic installers won’t do it for the cart owner.

    In a way I like that.  Too many Zen Cart owners install the cart because they can. Too many people leave that install up  and never upgrade it. Too many people end up with hacked carts years later. Literally, years later.  Any open source program is vulnerable to those who hack. Those who just go looking for vulnerabilities. Those who want to steal.

    I’ve only run across one site so far that has actually lost money to a hack but that’s one too many. The owner had a very old version that had been hacked many times and simply never got cleaned up properly each time it happened. So last month the cart owner lost the revenue from a sale. (That’s when he contacted me – his former programmer had obviously failed him.)

    Zen Cart Gurus?

    That brings me to the second point I want to make.  Just because someone says they work on Zencart does not mean they know what they are doing.  Like any complicated open source program, intimate knowledge of how to install mods and how to write mods is important.  More important than that is someone who watches the Zencart forum and is signed up to get notifications of important upgrades and issues. But it doesn’t stop there – that person must be keeping watch for the cart owners – someone who will act quickly when necessary.

    So I get to spend my time this morning figuring out what has changed, what sites can I easily upgrade, what cart owners do I need to inform about the new upgrade and what it’s going to take to install it.  In other words, I get to be the responsible Zen Cart developer.  I may not make much, if any, money this morning but my customers will be glad I did and continue to support my (meager) lifestyle with their needs and wants.

    And so – to work…..

    Author: Delia Wilson Lunsford, Founder & CEO, WizTech, Inc.
    This entry was written by admin, posted on September 30, 2010 at 7:38 am, filed under Zen Cart, Zen Cart News. Bookmark the permalink.