What is CubeCart?
Whether you are a retailer looking for an online store or a webmaster seeking an ecommerce solution for a client… CubeCart is a powerful free ecommerce solution enabling thousands of merchants globally to sell digital or physical products online.
"I am a total website novice but CubeCart is very simple to use, easy to navigate around. I am very pleased. Thank you so much!"Gemma
This release came quickly off the back of 6.1.6 with a few stability enhancements over the new CSRF features.
Please note that if SSL is enabled the admin login to the store will only work under SSL. Standard HTTP login attempts may fail with a CSRF error. This is due to forced secure cookies if SSL is enabled.
Permalink | 20th April 2017 13:00
We are pleased to announce the immediate availability of 6.1.6. Due to past stability issues with the auto upgrade tool we strongly recommend upgrading manually (see release note 1).
- 52 issues closed
- A number of security patches and enhancements (release note 2).
- Ability to edit order payment gateway name
- File size added to file manager
- Invisible Google reCaptcha with skin compatibility checker (release note 3)
- Resend email from email log
- Improved error reporting in debug mode
- Physical & digital items as one product (release note 4)
- Stability enhancements to auto upgrade tool.
- Public folder added to file manager (release note 5)
- Miscellaneous bug fixes.
1. Manual Upgrade
A bug in a previous release has caused a number of upgrade failures. We are aware of a number of stores running a mixture of code from mismatching versions. These stores may well be "stuck" like this until manually updated.
2. Security Patches and Enhancements
Our friends at Netsparker have identified a number of CSRF, XSS and directory transversal issues. These have all been patched and more. The default Foundation theme now has CSRF protection for all form data. The admin control panel now has CSRF protection on any GET requests that manipulate data such as delete. From now on CubeCart has continual security auditing powered by Netsparker for which we are very grateful.
3. Invisible reCaptcha
The default Foundation skin now supports Google Invisible reCaptcha to keep pesky bots and spammers out. We will be happy to integrate this for any of our merchants who has a custom skin who have an active managed technical support account.
4. Physical & digital items as one product
Many will be pleased to hear that CubeCart now supports the ability to have a digital download with the option of being physical too. It's simple just add a product option with a weight greater than zero. For example it would be possible to have an option group of "Format" with attributes "Digital" and "Physical". Just assigned a weight to the "Physical" attribute.
5. Public folder added to file manager
We get a lot of support requests asking why files added to the file manager can't be loaded directly in a browser. The reason for this is that they are protected with the intent to sell them as digital downloads. For those wanting to upload and link to digital files directly a new public folder exists in the file manager which is not protected.
Permalink | 18th April 2017 12:20
Can you believe that CubeCart has been around since 2003? What started out as a small project has snowballed powering thousands of stores globally.
If you have a success story you would allow us to publish we would be truly very grateful if you could share it with us. We need new merchants to realise the potential they have using CubeCart. This will help contribute to further growth, new features and an all round brighter future for everyone.
Please feel free to email me personally at email@example.com with your company name, store URL and short success story of upto say 300 words.
Many thanks to you all for your support.
Permalink | 7th March 2017 17:07
We are pleased to announce the release of CubeCart 6.1.5 which is available now. This is a maintenance release fixing a number of bugs further increasing stability.
We recommend navigating to Advanced > Maintenance then viewing the "Database" tab to look for any missing or incorrect indexes after your store has been upgraded to 6.1.5. Missing or incorrect database indexes can cause quite significant performance issues. Please use a tool such as phpMyAdmin to make any required changes or raise a ticket with our technical support department for official assistance.
Permalink | 13th February 2017 10:49
A security directory traversal vulnerability has been discovered in all version of CubeCart version 6. CubeCart version 6.1.4 has been release which patches this.
We recommend that all merchants upgrade to 6.1.4 or patch their store as soon as possible.
Manual Patch: https://github.com/cubecart/v6/commit/8f1ec4e87c58e60e7fd865eabc6a1ab2b721729c
We would like to pass on our warm thanks to all the staff at Japan Computer Emergency Response Team (JPCERT) Coordination Center for discovering this issue and for handling it so professionally.