What is CubeCart?
Whether you are a retailer looking for an online store or a webmaster seeking an ecommerce solution for a client… CubeCart is a powerful free ecommerce solution enabling thousands of merchants globally to sell digital or physical products online.
"Many our web hosting clients decided to use CubeCart and they are very satisfied."Petr
We are pleased to announce the release of CubeCart version 6.0.11. This is a maintenance release which includes three security updates.
Release notes: CKEditor has been upgraded from version 3 to 4. If the rich text editor fails to load from within the admin control panel please try a hard browser refresh or delete your temporary internet files.
Permalink | 16th March 2016 10:07
A number of our customer have received the following correspondence from PayPal concerning a rollout schedule for security updates this year. We wanted to address how these changes may affect your CubeCart store.
We recently announced several security upgrades planned for this year, some of which will require you to make changes to your integration. You’re receiving this email because your integration may need to be changed to accommodate these security upgrades.
What do I need to do? We’ve outlined the steps to take to ensure your integration is up to date. We’re letting you know about these changes now because we don’t want you to experience a disruption of service when they go into effect.
Step 1: Consult with someone who understands your integration. We encourage you to inform your technical staff of these upcoming changes.
Step 2: Understand how these changes affect your integration. Here’s a list of the security changes we’re making in 2016. Please review and determine if these updates are required on your side.
- SSL Certificate Upgrade to SHA-256
- TLS 1.2 and HTTP/1.1 Upgrade
- IPN Verification Postback to HTTPS
- IP Address Update for PayPal Secure FTP Servers
- Merchant API Certificate Credential Upgrade
- Discontinue Use of GET Method for Classic NVP/SOAP APIs
Step 3: Get the technical details on these changes. Detailed information of each of the changes and a location to test your integration are available on our 2016 Merchant Security Roadmap Microsite. Select the hyperlinks in the chart for information about specific change events.
Step 4: Make the appropriate changes by each “Act by” date*. It’s important to have your changes in place by the “Act by” date for each change event.
Step 5: Future-proof your integration. We recommend that you go through the Best Practices section on our 2016 Merchant Security Roadmap Microsite.
Why is PayPal making these changes?
Protecting customer information is PayPal’s top priority. We support industry standards, such as crypto-industry’s mandate to upgrade SSL certificates to SHA-256, and the Payment Card Industry (PCI) Council’s TLS 1.2 mandate. We also surpass those standards by investing and building some of the finest protection available. By addressing these changes this year, we believe it helps future-proof your integration and reduce the need to invest in changing your integration in the near future.
If you have any questions as you work through these changes, visit our Help Centre by clicking Help on any PayPal page.
Thank you for your support of our commitment to maintain the highest security standards for all of our global customers.
Which milestones will affect my store?!
TLS 1.2 and HTTP/1.1 Upgrade - Deadline June 17, 2016
To make sure that your CubeCart store continues to operate as normal please check that your web hosting is configured to have TLS 1.2 and HTTP 1.1 support. This can be done by looking at the "Server Info" or "PHP Info" area of your stores admin control panel. "OpenSSL" should have a value of 1.0.1 or higher. The screenshot below shows an example of what to be looking for. In this case the OpenSSL version is fine.
The screenshot below shows that HTTP 1.1 is also supported.
IPN Verification Postback to HTTPS - Deadline September 30, 2016
PayPal send information about payments back to your store via postback notification. From September 30th 2016 PayPal will no longer send this information back to standard insecure (http protocol) URL's. This means that if you do not already have SSL configured in your store for secure padlocked (https protocol) pages you will need to enable this. This has to be done in two stages;
- You'll need to source an SSL certificate. This is something that can normally be purchased from your web hosting company. It may be possible to save money by sourcing your own from somewhere like https://www.ssls.com but please check with your hosting company that SSL purchased from a 3rd party can be used. We are in no way affiliated to or associated with "Namecheap Inc" who operate ssls.com.
- SSL will need to be enabled in CubeCart. For CubeCart version 5 and version 6 this can be done via the SSL tab in the settings section of your stores admin control panel.
How can I test my store will be ok before the deadlines?
PayPal have already made these security changes to their testing "Sandbox" environment. We recommend creating a sandbox account at https://developer.paypal.com and switching your PayPal module to Sandbox mode from your CubeCart admin control panel. It is then possible to make test purchases to check that payments work and order statuses update from "Pending" to "Processing" automatically.
That's it! No other changes should be of concern. Please be sure to contact our technical support staff if you are unsure at all.
Permalink | 14th March 2016 08:51
Having made numerous announcements via various channels since June 2015 our software license server has now been switched off.
This means that soon (if not already) the admin panel of your store will cease to function if;
- your store is powered by CubeCart 5.2.14 or below and still hasn't been patched via option 2 below.
- your store is powered by CubeCart 4.4.7 or below and still hasn't been patched via option 2 below.
CubeCart version 6 and version 3 are unaffected by the server switch off.
How can I tell which version I have?
This can be found in the ini.inc.php file in the root of your store file structure or in the dashboard section of your admin control panel if you can still access it.
There are two options available if the admin panel to your store has become locked out.
Upgrade to the latest build of version 6 (recommended), version 5 or version 4. Please find instructions on our helpdesk. The latest versions are all open source and do not call home to validate a software license key.
Download the latest build of the current version you are on and replace the admin.php file (found in the store's root folder) with the one from the newer package. This will bypass the software license system and your current store will continue to operate exactly as it was before.
All versions of CubeCart can be downloaded here: https://www.cubecart.com/download
How can I check that my store is no longer calling home?
Via your web hosting control panel or using an FTP client please delete the includes/extra/key.php file if it exists. Please then attempt to login to the admin side of your store. If it works then great, your store is independent and no further action is required. If you get a software license key error message your store is still trying to validate against our server and either option 1 or option 2 will need to be actioned.
We have done our very best to communicate this to all our clients over the last seven months via numerous channels. We are sincerely very sorry if you had not seen any of our notifications and your store admin panel has become locked out. At the time of writing this traffic to our license server has significantly dropped and few stores should be affected.
Can someone fix this for me?
Anyone with basic web master skills should be able to patch your store via option 2 above in just a few minutes. Our staff can provide assistance if you have either of the following:
Legacy Technical Support Credits
If you login or register at https://support.cubecart.com with the email address used to originally purchase your CubeCart version 4/5 software license key any existing credits on your account can be used.
- A monthly/annual technical support subscription.
More information about our technical support packages can be found at https://www.cubecart.com/technical-support
Permalink | 15th February 2016 09:10
Our software license server will be switched off at 9am (GMT) on Monday 15th February 2016.
Please refer to the following announcements:
Numerous other announcements have been made via Twitter and facebook and a bulk email has been sent to all customers with a legacy software license key (no longer sold).
Permalink | 5th February 2016 12:40
We are pleased to announce the availability of CubeCart 6.0.10 which fixes a couple of issues in 6.0.9 concerning error reporting and remote server requests.
Permalink | 21st January 2016 12:08
We are pleased to announce the availability of CubeCart 6.0.9 which is a maintenance release further improving stability and reliability.
- 73 issues have been resolved.
- redirect from admin/ to admin.php has been removed.
Permalink | 13th January 2016 10:55
I thought it would be appropriate to write a short piece to reflect on the successes of this year and to let you know our plans for CubeCart in 2016.
Statistics for 2015
- CubeCart has been downloaded 72,000 times (excludes web hosting auto installers).
- Well over 6,000 new CubeCart version 6 stores have been recognised.
- There have been 209 new extensions with over 48,000 downloads.
Moving to an open source model was not without risks and to switch from a business model that was already working to something calculated to be better was a big deal. CubeCart's future is dependant on the success of the company backing it and from the support of our highly valued developer community. We are pleased to say that after just six months the company started trading at a profit again. This is about 200% faster than we forecast. CubeCart is now in a period of sustained growth and we are looking forward to sharing the fruits of this with you.
What's new for 2016?
We intend to continue developing CubeCart under the free open source GPL 3.0 software license. In particular 6.0.9 will be made available in early January before our development roadmap for 6.1 is finalised. We'll also be hiring extra support technicians to join our small friendly team and plan to extend our businesses operational hours.
I'd like to personally thank all of our merchants and developers for helping to make 2015 such a fantastic year. I wish you all a very happy holiday and for all the best for 2016.
CEO/Founder CubeCart Limited
Permalink | 22nd December 2015 09:02
Due to the significant level of traffic our software license server is still receiving we have put off the software license system switch off until 15th February 2016.
Our staff will reach out to any stores that have still been logged calling the software license server over the next few weeks.
For more information please see the original announcement below:
Permalink | 4th December 2015 07:43
For more information please see our announcement from June 2015.
Permalink | 4th November 2015 09:32
We are pleased to announce the immediate availability of CubeCart 6.0.8. This is a maintenance release which includes three low risk security patches for issues
Permalink | 5th October 2015 14:25
We are thrilled to announce that the following three responsive skins have been chosen as the winners of our recent design competition. These are available to download now in the extension marketplace.
Developing a new theme is a massive amount of work and we would like to give a huge thanks to all those that entered.
1st place (winning £1,000) - Galaxy X Premium Skin
2nd place (winning £500) - Clean Skin
3rd place (winning £250) - Minimaliser
Permalink | 1st October 2015 11:16
We are aware that many of our merchants received a message today from PayPal concerning service upgrades.
PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
What do I need to do?
The good news is that you shouldn't need to do anything. Your CubeCart powered store should continue to work fine with your existing PayPal extension. For those who would like reassurance we have released new version of both the PayPal Standard and PayPal Pro & Express Checkout extension which has a new IPN test tool.
You can obtain the latest version of each extension below:
Once installed please navigate to the extensions configuration screen where you will find a "Test Endpoint" tool as shown in the screenshot below.
If you have any questions or concerns please do submit a technical support ticket.
Permalink | 11th September 2015 08:17
In the light of today's security announcement we have two new releases.
CubeCart 6.0.7 - This is a maintenance release with 88 issues resolved including a patch for today's security announcement.
CubeCart 5.2.17 - This only patches today's security announcement.
Both of these releases are now available in the download area of our website.
Permalink | 7th September 2015 11:02
A critical security vulnerability has been brought to our attention by Fernando Camara. If an administrator's email is known to a hacker it may be possible to take control of the account and have complete access to the store's control panel.
Affected Versions: 5.2.12 to 6.0.6
To patch please download the following files and replace them over your existing ones. It is then recommended to login and change all administrator passwords.
CubeCart 5.2.17 and 6.0.7 will be released later today patching this vulnerability.
Many thanks to Fernando for reporting this issue in such a responsible manner. At CubeCart we take security as our number one priority. We apologise sincerely to anyone who has been victimised by this issue. The issue was first reported to us at 12:50pm on Sunday 6th September and patches have been released in less than 24 hours.
Permalink | 7th September 2015 09:30
Permalink | 23rd June 2015 11:19
!!! THIS HAS BEEN DEFERRED UNTIL 15TH FEB 2016 !!!
In just over six month time (Monday 7th December) we will be switching off our software license key server. This means that the admin panel of your store will cease to function if;
- your current store is powered by CubeCart 5.2.14 or below.
- you current store is powered by CubeCart 4.4.7 or below.
CubeCart version 6 and version 3 will be unaffected.
How can I tell which version I have?
Please login to the admin side of your store. On the dashboard (the first page after login) there may be a "Store Overview" tab. Clicking this should show your specific version number. If this tab doesn't exist there should be a "Store Overview" box on the dashboard which shows the specific version number. Alternatively it is possible to find the version number in the ini.inc.php file which should be found in the root folder of your store.
If your store is powered by version 5 or version 4 and lower than the version numbers specified above please read on as action is required.
There are two options available.
Upgrade to version 6 (recommended), version 5.2.16 or version 4.4.8. Please find instructions on our helpdesk. This will bypass the software license system.
Download the latest version of the major version you are on (v4 or v5) and replace the admin.php file (found in the store's root folder) with the one from the newer package. This will bypass the software license system.
All versions of CubeCart can be downloaded here: https://www.cubecart.com/download
Permalink | 5th June 2015 09:19
We are pleased to announce the release of CubeCart version 6.0.5.
- 69 Resolved Issues
- Removed support for SSL on "Sensitive Pages Only".
- Optional field added for short description for products.
- Quick shipping quote on basket ("Foundation" skin only).
Screenshot below shows how shipping quote can be obtained before check out process is initiated.
Permalink | 1st June 2015 11:16
We are pleased to announce the release of CubeCart 6.0.3 and the subsequent release of 6.0.4. This is a maintenance release which has a number of bug fixes to improve stability.
Permalink | 23rd April 2015 12:06
EDIT: The deadline for entry has been extended to 1st September 2015
With the release of CubeCart v6 and its open source model our popularity is increasing rapidly. We want to celebrate this with a template design competition giving away some really generous cash prizes!
1st Prize: £1,000 GBP (approx $1,500 USD)
2nd Prize: £500 GBP (approx $750 USD)
3rd Prize: £250 GBP (approx $375 USD)
The brief is to develop a responsive CubeCart v6 theme that will work on small, medium and large devices. To qualify for the prize it must be added to our CubeCart Extensions Marketplace by July 1st 2015.
The prize draw will be judged by our staff on 1st August 2015. Reviews and user feedback will play an important role in our decision. Prizes will be paid out by CubeCart Limited in early August (UK company number 5323904).
How do I create a custom template for CubeCart v6?
We recommend downloading the latest build of CubeCart v6 here. Then follow stage 1 of our helpdesk article but using the "Foundation" skin (instead of the old "Vanilla" template) as a starting block for your design. This article was written for CubeCart v5 but the exact same process can be used for v6. There is no requirement to use "Foundation" as a starting block this is just a recommendation but if you do please refer to their documentation for support.
Can my skins be commercial or does it have to be free?
It can be free or commercial. That's up to you.
How do I receive the prize money?
All prizes will be paid via PayPal or bank transfer if UK based.
Can anyone enter?
Yes anyone at all from anywhere in the world can enter so long as the work submitted is yours or you have written permission to submit it on behalf of someone else.
Do you have any other tips?
If you can create sub colour themes it would be beneficial. Sub-themes can be defined in the config.xml file of the skins root folder.
How do people review my design and how will it be judged?
Once submit to the extensions marketplace it is possible to click a link to "Write Review" on its main listing page. User feedback and reviews here will play an important role in our decision. We can't promise that the review with the most feedback and highest rating will win but it will help us a great deal.
That's it.. I'd like to personally wish you all the very best of luck!
CEO/MD & Founder CubeCart
Permalink | 2nd April 2015 09:09
We are pleased to announce the arrival of CubeCart 6.0.2.
- Foundation Framework upgraded to 5.5.1
- Depreciated "Orbit" slider replaced with "BXSlider".
- Backup tool can now skip images and downloads files.
- Three new code hook locations.
- Low risk XSS security vulnerability patch.
- 40 GitHub issues resolved.
Permalink | 24th March 2015 13:53
It is of great pleasure to announce that CubeCart v6 final is now available to download. This means the beta testing period is over and it is considered ready for use in live environments. Since the first beta released approximately nine weeks ago 321 bug fixes and enhancements have been made.
I would like to give a huge thank you to all those who have been involved in the beta testing period as this would not have been possible without you.
- CubeCart v6 is Open Source and 100% Free!
- You can upgrade from v3, v4 & v5 to v6.
- Technical support plans are available for experienced web masters and those with little or no technical expertise at all.
- Developers can submit their extensions into the CubeCart >Extensions Marketplace.
- CubeCart v6 is ported from v5 which means existing v5 skins and extensions are forward compatible.
So... what are you waiting for?!
I'd like to personally wish you all the very best of success with your CubeCart powered store!
Al Brookbanks - CEO/Founder of CubeCart
Permalink | 10th March 2015 09:44
CubeCart 6.0.0b7 is now here. It has 41 bug fixes and feature enhancements. Many thanks to all those who have taken the time to report any issues found.
Permalink | 4th March 2015 12:59
CubeCart 6.0.0b6 is now here. It has 60 bug fixes and feature enhancements. It has been given a lighter and fresher look with expand/collapse memory added to the main navigation.
Permalink | 23rd February 2015 16:48
We are pleased to announce the release of CubeCart 6.0.0 Beta 5 which has 34 more issues resolved. 180 issue have been resolved since first beta which is an average of 45 per release.
Many thanks to all those who have reported and assisted with any issues found so far. If you do find a problem please help us by reporting them in our GitHub Issue tracker.
Download: CubeCart 6.0.0b5.zip
Permalink | 10th February 2015 16:26
We are pleased to announce the release of CubeCart 6.0.0 Beta 4. All reported bugs have been fixed and a number of enhancements have been made.
If you haven't tried v6 yet now is a great time to do so. It's very close to final but we need your help to find any remaining trivial bugs prior to this. At the time of writing this there are no bugs reported at all.
Thanks to everybody who have take time to report any issues found and for your continual support.
Download: CubeCart 6.0.0b4.zip