What is CubeCart?
Whether you are a retailer looking for an online store or a webmaster seeking an ecommerce solution for a client… CubeCart is a powerful free ecommerce solution enabling thousands of merchants globally to sell digital or physical products online.
"The tool to boost the selling for my website ... tested many, and this one was the best choise for me!"Mehdi Gahbiche
We are pleased to announce the release of CubeCart 6.1.5 which is available now. This is a maintenance release fixing a number of bugs further increasing stability.
We recommend navigating to Advanced > Maintenance then viewing the "Database" tab to look for any missing or incorrect indexes after your store has been upgraded to 6.1.5. Missing or incorrect database indexes can cause quite significant performance issues. Please use a tool such as phpMyAdmin to make any required changes or raise a ticket with our technical support department for official assistance.
Permalink | 13th February 2017 10:49
A security directory traversal vulnerability has been discovered in all version of CubeCart version 6. CubeCart version 6.1.4 has been release which patches this.
We recommend that all merchants upgrade to 6.1.4 or patch their store as soon as possible.
Manual Patch: https://github.com/cubecart/v6/commit/8f1ec4e87c58e60e7fd865eabc6a1ab2b721729c
We would like to pass on our warm thanks to all the staff at Japan Computer Emergency Response Team (JPCERT) Coordination Center for discovering this issue and for handling it so professionally.
Permalink | 23rd January 2017 10:11
An important security update is included with this release of CubeCart due to a remote code execution vulnerability found within the 3rd party phpMailer library. The phpMailer library is included in all releases of CubeCart from 5.0.0 and is responsible for the delivery of all store email.
How to patch without upgrading to 6.1.2
Please download CubeCart 6.1.2 and extract the archive. Delete your classes/phpMailer folder and replace it with the folder from 6.1.2. This patch will work for any version of CubeCart of 5.0.0 or higher.
What else is new?
- 70 Closed Issues
- Significant optimisations and stability upgrades to the database and file backup/restore tools.
- Auto assign of image uploads to products.
- Image folder create tool from add/edit product.
- Toggle view assigned/all images on product edit page.
Important Release Notes
From 6.1.2 CubeCart requires ZipArchive which replaces the old PclZip library which hasn't been developed since 2009. Please verify that your PHP configuration has ZipArchive support prior to upgrading. We have attached a PHP script (ziparchive-check.php) which can be used to verify prior to upgrade.
Permalink | 3rd January 2017 10:56
I'd like to wish everyone a very merry Christmas and happy New Year. Many thanks to all our customers for your business this year and I very much look forward to working with you and getting to know you more in 2017. I'd like to also offer a huge thank you to all those who have contributed their time to help improve CubeCart this year.
Christmas Office Hours
Sat 24th Dec - Closed
Sun 25th Dec - Closed
Mon 26th Dec - Closed
Tue 27th Dec - Closed
Wed 28th Dec - Open (9am - 5:30pm)
Thu 29th Dec - Open (9am - 5:30pm)
Fri 30th Dec - Open (9am - 5:30pm)
Sat 31st Dec - Closed
Sun 1st Dec - Closed
Mon 2nd Dec - Closed
Permalink | 20th December 2016 16:37
Permalink | 1st November 2016 14:44
We are excited to announce the release of CubeCart 6.1.0 which comes with a number of great new features.
- Dashboard notifications for extension updates (see upgrade notes).
- Font Awesome replaced with SVG in Foundation skin for optimisation with smaller page loads (up to 107KB smaller).
- SVG support for logo.
- Redis cache support.
- Automatic admin folder/file renaming on install for improved security (see upgrade notes).
- Automated admin file and folder renaming after auto/forced upgrade based on config values.
- Store email log with preview of rich and plain text version.
- Log retention (default 30 days).
- Reviews can be added via admin control panel.
- "Available for purchase" field added to import tool.
- Free shipping option for coupon codes.
- Smarty template engine updated to 3.1.30.
- Email content and template syntax validation on save.
- Improvements to front end catalogue search for partial word matches.
- Improvements to mail()/SMTP test tool.
- Unsettled orders tab improvements on dashboard for print, bulk print and status change.
- Merchants can now specify featured products.
- Bulk price update tool now includes quantity discounts and product options.
- Bulk product assign to category tool improved.
- Bulk price change tool separated from "assign to category" tool.
- "More" pagination memory on browser back button on front end of "Foundation" skin.
- Improved admin control panel file manager with drag and drop image uploads (powered by DropzoneJS).
- Misc bug fixes & tweaks.
Upgrading may (depending on write permissions) give you a new random admin login URL which is designed to enhance security. This has been developed to help prevent unwanted attention. Please make a note of this new path which will be shown under large bold red text on the final step of upgrade and update your bookmarks.
If you do not see this message the admin login URL will remain as it did before.
If you didn't see this message and the old admin login no longer loads the expected login page please check the included/global.inc.php file for the "adminFile" value and substitute this instead of the admin.php part of your old bookmark.
Notifications for extension updates will only occur once the store is at 6.1.0 and once existing extensions have been reinstalled via token method.
Permalink | 25th October 2016 10:24
The majority of merchants have already upgraded from version 5 to version 6. This upgrade is straightforward, reliable and version 6 is stable.
For this reason we will no longer release updates or support version 5 from 24th November 2016.
If you are still using version 5 then there is no reason not to upgrade to version 6. Your skin is compatible as are any existing plugins/extensions/modules.
Permalink | 24th August 2016 13:57
A seamless experience
The new checkout introduces the in-context user journey for PayPal Express Checkout, helping improve conversion rates with an easier way to pay online. The streamlined design speeds buyers through payment - without leaving your website - for a more secure and seamless checkout.
How to enable on CubeCart - https://www.cubecart.com/extensions/plugins/paypal-pro-express-checkout (1.1.3 or higher recommended)
Improves conversion rates
In-Context Checkout supports PayPal’s One Touch, which is an optional PayPal feature that allows buyers to complete purchases faster. When buyers log in to PayPal from a mobile device or from a desktop, tablet or laptop, they can choose to stay logged in to PayPal for easier, faster checkout with all eligible merchants. From that moment buyers will skip the PayPal login on future purchases across websites if they use the same device and browser. More info on http://www.paypal.com/onetouch
PayPal’s new checkout conversion rate outperforms its competitors by 36%, according to the 2016 comScore study (here).
Permalink | 15th August 2016 09:02
We are pleased to announce the release of CubeCart version 6.0.12.
- 37 issues resolved
- Increased minimum PHP version to 5.4 and MySQL to 5.5.
- Improved upgrade reliability for v3 & v4 image galleries.
- Dashboard exposure to recent marketplace extensions.
- Help menu access to technical support and community forums.
The screenshot below shows links to support, forums and display of most recent extensions.
Permalink | 16th June 2016 11:19
We are pleased to announce the release of CubeCart version 6.0.11. This is a maintenance release which includes three security updates.
Release notes: CKEditor has been upgraded from version 3 to 4. If the rich text editor fails to load from within the admin control panel please try a hard browser refresh or delete your temporary internet files.
Permalink | 16th March 2016 10:07
A number of our customer have received the following correspondence from PayPal concerning a rollout schedule for security updates this year. We wanted to address how these changes may affect your CubeCart store.
We recently announced several security upgrades planned for this year, some of which will require you to make changes to your integration. You’re receiving this email because your integration may need to be changed to accommodate these security upgrades.
What do I need to do? We’ve outlined the steps to take to ensure your integration is up to date. We’re letting you know about these changes now because we don’t want you to experience a disruption of service when they go into effect.
Step 1: Consult with someone who understands your integration. We encourage you to inform your technical staff of these upcoming changes.
Step 2: Understand how these changes affect your integration. Here’s a list of the security changes we’re making in 2016. Please review and determine if these updates are required on your side.
- SSL Certificate Upgrade to SHA-256
- TLS 1.2 and HTTP/1.1 Upgrade
- IPN Verification Postback to HTTPS
- IP Address Update for PayPal Secure FTP Servers
- Merchant API Certificate Credential Upgrade
- Discontinue Use of GET Method for Classic NVP/SOAP APIs
Step 3: Get the technical details on these changes. Detailed information of each of the changes and a location to test your integration are available on our 2016 Merchant Security Roadmap Microsite. Select the hyperlinks in the chart for information about specific change events.
Step 4: Make the appropriate changes by each “Act by” date*. It’s important to have your changes in place by the “Act by” date for each change event.
Step 5: Future-proof your integration. We recommend that you go through the Best Practices section on our 2016 Merchant Security Roadmap Microsite.
Why is PayPal making these changes?
Protecting customer information is PayPal’s top priority. We support industry standards, such as crypto-industry’s mandate to upgrade SSL certificates to SHA-256, and the Payment Card Industry (PCI) Council’s TLS 1.2 mandate. We also surpass those standards by investing and building some of the finest protection available. By addressing these changes this year, we believe it helps future-proof your integration and reduce the need to invest in changing your integration in the near future.
If you have any questions as you work through these changes, visit our Help Centre by clicking Help on any PayPal page.
Thank you for your support of our commitment to maintain the highest security standards for all of our global customers.
Which milestones will affect my store?!
TLS 1.2 and HTTP/1.1 Upgrade - Deadline June 17, 2016
To make sure that your CubeCart store continues to operate as normal please check that your web hosting is configured to have TLS 1.2 and HTTP 1.1 support. This can be done by looking at the "Server Info" or "PHP Info" area of your stores admin control panel. "OpenSSL" should have a value of 1.0.1 or higher. The screenshot below shows an example of what to be looking for. In this case the OpenSSL version is fine.
You can also test if TLS 1.2 is supported using a tool such as the SSL Server Test by Qualys. Visit: https://www.ssllabs.com/ssltest/
The screenshot below shows that HTTP 1.1 is also supported.
IPN Verification Postback to HTTPS - Deadline September 30, 2016
PayPal send information about payments back to your store via postback notification. From September 30th 2016 PayPal will no longer send this information back to standard insecure (http protocol) URL's. This means that if you do not already have SSL configured in your store for secure padlocked (https protocol) pages you will need to enable this. This has to be done in two stages;
- You'll need to source an SSL certificate. This is something that can normally be purchased from your web hosting company. It may be possible to save money by sourcing your own from somewhere like https://www.ssls.com but please check with your hosting company that SSL purchased from a 3rd party can be used. We are in no way affiliated to or associated with "Namecheap Inc" who operate ssls.com.
- SSL will need to be enabled in CubeCart. For CubeCart version 5 and version 6 this can be done via the SSL tab in the settings section of your stores admin control panel.
How can I test my store will be ok before the deadlines?
PayPal have already made these security changes to their testing "Sandbox" environment. We recommend creating a sandbox account at https://developer.paypal.com and switching your PayPal module to Sandbox mode from your CubeCart admin control panel. It is then possible to make test purchases to check that payments work and order statuses update from "Pending" to "Processing" automatically.
That's it! No other changes should be of concern. Please be sure to contact our technical support staff if you are unsure at all.
Permalink | 14th March 2016 08:51
Having made numerous announcements via various channels since June 2015 our software license server has now been switched off.
This means that soon (if not already) the admin panel of your store will cease to function if;
- your store is powered by CubeCart 5.2.14 or below and still hasn't been patched via option 2 below.
- your store is powered by CubeCart 4.4.7 or below and still hasn't been patched via option 2 below.
CubeCart version 6 and version 3 are unaffected by the server switch off.
How can I tell which version I have?
This can be found in the ini.inc.php file in the root of your store file structure or in the dashboard section of your admin control panel if you can still access it.
There are two options available if the admin panel to your store has become locked out.
Upgrade to the latest build of version 6 (recommended), version 5 or version 4. Please find instructions on our helpdesk. The latest versions are all open source and do not call home to validate a software license key.
Download the latest build of the current major version you are on (4.4.8 or 5.2.17) and replace the admin.php file (found in the store's root folder) with the one from the newer package. This will bypass the software license system and your current store will continue to operate exactly as it was before.
All versions of CubeCart can be downloaded here: https://www.cubecart.com/download
How can I check that my store is no longer calling home?
Via your web hosting control panel or using an FTP client please delete the includes/extra/key.php file if it exists. Please then attempt to login to the admin side of your store. If it works then great, your store is independent and no further action is required. If you get a software license key error message your store is still trying to validate against our server and either option 1 or option 2 will need to be actioned.
We have done our very best to communicate this to all our clients over the last seven months via numerous channels. We are sincerely very sorry if you had not seen any of our notifications and your store admin panel has become locked out. At the time of writing this traffic to our license server has significantly dropped and few stores should be affected.
Can someone fix this for me?
Anyone with basic web master skills should be able to patch your store via option 2 above in just a few minutes. Our staff can provide assistance if you have either of the following:
Legacy Technical Support Credits
If you login or register at https://support.cubecart.com with the email address used to originally purchase your CubeCart version 4/5 software license key any existing credits on your account can be used.
- A monthly/annual technical support subscription.
More information about our technical support packages can be found at https://www.cubecart.com/technical-support
Permalink | 15th February 2016 09:10
Our software license server will be switched off at 9am (GMT) on Monday 15th February 2016.
Please refer to the following announcements:
Numerous other announcements have been made via Twitter and facebook and a bulk email has been sent to all customers with a legacy software license key (no longer sold).
Permalink | 5th February 2016 12:40
We are pleased to announce the availability of CubeCart 6.0.10 which fixes a couple of issues in 6.0.9 concerning error reporting and remote server requests.
Permalink | 21st January 2016 12:08
We are pleased to announce the availability of CubeCart 6.0.9 which is a maintenance release further improving stability and reliability.
- 73 issues have been resolved.
- redirect from admin/ to admin.php has been removed.
Permalink | 13th January 2016 10:55
I thought it would be appropriate to write a short piece to reflect on the successes of this year and to let you know our plans for CubeCart in 2016.
Statistics for 2015
- CubeCart has been downloaded 72,000 times (excludes web hosting auto installers).
- Well over 6,000 new CubeCart version 6 stores have been recognised.
- There have been 209 new extensions with over 48,000 downloads.
Moving to an open source model was not without risks and to switch from a business model that was already working to something calculated to be better was a big deal. CubeCart's future is dependant on the success of the company backing it and from the support of our highly valued developer community. We are pleased to say that after just six months the company started trading at a profit again. This is about 200% faster than we forecast. CubeCart is now in a period of sustained growth and we are looking forward to sharing the fruits of this with you.
What's new for 2016?
We intend to continue developing CubeCart under the free open source GPL 3.0 software license. In particular 6.0.9 will be made available in early January before our development roadmap for 6.1 is finalised. We'll also be hiring extra support technicians to join our small friendly team and plan to extend our businesses operational hours.
I'd like to personally thank all of our merchants and developers for helping to make 2015 such a fantastic year. I wish you all a very happy holiday and for all the best for 2016.
CEO/Founder CubeCart Limited
Permalink | 22nd December 2015 09:02
Due to the significant level of traffic our software license server is still receiving we have put off the software license system switch off until 15th February 2016.
Our staff will reach out to any stores that have still been logged calling the software license server over the next few weeks.
For more information please see the original announcement below:
Permalink | 4th December 2015 07:43
For more information please see our announcement from June 2015.
Permalink | 4th November 2015 09:32
We are pleased to announce the immediate availability of CubeCart 6.0.8. This is a maintenance release which includes three low risk security patches for issues
Permalink | 5th October 2015 14:25
We are thrilled to announce that the following three responsive skins have been chosen as the winners of our recent design competition. These are available to download now in the extension marketplace.
Developing a new theme is a massive amount of work and we would like to give a huge thanks to all those that entered.
1st place (winning £1,000) - Galaxy X Premium Skin
2nd place (winning £500) - Clean Skin
3rd place (winning £250) - Minimaliser
Permalink | 1st October 2015 11:16
We are aware that many of our merchants received a message today from PayPal concerning service upgrades.
PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
What do I need to do?
The good news is that you shouldn't need to do anything. Your CubeCart powered store should continue to work fine with your existing PayPal extension. For those who would like reassurance we have released new version of both the PayPal Standard and PayPal Pro & Express Checkout extension which has a new IPN test tool.
You can obtain the latest version of each extension below:
Once installed please navigate to the extensions configuration screen where you will find a "Test Endpoint" tool as shown in the screenshot below.
If you have any questions or concerns please do submit a technical support ticket.
Permalink | 11th September 2015 08:17
In the light of today's security announcement we have two new releases.
CubeCart 6.0.7 - This is a maintenance release with 88 issues resolved including a patch for today's security announcement.
CubeCart 5.2.17 - This only patches today's security announcement.
Both of these releases are now available in the download area of our website.
Permalink | 7th September 2015 11:02
A critical security vulnerability has been brought to our attention by Fernando Camara. If an administrator's email is known to a hacker it may be possible to take control of the account and have complete access to the store's control panel.
Affected Versions: 5.2.12 to 6.0.6
To patch please download the following files and replace them over your existing ones. It is then recommended to login and change all administrator passwords.
CubeCart 5.2.17 and 6.0.7 will be released later today patching this vulnerability.
Many thanks to Fernando for reporting this issue in such a responsible manner. At CubeCart we take security as our number one priority. We apologise sincerely to anyone who has been victimised by this issue. The issue was first reported to us at 12:50pm on Sunday 6th September and patches have been released in less than 24 hours.
Permalink | 7th September 2015 09:30
Permalink | 23rd June 2015 11:19
!!! THIS HAS BEEN DEFERRED UNTIL 15TH FEB 2016 !!!
In just over six month time (Monday 7th December) we will be switching off our software license key server. This means that the admin panel of your store will cease to function if;
- your current store is powered by CubeCart 5.2.14 or below.
- you current store is powered by CubeCart 4.4.7 or below.
CubeCart version 6 and version 3 will be unaffected.
How can I tell which version I have?
Please login to the admin side of your store. On the dashboard (the first page after login) there may be a "Store Overview" tab. Clicking this should show your specific version number. If this tab doesn't exist there should be a "Store Overview" box on the dashboard which shows the specific version number. Alternatively it is possible to find the version number in the ini.inc.php file which should be found in the root folder of your store.
If your store is powered by version 5 or version 4 and lower than the version numbers specified above please read on as action is required.
There are two options available.
Upgrade to version 6 (recommended), version 5.2.16 or version 4.4.8. Please find instructions on our helpdesk. This will bypass the software license system.
Download the latest version of the major version you are on (v4 or v5) and replace the admin.php file (found in the store's root folder) with the one from the newer package. This will bypass the software license system.
All versions of CubeCart can be downloaded here: https://www.cubecart.com/download