Office Hours
Day Hours (GMT)
Bank Holidays Closed
Monday 9:00 - 17:30
Tuesday 9:00 - 17:30
Wednesday 9:00 - 17:30
Thursday 9:00 - 17:30
Friday 9:00 - 17:30
Saturday Closed
Sunday Closed
RSS Feed
Latest Updates
Jun
16
CubeCart 6.0.12 Released
Posted by on 16 June 2016 11:19 AM

We are pleased to announce the release of CubeCart version 6.0.12.

What's new?

  • 37 issues resolved
  • Increased minimum PHP version to 5.4 and MySQL to 5.5. 
  • Improved upgrade reliability for v3 & v4 image galleries.
  • Dashboard exposure to recent marketplace extensions.
  • Help menu access to technical support and community forums. 

Download: CubeCart-6.0.12.zip

The screenshot below shows links to support, forums and display of most recent extensions. 

Screen Shot 2016-06-16 at 11.20.46.png


Read more »



Mar
16
CubeCart 6.0.11 Released
Posted by on 16 March 2016 10:07 AM

We are pleased to announce the release of CubeCart version 6.0.11. This is a maintenance release which includes three security updates. 

What's new?

Release notes: CKEditor has been upgraded from version 3 to 4. If the rich text editor fails to load from within the admin control panel please try a hard browser refresh or delete your temporary internet files. 

Download: CubeCart-6.0.11.zip

We would like to thank both Netsparker and High-Tech Bridge Security Research Lab for responsibly sharing their security audit findings. 


Read more »



Mar
14
PayPal 2016 merchant security upgrades
Posted by on 14 March 2016 08:51 AM

A number of our customer have received the following correspondence from PayPal concerning a rollout schedule for security updates this year. We wanted to address how these changes may affect your CubeCart store. 

Quote

We recently announced several security upgrades planned for this year, some of which will require you to make changes to your integration. You’re receiving this email because your integration may need to be changed to accommodate these security upgrades.  

What do I need to do? We’ve outlined the steps to take to ensure your integration is up to date. We’re letting you know about these changes now because we don’t want you to experience a disruption of service when they go into effect.

Step 1: Consult with someone who understands your integration. We encourage you to inform your technical staff of these upcoming changes. 

Step 2: Understand how these changes affect your integration. Here’s a list of the security changes we’re making in 2016. Please review and determine if these updates are required on your side.

Step 3: Get the technical details on these changes. Detailed information of each of the changes and a location to test your integration are available on our 2016 Merchant Security Roadmap Microsite. Select the hyperlinks in the chart for information about specific change events. 

Step 4: Make the appropriate changes by each “Act by” date*. It’s important to have your changes in place by the “Act by” date for each change event.

Step 5: Future-proof your integration. We recommend that you go through the Best Practices section on our 2016 Merchant Security Roadmap Microsite. 

Why is PayPal making these changes?

Protecting customer information is PayPal’s top priority. We support industry standards, such as crypto-industry’s mandate to upgrade SSL certificates to SHA-256, and the Payment Card Industry (PCI) Council’s TLS 1.2 mandate. We also surpass those standards by investing and building some of the finest protection available. By addressing these changes this year, we believe it helps future-proof your integration and reduce the need to invest in changing your integration in the near future.

If you have any questions as you work through these changes, visit our Help Centre by clicking Help on any PayPal page.

Thank you for your support of our commitment to maintain the highest security standards for all of our global customers.

 

Which milestones will affect my store?!

TLS 1.2 and HTTP/1.1 Upgrade -  Deadline June 17, 2016
To make sure that your CubeCart store continues to operate as normal please check that your web hosting is configured to have TLS 1.2  and HTTP 1.1 support. This can be done by looking at the "Server Info" or "PHP Info" area of your stores admin control panel. "OpenSSL" should have a value of 1.0.1 or higher. The screenshot below shows an example of what to be looking for. In this case the OpenSSL version is fine. 

Screen Shot 2016-03-14 at 08.15.58.png

You can also test if TLS 1.2 is supported using a tool such as the SSL Server Test by Qualys. Visit: https://www.ssllabs.com/ssltest/

The screenshot below shows that HTTP 1.1 is also supported. 

Screen Shot 2016-03-14 at 08.30.56.png

IPN Verification Postback to HTTPS -  Deadline September 30, 2016

PayPal send information about payments back to your store via postback notification. From September 30th 2016 PayPal will no longer send this information back to standard insecure (http protocol) URL's. This means that if you do not already have SSL configured in your store for secure padlocked (https protocol) pages you will need to enable this. This has to be done in two stages;

  1. You'll need to source an SSL certificate. This is something that can normally be purchased from your web hosting company. It may be possible to save money by sourcing your own from somewhere like https://www.ssls.com but please check with your hosting company that SSL purchased from a 3rd party can be used. We are in no way affiliated to or associated with "Namecheap Inc" who operate ssls.com.
  2. SSL will need to be enabled in CubeCart. For CubeCart version 5 and version 6 this can be done via the SSL tab in the settings section of your stores admin control panel. 

How can I test my store will be ok before the deadlines?

PayPal have already made these security changes to their testing "Sandbox" environment. We recommend creating a sandbox account at https://developer.paypal.com and switching your PayPal module to Sandbox mode from your CubeCart admin control panel. It is then possible to make test purchases to check that payments work and order statuses update from "Pending" to "Processing" automatically.

That's it! No other changes should be of concern. Please be sure to contact our technical support staff if you are unsure at all.


Read more »



Feb
15
Software License System Switched Off
Posted by on 15 February 2016 09:10 AM

Having made numerous announcements via various channels since June 2015 our software license server has now been switched off.

This means that soon (if not already) the admin panel of your store will cease to function if;

  • your store is powered by CubeCart 5.2.14 or below and still hasn't been patched via option 2 below.
  • your store is powered by CubeCart 4.4.7 or below and still hasn't been patched via option 2 below.

CubeCart version 6 and version 3 are unaffected by the server switch off.

How can I tell which version I have?
This can be found in the ini.inc.php file in the root of your store file structure or in the dashboard section of your admin control panel if you can still access it.

There are two options available if the admin panel to your store has become locked out.

Option 1:
Upgrade to the latest build of version 6 (recommended), version 5 or version 4. Please find instructions on our helpdesk. The latest versions are all open source and do not call home to validate a software license key.

Option 2:
Download the latest build of the current version you are on and replace the admin.php file (found in the store's root folder) with the one from the newer package. This will bypass the software license system and your current store will continue to operate exactly as it was before.

All versions of CubeCart can be downloaded here: https://www.cubecart.com/download

How can I check that my store is no longer calling home?
Via your web hosting control panel or using an FTP client please delete the includes/extra/key.php file if it exists. Please then attempt to login to the admin side of your store. If it works then great, your store is independent and no further action is required. If you get a software license key error message your store is still trying to validate against our server and either option 1 or option 2 will need to be actioned.

We have done our very best to communicate this to all our clients over the last seven months via numerous channels. We are sincerely very sorry if you had not seen any of our notifications and your store admin panel has become locked out. At the time of writing this traffic to our license server has significantly dropped and few stores should be affected.

Can someone fix this for me?
Anyone with basic web master skills should be able to patch your store via option 2 above in just a few minutes. Our staff can provide assistance if you have either of the following:

  • Legacy Technical Support Credits
    If you login or register at https://support.cubecart.com with the email address used to originally purchase your CubeCart version 4/5 software license key any existing credits on your account can be used.
  • A monthly/annual technical support subscription.

More information about our technical support packages can be found at https://www.cubecart.com/technical-support


Read more »



Feb
5
Reminder: Software License Switch Off (15/Feb/16)
Posted by on 05 February 2016 12:40 PM

Our software license server will be switched off at 9am (GMT) on Monday 15th February 2016.

Please refer to the following announcements:

Numerous other announcements have been made via Twitter and facebook and a bulk email has been sent to all customers with a legacy software license key (no longer sold). 


Read more »