News
Jan
19
PHPMailer Security Advisory
Posted by David Stanley on 19 January 2017 04:07 PM

Security Announcements

PHPMailer Security Advisory

Exploit type: Remote Code Execution in third-party PHPMailer library
CVE Numbers: CVE-2016-10033 and CVE-2016-10045
Severity: High

Description
All versions of the third-party PHPMailer library which is distributed with IXXO Cart are vulnerable to a remote code execution vulnerability.
This is patched in PHPMailer 5.2.20. At this time we do not believe the deficiency in PHPMailer is exposed in IXXO Cart due to our own validation of user input. Furthermore, the vulnerability requires being able to pass user input unfiltered to a message's "from" address, which in IXXO Cart is only defined within the admin configuration and only accessible to a trusted admin user.
Irrespective of the known protections in the IXXO Cart product, this CVE represents a serious issue for PHPMailer. Therefore to mitigate any undiscovered risk or risk to 3rd party extensions using PHPMailer directly, we are releasing updates for all versions of IXXO Cart in active and long term support to provide the latest PHPMailer library version 5.2.21.

Solution
No action required for IXXO Cart users that are using the latest version.
The updated library is included in the new version and additional mechanisms exist in IXXO Cart core to prevent triggering the vulnerability.
All IXXO Cart users are advised to upgrade their installations to the latest version of IXXO Cart (6.17.1.3) or newer ASAP.

Releases
Upgrade to the latest version of IXXO Cart (6.17.1.3)


Read more »



Oct
25
New Responsive Template
Posted by Thomas Burscheid on 25 October 2016 04:32 PM

We are pleased to announce the release of the "IONIAN" responsive template for the IXXO Multi-Vendor Standalone edition. Each of our new templates is fully customizable and offers a variety of enhanced eCommerce features that are designed to help grow your online marketplace.

Using Html5, CSS3 with motion effects and svg graphics the IONIAN combines speed and modern UX design to impress your visitors!
So not only will your marketplace get the premium makeover it deserves, it will also operate faster and more efficiently than ever before!

 

ixxo multi vendor ionian template


Read more »



Sep
22
IXXO Multi-Vendor Version 6.16.10.1 Released
Posted by David Stanley on 22 September 2016 02:27 PM

Version 6.16.10.1 Change Log

6.16.10.1 Current Release Date: 26 Sep. 2016

# Change Log

Applies to IXXO Multi-Vendor Standalone and IXXO Multi-Vendor WordPress Plugin

All notable changes to IXXO Multi-Vendor Platform will be documented here

## UPDATED

Version 6.16.10.1 

  • core 2016-0704 Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0705 Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0706 Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0708 Added to Paypal Adaptive Subscriptions an option to specify the Ending Date
  • core 2016-0708 New Module added for vendor registration
  • core 2016-0713 Fixed an issue with the currency icon - aegean template
  • core 2016-0718 Shipping module completely recoded
  • core 2016-0719 Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0720 Added an option to the categories bulk upload feature to specify the HOME Page Categories
  • core 2016-0721 Home categories module updated 
  • core 2016-0723 Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0725a Email titles updated (email multi-language enhancements) 
  • core 2016-0728 Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0728a Added an option to the product bulk upload to specify the product dimensions
  • core 2016-0729 Fixed a smarty template issue
  • core 2016-0729b Added PHP 7.x Compatibility
  • core 2016-0801 Updated product fields charset (multi-language support)
  • core 2016-0803 Several improvements and enhancements to the Product Bulk Update feature 
  • core 2016-0807 Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0810 Fixed an issue with the user shipping tracking number in order details
  • core 2016-0811 Fixed an issue with the admin order invoice template note
  • core 2016-0812 Mobile template enhancements (order details)
  • core 2016-0812b Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0812c All language files updated
  • core 2016-0813a Mobile Template improvements
  • core 2016-0813b Improved Notification Emails
  • core 2016-0818a Updated Google maps API
  • core 2016-0820a Billing field enhancements and fixes 
  • core 2016-0823 Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0824a Added Product Auctions support
  • core 2016-0825a Turkish translation additions and improvements to client area
  • core 2016-0825b Portuguese translation additions and improvements
  • core 2016-0825c Arabic translation additions and improvements 
  • core 2016-0801a Fix handling of emails where subject contains a non-existent language strings
  • core 2016-0826 Product Bulk Upload fixes and enhancements
  • core 2016-0827a Added an option to the search module to limit number of products displayed
  • core 2016-0827b Auctions feature enhancements in catalog pages
  • core 2016-0829a Fixed an issue with the categories in product bulk upload
  • core 2016-0829b Auctions - fix for markup and missing token on ended auctions
  • core 2016-0830a Fixed an issue with the shipping dates
  • core 2016-0830b Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0902a Fixed an issue with order id's in allyos template
  • core 2016-0902b Misc fixes and admin dashboard text corrections
  • core 2016-0903a Added an option for vendor product attributes on frontend vendor dashboard 
  • core 2016-0903b Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-0905 Prevent hidden configurable options from showing up in client order summary
  • core 2016-0908 GlobalSign SSL: Update module port to new 4.x API
  • core 2016-0909a Payment status localized front-end
  • core 2016-0916 Gaia Template Enhancements
  • core 2016-0918 Compatibility Updates for PHP 7

IXXO Multi-Vendor 6.16.10.1 requires PHP 5.5 or later. If you are running any versions earlier than PHP 5.5, you must upgrade PHP before attempting to upgrade to version 6.16.10.1. IXXO Multi-Vendor 6.16.10.1 also requires ionCube Loader v5.0.21 or later.


Read more »



Jun
29
IXXO Multi-Vendor Version 6.16.7.7 Released
Posted by David Stanley on 29 June 2016 12:09 AM

Version 6.16.7.7 Change Log

6.16.10.1 Next Release October 2016 Major release 
6.16.7.7 Current (Released on 28 June. 2016) Major release

# Change Log

All notable changes to IXXO Multi-Vendor Platform will be documented here

## UPDATED

Version 6.16.7.7

  • core 2016-06-18 06 08 10 17 - Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • new feature 2016-06-20a Added an option to user groups to display group specific categories
  • new feature 2016-06-20b Added an option to specify product markup for user groupsmarkup
  • new feature 2016-06-20b Product Tags multi languages. Allows to setup product tags in all languages
  • core 2016-06-22 Template enhancements (aegean, allyos, flaty, flaty-loose, flaty-shine, gaia, symfono, symvoli, symvolico)

Version 6.16.7.6

  • new feature 2016-06-15a Added an option to enable rotation for product images (exif support)
  • core 2016-06-15b Reward points enhancements
  • new feature 2016-06-16a Reward points for vendor payments

Version 6.16.7.5

  • core 2016-06-14c Several enhancements to the product groups functionality

Version 6.16.7.4

  • core 2016-06-07 Enhancements to paginations tags and mfs
  • new feature 2016-06-10 Reward points feature recoded
  • core 2016-06-11a Removed reward points privilege from vendor dashboard
  • new feature 2016-06-11b Added returns and refunds policy in vendor invoice email notifications
  • core 2016-06-11c Vendor product tags updated
  • core 2016-06-14a Fixed an issue with the reward points count in one page checkout (OPC)

Version 6.16.7.3

  • core 2016-05-20 API feature reloaded version 1
  • new feature 2016-05-25 Option to display orphaned vendor tax rates
  • core 2016-05-25a Fixed an issue with the allyos template in vendor home (vendor info)
  • new feature 2016-05-26a Force visitors to create an account before they can view the site
  • core 2016-05-26b Fixed an issue with the URL id's
  • core 2016-06-02 Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-06-03 Product tags reloaded
  • core 2016-06-06 Fixed an issue with the product tags

Version 6.16.7.2

  • new feature 2016-05-13a Context help v1 (added a link in admin area for instant help)
  • new feature 2016-05-14a Context help v2 (added a link in admin area for instant help)
  • new feature 2016-05-14b Context help v3 (added a link in admin area for instant help)
  • new feature 2016-05-16a Payfort Payment Gateway added
  • core 2016-05-17a Form fields reloaded
  • core 2016-05-17b Several tax enhancements
  • core 2016-05-18b Template enhancements (aegean, allyos, flaty, flaty-loose, flaty-shine, gaia, symfono, symvoli, symvolico)

Version 6.16.7.1

  • core 2016-04-28c USPS Shipping updated
  • core 2016-04-29a Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-05-03a UPS standard shipping option added
  • core 2016-05-03b USPS priority international changes
  • core 2016-05-03c Product attributes updated
  • core 2016-05-04a Affiliate plugin updated
  • core 2016-05-04b Product and vendor reviews updated
  • core 2016-05-04c Product reviews updated
  • new feature 2016-05-06a Coupon codes reloaded
  • core 2016-05-06b Template enhancements (aegean, allyos, digi, flaty, flaty-loose, flaty-shine, gaia, player, symfono, symvoli, symvolico, tempo)
  • core 2016-05-07a Fixed an issue with Canada post weight feature
  • core 2016-05-07b Fixed an issue with coupon codes
  • new feature 2016-05-10a Content pages reloaded
  • core 2016-05-10b User address book enhancements
  • core 2016-05-10c Browse users enhancements
  • core 2016-05-11a Pickup at store - fixed the international shipping error
  • core 2016-05-12a Fixed a Javascript issue with shipping 

 


Read more »



Apr
29
IXXO Multi-Vendor Version 6.16.6.1 Released
Posted by David Stanley on 29 April 2016 03:37 AM

Version 6.16.6.1 Change Log

6.16.6.1 Current (Released on 28 April. 2016) Major release

# Change Log

All notable changes to IXXO Multi-Vendor Platform will be documented here

## UPDATED

Version 6.16.6.1

  • core-20160420a - Updated email subscribers mail format selection
  • core-20160421a - Added an option for product catalog default items on page
  • core-20160422a - Updated email subscriber management list
  • core-20160423a - Added new fields to order invoice in admin area
  • core-20160425a - Added new fields to the One Page Checkout
  • core-20160425c - All templates Updated
  • core-20160426a - New fields added to the user and vendor payment info payment info
  • core-20160426b - Fixed an issue with the attributes
  • core-20160426c - Changed the style of file attachments in admin area
  • core-20160426d - Updated the global attributes feature
  • core-20160427a - All templates updated
  • core-20160427b - Fixed an issue with the attributes options
  • core-20160428a - All templates updated
  • feature-20160428b - Enhanced the global attributes feature
  • feature-20160427f - Added new options to the file attachments admin area
  • feature-20160425b - Added new import options to import email subscribers
  • feature-20160427c - Added the Express Checkout to the Quick View

Read more »