Version 3.2.2 and Security Patch SC101022

**Jamie** · October 22nd, 2010 10:49 AM

Version 3.2.2 has been released to address a Blind SQL Injection vulnerability in versions 3.0.0 - 3.2.1. It also includes all bug fixes to date, and support for the PayWay Net payment gateway.

You can download v3.2.2 on our Downloads page if your download access is current:
http://www.squirrelcart.com/downloads.php

If your download access is not current, you can renew it for a year by purchasing a Download Renewal:
http://www.squirrelcart.com/products/download-renewal

The security patch SC101022 is available on our Downloads page regardless of your download status, free of charge. It can be applied to versions 3.0.0 - 3.2.1.

**pdunton** · October 22nd, 2010 11:42 AM

I see that the code to "set required field indicator" and "set missing field indicator" has been dropped from the patch.

Is this intentional?

**Jamie** · October 22nd, 2010 11:51 AM

Yes, but it has nothing to do with the security patch. Those fields weren't being used.

**Codelizard** · February 6th, 2011 06:56 PM

Jamie,

Sorry to dig up old hat, just trying to cover my own rear

Does the above fix cover this security bulletin?

http://securityreason.com/wlb_show/WLB-2010100094

**Jamie** · February 7th, 2011 09:31 AM

Yes, it does.

Thread: Version 3.2.2 and Security Patch SC101022

Thread Tools

Rate This Thread

Display

Version 3.2.2 and Security Patch SC101022

Missing lines question

Thread Information

Users Browsing this Thread

Posting Permissions