MAIAN MEDIA

This is important if you are running Maian Cart on your servers. A severe vulnerability has been kindly reported to us by security advisor DreyAnd. The issue concerns the elFinder file manager plugin in Maian Cart and it affects all versions from 3.0 to 3.8. This issue will be made public in 2 weeks, so please update your installations. The issue enables a potential hacker to bypass the cart admin restrictions and execute a RCE (remote code execution) on your server. It should be considered high risk and be fixed immediately. If you are running a version older than 3.0, you are not affected. ... Full Article

Posted: Sun, April 11, 2021
Tags: Maian Cart, Critical Updates,

We are pleased to announce the release of Maian Cart v3.8, this updates a few libraries, fixes some bugs and updates the Authorize.net payment gateway. If you are using Authorize.net you must update your installation and update the signature key, which is generated in your Authorize.net control panel. Previously in Maian Cart this would have been the value of a MD5 hash, but this must now be an actual signature key. See the docs for assistance. Please do not just change the key in your existing installation, the core files must also be updated as they contain API changes related to the Authorize. ... Full Article

Posted: Fri, April 10, 2020
Tags: Maian Cart,

We are pleased to announce that v3.7 of Maian Cart has now been released. This includes some fixes, changes and library updates. Note that if you are using Stripe or Authorize.net, you need to update your installations to use the callback secret key (Stripe) or signature key (Authorize.net). See the docs for assistance. Also, Payza and Charity Clear are no longer supported as payment options. You can find the changelog and download info on the Maian Cart website. For upgrades, refer to the upgrade section in the docs. Website: https://www.maiancart.comChangelog: https://www.maiancart.com/changelog.htmlAs always, this is a free upgrade for commercial licence purchasers. ... Full Article

Posted: Mon, December 9, 2019
Tags: Maian Cart,

This update is now available. This fixes a couple of issues since the last version and adds support for the Stripe v3.0 API. Beginning September 14, 2019, PSD2 regulation will require Strong Customer Authentication (SCA) for many online payments made by European customers, to help reduce fraud. To ensure payments will not be declined, businesses will need to build an extra layer of authentication into online card payments, unless transaction-specific exemptions apply. If you use Stripe as your payment provider, you MUST update your installation before the deadline or else your payments may start getting declined. Previous versions of the Stripe library do not support SCA. ... Full Article

Posted: Thu, July 4, 2019
Tags: Maian Cart,

We are pleased to announce the release of Maian Cart v3.5. This is a maintenance update to fix a few bugs since 3.4. Changelog and information: https://www.maiancart.com/This also officially patches the system from the vulnerability mentioned here: https://www.maianmedia.com/critical-updatesYou have until around Dec 7 2018 before this is made public, so please patch your systems immediately if you haven’t already done so. If you prefer not to upgrade, simply follow the instructions in the zip file in the previous post for information. Thank you. Contact us or post on the forum if you aren’t sure. David (Lead Developer @ Maian Media) ... Full Article

Posted: Fri, November 9, 2018
Tags: Maian Cart,

A vulnerability in Maian Cart was recently reported to us by Martin Schophaus of https://mschop.dewhich could enable a malicious user to execute a SQL injection command via a forged ‘X-Forwarded-For’ header. This issue is not currently public and will not be made public for 30 days, so you have plenty of time to patch any affected systems. Our thanks to Martin for his sensitivity in this matter. It is important that you patch your systems NOW. As a precautionary measure we have updated similar code in other Maian systems to make sure they can not be attacked, so if you are using any commercial Maian product, you should do the following as soon as possible. ... Full Article

Posted: Wed, November 7, 2018
Tags: Maian Cart, Critical Updates,

This is a maintenance release mainly to update some libraries and add support for Paypal’s new IPN endpoints. If you are using Paypal you MUST install SSL for your store before June 2018 when Paypal switch off callbacks to none secure websites. If you don’t install SSL and you use Paypal, your store system will stop working in June. v3.4 of Maian Cart assumes SSL is installed. Also, password storage has been changed in v3.4. If you are upgrrading from a previous version, please read the upgrade documentation carefully, especially the section on passwords. v3.4 stores passwords differently than previous versions for better security. ... Full Article

Posted: Sat, March 10, 2018
Tags: Maian Cart,