A new patch was released to address two separate vulnerabilities that were recently found. We have no reports of successful exploits of these vulnerabilities. Download the patch now and follow the instructions in the ReadMe document to apply it to your store. This is a very small patch, and can be applied in just a few moments.
This has been a rough week for the ProductCart community, with the recent announcement of this other important security patch. The vulnerabilities are completely unrelated, and the fact that they were reported around the same time is simply a coincidence. A case of “when it rains, it pours”.
Given the unusual circumstances of multiple vulnerabilities found within a relatively short amount of time, let us take a moment to share a few thoughts on software vulnerabilities, and on our commitment to address them.
Software vulnerabilities unfortunately can happen. On one side, there is no software development team that is 100% error free. On the other side, there are security issues that are unknown until they are actually found, and that therefore are hard to predict and prepare for. This helps explain why, for example, in a 2010 study, vulnerability intelligence solutions provider Secunia reported 96 vulnerabilities in Mozilla Firefox alone, and 380 vulnerabilities in the top-50 programs for just the first 6 months of 2010.
That said, we aim for software that is vulnerability free. We work as hard as we can to reach that goal. And you can rest assured that when a problem is found, we will fix it as soon as possible and let you know as soon as we can. Even if it means writing a blog post at 11:50 PM PST. Even if it means issuing a security patch shortly after another one.
Thanks for reading, and make sure to apply all of the recently announced security patches. You can find a full list here.