FaxStore Changelogs


Weblutions Documentation > FaxStore Changelogs > 2.x.x > 2.6.4 - Security Release

2.6.4 - Security Release

This update resolves two security issues identified by users on FaxStore. It is highly recommended to update to this version to resolve these risks on your store.

These security risks don't expose any data. See the security report - https://weblutions.com/u/lpEHEQ.pdf

This updates resolves a security risk during checkouts. It's highly recommended to update to this version.

  • Fixed an issue where payment receipts were not generating - #2188
  • Fixed an issue in the recently added addDiscordRole and removeDiscordRole events which caused a 404 Discord error
  • Fixed an issue with Order item types would display differently when editing the listing - #2189
  • Investigated a possible error coming from the new Discord bot builder, this was dismissed - #2190

SECREP; Stripe Return Bypass

As mentioned in the released FaxStore Security Issue Notification an issue where Stripe payments could be bypassed has been resolved in this build. We can confirm this only effected Stripe checkouts and not PayPal and Square.

Thank you to user giga.nixx for reporting this issue to Weblutions, we'll be in contact with this user for a cash reward as per our Security Task Force page.

Our internal & detailed security report on this issue will be released to our customers in Discord after everyone is given a reasonable amount of time to update.

SQL Syntax Injection

We also resolved an internal SQL injection issue. Luckily this isn't exposed publicly and gives no risk to stores unless a OWNER permission level user were to use it in a store settings page form.

Related Articles

Suggest an edit

Review this page


1 recommend this page