Zen Cart Security
Security patches and vulnerability handling process
The list of security patches for Zen Cart is here:
- 1.5.7/1.5.8 Address Security Patch (April 2024)
- Patch for 1.5.7/1.5.7a (November 2020)
- Notify Patch (July 2019)
- PHPMailer Patch (Dec 2016)
- Admin Privilege Escalation patches (12 May 2016)
- Trustwave patches (March 2016)
- High-Tech Bridge patches (Nov 2015)
- Curesec patch (Sept 2015)
- POODLE patches (Oct 2014)
All of these patches are included in the current release, so if you are running an older version, you should upgrade as soon as possible.
Plugin Security Patches
Please see Plugin Security Patches.
Getting Notified of Security Updates
Subscribing to release announcements is a great way to stay informed about new releases and security updates.
New Security Issues
If you believe you have found a security issue, please do not release your finding publicly; instead, follow the security reporting protocol.
Still have questions? Use the Search box in the upper right, or try the full list of FAQs. If you can't find it there, head over to the
Zen Cart support forum
and ask there in the appropriate subforum.
In your post, please include your Zen Cart and PHP versions, and a link to your site.
Is there an error or omission on this page? Please post to General Questions on the support forum. Or, if you'd like to open a pull request, just review the guidelines and get started.
You can even PR right here.
Last modified July 13, 2024 by Scott Wilson (d4fbc562).