• Bug Reports, Security, Contributions, Philosophy

    An updated version of this page can be found at: https://docs.zen-cart.com/user/about_us/bug_reporting/

    Bug Reports

    Zen Cart takes bug reports seriously, and endeavors to find resolutions to them immediately. You'll observe that we tend to post solutions for bugfixes as soon as we have them. This does not always mean a new "release", unless there is something fairly major. Patches are issued sparingly in the interest of keeping code both manageable and still current.

    Security Reports

    Zen Cart takes security issues VERY seriously. Whenever a true security risk is discovered, a fix is posted immediately, using whatever means is most appropriate. We appreciate hearing (privately) from the community about any security exploit risks found in Zen Cart code. We would rather hear about the situation privately so we can respond publicly with a fix for everyone.This helps keep existing shops safe without advertising the risk to would-be hackers etc. Send reports including proof of concept to security [AT] zen-cart [DOT] com.

    Contributions

    Zen Cart is open-source. As such, the intent is that it is extensible. The core of Zen Cart is intended to support a very diverse range of users; however, it is not intended to suit "everyone's" needs directly. Instead, we endeavor to continually make the code more adaptable and able to be enhanced by way of community-contributed/supported plug-in's that can be added to Zen Cart with minimal difficulty. In this regard, we encourage community contributions.

    We recognize that contributions are typically created with the aim of solving one's own individual business challenges, and are not generally written to benefit "everyone". We are also aware that contributions are written with varying degrees of skillsets and comprehension of overall code. Thus, we continue to attempt to make it possible to "plug in" without having to alter core code if possible. Not every situation is perfect, but we keep growing in this area.

    It's also important to note that community-supplied contributions are written at a certain point in time and are not always compatible with future or earlier versions of Zen Cart. This is a challenge with any community-supported project. Our new contributions section attempts to help minimize the confusion in this by separating contributions based on the version of Zen Cart for which they were initially written.
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR