Why bother?

**Chandy** · 14 Dec 2011, 11:17 AM

What I don't see anywhere is a list of reasons why I should go to the trouble of upgrading from my seemingly stable 1.3.8a to 1.3.9h. What I do see is a list of convoluted and time-consuming steps, which may or may not cause a lot of headaches and loss of customisations.

What compelling reasons are there to go to the effort of upgrading from 1.3.8a to 1.3.9h?

Cheers.

**Design75** · 14 Dec 2011, 11:23 AM

How about safer shopping for your customers, and less risk of being hacked

**schoolboy** · 14 Dec 2011, 11:30 AM

1.3.8 has some serious vulnerabilities. This is NOT because it was a badly developed version, only that there is a constant game of leap-frog between the criminal hacking community, and the developers of software.

As soon as an exploit is developed by hackers and discovered to be in the public domain, responsible software developers work at blocking it.

Hence the constant upgrades and improvements.

Additionally, as operating software improves (php, MySql, Linux and Apache), so the user platform software should also upgrade in tandem.

You are running a severe risk of hacking if you persist with 1.3.8 - and believe me, it is a difficult, time-consuming and EXPENSIVE job to fix things after a hack.

Upgrading from 1.3.8 to 1.3.9h is relatively quick. MOST add-on modules that work on 1.3.8 will function on 1.3.9, but you will need to do some checking.

**gjh42** · 14 Dec 2011, 11:31 AM

Even if you have applied the security patches, v1.3.8a is vulnerable to a dedicated hacker, and if you haven't, any script kiddie can break into your store. There are no known security vulnerabilities in v1.3.9h.

**dgent** · 14 Dec 2011, 11:49 AM

IMO The best security patch for any Zencart is password protecting your admin directory at a server level..

..ironically if you look at any of the Zencart hack scripts on the public domain, they all check if the admin directory has changed its name, or is password protected. If its a yes to any of these, the script ends.

**Chandy** · 18 Dec 2011, 07:50 PM

My admin area is moved, of course. I might password it too after reading this thread. My front-end makes heavy use of url rewriting, which also has the benefit of protecting against a lot of the dodgy requests that are sent.

If there was a clear bug list somewhere that showed what was fixed in each version, or highlighted the main issues with each, then it might help. What is wrong with 1.3.8a that I need to seriously worry about?

**Design75** · 18 Dec 2011, 07:58 PM

There is.
If you go to http://www.zen-cart.com/forum/forumdisplay.php?f=2 you can read all the threads about the 1.39 releases and the fixes that were done, both bugs and security