osCommerce 2.2 Milestone 2
12th July 2003 by Harald Ponce de LeonWe proudly present the immediate availability of the second milestone release of osCommerce 2.2, which is on demonstration at the LinuxTag 2003 event in Karlsruhe, Germany.
The Milestone 2 release contains numerous updates to strengthen the security on both client and server side of operations.
The "Security and Privacy Proposal" was realized to strengthen security on the client side, whos main purpose is to protect the clients session ID. This includes a 'force cookie usage' feature which prevents the session ID from appearing on the url, a feature to prevent search engine spiders from generating session IDs which were stored as part of their index, and client IP address, browser (user agent), and secure session ID (for SSL servers) verification.
The "Strip and Parse Proposal" and security audit updates were realized to strengthen the security on the server side, which includes parsing all user input for storage and display purposes, and having removed most PHP notice messages when error reporting has been set to 'E_ALL'.
Numerous layout changes have also been made throughout the Catalog to improve the user interface and experience for the customer, and the Installation and Update module has been updated with a new theme layout for a more simplified procedure for store administrators.
Shared SSL servers are now properly supported, with the possibility to fine tune session and cookie related parameters for both normal HTTP server and secure HTTPS servers.
We'd like to thank the community for the continuing support, with each Milestone release more exciting than the last release, we look forward to bringing you the remaining Milestone releases that will lead to a finalized and rock solid 2.2 release.
A complete feature guide for osCommerce 2.2 will be presented when osCommerce 2.2 is finalized and released to the public.
The latest milestone releases can be downloaded at:
The public Workboard is available at:
Keeping up to date with the projects progress can be done via the Weekly Summary reports at:
This announcement can be discussed at the community support forums here: