Thanks James,

That's pretty much how I see it. I'd expect Sellerdeck as a professional organisation to be monitoring things like this that are going to come and bite them in the future and have a workaround plan in place in good time. It's a shame that Sellerdeck isn't showing a particularly proactive stance on this.

Mike

Hi Everyone,

James from Host-it here.

The Perl version in itself has been problematic for older Sellerdeck/Actinic versions for a while now but the issues of Sellerdeck utilising Crypt SSL and Net SSL are a bit more recent as they are modules being pulled from supported Operating Systems. Sellerdeck should be addressing some of these issues within their software as not only does it make sense from a compatibility side of things but also from a security standpoint (it's dealing with payments at the end of the day). Crypt::SSLeay alone is vulnerable to some well-known security issues - https://metacpan.org/pod/Crypt::SSLe...TBLEED-WARNING. Sellerdeck is a great and established piece of software that does need to be kept up to date.

If you are a customer of ours and there's no sign of Sellerdeck resolving these issues in the near future we do maintain a number of servers that do run older versions of Perl and the software involved just incase so please reach out to our support department if you need to.

Our hope is though that the developers step in and release much needed patches to ensure that the software works on up to date systems.

Regards

James

re: security issues

Few years ago I did a security scan on all our sites... results showed issues - some "red". We had support at the time and some were resolved

Your Sage Pay's response was kind of funny and sad.

My hosting was Pinbrook that was taken over by Host-it. I am on a multisite package and think over the years this has taken a different evolutionary route with the server that has now become an issue.

One option is to start moving the sites over to what they advertise as Sellerdeck hosting, but awaiting confirmation of the Perl on the site.

Whatever happens though I think it is poor for Sellerdeck to be so behind on the Perl used and do wonder if this presents any security issues.

It all looks worrying... we're with host-it also... but we will be stuck on v18.0.6 - so Paypal Express still works... and we don't use Sage Pay

Since host-it offers a specific Sellerdeck hosting package... I would have thought that the servers dedicated for Sellerdeck hosting should not be updated?

However, if this all fails... and we don't get past v18.0.6... this could be the final boot that kicks us off from using Sellerdeck...

Hi Mike,

Yes thinking about it I'm sure Sage pay would be an issue on previous versions.

I think PayPal may only be an issue on 18.1 as support advised that the new setup requires Crypt SSL and I still have PayPal working on a 18.05 site but failing on a 18.1 site.

Why would they release brand new software on outdated Perl that is not compatible with hosting providers and payment partners

Hi Jason,

Presumably the problem you're referring to is not limited to V18.1 as previous versions also rely on the same Perl functionality.

CPAN appear to be suggesting that Crypt::SSLeay and Net:SSL should be deprecated to make it clear that they should no longer be used.

It looks as if Sellerdeck really need to make the required changes to support this.

Mike