Thanks James,
That's pretty much how I see it. I'd expect Sellerdeck as a professional organisation to be monitoring things like this that are going to come and bite them in the future and have a workaround plan in place in good time. It's a shame that Sellerdeck isn't showing a particularly proactive stance on this.
Mike
Announcement
Collapse
No announcement yet.
V18.1 Warning
Collapse
X
-
Hi Everyone,
James from Host-it here.
The Perl version in itself has been problematic for older Sellerdeck/Actinic versions for a while now but the issues of Sellerdeck utilising Crypt SSL and Net SSL are a bit more recent as they are modules being pulled from supported Operating Systems. Sellerdeck should be addressing some of these issues within their software as not only does it make sense from a compatibility side of things but also from a security standpoint (it's dealing with payments at the end of the day). Crypt::SSLeay alone is vulnerable to some well-known security issues - https://metacpan.org/pod/Crypt::SSLe...TBLEED-WARNING. Sellerdeck is a great and established piece of software that does need to be kept up to date.
If you are a customer of ours and there's no sign of Sellerdeck resolving these issues in the near future we do maintain a number of servers that do run older versions of Perl and the software involved just incase so please reach out to our support department if you need to.
Our hope is though that the developers step in and release much needed patches to ensure that the software works on up to date systems.
Regards
James
- 3 likes
Leave a comment:
-
re: security issues
Few years ago I did a security scan on all our sites... results showed issues - some "red". We had support at the time and some were resolved
Your Sage Pay's response was kind of funny and sad.
- 1 like
Leave a comment:
-
Originally posted by zgap111 View Post
Since host-it offers a specific Sellerdeck hosting package... I would have thought that the servers dedicated for Sellerdeck hosting should not be updated?
One option is to start moving the sites over to what they advertise as Sellerdeck hosting, but awaiting confirmation of the Perl on the site.
Whatever happens though I think it is poor for Sellerdeck to be so behind on the Perl used and do wonder if this presents any security issues.
Leave a comment:
-
It all looks worrying... we're with host-it also... but we will be stuck on v18.0.6 - so Paypal Express still works... and we don't use Sage Pay
Since host-it offers a specific Sellerdeck hosting package... I would have thought that the servers dedicated for Sellerdeck hosting should not be updated?
However, if this all fails... and we don't get past v18.0.6... this could be the final boot that kicks us off from using Sellerdeck...
Leave a comment:
-
Hi Mike,
Yes thinking about it I'm sure Sage pay would be an issue on previous versions.
I think PayPal may only be an issue on 18.1 as support advised that the new setup requires Crypt SSL and I still have PayPal working on a 18.05 site but failing on a 18.1 site.
Why would they release brand new software on outdated Perl that is not compatible with hosting providers and payment partners
- 1 like
Leave a comment:
-
Hi Jason,
Presumably the problem you're referring to is not limited to V18.1 as previous versions also rely on the same Perl functionality.
CPAN appear to be suggesting that Crypt::SSLeay and Net:SSL should be deprecated to make it clear that they should no longer be used.
Use of Net::SSL and Crypt::SSLeay is discouraged these days in favor of IO::Socket::SSL, and it usually causes things to break when trying to use modern SSL. The distribution should be marked deprecated to make this clearer to users.
Mike
Leave a comment:
-
V18.1 Warning
Having upgraded to V18.1 all was working fine.
Our host (Host-it) then upgraded the Perl on the site which is not compatible with some aspects of Sellerdeck.
Sellerdeck runs on an older version, so unless your server runs old versions of Perl your website may not function correctly.
The problem we are having is that Crypt SSL and Net SSL do not work on later versions of Perl. These are used for some of the payment partners to transfer the order to them.
In our case Sage pay (Opayo) and PayPal have now ceased to work completely.
This is the advice offered from each company.
Sage pay – change shopping cart as Sellerdeck software is outdated.
Host-it – move to an older server awaiting upgrade to buy limited time.
Sellerdeck – move to their server which is running the same outdated Perl
Anyone looking to upgrade to V18.1 you may wish to check with your hosting company that they can run older versions of Perl, or if Host-it ask when they will be upgrading your server.Tags: None
- 1 like
Leave a comment: