Patch releases available for KonaKart – study the accompanying patch release notes in each case.
By downloading any of the patches, you agree to be bound by the license.
Fix CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 Log4j security vulnerabilities for v 8.7.0.0 – v 9.4.0.1
Patch to fix the CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 Log4j security vulnerabilities, the logging libraries that is shipped with KonaKart. Please review Log4J2-Patch-Instructions.txt (inside the zip) for detailed instructions.
| Log4J2-Patch – 8.7.0.0 – 9.0.0.0 | Log4J2-Patch-8.7.0.0-9.0.0.0.zip |
| Log4J2-Patch – 9.2.0.0 – 9.4.0.1 | Log4J2-Patch-9.2.0.0-9.4.0.1.zip |
Note for versions earlier than 8.7.0.0 – Since Log4J2 is not present in these versions, we recommend that you follow the instructions on the official Log4J2 page (which you can find here) regarding the CVE-2021-44228 vulnerability, and check that there is no JMSAppender configured in your KonaKart logging configuration. If none are found, your KonaKart instance is not affected by these vulnerabilities. We strongly recommend that you update your KonaKart to the latest version as soon as possible, as Log4j 1.x it is no longer maintained.
Fix Birtviewer vulnerability for v 8.0.0.0 – v 9.4.0.0
Patch to fix a security vulnerability that affects BIRT, the reporting component that is shipped with KonaKart. Please review BIRTViewer-Patch-Instructions.txt (inside the zip) for detailed installation instructions.
| BIRTViewer-Patch – 8.0.0.0 – 8.8.1.0 | BIRTViewer-Patch-8.0.0.0-8.8.1.0.zip |
| BIRTViewer-Patch – 8.9.0.0 – 9.0.0.0 | BIRTViewer-Patch-8.9.0.0-9.0.0.0.zip |
| BIRTViewer-Patch – 9.2.0.0 – 9.4.0.0 | BIRTViewer-Patch-9.2.0.0-9.4.0.0.zip |
Note for versions earlier than 8.0.0.0 – we recommend that you remove the birtviewer webapp to eliminate the vulnerability and plan to upgrade KonaKart as soon as possible. If reporting is important you should can retain the birtviewer webapp and configure the system so that the birtviewer webapp is only accessible to the trusted audience and not exposed to the wider Internet.
Restrict Types of Upload Files for v 8.9.0.0
| Patch to restrict the types of files that can be uploaded with the Admin Console | KonaKart-AdminApp-8.9.0.0.17263.zip (2915KB) |
As an aid to security this patch restricts the file types that can be uploaded using the Admin Console. By default, for image uploads, it will only allow you to upload files with the following extensions: gif, jpg, jpeg and png. Please review AdminAppPatchReadme.txt (inside the zip) for more details and installation instructions.
Stop Auto-Completion by Recent Browsers for v 8.8.1.0 – v 8.9.0.0
| Patch to Stop Auto-Completion by Recent Browsers – for v8.9.0.0 | KonaKart-AdminApp-8.9.0.0.17237.zip (2877KB) |
| Patch to Stop Auto-Completion by Recent Browsers – for v8.8.1.0 | KonaKart-AdminApp-8.8.1.0.17237.zip (2852KB) |
Recent browsers have started populating input fields with stored values which is causing problems in the Admin Console. This patch prevents these input fields being populated by the browsers inside the Admin Console. The zips contain a file called AdminAppPatchReadme.txt that describes how to apply this patch.
Installing KonaKart as a Windows Service for v 8.8.0.0 – v 8.9.0.0
| Windows Service Installation Patch | WindowsServiceInstallation.zip (1028KB) |
This patch contains files that are required to install KonaKart as a Windows Service. Unzip the contents into the bin directory of your KonaKart installation then follow the instructions in the User Guide for installing KonaKart as a Windows Service.
Struts Patch for v 6.6.0.0 – v 8.5.0.2
| Struts Security Patch | struts2-core-kk-2.3.8.zip (794KB) |
| Struts Security Patch (for Java 6) | struts2-core-kk-2.3.8-J1.6.zip (794KB) |
This fixes CVE-2017-5638 – Apache Struts2 S2-045
Only relevant if you use the Struts2-based storefront introduced in v 6.6.0.0. This patch contains a replacement for the struts2-core-kk-2.3.8.jar used in versions of KonaKart between v 6.6.0.0 and 8.5.0.2. Replace the struts2-core-kk-2.3.8.jar (in the konakart/WEB-INF/lib directory) with the struts2-core-kk-2.3.8.jar file inside the zip (or the struts2-core-kk-2.3.8-J1.6.jar file if you are using Java 6).
Currency Formatting in Example Reports for v 8.5.0.0 – v 8.5.0.2
| Currency Formatting in Reports | ReportsCurrencyFormatting.zip (12KB) |
Only relevant if you do not use a thousands separator in your currency formatting definition. Replace the konakartadmin_reports-8.5.0.2.jar in the zip file with the one in the webapps/birtviewer/WEB-INF/lib directory.
Saving Role Privileges Patch for v 8.5.0.0
| Saving Role Privileges from the Admin Console Patch | SavingRolePrivileges.zip (903KB) |
Only relevant if you are running in multi-store mode and not sharing customers between stores. The patch allows role privileges to be saved correctly in this mode from the Administration Console. The patch consists of a replacement konakartadmin-8.5.0.0.jar.
Catalog Pricing – Single Attribute Products Patch for v 8.3.0.0
| Catalog Prices Creation Patch | Contact Us To Obtain this Patch |
Only relevant if you use catalog pricing and have products with single attributes or with tiered pricing with a single tier. The patch fixes the generation of all the correct prices under these conditions. The patch consists of a replacement konakartadmin_enterprise-8.3.0.0.jar.
Saving Role Privileges Patch for v 8.3.0.0
| Saving Role Privileges from the Admin Console Patch | SavingRolePrivileges.zip (887KB) |
Only relevant if you are running in multi-store mode and not sharing customers between stores. The patch allows role privileges to be saved correctly in this mode from the Administration Console. The patch consists of a replacement konakartadmin-8.3.0.0.jar.
Currency Formatting in Example Reports for v 8.3.0.0
| Currency Formatting in Reports | ReportsCurrencyFormatting.zip (12KB) |
Only relevant if you do not use a thousands separator in your currency formatting definition. Replace the konakartadmin_reports-8.3.0.0.jar in the zip file with the one in the webapps/birtviewer/WEB-INF/lib directory.
Content Search by ObjectId Patch for v 8.3.0.0
| Content Search by ObjectId Patches | Contact Us To Obtain these Patches |
Only relevant if you need to search for Content records by ObjectId in the Admin Console or by using the getContent() Admin API call or by using the getContents() API call on the storefront engine (KKEngIf). You will need a replacement Admin Console, a replacement konakartadmin_enterprise-8.3.0.0.jar and a replacement konakart_enterprise-8.3.0.0.jar.
Delete Promotion Coupons Patch for v 8.1.0.0
| Delete Promotion Coupons Patch | DeletePromotionsCouponPatch.zip (3KB) |
Only relevant if you make use of the deletePromotion Admin API call. This patch contains a replacement for the konakartadmin-8.1.0.0.jar file used in KonaKart v8.1.0.0. Simply replace the konakartadmin-8.1.0.0.jar file (in the konakartadmin/WEB-INF/lib directory) with the konakartadmin-8.1.0.0.jar file inside the zip.
Suggested Search Patch for v 7.3.0.0 – v 7.3.0.1
| Suggested Search Security Patch | SuggestedSearch.zip (3KB) |
Only relevant if you use Suggested Search and Solr. This patch contains a replacement for the ProductsBody.jsp file used in KonaKart v 7.3.0.0 and v7.3.0.1. For these versions simply replace the ProductsBody.jsp file (in the konakart/WEB-INF/jsp directory) with the ProductsBody.jsp file inside the zip. For older versions merge the changes from the new ProductsBody.jsp file. The patch fixes a client-side cross-site scripting bug when using suggested search.
Struts Patch for v 6.5.1.0 – v 7.3.0.0
| Struts Security Patch | struts-xml.zip (6KB) |
Only relevant if you use the new Struts2-based storefront introduced in v 6.5.1.0. This patch contains a replacement for the struts.xml file used in KonaKart v 7.3.0.0. For v 7.3.0.0 systems simply replace the struts.xml file (in the konakart/WEB-INF/classes directory) with the struts.xml file inside the zip. For older versions replace just the regular expression in the “excludeParams” tag
Struts Patch for v 7.0.0.0 – v 7.1.1.0
| Struts Security Patch | struts-core-kk-2.3.8.zip (689KB) |
Only relevant if you use the new Struts2-based storefront introduced in v 7.0.0.0. This patch contains a replacement for the struts-core-2.3.8.jar used in versions of KonaKart between v 7.0.0.0 and 7.1.1.0. Replace the struts-core-2.3.8.jar (in the konakart/WEB-INF/lib and the konakart-m/WEB-INF/lib directories) with the struts-core-kk-2.3.8.jar file inside the zip.
Struts Patch for v 6.5.1.0 – v 6.6.0.0
| Struts Security Patch | struts-core-kk-2.3.4.zip (678KB) |
Only relevant if you use the new Struts2-based storefront introduced in v 6.5.1.0. This patch contains a replacement for the struts-core-2.3.4.jar used in versions of KonaKart between v 6.5.1.0 and 6.6.0.0. Replace the struts-core-2.3.4.jar (in the konakart/WEB-INF/lib and the konakart-m/WEB-INF/lib directories) with the struts-core-kk-2.3.4.jar file inside the zip.
Emails With Attachments Bug Fix Patch for v 6.5.1.0
| Email Attachments Patch | KonaKart-Email-Attachments-6.5.1.0.zip (2,730KB) |
This patch should be applied on a 6.5.1.0 installation of KonaKart if you wish to send invoices as attachments to Order Confirmation emails. The patch fixes a problem in the sendOrderConfirmationEmail1 API call where invoice attachments were not being sent.
Registration Bug Fix Patch for v 6.5.1.0
| Registration Patch | KonaKart-Registration-6.5.1.0.zip (15KB) |
This patch should be applied on a 6.5.1.0 installation of KonaKart if you are using the mode that allows a customer to checkout without registering. Without the patch a customer cannot actually register if he desires to.
One Page Checkout Bug Fix Patch for v 4.2.0.1
| One Page Checkout Patch for IE7 | KonaKart_OnePageCheckout_4.2.0.1_5028.zip (322KB) |
This patch is required to fix a problem running the One Page Checkout in IE7. Without this patch IE7 displays a blank frame instead of the one page checkout.
Admin App Bug Fix Patch for v 4.2.0.0
| Admin App Patch | KonaKart-AdminApp-4.2.0.0.4925.zip (1.9MB) |
This patch is required to fix two minor bugs in the Admin App to bring a 4.2.0.0 system up to a 4.2.0.1 system:
- Links on the right hand side of the status page do not work.
- Links to edit review and delete review under product maintenance do not work.
Breadcrumb Bug Fix Patch for v 3.2.0.0
| Breadcrumb Patch | KonaKart-3.2.0.0-Breadcrumbs-1-Jul-2009.zip |
This patch is required to fix a breadcrumb bug where the breadcrumb length keeps increasing as a user edits or adds an address in the My Accounts section of the store front application:
- Download the zip file and unzip the class (CurrentNavigation.class)
- Create a new directory called webapps/konakart/WEB-INF/classes/com/konakart/al . Note that webapps/konakart/WEB-INF/classes should already exist if KonaKart is installed.
- Copy CurrentNavigation.class to this new directory.
- Re-Start the application so that the app server picks up the new class.
Admin App Bug Fix Patch for v 3.2.0.0
| Admin App Patch | KonaKart-AdminApp-3.2.0.1.3786.zip (1.3MB) |
This patch is required to fix two bugs in the Admin App:
- v 3.2.0.0 didn’t allow the order invoice and packing slip to be printed from the admin app.
- When the decimal point separator was set to a comma in a currency (i.e. Euro in countries such as Spain and Italy) the product prices were no longer being displayed properly in the product edit panel of the admin app.
Publish data to Google Patch for v 3.2.0.0 – Enterprise Extensions Only
| Google Base Patch | KonaKart-3.2.0.0-GoogleData-Patch-28-Feb-2009.zip |
Google have changed their specs and the 3.2.0.0 Google Data interface now fails. You can apply this patch simply by extracting the files from the zip archive to webapps/ (this will overwrite one of the existing files) and restarting KonaKart.
Sorting customers by Logon Date for v 3.2.0.0
| Sort Customers Patch | KonaKart-3.2.0.0-Sort-Patch-20-Feb-2009.zip |
On the Customer panel of the Admin App an error occurs if you attempt to sort by “Logons” or “Last Logon” when using Oracle. You can apply this patch simply by exporting the files in the zip archive to webapps/konakartadmin/WEB-INF/ (this will overwrite the KKCriteria.class file) and restarting KonaKart.
BIRT Reports for v 3.2.0.0
| Birt Reports Patch | reports-patch-3200.zip |
Some SQL errors have been found in two of the reports when using Oracle, MS SQL Server or DB2. The patch contains updated reports for replacing the existing ones.
By downloading any of the patches, you agree to be bound by the license.