Recent Posts

Pages: [1] 2 3 ... 10
1
Programming of KonaKart / Re: Struts vulnerability CVE-2018-11776
« Last post by Andreas on August 28, 2018, 04:02:10 AM »
Thanks for the fast reply. That was my guess, but i wanted to go for sure.
2
Programming of KonaKart / OOM when hot redeploy
« Last post by rdoila.a on August 27, 2018, 08:12:07 AM »
I'm doing some redeployment while developing the front end and after some redeployment I get out of memory, most probably caused by the following:


KonaKart V8.8.1.0-C0 () built 11:04AM 31-Jan-2018 GMT [DB: 8.8.1.0 MySQL]

Aug 27, 2018 2:03:11 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deployment of web application archive [/opt/konakart/webapps/store.war] has finished in [3,358] ms
Aug 27, 2018 2:51:48 PM org.apache.catalina.startup.HostConfig undeploy
INFO: Undeploying context [/store]
KKEngInitialization destroyed
Aug 27, 2018 2:51:48 PM org.apache.catalina.loader.WebappClassLoaderBase clearReferencesJdbc
WARNING: The web application [store] registered the JDBC driver [com.mysql.jdbc.Driver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered.
Aug 27, 2018 2:51:48 PM org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
WARNING: The web application [store] appears to have started a thread named [Log4j2-TF-4-Scheduled-2] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
 sun.misc.Unsafe.park(Native Method)
 java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:215)
 java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:2078)
 java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:1093)
 java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:809)
 java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1074)
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1134)
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 java.lang.Thread.run(Thread.java:748)


3
Installation of KonaKart / Re: Running KonaKart as Service on Windows
« Last post by Brian on August 27, 2018, 06:19:42 AM »
Thanks for reporting this. 

The tomcat bundle used for the v8800 and v8900 releases was the base package and not the Windows-specific packages.  It is in these Windows-specific tomcat bundles where you'll find tomcat8.exe etc..

We've made a patch that contains the files that you'll need to install KonaKart as a service in Windows.

Please see https://www.konakart.com/downloads/patch-releases/

You have to download the zip file, unzip the files into the bin directory of your KonaKart installation and then you should be able to install KonaKart as it describes in the User Guide.
4
Programming of KonaKart / Re: Struts vulnerability CVE-2018-11776
« Last post by Brian on August 25, 2018, 02:00:49 AM »
As far as we are aware KonaKart is not vulnerable to this.

Some background:

CVE-2018-11776 was announced on 22/08/2018. Details were published ( https://semmle.com/news/apache-struts-CVE-2018-11776 ) by Semmle who found the vulnerability. It’s a critical vulnerability because it involves remote code execution.

To determine whether you are vulnerable, here’s a snippet from the above link:

For your application to be vulnerable to the attack vectors described below, both of the following conditions should hold:
  • The alwaysSelectFullNamespace flag is set to true in the Struts configuration. Note that this is automatically the case if your application uses the popular Struts Convention plugin.
  • Your application’s Struts configuration file contains an <action ...> tag that does not specify the optional namespace attribute, or specifies a wildcard namespace (e.g. “/*”)
    If your application’s configuration does not meet these two conditions, you are likely not vulnerable to the two attack vectors described below.

In the standard KonaKart Struts storefront,  “alwaysSelectFullNamespace” is set to false because it hasn’t been set to true in struts.xml and  the Convention plugin isn’t used by KonaKart. Therefore, as far as we are aware the “out of the box” implementation should not be vulnerable. It may be wise to check your struts.xml file to determine whether the following line has been added, which would make you vulnerable:

<constant name="struts.mapper.alwaysSelectFullNamespace" value="true" />

5
Programming of KonaKart / Struts vulnerability CVE-2018-11776
« Last post by Andreas on August 25, 2018, 12:37:02 AM »
Hi,

is KonaKart affected by this vulnerability, i am using 8.8.0.0 at the moment. And what is with 8.8.0.1 and 8.9.0.0?

https://cwiki.apache.org/confluence/display/WW/S2-057

Thanks
Andy
6
Installation of KonaKart / Running KonaKart as Service on Windows
« Last post by himanshu on August 24, 2018, 11:49:32 AM »
Konakart : 8.9.0 (Community Edition)
Java : 8u181
OS: Windows Server 2012R2 64 bit

Hi,

I installed KonaKart on my windows machine (default Tomcat that comes with KonaKart kit). It runs flawlessly if I start it from the desktop Icon or from command prompt with StartKonaKart.bat. I am trying to run Konakart as a service on Windows Server with the following command :

C:\Konakart\bin>service install
The tomcat8.exe was not found...
The CATALINA_HOME environment variable is not defined correctly.
This environment variable is needed to run this program


I get the above error. While troubleshooting, I found that {KonaKart}\bin folder does not have Tomcat.exe.

Was anyone able to run this version of KonaKart as a Service on Windows machine?
How is this version of KonaKart referencing Tomcat because I did not find Tomcat.exe anywhere in the C:\KonaKart folder ?

Thank You.
7
Miscellaneous / Re: Duplicate registration
« Last post by julie on August 14, 2018, 07:12:08 AM »
I'm not sure what you mean by duplicate registration. You can configure KonaKart to allow a customer to checkout without registration. You can also configure KonaKart to allow a registered customer to checkout without signing in although in this case he / she won't see the order in the order history. This second feature was added in version 8.8.0.0 . Here are some details https://www.konakart.com/javadoc/server/com/konakart/app/CustomerRegistration.html#setAllowMultipleRegistrations(boolean)
8
Miscellaneous / Re: Buy with a click
« Last post by julie on August 14, 2018, 07:04:52 AM »
You can easily achieve this by creating an action class that adds the product to the cart and then redirects to the checkout confirmation page.
9
Miscellaneous / Duplicate registration
« Last post by kajera on August 10, 2018, 12:52:17 PM »
Hello,

Is it possible to configure konakart to allow duplicate registration?
10
Miscellaneous / Buy with a click
« Last post by kajera on August 10, 2018, 12:49:25 PM »
Hello,

How can I configure Konakart to buy with a click? Without going through the shopping cart. That is, to enter the product page, click on the "buy" button and finalize the purchase?
Pages: [1] 2 3 ... 10