nopCommerce 3.00 introduces a lot of really great and long awaited features. Our development efforts were focused on multi-store and multi-vendor support, better SEO, and HTML/CSS refactoring.
We also fixed a critical security issue. The security vulnerability affects all 2.X versions of nopCommerce. We won’t share the issue details because people need a chance to update or fix their installations. The upgrade is HIGHLY recommended. If you don’t have an opportunity to upgrade to version 3.00, then please follow the next steps to fix your 2.X version. Open web.config file in the root of your site and remove the following three lines of code:
- <add verb="GET,HEAD" path="asset.axd" validate="false" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc" />
- <remove name="asset" />
- <add name="asset" preCondition="integratedMode" verb="GET,HEAD" path="asset.axd" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc" />
As you can see it was caused by a third-party library (Telerik MVC Extensions), but we apologize for the inconvenience that this security vulnerability has caused.
Highlight features and changes
- Multi-store support.
- Multi-vendor support.
- Performance optimization.
- Search engine optimization. Rich snippets support added, etc.
- A lot of HTML and CSS refactoring. Thanks a lot to www.nop-templates.com for this contribution.
Improvements
- Search engine optimization. More user-friendly "page not found" page (with 404 HTTP status code).
- Search engine optimization. Do not link the current page to itself (the last step in the breadcrumbs should be un-linked).
- Implemented "Page not found" page as topic so it can be easily edited in admin area.
- Updated third-party assemblies and scripts to the latest version.
- Allow a store owner to specify start/end date and time on the discount details page (admin area). Previously he could specify only date.
- Allow a store owner to specify minimum reward points to use. Customers won't be able to use reward points before they have X amount of points.
- Allow a store owner to manage SEO settings for blog posts and news (meta keywords, meta description, meta title).
- On some pages in admin area the customer column reports "View" hyperlinked to the customer's page who posted the review. This is of little information, because it's necessary to go back and forth opening pages to see who submitted a comment. Now we display customer email instead of "View" link on these pages: product reviews, blog comments, news comments, return requests.
- Added more user-friendly "Username is required" validation message on registration page.
- Added a new setting indicating whether single (/content/images/thumbs/) or multiple (for example, /content/images/thumbs/001/ and /content/images/thumbs/002/) directories will used for picture thumbs.
- Added one more "installation" language pack (Japanese).
- Created a new system customer record which will be used in scheduled (background) tasks. This way less guest records will be created (when IWorkContext.CurrentCustomer is accessed).
- Allow a store owner to see all available flag images when creating/editing language.
- Google Checkout plugin. Added a setting indicating whether "Edit cart" URL should be passed to Google Checkout site.
- Moved "Load all locales on startup" setting to admin area UI. It can increase performance when enabled.
- Removed the "checkout steps" breadcrumb from the order complete page when using one page checkout.
- Removed "Description" property of "Forum group". Anyway it wasn't used.
- Admin area. Renamed "ACL" tabs to "Access control list (ACL)"
- Moved breadcrumb delimiter char to settings ("commonsettings.breadcrumbdelimiter").
- Moved an allowed number of products to be compared to settings ("catalogsettings.compareproductsnumber").
- Allow a store owner to see all used discount on the order details page in admin area.
- Added paging support to bestsellers reports.
- Updated the progress-step-inactive.gif file with the new one with transparent background.
- Performance optimization. Do not load all categories for navigation. It can slow down the system if you have thousands of categories.
- Google Analytics widget now supports mobile version.
- Removed several discount requirement plugins from the official solution. They will be available on the extensions page on the official site.
- Performance optimization. Added "store last visited page" setting to admin area UI. Now a store owner can disable this option. When disabled, it can improved performance.
- Performance optimization. Optimized the solution to don't load product category mappings for each production a requested page if we do not have any discount assigned to categories.
- Performance optimization. Now we do not use CustomerContent table (TPH approach). The following entities now do not inherit from CustomerContent: BlogComment, ProductReview, ProductReviewHelpfulness, NewsComment, PollVotingRecord.
- Performance optimization. Reduced the default value of mediasettings.defaultimagequality to 80.
- Developers. Now a designer can specify a picture thumb size and "preparePriceModel" for "recently viewed products" block in cshtml file(s).
- Developers. A lot of source code refactoring.
- Developers. Allow a store owner to specify a list of plugins that should be ignored during nopCommerce installation. This will allow us to create packages which could be installed quite fast (useful on slow hosting). Just enter a comma separated list of plugin system names in "PluginsIgnoredDuringInstallation" setting in web.config file.
- Developers. Replaced jQuery "live" with "on" (public store only).
- Developers. Moved a lot of “Customer” entity properties to generic attributes.
- Developers. Added OrderCancelled event.
- Developers. More unit tests.
Bugs
- Critical security issue fixed. The security vulnerability affects all 2.X versions of nopCommerce. The issue is caused by a third-party library (Telerik). The upgrade is HIGHLY recommended. If you don’t have an opportunity to upgrade to version 3.00, then please follow the next steps to fix your 2.X version. Open web.config file in the root of your site and remove the following three lines of code:
- <add verb="GET,HEAD" path="asset.axd" validate="false" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc" />
- <remove name="asset" />
- <add name="asset" preCondition="integratedMode" verb="GET,HEAD" path="asset.axd" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc" />
- The inventory could be adjusted twice when a store owner cancelled an order and then deleted it.
- Facebook external authentication plugin re-written. The previous one was outdated and did not work anymore (it used tokens deprecated by Facebook).
- Home page was requested twice. Nivo Slider issue fixed.
- Nivo Slider did not work in IE10.
- Froogle (Google Product Search) plugin did not properly encode some categories.
- Url Encode email address otherwise URL for password recovery & activation will break for addresses with + in them (ie [email protected])
- IE6,IE7 issue fixed. Nivo Slider did hide the flyout shopping cart block.
- Profit calculation issue fixed. Discount and gift card codes were not considered.
- Specification attribute options could be mixed up in the "Filter by attributes" block if display order of all specification attributes was set to 0.
- We should display a warning to a customer if we exceed the "Maximum shopping cart items" and "Maximum wishlist items" settings.
- Added favicon.ico available out of the box. This way no "page not found" page will be requested/returned (hence less database requests).
- Minor issue fixed. If you apply a discount or gift card coupon and then press checkout, you are redirected to the login page. Once logged in, previously entered coupon code is not migrated and should be re-entered.
- \Themes\DefaultClean\theme.config should have "supportRTL" proeprty set to "true"
- USPS issue fixed. The plugin did not work for the following countries: Puerto Rico, United States minor outlying islands, American Samoa, Guam, Marshall Islands, Micronesia, Northern Mariana Islands, Palau, Virgin Islands (U.S.)
- Color squares #values were not carried over when copying products or variants
- Shopping cart page JavaScript validation issue fixed. Removed “onclick” attribute from checkout button as JavaScript function startcheckout() was removed.
- USPS issue fixed. Some rates were returning with HTML encoded trademark (<sup>&trade;</sup>), replaced encoded HTML with trademark sign.
- We should not throw an exception when printing packaging slips without shipments selected.
- Inbox (PM) link was displayed on the mobile version for not logged-in customers.
- Added "%BackInStockSubscription.ProductUrl%" message token and update the template. Now a customer can click on a link.
- Admin area. Preview buttons did not work for categories and manufacturers
- Do not allow a store owner to choose a widget zone on the configuration page of Google Analytics widget (it's not required).
- Deleting a category should set a ParentCategory property of the children to 0.
- "Continue shopping" button did not properly work. It always redirected customers to the home page.
- We should delete the appropriate records from the [GenericAttribute] table when deleting the guest customers.
- Admin area. When adding a related product hitting "enter" should not close the window. It should activate the "search" button.
- Order confirmation email did not contain download link for downloadable products for FREE orders.
- Events and classes which implement IRouteProvider interface should be ignored for not installed plugins.
- Developers. Renamed "top-left-button" and "top-right-button" sections in Root.Mobile.cshtml. They could not be overridden (dashes are not allowed in section name).