SimpleCart 2.3.0-rc5 is available

Yesterday we released SimpleCart 2.3.0-rc5. This release includes two security fixes and a bunch of bug fixes, as can be seen in the full changelog for this release below.

  • [SECURITY] Fixed: Quotes in the product options break the options TV input and default output, resulting in two persisted XSS vulnerabilities [#17]
  • Improved: Now defines FormIt as a dependency for MODX 2.4
  • Fixed: Product options don’t accept integers for the added price [#21]
  • Fixed: With some older hook-based gateways, it would sometimes show the errorFailed message and refuse to send email notifications even if the payment was successful. [S-5943]
  • Fixed: Installing demo resources on a clean install doesn’t work [#14]
  • Fixed: Incorrect placeholder in lexicon for payment method order description
  • Fixed: Strip out port from the host when setting cookies
  • Fixed: Make sure default_tax setting is created if it doesn’t exist
  • Fixed: Make sure number of decimals is prefilled on currencies [S6375]
  • Fixed: Issue with creating the simpleCartEmail table on certain environments [#24]

We’ll have a security notice explaining the two fixed vulnerabilities up within the next two weeks. In the mean time we encourage you to upgrade to SimpleCart 2.3.0-rc5 and to let us know if you run into any issues or bugs. We can be reached here on the forums, or via