Envision Ecommerce, Top B2B Companies on Clutch

In a time where ecommerce has seen only increasingly rapid acceleration, Envision Ecommerce knows exactly what clients and their companies need to succeed in the online landscape. Through our honed Magento e-commerce development skills and marketing experience, the team at Envision is an ideal partner for clients looking to ramp up their digital presence.

The company Envision Ecommerce, founded by Vikrant Shukla in 2015, has been serving clients from all across the globe with Magento-based products and services. Earlier this year, the company merged its operations under Netsmartz, one of India’s leading IT solutions provider.

Congratulating on this remarkable feat, Manipal Dhariwal, Chairman and CEO of Netsmartz, said, – “We stand at the forefront of a tremendous market opportunity. As we are at the dawn of the next Magento Revolution. Combining the full range of Netsmartz services, we are now expanding ecommerce solutions and its capabilities, offering an ever-broadening comprehensive portfolio to our customers.”

We are excited to announce that others are taking notice of our work, and B2B research firm Clutch has named us as one of the top e-commerce developers in India. Clutch’s sister website, the Manifest, has also published their new research highlighting Envision Ecommerce as one of the Top 25 Magento Development Companies in 2018.

The Manifest and Clutch, both business insight firms from Washington, D.C., evaluate thousands of companies based on their market presence, previous experience, and client feedback. Getting nominated as a leading company among their research strengthens our general reputability as a technology partner.

We’d like to acknowledge our clients for their reviews of us on our Clutch profile. Our team thrives on helping our clients and their businesses further build and maintain their e-commerce capabilities, so hearing directly from some of our previous customers about the impact that our products and team members have had definitely serves as a great source of pride for us.

“After several rounds of intense scrutiny and questioning to ensure their suitability, Envision Ecommerce managed to consistently exceed our expectations and fit our needs perfectly.”

 “Envision came and saved me,” summarized a second client. “I’d been reluctant to work with an Indian company because the output quality is usually not very good, but with Envision, it was different: they have a Westernized approach, Magento professionals, and a good communication system in place..”

Thank you to The Manifest, Clutch, and our clients for their support and recognition of Envision Ecommerce as a premier presence within the e-commerce development industry. We take great pride and satisfaction in knowing that we have served our clients, their businesses, and the greater community as well. Apart from this, Envision Ecommerce achieved another feat of being a top Magento Company on DesignRush. We welcome you to reach out to us if you are interested in hearing more about our projects or experience, and we look forward to new collaborations soon!

Magento USPS First Class Mail Parcel Service Name Change

USPS’ First Class shipping service is commonly used by Magento merchants throughout the globe for shipping lightweight packages. This service was named as “First-Class Mail Parcel” by USPS. But recently they modified this naming convention from “First-Class Mail Parcel” to “First-Class Package Service – Retail.”

After this change in USPS service name, Magento 1.x and 2.x merchants are no longer able to see the first class shipping options on their checkout shipping methods’ area. Here Magento 1.x merchants include the users who are using any version of Magento Commerce 1.x and Magento Open source 1.x and Magento 2.x eCommerce merchants cover the users using Magento Open Source and Magento Commerce prior to Magento 2.1.9 or 2.0.16.

To avert these issues, Magento is offering different solutions for both Magento 1.x and 2.x eCommerce merchants:

Solutions for Magento 1.x eCommerce Merchants:

1.Temporary Workaround:

Magento 1.x users need to edit the Usps.php file to change this service name. This editing can be done by following this workaround:

a. Follow this path and navigate to Usps.php file:

app/code/core/Mage/Usa/Model/Shipping/Carrier/Usps.php

b. Find out the string “First-Class Mail Parcel” and its all occurrences throughout the file.

c. Modify all the occurrences of this string with “First-Class Package Service – Retail.”

d. Make sure to save these changes to Usps.php.

e. Now clear the Magento Cache.

2. SUPEE-10336 Patch

If you don’t want to implement this temporary workout, you can install a SUPEE-10336 patch for this issue. This patch is recently released by Magento in account for the same fix. To download this patch, navigate to MyAccount area and you can access this patch on the Magento Open Source Download Page. In a case, if you have already implemented above workaround, but want to install this SUPEE-10336 patch, please delete this workaround first before installing this patch.

Solutions for Magento 2.x eCommerce Merchants:

1. Temporary Workaround:

Magento 2.x users must edit the Carrier.php file to change this service name. This editing can be done by following this workaround:

a. Follow this path and navigate to Carrier.php file:

vendor/magento/module-usps/Model/Carrier.php

b. Find out the string “First-Class Mail Parcel” and its all occurrences throughout the file.

c. Modify all the occurrences of this string with “First-Class Package Service – Retail.”

d. Make sure to save these changes to Carrier.php.

e. Now clear the Magento Cache.

2. Magento 2.1.9 and 2.0.16 Releases

In addition to this temporary workaround, Magento 2.x merchants can upgrade to or install Magento 2.1.9 and 2.0.16 releases (just released yesterday by Magento – https://magento.com/security/patches/magento-2016-and-219-security-update). However, if you have already implemented this workaround, you should delete it first before applying these releases.

Our Verdict

These solutions will help Magento eCommerce merchants to bring back their USPS First Class options during the checkout process. If you also belong to such merchants and facing difficulty in implementing these solutions (workarounds, SUPEE-10266 patch or Magento 2.1.9 & 2.0.16) on your Magento store, contact us today. Our Certified Magento developers will implement these solutions in no time!

SUPEE-10266 Patch – A New Magento Security Advisory

Magento has just released a new security patch, i.e. SUPEE-10266 on its official website. This newest security patch addresses some critical security vulnerabilities affecting Magento Commerce prior to 1.14.3.6 and Open Source prior to 1.9.3.6. These vulnerabilities cover unauthorized data leak, cross-site request forgery (CSRF), authenticated Admin user remote code execution and many others.

We highly recommend all Magento store owners to upgrade to the latest Magento versions (Magento Commerce 1.14.3.6 and Magento Open Source 1.9.3.6) to address these vulnerabilities. Those who do not want to upgrade to these versions of Magento must apply the SUPEE-10266 patch to fix these same vulnerabilities. This release also provides fixes for issues regarding image reloading and payments via one-step checkout.

We at Envision Ecommerce have always been keen about the security updates and consider it as utmost required for your store. In a case, you find it a nightmare for you to apply to your Magento 1 store, we are here to make you apply the new SUPEE-10266 patch as soon as possible. We have already installed several security patches for over 200+ stores, and successfully done such security upgrades for many Magento sites earlier. Go ahead and let our Magento certified developers to maintain your store security with zero downtime.

For more details about the SUPEE-10266 patch, you can visit Magento’s official website. (https://magento.com/security/patches/supee-10266)

SUPEE-9767 V2 – A New Version of SUPEE-9767 is Out for Magento 1!

Yesterday, Magento released SUPEE-9767 V2, which fixes several security and functional issues reported in its initial patch i.e. SUPEE-9767. SUPEE-9767 V2 is an updated version of original SUPEE-9767 (explained in our previous blog on SUPEE-9767 on June 1st).

So if you have already applied first version of this patch, you are suggested to revert and then apply its second version. However, if you’re still planning to install SUPEE-9767, please stop as it has certain issues and just apply its recent second version.

General Issues with SUPEE-9767 V1 – That are Now Fixed…!

• strip_tags functionality in the checkout JavaScript was missing in initial patch – Fixed Now in SUPEE-9767 V2.

• Failure of customer registration during a standard checkout and when the form key authentication was enabled – Fixed Now.

• Issue with Allow-symlinks disabling option – Fixed Now (Allow symlinks option is now disabled at the time of installation or upgrade and Magento now shows Allow-symlinks message in the Admin message section as needed.)

• Background transparency of uploaded images was missing – Fixed Now.

• Issue with Multiple addresses checkout when checkout form validation was enabled – Fixed Now.

SUPEE-9767 V2 Secures Your Magento 1 Store Against:

• Remote Code Execution

• Information Leaks

• Cross-site Scripting

Installation Process:

• Revert SUPEE-9767 V1 if you have already applied it.

• Just Deploy SUPEE-9767 V2 if V1 hasn’t already been applied.

Where to Download:

It is best to download SUPEE-9767 V2 from Magento Tech Resources Download Section (https://magento.com/tech-resources/download#download2034) – however, you can also take help from our Magento Certified Developers.

If you need a helping hand to assist you with this security patch update or having any queries, our Magento Certified Solution Specialist & Certified Developers are here for you! They have successfully installed, such Magento security patches for over 80+ stores earlier and are experienced to ensure your store security. Feel free to contact us at [email protected] or connect with our Magento services to do it fast & safe for you.

Upgrade to 1.9.3.3 or Apply SUPEE-8167 – Latest PayPal IPN Upgrade Notification for Magento Merchants

If you’re a Magento merchant who has been using PayPal IPN (Instant Payment Notification) service, you have possibly received an email alerting you to upgrade to 1.9.3.3 or Apply SUPEE-8167….

If you’re a Magento merchant who has been using PayPal IPN (Instant Payment Notification) service, you have possibly received an email alerting you to upgrade to 1.9.3.3 or Apply SUPEE-8167 in order to avoid this service disruption.

This upgrade will last till the end of June, i.e. June 30, 2017. And, from June 30, 2017, PayPal IPN service will no longer permit merchants to utilize HTTP while posting messages back to PayPal for verification. As a merchant, you will only be allowed to use HTTPS for such postbacks.

If you’ve not made the essential changes, we urge you to do the followings before this service disruption starts affecting your Magento store:

• Enterprise Edition 1.14.3.3 or apply the SUPEE-8167 patch     
• Community Edition 1.9.3.3 or apply the SUPEE-8187 patch     
• Magento 2.0.15 when it becomes accessible (probably the next week of June)

Note: If you’re running Magento 2.1.x, there is no need of any update as all Magento 2.1.x versions already comply with this change.

Full technical details can be found at https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1916&viewlocale=en_US. Besides, Community Edition Download Page (https://magento.com/tech-resources/download) includes the patch to download it.

Because this security upgrade is too technical in nature, we suggest you consult with professional developers to apply such changes to your online store. Moreover, our certified Magento developers are ready to help you as they have successfully upgraded or applied such security patches for over 80+ stores earlier. Connect today with our Magento services to apply this upgrade or patch fast & safe for you.

Magento SUPEE-9767 and Other New Security Updates

Yesterday, Magento officially announced two security updates on its website which were crucial to get to the attention of our audience. These updates include:

  • Magento Enterprise Edition and Community Edition 2.0.14 and 2.1.7.
  • SUPEE-9767, Enterprise Edition 1.14.3.3 and Community Edition 1.9.3.3

Magento 2.0.14 and 2.1.7 Security Update

Magento 2.0.14 and 2.1.7 is a security update for Magento 2 that includes several security enhancements. Therefore, the merchants who have not downloaded a Magento 2.0 release yet should directly go for Magento Enterprise Edition or Community Edition 2.1.7 because this version is more secure as a result of security related enhancements. It includes:

  • APPSEC-1686: Remote Code Execution in the Admin panel
  • APPSEC-1626: RCE in video upload
  • APPSEC-1746: Zend Mail vulnerability – continued
  • APPSEC-1565: Customer password hash exposed in admin
  • APPSEC-1559: Possible remote code execution in email reminders
  • APPSEC-1752: Stored XSS in admin panel
  • APPSEC-1699: API tokens not invalidated after disabling admin user
  • APPSEC-1632: Password shown in action log (EE only)
  • APPSEC-1663: Mass actions do not follow ACL
  • APPSEC-1661: UI controllers do not follow ACL
  • APPSEC-1679: APIs vulnerable to CSRF
  • APPSEC-1610: Custom admin path disclosure
  • APPSEC-1666: Information leak
  • APPSEC-1659: Vulnerabilities in JavaScript libraries
  • APPSEC-1622: Incorrect routing of requests

For full details you can read the Magento’s official release notes Magento 2.0.14 and 2.1.7 Security Update.

Security Patch SUPEE-9767

SUPEE-9767 is a new security patch for Magento 1, especially for the following Magento 1 versions:

  • Enterprise Edition 1.9.0.0-1.14.3.2
  • Community Edition 1.5.0.1-1.9.3.2

Therefore, the merchants with Enterprise Edition 1.9.0.0-1.14.3.2 should apply SUPEE-9767 security patch or upgrade to Enterprise Edition 1.14.3.3, and the merchants with Community Edition 1.5.0.1-1.9.3.2 should go for SUPEE-9767 security patch or upgrade to Community Edition 1.9.3.3. This security patch covers:

  • APPSEC-1281: Remote code execution through symlinks
  • APPSEC-1777: Remote Code Execution in DataFlow
  • APPSEC-1686: Remote Code Execution in the Admin panel
  • APPSEC-1320: SQL injection in Visual Merchandiser (Enterprise Edition)
  • APPSEC-1634: XSS in data fields
  • APPSEC-1759: XSS in Admin panel configuration
  • APPSEC-1549: CSRF after logout – form key not invalidated
  • APPSEC-1693: Bypassing ACLs in store configuration permissions
  • APPSEC-1677: Local File Disclosure for admin users with access to dataflow
  • APPSEC-1546: CSRF Vulnerability in Checkout feature
  • APPSEC-1597: Potential for user name enumeration
  • APPSEC-1695: CSRF cache management
  • APPSEC-1324: Customer passwords exposed in logs
  • APPSEC-1675: Cross-site Request Forgery Vulnerability in Enterprise Edition (EE) Invites
  • APPSEC-1659: Vulnerabilities in JavaScript libraries
  • APPSEC-1622: Incorrect routing of requests

To find out more about this new security patch of Magento, you can follow SUPEE-9767. So what are you waiting for? Update your Magento store with the latest upgrades or apply the latest security patch to make it more robust and secure.

For more information or need help regarding installation, you can contact us at [email protected]. We at Envision Ecommerce have successfully installed the security patches for over 80+ stores earlier. So, we are well aware to ensure your store security, and you can connect with our Magento services to do it fast & safe for you.

SUPEE-8967 – A New Magento Security Patch Will be Released Soon!

Magento has officially launched the upcoming release of “SUPEE-8967” on its website. This newest security patch will be released soon for Magento to help Magento stores/storeowners to appropriately recognize the updated Bin range of Card numbers from Mastercard. However, this useful patch is only applicable to the prior versions of Magento to CE 1.9.3.0, and is already contained in CE 1.9.3.0 and newer versions.

For versions older than Magento CE 1.9.0.0, SUPEE-2725 patch need to be applied first to discover the changes.

For more information or need help regarding installation, you can contact us at at [email protected]. We at Envision Ecommerce have successfully installed the security patches for over 80+ stores earlier. So, we are well aware to ensure your store security, and you can connect with our Magento services to do it fast & safe for you.

Easter Sale is Now Live at Our Revamped Envision Store. Get 30% OFF Storewide!

Envision Ecommerce store has been revamped. The store is upgraded to Magento 2 (the platform of the future) and with great new UI.

While the store’s functionality remains largely the same, we have just upgraded it to Magento 2 and redesigned with fresh layouts for a much cleaner look for our customers. Our store now showcases all that we do which was missing in our earlier store layout. We tried our best to improvise existing store structure to match with customers’ touch points. We are sure, you are going to love it.

Envision Revamped store

Another notable update we expect you love is – “Easter 30% OFF Storewide”. In the spirit of upcoming Easter, you can avail the benefit of this 30% discounts on any of our products (Magento extensions, Magento 2 extensions, WooCommerce Plugins, Hybrid Mobile apps, etc.) & other services.

Meet our new revamped store and let us know if you have more suggestions and feedback. We enjoy making your shopping experience more pleasant and smooth! We’re glad to welcome you at our revamped store: http://demo.envisionecommerce.com/category/ecommerce/envision-store/

Disastrous WordPress Rest API Bug – Inhibit Your WP Site from Being Hacked

Last month, WordPress patched three security issues out of four, covering a SQL injection vulnerability in WP-Query, the Press (for assigning taxonomy terms) and a cross-site scripting (XSS). The fourth and most disastrous security flaw that resided in WordPress REST API was disclosed with a delay of one week after its release. This delayed disclosure of vulnerability allowed several remote unauthorized hackers to modify the content of any page or post inside an unpatched WordPress site with the versions 4.7 and 4.7.1.

Reason for Delay:

Sucuri was working with the WordPress security team under that week to install the patch so that the security flaw was dealt with in short order before getting publicly disclosed.

As per the WordPress core contributor “Aaron Campbell” – “We believe transparency is in the public’s best interest. It is our stance that security issues should always be disclosed. In this case, we intentionally delayed disclosing this issue by one week to ensure the safety of millions of additional WordPress sites.”

“Data from all four WAFs and WordPress hosts showed no indication that the vulnerability had been exploited in the wild. As a result, we made the decision to delay disclosure of this particular issue to give time for automatic updates to run and ensure as many users as possible were protected before the issue was made public.”

Disastrous WordPress Rest API Bug, Its Impacts and Results:

This security flaw has been rated as the most disastrous flaw and is now being actively exploited, even though the fix has automatically been deployed on millions of WP installations in the few hours once after the security patch was released. Hundreds of thousands of WordPress websites are seeing defacement with messages such as “Hacked by NG689Skw” or “Hacked by w4l3XzY3” or similar to these. You can also Google to know more about these specific hacks results that display thousands of other hacked sites.

Solution to Inhibit Your WP Site from Being Hacked:

Therefore, all the WordPress admins who have their websites running 4.7.0 or 4.7.1 or not yet updated to 4.7.2, you are strongly recommended to update your CMS to 4.7.2 to avoid the risk of any content injection. If your site has already been defaced, simply update to the up-to-date version of WordPress and rollback your defaced posts to a review.

To know more about this vulnerability, you can head on the wptavern.com (https://wptavern.com/wordpress-rest-api-vulnerability-is-being-actively-exploited-hundreds-of-thousands-of-sites-defaced) or the official blog post of Sucuri (https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html).

Magento New Zend Framework 1 Security Vulnerability Update

Recently, a serious vulnerability has become apparent in Magento’s new Zend framework 1 and email component. Each Magento 1 and Magento 2 based software and other PHP solutions make use of this component. This serious vulnerability can grant attackers the opportunity to attack remote code execution if your server is using Sendmail as your mail transport agent.

So don’t be a victim! To counteract your Magento store against this security breach, we strongly recommend you to immediately examine your mail sending settings. Be there with your system settings which are used to empower the “Reply to” address for emails directed from your Magento store:

Magento 1: System-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path

Magento 2: Stores-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path

First off, you need to examine the value set for “Set Return-Path”. If this value is set to “Yes”, and your server makes use of Sendmail, your Magento store is vulnerable to this security breach. There is no need for any worry for Enterprise Cloud Edition customers as they’re not at any major risk for their existing configurations.

We at Envision Ecommerce recommend you to switch the value of your “Set Return-Path” to “No” until any security patch comes into existence against this vulnerability from Magento’s side, irrespective of whatever transport agent used. We hope that Magento will provide security patches against this vulnerability over the subsequent several weeks.

In case if you need help, you can contact us for a security analysis. We’d be glad to help you through the analysis process to let you know about your Magento store’s vulnerability against this security breach.