CBSubs 4.0 without upgrading Community Builder?

3 years 7 months ago #285085 by jimstrong
Hi. A customer is running CB 1.9.1 with CBSubs 3.0.0 and we are currently out of support as they did not wish to renew the subscription with you.

You will see from a post made on the CB forum recently (CBSubs Post-Transaction notification error) that we have run into problems testing CBSubs 3.0.0 with the new sandbox.paypal.com security set up, whereby PayPal notifications back to our server are not being validated and are therefore failing. This may well be a server configuration issue, although the relevant domain is working well with the live paypal.com and our hosting service we have not been able to see any relevant error messages on our server in this regard.

So I have two pre-sales questions, please, before I go back to my customer with what could be quite a large invoice in order to upgrade:-

1) Is it likely that the IPN communication errors we are seeing would be resolved by upgrading to CBSubs 4.1.0 or should CBSubs 3.0.0. work successfully with the new security configuration on the PayPal sandbox server?

2) Is it possible to upgrade to CBSubs 4.1.0 but still use CB 1.9.1?

Thanks a lot

Jim Strong
3 years 7 months ago #285087 by nant

jimstrong wrote: Hi. A customer is running CB 1.9.1 with CBSubs 3.0.0 and we are currently out of support as they did not wish to renew the subscription with you.

You will see from a post made on the CB forum recently (CBSubs Post-Transaction notification error) that we have run into problems testing CBSubs 3.0.0 with the new sandbox.paypal.com security set up, whereby PayPal notifications back to our server are not being validated and are therefore failing. This may well be a server configuration issue, although the relevant domain is working well with the live paypal.com and our hosting service we have not been able to see any relevant error messages on our server in this regard.

So I have two pre-sales questions, please, before I go back to my customer with what could be quite a large invoice in order to upgrade:-

1) Is it likely that the IPN communication errors we are seeing would be resolved by upgrading to CBSubs 4.1.0 or should CBSubs 3.0.0. work successfully with the new security configuration on the PayPal sandbox server?

2) Is it possible to upgrade to CBSubs 4.1.0 but still use CB 1.9.1?

Thanks a lot

Jim Strong


1. I am not aware of any IPN related bugs that were fixed in CBSubs 4.x. The issues are more likely related with bad configuration on CBSubs end or even payment organization end.

2. Nope - CBSubs 4.1 needs CB 2.x. (Plus CB 1.9.1 is no longer supported)

So my recommendation is to convince your customer to upgrade their environment to latest Joomla/CB/CBSubs versions and always strive to keep up with future releases. Staying with old versions is a security risk.
3 years 7 months ago #285088 by beat

nant wrote:

jimstrong wrote: Hi. A customer is running CB 1.9.1 with CBSubs 3.0.0 and we are currently out of support as they did not wish to renew the subscription with you.

You will see from a post made on the CB forum recently (CBSubs Post-Transaction notification error) that we have run into problems testing CBSubs 3.0.0 with the new sandbox.paypal.com security set up, whereby PayPal notifications back to our server are not being validated and are therefore failing. This may well be a server configuration issue, although the relevant domain is working well with the live paypal.com and our hosting service we have not been able to see any relevant error messages on our server in this regard.

So I have two pre-sales questions, please, before I go back to my customer with what could be quite a large invoice in order to upgrade:-

1) Is it likely that the IPN communication errors we are seeing would be resolved by upgrading to CBSubs 4.1.0 or should CBSubs 3.0.0. work successfully with the new security configuration on the PayPal sandbox server?

2) Is it possible to upgrade to CBSubs 4.1.0 but still use CB 1.9.1?

Thanks a lot

Jim Strong


1. I am not aware of any IPN related bugs that were fixed in CBSubs 4.x. The issues are more likely related with bad configuration on CBSubs end or even payment organization end.

2. Nope - CBSubs 4.1 needs CB 2.x. (Plus CB 1.9.1 is no longer supported)

So my recommendation is to convince your customer to upgrade their environment to latest Joomla/CB/CBSubs versions and always strive to keep up with future releases. Staying with old versions is a security risk.


And as very first step, make sure hosting is security-patched, in particular for this case with latest safe SSL libraries.

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
3 years 7 months ago #285090 by jimstrong
Thanks Nick and Nant

Nick
Thank you - that's clear on both counts.

I am always a little uncertain on your pricing, but I think I would need the Professional Membership (starting at €88 for 3 months) to get support for CB 2.x and then a further €176 to purchase CBSubs 4.x - is that correct?

Nant
> make sure hosting is security-patched, in particular for this case with latest safe SSL libraries
We recently purchased an AlphaSSL SHA-256 certificate and it has been installed for the customer's domain by our hosting service, so I think that meets your thoughts, or are there further steps you are thinking of?

Thanks

Jim
3 years 7 months ago #285091 by beat
Certificate is one thing, the Linux server software and its SSL libraries is another thing. Old unsupported or not-security maintained servers are dangerous and not compatible anymore soon with Paypal, starting with their sandbox.

Entering your server homepage URL here will tell you a lot about your hoster's SSL safetey:
www.ssllabs.com/ssltest/

That said, we do highly recommend to keep your server, Joomla, CB and CBSubs up to date with regular backups, also just before upgrades. And that recommendation is valid for any software.

Best regards,
Beat

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
3 years 7 months ago #285092 by jimstrong
Many thanks! Looks like our server is OK - it scored an A- on that site (a minus because Forwarding - forget the exact term - was missing) but I will take that up with our hosting company.

Jim
Moderators: beatnantkrileon
Time to create page: 0.657 seconds

Facebook Twitter LinkedIn