As a courtesy to our customers, we maintain a list of recent versions and the important security updates for nopCommerce. Generally, the most current version of your CMS is the most secure, but if you have an older version of your CMS, it can be hard to find information on whether your version is secure or not.
Bookmark this KB, and we will continue to update it with the most current secure version information.
What is the latest secure version of nopCommerce?
nopCommerce 3.8 — Features Update
This latest 3.8 version of nopCommerce is the first major update to the CMS in 2016. The last full-point update, nopCommerce 3.7, released December 8, 2015. Unlike some CMS platforms, nopCommerce has developed a reputation for having feature-packed updates; version 3.8 is no different. Some of the new features and updates include: a fully responsive and redesigned admin area, UI and UX improvements throughout, ability to apply cumulative discounts, color square attribute type, conditional checkout attributes, new product type Image Squares, better "in store pickup" support and options, filtering by specific attributes with "or" function, support for reCAPTCHA v2, and new advanced search options such as allowing search by vendor.
This barely scratches the surface of all the new features and improvements added in nopCommerce 3.8, not to mention the host of bugs that have been fixed. For more information on all of the new features and updates, read the official nopCommerce 3.8 release notes here
nopCommerce 3.7 — Features Update
This version of nopCommerce includes several new features and improvements, including: conditional product attributes, access control list for topics, discontinued messages, new store owner options, authorize.NET plugin option including updated URLs according to the latest Akamai changes, more customer-friendly messages integrated throughout, and multiple updates to the platform all around. More information about nopCommerce 3.7 can be found in the release notes blog here
nopCommerce 3.6 — Features Update
Version 3.6 of nopCommerce adds multiple new features, including: new default theme (clean, modern, and responsive), predefined product attribute values, base price support added, and several security and performance enhancements. For more information on the 3.6 update, see the official release notes here
nopCommerce 3.5 — Features Update
Version 3.5 of nopCommerce adds support for rental products along with better warehouse support and inventory control. It also adds an "order paid" message template, more URLs to sitemaps, and clickable payment icons in multi-step checkout. For more information on the 3.5 update, see the official release notes here
nopCommerce 3.4 — Maintenance Update
This version did not introduce any new features, but focused on "performance optimization and fixing bugs." According to the official release notes, the improvements from this update in "performance and memory usage optimizations are really very significant." To see a full list of improvements, read the official release notes here
nopCommerce 3.3 — Features Update
This version now makes the default theme responsive out of the box. There was also significant work done for performance optimization. Several changes and improvements were made throughout to help optimization, such as faster installation processes and caching generated sitemaps. A full list of changes can be found in the official release notes here
nopCommerce 3.2 — Maintenance Update
This is a great bug squashing update that also boasts several performance optimization tweaks. This update also added warehouse support, improved UI, and the "Facebook shop" plugin that helps sotre owners present their store products on Facebook. A full list of changes are in the official release notes here
nopCommerce 3.1 — Maintenance Update
This update includes numerous new features to give the store owner more administrative control. Now a store owner can configure shipping rates per store, set different prices in different stores, configure payment modules per store, search product reviews by keywords, and search shipments by a tracking number.
Note that users upgrading to 3.1 from an older version may require extra steps that can be found in the readme.txt upgrade file. For more information on all the changes and tweaks in this update, see the official release notes here
nopCommerce 3.0 — Security Update
This update includes numerous features that have been asked for by the nopCommerce Community. Also, the nopCommerce team fixed a critical security issue derived from a third-party library that affects all 2.x versions of nopCommerce. All users of older versions are encouraged to update immediately to close this vulnerability. The upgrade is highly recommended by our team as well as the nopCommerce Security Team.
Aside from the security fix, this update also includes multi-store support, multi-vendor support, multiple SEO fixes, as well as a Google Checkout plugin. For more information on the critical security issue fixed by this update, along with the numerous other improvements, see the full release notes here
nopCommerce 2.8 — Maintenance Update
Version 2.8 of nopCommerce introduces a new clean and modern theme to serve as the default theme. "Color Squares" have also been added as a viable attribute control type. Several bug fixes were made including a critical issue affecting SSL support on mobile devices. More information can be found in the official release notes here
nopCommerce 2.7 — Maintenance Update
nopCommerce 2.65 — Security Update
This update addresses a "critical issue caused by a third-party assembly when running nopCommerce on a server with .NET 4.5 installed." Users are encouraged to update immediately in order to fix this issue. More information on this security fix can be found in the official release notes here
nopCommerce 2.60 — Features Update
This update includes a new flyout mini-shopping cart, full-text support, and auto-complete suggestions for product searching. New improvements in the admin area give more control to store administrators, and changes to the nopCommerce core have phased out Flash — nopCommerce now uses Valum file uploader. More information can be found in the official 2.6 release notes documentation here
nopCommerce 2.50 — Security Update
This update addresses a critical XSS security issue, and moves all ASP.NET MVC assemblies in order to address the bug. Changes to the login credentials should provide better security; a gift issue was fixed, and further changes were made to work with Internet Explorer. A complete list of bugs tackled in this update can be found in the official release notes here
nopCommerce 2.40 — Maintenance Update
Version 2.4 adds support for MailChimp, as well as further changes for performance optimization. The WYSIWYG editor was applied to areas that still (some how) did not have it, and several dead pieces of jquery were deleted from the core — only ones that weren't being used. Full release notes can be found here
nopCommerce 2.30 — Features Update
Further performance optimizations to the nopCommerce core have been added with the 2.3 update. Other highlighted features include: back in stock notifications, product special price support, and a catalog mode. Localization fixes for shipping method and currency were also implemented. To see a full list of changes in this update, see the official release notes here
nopCommerce 2.20 — Features Update
This version adds the much-requested one page checkout option. Now your customers can make purchases from your eCommerce site faster than ever. Support has also been added for right-to-left users, and a generic event system has been implemented for users, and the installation wizard now has an option to create a database if it doesn't exist. More information on the 2.2 release of nopCommerce can be found in the official notes here
nopCommerce 2.10 — Maintenance Update
This version of nopCommerce adds CMS support in the form of widgets. nopCommerce 2.10 also gets more social with OpenID, Facebook, and Twitter authentication support. Multilingual SEO URLs have been added, along with product templates and performance optimizations with SQL Server indexes. For more information, read the official release notes here
nopCommerce 2.00 — Features Update
This is one of the biggest updates in the history of nopCommerce. It is highly recommended you update in order to take full advantage of all the new changes, features, and updates the nopCommerce Team has implemented. Here's their official statement:
"nopCommerce 2.00 was rewritten from scratch. Our development efforts were focused on moving nopCommerce to ASP.NET MVC 3.0, architecture improvements, further enhancements and fixing bugs. We also decided not to ship nopcommerce with all the payment modules that were included in the previous versions (about 35 modules). Only some of them are available out of the box. All other payment modules will be available as plugins."
More information about the big changes in nopCommerce version 2.00 can be found in the official release notes documentation here
nopCommerce 1.9 and Under — Insecure
These versions are out of date and do not have the latest updates or features. The nopCommerce platform has gone through significant changes since these older versions were current, and nopCommerce 2.00 in particular completely rebuilt the platform from the ground up. If you are running a version of nopCommerce that is 1.90 or older, you will be at risk from several legacy bugs.
These older versions are no longer supported by the core nopCommerce team. For your eCommerce website’s security and function, please upgrade immediately to a secure, more feature-rich version of nopCommerce
Don't See Your Version Here? You Need To Upgrade
If you do not see your version of nopCommerce here, you should upgrade immediately for the latest security and performance benefits. Certain older versions of nopCommerce may contain critical security vulnerabilities.