Recently, Magento has updated it’s SUPEE 10570 with Version 2 which includes fixing an issue of registration from the checkout page. But in this newer patch, it no longer protects against two low-risk session handling-related security issues that patch SUPEE-10570 protected against.
In previous release of Magento 1.9.3.8 & SUPEE patch 10570 that is published on 27th February, contains multiple security enhancements addressing remote code execution (RCE), cross-site scripting (XSS) and small functional fixes that are listed in the Magento Release notes.
Also, in Official Released notes, they have advised to applied SUPEE-10570v2 only if you haven’t installed SUPEE-10570v1 yet. But if you already have applied SUPEE-10570v1, first you need to uninstall SUPEE-10570v1 and then install SUPEE-10570v2. Because Magento is going to use this SUPEE-10570v2 patch as a base for future patch versions.
We have come up with patch files and recommend you to install them as soon as possible to safeguard your Magento stores against potential security threats.
Note: If the patch fails at lib/Zend/Mail/Transport/Sendmail.php means your Magento installation was earlier patched with SUPEE-9652v1 instead of SUPEE-9652v2. It is recommended to revert SUPEE-9652v1 and re-patch with SUPEE-9652v2 prior patching with SUPEE-10570.
Installation process:
I have explained installation of patches with both the ways here:
Follow this instruction to install patch on your store,
Method 1:
Upload patch files in the root of Magento.
Make one file with the name of patch.php, write following code in it,
replace the file name in it, upload it in the root and run the file from the browser.
Name should be Sh PATCH_SUPEE-10570_CE_v1.9.3.7_v1-2018-02-28-04-53-30.sh
You should receive following screen once you run patch.php from the browser,
If you are getting error like this,
“Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it(them).
That means system tools aren’t installed in your server to run the sh script, you can contact your hosting provider or follow another method.
We have updated the patch files for the older Magento versions. It is very much recommended to use this patches at your own risk, please take backup of your website prior to installation.
Method 2:
You can install patch with SSH as well. You will need SSH, if you don’t know how to set up SSH, contact your hosting provider.
Upload the patch files in the root,
In ssh console, run the command as following.
For .sh file extension
Sh PATCH_SUPEE-10570_CE_v1.9.3.7_v1-2018-02-28-04-53-30.sh
For .patch file extension:
patch —p0 < patch_file_name.patch
Method 3:
Download the zip file for the patch installation. You can also download these Pre Patched files from GitHub. After downloading the files, simply upload it to your Magento root folder.
Magento version | SUPEE-10415 |
Magento 1.9.3.8 | SUPEE-10570v2-Magento-1.9.3.8 |
Magento 1.9.3.7 | SUPEE-10570v2-Magento-1.9.3.7 |
Magento 1.9.3.6 | SUPEE-10570v2-Magento-1.9.3.6 |
Magento 1.9.3.4 | SUPEE-10570v2-Magento-1.9.3.4 |
Magento 1.9.3.3 | SUPEE-10570v2-Magento-1.9.3.3 |
Magento 1.9.3.2 | SUPEE-10570v2-Magento-1.9.3.2 |
Magento 1.9.3.0 | SUPEE-10570v2-Magento-1.9.3.0 |
Magento 1.9.2.4 | SUPEE-10570v2-Magento-1.9.2.4 |
Magento 1.9.1.1 | SUPEE-10570v2-Magento-1.9.1.1 |
Magento 1.8.1.0 | SUPEE-10570v2-Magento-1.8.1.0 |
It is still recommended to upgrade to Magento version 1.9.3.8 which includes all the security patches including SUPEE 10570. If you need any help regarding Magento version Upgrade, Checkout our Magento Upgrade Service.
1.9.2.3 + 1.9.1.0 ?
1.9.2.3 + 1.9.1.0 ?