Back on March 26 of this year, When Magento has released the update of PRODSECBUG-2198 to prevent SQL injection Vulnerability in Magento 2. Before it offers an open invitation to all the hackers to break the store’s important customer and payment data. To prevent your business data from being hacked, it is important for you to fix this core issue before you being targeted.
However, this security enhancement comes as a fix for Magento 2.2.3 as well as Magento 2.2.10 by fixing remote code execution as well as cross-site scripting on your site. Because Magento has already ended support for 2.1.x, they are not going to release a security update for that version.
This Security Patch named PRODSECBUG – 2198 contains a fix for proof-of-concept (POC) exploits, SQL Injection vulnerability to enhance the security of your E-commerce sites! This means as a store owner you should patch or upgrade your store to the latest security patch version to stay safe. Let us secure your Magento store with our SUPEE installation Service or Magento Version Upgrade Service if you are already in a plan to upgrade your Magento store to the latest.
However, Magento always recommends store owners to keep their Magento store up to date with their latest release. But if they are not willing to update their store, they can install such SUPEE to prevent their store from such security Vulnerability.
Method 1: Make use of the traditional method:
git apply MAGEPatch-20181106.patch
or run this command.
patch -p1 < MDVA-14172_EE_2.2.6_COMPOSER_v1.patch
Method 2: Command line Interface
We advise you to back up your Magento store first. In case of urgency, you can restore your backup too. First, you need to download and upload the patch file to your Magento folder. After that, you have to run some commands on your Magento Server via the shell window. Navigate to your Magento folder, run the following command:
Now, flush your Magento Cache either from Magento admin or run the following SSH commands:
php bin/magento cache:flush
php bin/magento cache:clean
To verify the patch Installation, simply run the following
Run the following command to know if the patch has been installed successfully:
grep '|' app/etc/applied.patches.list
Once you have completed the installation process, you no longer required to keep that file on your server.
To do that run following command via SSH console.
Maybe you will face an error in Magento 2.2 CE as shown below:
diff: unrecognized option ‘–git’
diff: Try ‘diff –help’ for more information.
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: line 2: index: command not found
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: line 3: —: command not found
To get rid of this error, you have to use one git:
git apply PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
Remove the a/ and b/ from the path name prefix.
Move patch file to your Magento root and run
patch -p0 < PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
That’s it, don’t forget to comment on your issue below.
Method 3: Composer
To resolve the same thing with file from being a patch in your vendor directory, you can create a custom file for that.
"GH 8815: Varnish purge requests can overrun size limit": "patches/composer/github-issue-8815.patch"
In our Magento root, we have a patches/composer directory which is where we reference them and in the extras/patches section, we tell it which Magento module to patch.
That’s it. You have successfully installed Security Patch PRODSECBUG-2198 in Magento 2.
Lastly, if you found this blog helpful, don’t forget to share it with your colleagues and Magento Friends and Let us know if you are facing any issue while implementing this code.
But Stay safe & secure by upgrading your Magento store to the latest version!