Site icon MageComp Blog

You need to do more than just patching SUPEE 6482

You need to do more than just patching SUPEE 6482

You need to do more than just patching SUPEE 6482

Magento released one new patch SUPEE 6482 which actually addresses 4 issues for Magento but in the SUPEE 6482 for community edition, when you will see the files it is addressing only 2 issues,

  1. Autoloaded File Inclusion in Magento SOAP API
  2. SSRF Vulnerability in WSDL File

As per Magento there are 2 more issues they have addressed but they are saying those are for Magento Enterprise edition.
Here are those,

  1. Cross-site Scripting Using Unvalidated Headers
  2. XSS in Gift Registry Search

Here is the change if you check the compare,

app/code/core/Mage/Core/Controller/Request/Http.php at line 301

 

app/design/frontend/base/default/template/page/js/cookie.phtml

But the question is, if these are not for community edition why Magento has added this fix in their latest version of Magento 1.9.2.1?
The 2 issues which are not added in the patch is one is related to Full Page Cache and one is related to Gift Card. Yes obviously Magento Enterprise edition has both the feature by default in core Magento, but now a days store owners who are using Magento Community edition for their Magento store, they are also using Full Page Cache extension by any 3rd party extension developer.

So we think, you should fix this issue by using our updated package for the patch if you are using Full Page Cache extension in your Magento store.

Patches are always nightmare for lot of store owners to apply, we would suggest to upgrade your Magento version for all the security patch fixes.

You can Contact us for your Magento version upgrade and we will help you with the upgrade of your Magento version to the latest with almost zero downtime and bug free.

Exit mobile version