You need to do more than just patching SUPEE 6482

Magento released one new patch SUPEE 6482 which actually addresses 4 issues for Magento but in the SUPEE 6482 for community edition, when you will see the files it is addressing only 2 issues,

  1. Autoloaded File Inclusion in Magento SOAP API
  2. SSRF Vulnerability in WSDL File

As per Magento there are 2 more issues they have addressed but they are saying those are for Magento Enterprise edition.
Here are those,

  1. Cross-site Scripting Using Unvalidated Headers
  2. XSS in Gift Registry Search

Here is the change if you check the compare,

app/code/core/Mage/Core/Controller/Request/Http.php at line 301

 

app/design/frontend/base/default/template/page/js/cookie.phtml

But the question is, if these are not for community edition why Magento has added this fix in their latest version of Magento 1.9.2.1?
The 2 issues which are not added in the patch is one is related to Full Page Cache and one is related to Gift Card. Yes obviously Magento Enterprise edition has both the feature by default in core Magento, but now a days store owners who are using Magento Community edition for their Magento store, they are also using Full Page Cache extension by any 3rd party extension developer.

So we think, you should fix this issue by using our updated package for the patch if you are using Full Page Cache extension in your Magento store.

Patches are always nightmare for lot of store owners to apply, we would suggest to upgrade your Magento version for all the security patch fixes.

You can Contact us for your Magento version upgrade and we will help you with the upgrade of your Magento version to the latest with almost zero downtime and bug free.

Click to rate this post!
[Total: 1 Average: 5]
Dhiren Vasoya

Dhiren Vasoya is a Director and Co-founder at MageComp, Passionate ?️ Certified Magento Developer?‍?. He has more than 9 years of experience in Magento Development and completed 850+ projects to solve the most important E-commerce challenges. He is fond❤️ of coding and if he is not busy developing then you can find him at the cricket ground, hitting boundaries.?

Recent Posts

How to Add Tooltip in Checkout Shipping Field in Magento 2?

Hello Magento Friends, In today’s blog, I will explain How to Add Tooltip in Checkout…

2 days ago

How to Integrate and Use MongoDB with Laravel?

MongoDB is a popular NoSQL database that offers flexibility and scalability when handling modern web…

3 days ago

NodeJS | Callback Function

In NodeJS, callbacks empower developers to execute asynchronous operations like reading files, handling requests, and…

4 days ago

How to Show SKU in Order Summary in Magento 2?

Hello Magento Friends, In today’s blog, we will learn How to Show SKU in Order…

6 days ago

Best Colors to Use for CTA Buttons

The "Buy Now" and "Add to Cart" buttons serve as the primary call-to-action (CTA) elements…

1 week ago

Magento 2: How to Save Custom Field Value to quote_address for Multi-Shipping Orders

Hello Magento Friends, In Magento 2, the checkout process allows customers to choose multiple shipping…

1 week ago