- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does 1.9.2.1 contain patch 5344?
Hello,
I recently upgraded from 1.8 to 1.9 and then to 1.9.2.1 using magento connect.
I supposed latest version contains all the bug fixes needed, but scanning my site with magereport.com it says
"Security patch 5344 (Shoplift) -> not installed"
I'm a bit confused..
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does 1.9.2.1 contain patch 5344?
The shoplift patch code is included in 1.9.2.1 yes. Not sure how the security scan works but it may be looking for the applied.patches.list (although probably not as that lives in app/etc which shouldn't be publicly accessible).
Magepim Ecommerce Services
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does 1.9.2.1 contain patch 5344?
Thank you for your reply Richard.
The scan is trying to access some resources on the webserver (I see requests inside apache logs), most of them return 404 or 401 or 503 but some return 200 OK.
I submitted a bug report on magereport, I hope they will give us more detail about the scan.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does 1.9.2.1 contain patch 5344?
That's probably the best way to go about it, No idea on how they check it's been applied so they will be far better to help you.
Magepim Ecommerce Services
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does 1.9.2.1 contain patch 5344?
--- app/code/core/Mage/Admin/Model/Observer.php --- app/code/core/Mage/Core/Controller/Request/Http.php --- app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php --- app/code/core/Mage/XmlConnect/Model/Observer.php --- lib/Varien/Db/Adapter/Pdo/Mysql.php
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does 1.9.2.1 contain patch 5344?
chiefair nice suggestion!
I compared those files and there are no differences.
Where did you get the list of changed files in latest magento version?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does 1.9.2.1 contain patch 5344?
magereport developer told me /index.php/admin/Cms_Wysiwyg/directive/index/ SHOULD NOT throw any error, on my magento 1.9.2.1 installation it raises an exception.
He says: " It is true that 1.9.2.1 should contain the 5344 patch. Perhaps there are some remnants of an older installation?"
Any hint?