cancel
Showing results for 
Search instead for 
Did you mean: 

Does 1.9.2.1 contain patch 5344?

Does 1.9.2.1 contain patch 5344?

Hello,

I recently upgraded from 1.8 to 1.9 and then to 1.9.2.1 using magento connect.

 

I supposed latest version contains all the bug fixes needed, but scanning my site with magereport.com it says

"Security patch 5344 (Shoplift) -> not installed"

 

I'm a bit confused..

 

6 REPLIES

Re: Does 1.9.2.1 contain patch 5344?

The shoplift patch code is included in 1.9.2.1 yes.  Not sure how the security scan works but it may be looking for the applied.patches.list (although probably not as that lives in app/etc which shouldn't be publicly accessible).

Richard Cleverley
Magepim Ecommerce Services

Re: Does 1.9.2.1 contain patch 5344?

Thank you for your reply Richard.

The scan is trying to access some resources on the webserver (I see requests inside apache logs), most of them return 404 or 401 or 503 but some return 200 OK.

I submitted a bug report on magereport, I hope they will give us more detail about the scan.

Re: Does 1.9.2.1 contain patch 5344?

That's probably the best way to go about it, No idea on how they check it's been applied so they will be far better to help you.

Richard Cleverley
Magepim Ecommerce Services

Re: Does 1.9.2.1 contain patch 5344?

Ver 1.9.2.1 - Added Aug 4, 2015 - Includes patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285, SUPEE-6482
 
Per the download page for 1.9.2.1, yes, it does.
 
I would check what was patched in SUPEE-5344 and diff the patched files against those from a fresh 1.9.2.1 download
 
Connect upgrades can skip files. Replace any that fail the diff test.
 
It's a pretty easy file compare to do as you only have 5 files to worry about and very little work involved in the better safe than sorry department.
 
--- app/code/core/Mage/Admin/Model/Observer.php
--- app/code/core/Mage/Core/Controller/Request/Http.php
--- app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php
--- app/code/core/Mage/XmlConnect/Model/Observer.php
--- lib/Varien/Db/Adapter/Pdo/Mysql.php

Re: Does 1.9.2.1 contain patch 5344?

chiefair nice suggestion!

 

I compared those files and there are no differences.

 

Where did you get the list of changed files in latest magento version?

Re: Does 1.9.2.1 contain patch 5344?

magereport developer told me /index.php/admin/Cms_Wysiwyg/directive/index/ SHOULD NOT throw any error, on my magento 1.9.2.1 installation it raises an exception.

He says: " It is true that 1.9.2.1 should contain the 5344 patch. Perhaps there are some remnants of an older installation?"

 

Any hint?