cancel
Showing results for 
Search instead for 
Did you mean: 

Magento SUPEE-6482 partial patch released

Re: Magento SUPEE-6482 partial patch released

Hi!

 

sorry, but I don't believe in this "solution" of release notes documentation failure. It does not explain why changes made by EE patches are also in Diff of CE 1.9.2.0 to 1.9.2.1 versions.

 

The changes of the file "app/code/core/Mage/Core/Controller/Request/Http.php" (see the first post) make sense for me, but I will not get them until I update to the newest CE version 1.9.2.1 !?!

 

 

Greetings!

Re: Magento SUPEE-6482 partial patch released

Hi @hengman, the changes exist in 1.9.2.1 as they were added to the core for EE. They were not included in the patch as the vulnerability does not exist in CE.

--

Developer Relations, Adobe Experience Cloud
Problem solved? Click Accept as Solution!
Still stuck? Check out our documentation: https://magento.com/resources/technical

Re: Magento SUPEE-6482 partial patch released

Hi @sherrie, yesterday you said you were going to delve into this, thanks for that. But just so we're clear, is this the result of that quest?

Re: Magento SUPEE-6482 partial patch released

Hi @sherrie, if the vulnerability doesn't exist in CE, why is it in in the SUPEE-6788 patch?

Re: Magento SUPEE-6482 partial patch released

Because third party developers probably objected to this:

 

Cross-site Scripting/Cache Poisoning - APPSEC-1030

Type:

Cross-site Scripting (XSS) - Stored / Cache Poisoning

CVSSv3 Severity:

9.3 (Critical)