Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Magento SUPEE-6482 partial patch released

‎08-06-2015 01:40 AM
‎08-06-2015 01:40 AM

Re: Magento SUPEE-6482 partial patch released

Hi!

 

sorry, but I don't believe in this "solution" of release notes documentation failure. It does not explain why changes made by EE patches are also in Diff of CE 1.9.2.0 to 1.9.2.1 versions.

 

The changes of the file "app/code/core/Mage/Core/Controller/Request/Http.php" (see the first post) make sense for me, but I will not get them until I update to the newest CE version 1.9.2.1 !?!

 

 

Greetings!

0 Kudos
‎08-06-2015 07:40 AM
‎08-06-2015 07:40 AM

Re: Magento SUPEE-6482 partial patch released

Hi @hengman, the changes exist in 1.9.2.1 as they were added to the core for EE. They were not included in the patch as the vulnerability does not exist in CE.

--

Developer Relations, Adobe Experience Cloud
Problem solved? Click Accept as Solution!
Still stuck? Check out our documentation: https://magento.com/resources/technical
0 Kudos
‎08-06-2015 08:36 AM
‎08-06-2015 08:36 AM

Re: Magento SUPEE-6482 partial patch released

Hi @sherrie, yesterday you said you were going to delve into this, thanks for that. But just so we're clear, is this the result of that quest?

0 Kudos
‎10-27-2015 12:46 PM
‎10-27-2015 12:46 PM

Re: Magento SUPEE-6482 partial patch released

Hi @sherrie, if the vulnerability doesn't exist in CE, why is it in in the SUPEE-6788 patch?

0 Kudos
‎11-02-2015 04:09 PM
‎11-02-2015 04:09 PM

Re: Magento SUPEE-6482 partial patch released

Because third party developers probably objected to this:

 

Cross-site Scripting/Cache Poisoning - APPSEC-1030

Type:

Cross-site Scripting (XSS) - Stored / Cache Poisoning

CVSSv3 Severity:

9.3 (Critical)

0 Kudos