cancel
Showing results for 
Search instead for 
Did you mean: 

SUPEE-11219 Magento 1.9.1

SOLVED

Re: SUPEE-11219 Magento 1.9.1

It looks like the team is having issues with updates. 

You can hit up this guy here:

https://twitter.com/piotrekkaminski/status/1185089895565529089?s=20

 


@Tafadzwa_Mpofu wrote:

Any update guys?


From what it looks like all the vulnerabilities require access the the back-end so they are not so critical. Just lock your back-end down and make your admin passwords 10-16 long. 

 

https://magento.com/security/patches/supee-11219

 


An authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.

 

Re: SUPEE-11219 Magento 1.9.1

Hello,

same here - will the patch also be available for Version 1.7, and when will it be available?

thank you.

Re: SUPEE-11219 Magento 1.9.1

Updates for version down to 1.9.0.0 are available now.

 

The 1.9.2.2 patch needed a conversion of line endings for js/tiny_mce/plugins/media/editor_plugin_src.js

Afterwards it was applied fine.

 

Re: SUPEE-11219 Magento 1.9.1

I encountered the same problem when installing the patch, I copied the
original file js/tiny_mce/plugins/media/editor_plugin_src.js via FTP
proposed in the installation ZIP of my version and then reinstall the
patch, everything then happened good.

Re: SUPEE-11219 Magento 1.9.1

They posted a few more of the patch versions:

https://magento.com/tech-resources/download#download2330

 

I still dont see 1.7.0.2 - I asked on twitter, but no reply yet. Not sure whats going on. 

 

Can anybody on Magento team clarify if 1.7.0.2 ever going to be uploaded?

Re: SUPEE-11219 Magento 1.9.1

I've just noticed that there's a 1.7.0.2 patch available for download now:
https://magento.com/tech-resources/download#download2330