Showing results for 
Search instead for 
Did you mean: 

SUPEE-11219 Magento 1.9.1


Re: SUPEE-11219 Magento 1.9.1

It looks like the team is having issues with updates. 

You can hit up this guy here:


@Tafadzwa_Mpofu wrote:

Any update guys?

From what it looks like all the vulnerabilities require access the the back-end so they are not so critical. Just lock your back-end down and make your admin passwords 10-16 long.


An authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.


Re: SUPEE-11219 Magento 1.9.1


same here - will the patch also be available for Version 1.7, and when will it be available?

thank you.

Re: SUPEE-11219 Magento 1.9.1

Updates for version down to are available now.


The patch needed a conversion of line endings for js/tiny_mce/plugins/media/editor_plugin_src.js

Afterwards it was applied fine.


Re: SUPEE-11219 Magento 1.9.1

I encountered the same problem when installing the patch, I copied the
original file js/tiny_mce/plugins/media/editor_plugin_src.js via FTP
proposed in the installation ZIP of my version and then reinstall the
patch, everything then happened good.

Re: SUPEE-11219 Magento 1.9.1

They posted a few more of the patch versions:


I still dont see - I asked on twitter, but no reply yet. Not sure whats going on. 


Can anybody on Magento team clarify if ever going to be uploaded?

Re: SUPEE-11219 Magento 1.9.1

I've just noticed that there's a patch available for download now: