Security patch SUPEE-10752 released for Magento CE 1.X
In an earlier post, we listed down all recently launched security patches for Magento CE 1.X . You can read that post here.
Magento has released yet another security patch (SUPEE-10752) on 27th June, 2018! It contains multiple security enhancements to close authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF) and some other issues and
holes. You can read more about it here.
This patch is applicable to all webshops developed on Magento CE versions lower than 1.9.3.9. It is advised that you get this patch implemented on your Magento CE 1.X webshops as soon as possible.
Note that installation of this latest security patch (SUPEE-10752) will give you conflict issues if you have installed version 1 of the previous security patch (SUPEE-10570). You can read more about SUPEE-10570 here. It is highly recommended that you first remove SUPEE-10570 v1 and then install SUPEE-10570 v2 on your webshop and only then attempt installation of SUPEE-10752.
If you need assistance with this security patch implementation on your Magento webshops then Hungersoft team can help you with that.
Our developers have been implementating security patches flawlessly for all our clients and projects. We follow standard protocol for implementing security patches on live sites.
We first research about the content of the patch and make a list of all Magento sections it affects.
Then we implement the patch on a staging copy of live site and check the frontend and admin area for any issues. If we come across any issue(s) then we try to fix them.
We install the patch on live site only when everything looks good on staging site. Even live site is tested for any issues on frontend or admin area after the patch is implemented. Live sites are then monitored for up-to a week.
Another option
is that you can upgrade your Magento CE 1.X webshop to Open source 1.9.3.9. It contains all advantages of the latest security patch.
Major reasons for upgrading to this latest version are:
- Unnecessary write operations on core_url_rewrite table are not performed by Magento.
- The issue of Customers getting unexpectedly logged out during checkout was fixed. Now your customers can log out successfully.
- Incorrect escaping in the cron.sh file was fixed, so it longer prevents cron jobs from running in parallel, which should be the case by default.
- Magento now cleans session data after a customer logs out from the site. This wasn't working perfectly in previous versions.
Feel free to contact Hungersoft for all your Magento security patch and update related queries and tasks.