March 28, 2018: Magento was recently informed about an issue with both patch SUPEE-10570 and Magento versions 220.127.116.11/18.104.22.168 that could result in the inability of customers to complete checkout when trying to register during checkout. Magento is now providing an updated patch (SUPEE-10570 v2) that no longer causes this issue. Note, however, that this new patch no longer protects against two low risk session handling-related security issues that patch SUPEE-10570 protected against.
If you have not yet applied SUPEE-10570v1, do not apply it, but instead patch your store with SUPEE-10570v2. If you have already applied SUPEE-10570v1, please first uninstall SUPEE-10570v1, then install SUPEE-10570v2. All stores should be patched with SUPEE-10570v2 as Magento will use this patch as a base for future patch versions. (Source)
Magento released SUPEE-10570 which contains multiple security enhancements that help close remote code execution (RCE), cross-site scripting(XSS), and other issues. Immediately install SUPEE-10570 in your Magento store to safeguard it from potential vulnerabilities.
Installation process for SUPEE 10570:
If you don’t know how to set up SSH, contact your hosting provider. Download SUPEE 10570 Patches files for your Magento Version from here.
Upload the patch into your Magento root directory and run the appropriate SSH command:
For .sh file extension:
patch —p0 < patch_file_name.patch
On Linux OS or Ubuntu derived machines, using sh will throw an error as sh is supposed to be used only with purely POSIX compliant scripts and Magento scripts are not 100% POSIX compliant. Instead, on Ubuntu and derived OSes such as Linux Mint, you should use
Note: Once execute the command, refresh the cache in the Admin under “System > Cache Management” so that the changes can be reflected. We strongly recommend that you test all patches in a test environment before taking them live.
Download the zip file for your Magento Version for the patch installation. You can also download these Pre Patched files from GitHub. After downloading the files, just upload it to your Magento root folder.
|Magento version||SUPEE-10570 v2|
Possible Issues You might face while Installing Magento SUPEE-10570:
If the patch fails to apply while patching lib/Zend/Mail/Transport/Sendmail.php, it might mean your Magento installation was previously patched with SUPEE-9652v1 instead of SUPEE-9652v2. The recommended solution is to revert patch SUPEE-9652v1 and apply SUPEE-9652v2 before applying SUPEE-10570. (source: SUPEE 10570 | Magento)
How to check if Magento SUPEE-10570 has been installed correctly?
The easiest method to check for the patches installed is using magereport.com. However, SUPEE 10570 can’t be detected from front-end so using magereport.com won’t be much useful in this case.
Another way to check for the patches installed is, using SSH. Every installed patch can be found in your store content specifically logged in to app/etc/applied.patches.list.
So you can use the ‘grep’ command to access the list:
grep ‘|' app/etc/applied.patches.list
You’ll get output like this:
2018-03-05 09:05:20 UTC | SUPEE-10570_CE_v22.214.171.124 | CE_126.96.36.199 | v1 | 8529a92f3507cedd5bdc645c853c348fd3a107a6 | Wed Feb 7 18:53:10 2018 +0200 | ce-188.8.131.52-dev
Run the following SSH Command to revert your patch.
sh patch-file-name.sh -R
Do let us know via Comments if you are facing any other error while installing SUPEE-10570. We will help you out fixing them. Mention the Magento Version you are using while installing the SUPEE 10570 so that we can help you better and faster.
We recommend upgrading to Magento version 184.108.40.206 which includes all the security patches including SUPEE 10570. If you need any help regarding Magento version Upgrade, Checkout our Magento Upgrade Service.
We can also help you install SUPEE 10570 professionally, visit: Magento Security Patches Installation Service
Get Weekly Updates
Never miss Magento tips, tricks, tutorials, and news.
Thank you for subscribing.
Something went wrong.