Yesterday, Magento released SUPEE 10975 containing functional fixes multiple security enhancements to provide the security against remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities. This release also provides support for PHP 7.2. We recommend all the Magento 1.x version users to install Magento SUPEE 10975 to integrate security enhancements and protect Magento stores from potential threats.
The installation process for Magento SUPEE 10975:
Contact your hosting provider if you don’t know how to set up SSH. Download Magento SUPEE 10975 Patch files for your Magento Version from here.
Upload the patch into your Magento root directory and run the appropriate SSH command:
For .sh file extension:1sh patch_file_name.sh
For .patch file extension:1patch —p0 < patch_file_name.patch
For Linux OS or Ubuntu derived machines:
On Linux OS or Ubuntu derived machines, using sh will throw an error as sh is supposed to be used only with purely POSIX compliant scripts and Magento scripts are not 100% POSIX compliant. Instead, on Ubuntu and derived OSes such as Linux Mint, you should use1bash patch.sh
Note: After the command execution, refresh the admin cache under “System > Cache Management” to reflect the changes. It’s strongly recommended to test all the patches in a test environment before installing them in live.
Download the zip file for your Magento Version for the patch installation. You can also download these Pre Patched files from GitHub. After downloading the files, just upload it to your Magento root folder.
|Magento 22.214.171.124 – 126.96.36.199||SUPEE-10975-188.8.131.52-184.108.40.206|
|Magento 220.127.116.11 – 18.104.22.168||SUPEE-10975-22.214.171.124-126.96.36.199|
|Magento 188.8.131.52 – 184.108.40.206||SUPEE-10975-220.127.116.11-18.104.22.168|
How to check if Magento SUPEE 10975 has been installed correctly?
The best, quick and easiest method to check for the patches installed is using magereport.com.
Another way to check for the patches installed is, using SSH. Every installed patch can be found in your store content specifically logged in to app/etc/applied.patches.list.
So you can use the ‘grep’ command to access the list:
grep ‘|' app/etc/applied.patches.list
You’ll get output like this:
SUPEE-10975_CE_v22.214.171.124 | CE_126.96.36.199 | v1 | 7dfdae563272b93a8ac3469cbc62084b6b008b22 | Thu Nov 29 15:04:32 2018 +0200 | ce-188.8.131.52-dev
How to revert a patch if you are facing any issue?
Run the following SSH Command to revert your patch.
sh patch-file-name.sh -R
Do let me know if you stuck somewhere while installing Magento SUPEE 10975 and I would be happy to help to solve it. Don’t forget to comment down your Magento version along with issue to help you out quicker and better.
Be aware that #Magento 184.108.40.206 and SUPEE-10975 removes the ‘ccsave’ payment method (Stored CC), and disables the admin backup utility.
— Ryan Hoerr (@ryanhoerr) November 28, 2018
We highly recommend upgrading your Magento to the latest version Magento 220.127.116.11 which includes all the security patches including SUPEE 10975. If you need any help regarding Magento Version Upgrade, Checkout our Magento Upgrade Service.
We can also help you install Magento SUPEE 10975 professionally, visit our Magento Security Patches Installation Service.