Security is of the utmost importance when it comes to Magento store. Owing to this, today Magento released Magento SUPEE 11155 along with the Magento 184.108.40.206 version which provides resolution to multiple critical security issues and functional fixes. These security enhancements help secure your Magento stores from cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues.
We recommend all the Magento 1.x users to upgrade to the latest Magento 220.127.116.11 or install the patch Magento SUPEE 11155 to secure your Magento stores from potential threats.
Fixed issues and enhancements:
- The error in Magento logging after installing SUPEE 11086 is fixed.
- Magento 18.104.22.168 and the PHP7.2 support patch now include the same files as expected. The previous version of the patch did not include the following three files, which were included in Magento 22.214.171.124. Magento 126.96.36.199: lib/phpseclib/PHP/Compat/Function/array_fill.php, lib/phpseclib/PHP/Compat/Function/bcpowmod.php, and lib/phpseclib/PHP/Compat/Function/str_split.php.
Due to security enhancements, the following changes are noted in the Magento behavior:
- Cannot upload files with .swf extension to the WYSIWYG editor.
- Third-party checkout extensions and closed security cases will either not work securely or will not work at all.
- Improved Authorize.net Direct Post module to support the replacement of Authorize.net’s MD5-based hash with an (SHA-512) signature key.
- Sitemap names cannot exceed 32 characters.
Methods to Install Magento SUPEE 11155:
Each method in detail,
Contact your hosting provider for help with setting up SSH.
Download Magento SUPEE 11155 Patches files for your Magento Version from here.
Upload the patch into your Magento root directory and run the appropriate SSH command:
For .sh file extension:
For .patch file extension:
patch —p0 < patch_file_name.patch
For Linux OS or Ubuntu derived machines:
On Linux OS or Ubuntu derived machines, using sh will throw an error as sh is supposed to be used only with purely POSIX compliant scripts and Magento scripts are not 100% POSIX compliant. Instead, on Ubuntu and derived OSes such as Linux Mint, you should use
Note: Once executed the command, refresh the cache in the Admin under “System > Cache Management” so that the changes can be reflected. We strongly recommend that you test all patches in a test environment before taking them live.
Download the zip file for your Magento version. You can also download these PrePatched files from Github. Once you download these files, just upload it to your Magento root folder.
|Magento 188.8.131.52||Click to Download|
|Magento 184.108.40.206||Click to Download|
|Magento 220.127.116.11||Click to Download|
|Magento 18.104.22.168||Click to Download|
|Magento 22.214.171.124||Click to Download|
|Magento 126.96.36.199||Click to Download|
|Magento 188.8.131.52||Click to Download|
|Magento 184.108.40.206||Click to Download|
|Magento 220.127.116.11||Click to Download|
|Magento 18.104.22.168||Click to Download|
|Magento 22.214.171.124||Click to Download|
|Magento 126.96.36.199||Click to Download|
|Magento 188.8.131.52||Click to Download|
|Magento 184.108.40.206||Click to Download|
|Magento 220.127.116.11||Click to Download|
|Magento 18.104.22.168||Click to Download|
|Magento 22.214.171.124||Click to Download|
|Magento 126.96.36.199||Click to Download|
|Magento 188.8.131.52||Click to Download|
|Magento 184.108.40.206||Click to Download|
|Magento 220.127.116.11||Click to Download|
|Magento 18.104.22.168||Click to Download|
|Magento 22.214.171.124||Click to Download|
How to check if Magento SUPEE 11155 has been installed correctly?
Check if the steps to install Magento SUPEE 11155 has been implemented correctly or not using magereport.com
Another way to check for the patches installed is, using SSH. Every installed patch can be found in your store content specifically logged in to app/etc/applied.patches.list.
So you can use the ‘grep’ command to access the list:
grep ‘|' app/etc/applied.patches.list
You’ll get output like this:
SUPEE-11155_CE_v126.96.36.199 | CE_188.8.131.52 | v3 | a7bbf3ed17e3cf723cbc5e01720856190d22c71b | Wen Jun 26 04:41:14 2019 +0300 | ce-184.108.40.206-dev
How to revert a patch if you are facing any issue?
Run the following SSH Command to revert your patch.
sh patch-file-name.sh -R
For both the above methods, if you face any difficulties in the Magento SUPEE patch installation, feel free to post them in the Comments section below. I’ll help you out. Don’t forget to comment down your Magento version along with issue to help you out quicker and better.
Follow Magento StackExchange to find the possible issues related to Magento SUPEE 11155 and their solutions.
Moreover, you may face an issue like:
checking file js/tiny_mce/plugins/media/js/media.js
Hunk #1 FAILED at 483 (different line endings).
1 out of 1 hunk FAILED
It is probably due to Git replacing Windows line endings (\r\n) with the widely used (\n).
Tiny MCE media.js file uses Windows line endings and the patch expects it to be like this. However, often Git systems are configured to convert line endings and thus the patch installation fails.
The solution to this issue is to use vim.
Open patch file with vim and find the diff used to update media.js.
To do it type:
Once there enter:
This command enables the displaying of whitespace characters. You see that the media.js rows in patch file end with ^M (Carriage Return). Remove those, save and run the patch again. It will resolve the error.
Note: Previously, I had given the solution to Magento Logging Failed After Installing SUPEE 11086 Patch. Now, with the installation of Magento SUPEE 11155, you do not need to apply that solution, as the patch comes with this fix itself.
Also, no need to update Authorize.Net direct post from MD5 to SHA-512 in Magento with Magento SUPEE 11155 installation!
We highly recommend upgrading your Magento to the latest version Magento 220.127.116.11 which includes all the security patches including SUPEE 11155. If you need any help regarding Magento Version Upgrade, Checkout our Magento Upgrade Service.
We can also help you install Magento SUPEE 11155 professionally, visit our Magento Security Patches Installation Service.
With nearing of Magento 1 end of life, we recommend you to migrate your older Magento 1.x stores to the latest Magento 2.3.2 version and enjoy the latest features such as Page Builder, PWA Studio, and much more. If you are not much a Magento 2 guy, have a look at our Magento 2 Migration Service to get our professional help in the Magento 1 to Magento 2 migration.