Magento keeps releasing security patches on regular intervals to keep your Magento stores safe against vulnerability and threats. Owing to this, today Magento released Magento SUPEE 11219 along with the Magento 1.9.4.3 version which provides resolution to multiple critical security issues. These security enhancements help secure your Magento stores from remote code execution, cross-site scripting, cross-site request forgery, and other vulnerabilities.
We recommend all the Magento 1.x users to upgrade to the latest Magento 1.9.4.5 or install the patch Magento security patch 11219 to secure your Magento stores from potential threats.
Issues Fixed:
- Remote code execution via file upload in admin import feature
- Remote code execution via crafted support configuration modification
- Remote code execution via product layout update
- Insufficient logging and monitoring of configuration changes
- Cross-Site Scripting via WYSIWYG editor
- Sensitive information available in HTTP requests
Methods to Install Magento SUPEE 11219:
- Using SSH
- Without using SSH
Each method in detail,
Method 1: Install Magento SUPEE 11219 with SSH
Contact your hosting provider for help with setting up SSH.
Download Magento SUPEE 11219 Patches files for your Magento Version from here.
Upload the patch into your Magento root directory and run the appropriate SSH command:
For .sh file extension:
sh patch_file_name.shExample:
sh PATCH_SUPEE-11219_CE_1.9.4.1_v4-2019-10-08-04-30-12.sh
For .patch file extension:
patch —p0 < patch_file_name.patch
For Linux OS or Ubuntu derived machines:
On Linux OS or Ubuntu derived machines, using sh will throw an error as sh is supposed to be used only with purely POSIX compliant scripts and Magento scripts are not 100% POSIX compliant. Instead, on Ubuntu and derived OSes such as Linux Mint, you should use
bash patch.shNote: Once executed the command, refresh the cache in the Admin under “System > Cache Management” so that the changes can be reflected. We strongly recommend that you test all patches in a test environment before taking them live.
Method 2: Install Magento SUPEE 11219 without SSH
Download the zip file for your Magento version. You can also download these PrePatched files from Github. Once you download these files, just upload it to your Magento root folder.
| Magento version | SUPEE 11219 |
|---|---|
| Magento 1.9.4.1 | Download CE-1.9.4.1 |
| Magento 1.9.4.0 | Download CE-1.9.4.0 |
| Magento 1.9.3.10 | Download CE-1.9.3.10 |
| Magento 1.9.3.9 | Download CE-1.9.3.9 |
| Magento 1.9.3.8 | Download CE-1.9.3.8 |
| Magento 1.9.3.7 | Download CE-1.9.3.7 |
| Magento 1.9.3.6 | Download CE-1.9.3.6 |
| Magento 1.9.3.4 – Magento 1.9.3.5 | Download CE-1.9.3.4 – CE-1.9.3.5 |
| Magento 1.9.3.3 | Download CE-1.9.3.3 |
| Magento 1.9.3.2 | Download CE-1.9.3.2 |
| Magento 1.9.3.1 | Download CE-1.9.3.1 |
| Magento 1.9.3.0 | Download CE-1.9.3.0 |
| Magento 1.9.2.4 | Download CE-1.9.2.4 |
| Magento 1.9.2.3 | Download CE-1.9.2.3 |
| Magento 1.9.2.2 | Download CE-1.9.2.2 |
| Magento 1.9.2.1 | Download CE-1.9.2.1 |
| Magento 1.9.2.0 | Download CE-1.9.2.0 |
| Magento 1.9.1.1 | Download CE-1.9.1.1 |
| Magento 1.9.1.0 | Download CE-1.9.1.0 |
| Magento 1.9.0.1 | Download CE-1.9.0.1 |
| Magento 1.9.0.0 | Download CE-1.9.0.0 |
| Magento 1.7.0.2 | Download CE-1.7.0.2 |
How to check if Magento SUPEE 11219 has been installed correctly?
Check if the steps to install Magento SUPEE 11219 has been implemented correctly or not using magereport.com
Another way to check for the patches installed is, using SSH. Every installed patch can be found in your store content specifically logged in to app/etc/applied.patches.list.
So you can use the ‘grep’ command to access the list:
grep ‘|' app/etc/applied.patches.listYou’ll get output like this:
SUPEE-11219_CE_1.9.4.1 | CE_1.9.4.1 | v4 | a7bbf3ed17e3cf723cbc5e01720856190d22c71b | Wen Oct 09 10:21:14 2019 +0300 | ce-1.9.4.1-devHow to revert a patch if you are facing any issue?
Run the following SSH Command to revert your patch.
sh patch-file-name.sh -RFollow Magento Stack Exchange to find the possible issues related to Magento SUPEE 11219 and their solutions.
We highly recommend upgrading your Magento to the latest version Magento 1.9.4.5 which includes all the security patches including SUPEE 11219. If you need any help regarding Magento Version Upgrade, Checkout our Magento Upgrade Service.
We can also help you install Magento SUPEE 11219 professionally, visit our Magento Security Patches Installation Service.
With the nearing of Magento 1 end of life, we recommend you to migrate your older Magento 1.x stores to the latest Magento 2.4.8 version and enjoy the latest features such as Page Builder, PWA Studio, and much more. If you are not much a Magento 2 guy, have a look at our Magento 2 Migration Service to get our professional help in the Magento 1 to Magento 2 migration.
