How to Install Magento SUPEE 10570 V2 With or Without SSH
March 28, 2018: Magento was recently informed about an issue with both patch SUPEE-10570 and Magento versions 1.9.3.8/1.14.3.8 that could result in the inability of customers to complete checkout when trying to register during checkout. Magento is now providing an updated patch (SUPEE-10570 v2) that no longer causes this issue. Note, however, that this new patch no longer protects against two low risk session handling-related security issues that patch SUPEE-10570 protected against.
If you have not yet applied SUPEE-10570v1, do not apply it, but instead patch your store with SUPEE-10570v2. If you have already applied SUPEE-10570v1, please first uninstall SUPEE-10570v1, then install SUPEE-10570v2. All stores should be patched with SUPEE-10570v2 as Magento will use this patch as a base for future patch versions. (Source)
Magento released SUPEE-10570 which contains multiple security enhancements that help close remote code execution (RCE), cross-site scripting(XSS), and other issues. Immediately install SUPEE-10570 in your Magento store to safeguard it from potential vulnerabilities.
With nearing of Magento 1 end of life, it is strongly recommended to migrate to the latest Magento 2.4.6 rather than installing Magento SUPEE-10570.
Installation process for SUPEE 10570:
Normally, there are 2 ways to install Magento Supee patches: with SSH or without SSH. , Here I’ve come up with both the methods to ease your knowledge.
1. Install SUPEE 10570 using SSH:
If you don’t know how to set up SSH, contact your hosting provider. Download SUPEE 10570 Patches files for your Magento Version from here.
Upload the patch into your Magento root directory and run the appropriate SSH command:
For .sh file extension:
|
1 |
sh patch_file_name.sh |
|
1 |
sh PATCH_SUPEE-10570_CE_v1.9.3.2-1.9.3.7_v1-2018-02-23-06-01-40.sh |
|
1 |
patch —p0 < patch_file_name.patch |
On Linux OS or Ubuntu derived machines, using sh will throw an error as sh is supposed to be used only with purely POSIX compliant scripts and Magento scripts are not 100% POSIX compliant. Instead, on Ubuntu and derived OSes such as Linux Mint, you should use
|
1 |
bash patch.sh |
Note: Once execute the command, refresh the cache in the Admin under “System > Cache Management” so that the changes can be reflected. We strongly recommend that you test all patches in a test environment before taking them live.
2. Install SUPEE 10570 with PrePatched Files [without SSH method]:
Download the zip file for your Magento Version for the patch installation. You can also download these Pre Patched files from GitHub. After downloading the files, just upload it to your Magento root folder.
|
|
|
|---|---|
| Magento version | SUPEE-10570 v2 |
| Magento 1.9.3.8 | SUPEE-10570v2-1.9.3.8 |
| Magento 1.9.3.7 | SUPEE-10570v2-1.9.3.7 |
| Magento 1.9.3.1 | SUPEE-10570v2-1.9.3.1 |
| Magento 1.9.2.4 | SUPEE-10570v2-1.9.2.4 |
| Magento 1.9.2.3 | SUPEE-10570v2-1.9.2.3 |
| Magento 1.9.2.2 | SUPEE-10570v2-1.9.2.2 |
| Magento 1.9.1.1 | SUPEE-10570v2-1.9.1.1 |
| Magento 1.9.0.1 | SUPEE-10570v2-1.9.0.1 |
| Magento 1.8.0.0 | SUPEE-10570v2-1.8.0.0 |
| Magento 1.7.0.2 | SUPEE-10570v2-1.7.0.2 |
| Magento 1.7.0.0 | SUPEE-10570v2-1.7.0.0 |
| Magento 1.6.2.0 | SUPEE-10570v2-1.6.2.0 |
| Magento 1.6.0.0 | SUPEE-10570v2-1.6.0.0 |
| Magento 1.5.1.0 | SUPEE-10570v2-1.5.1.0 |
| Magento 1.5.0.1 | SUPEE-10570v2-1.5.0.1 |
Possible Issues You might face while Installing Magento SUPEE-10570:
-
If the patch fails to apply while patching lib/Zend/Mail/Transport/Sendmail.php, it might mean your Magento installation was previously patched with SUPEE-9652v1 instead of SUPEE-9652v2. The recommended solution is to revert patch SUPEE-9652v1 and apply SUPEE-9652v2 before applying SUPEE-10570. (source: SUPEE 10570 | Magento)
How to check if Magento SUPEE-10570 has been installed correctly?
The easiest method to check for the patches installed is using magereport.com. However, SUPEE 10570 can’t be detected from front-end so using magereport.com won’t be much useful in this case.
Another way to check for the patches installed is, using SSH. Every installed patch can be found in your store content specifically logged in to app/etc/applied.patches.list.
So you can use the ‘grep’ command to access the list:
|
1 |
grep ‘|' app/etc/applied.patches.list |
You’ll get output like this:
|
1 |
2018-03-05 09:05:20 UTC | SUPEE-10570_CE_v1.9.3.7 | CE_1.9.3.7 | v1 | 8529a92f3507cedd5bdc645c853c348fd3a107a6 | Wed Feb 7 18:53:10 2018 +0200 | ce-1.9.3.7-dev |
Run the following SSH Command to revert your patch.
|
1 |
sh patch-file-name.sh -R |
Do let us know via Comments if you are facing any other error while installing SUPEE-10570. We will help you out fixing them. Mention the Magento Version you are using while installing the SUPEE 10570 so that we can help you better and faster.
We recommend upgrading to Magento version 1.9.3.8 which includes all the security patches including SUPEE 10570. If you need any help regarding Magento version Upgrade, Checkout our Magento Upgrade Service.
We can also help you install SUPEE 10570 professionally, visit: Magento Security Patches Installation Service
Keep the security of your Magento store updated to the highest level using our Magento Security Patches Installation Service.
38 Comments
Hello, for magento 1.9.1.0 can i use SUPEE-10570 v2 for 1.9.1.1?
Thank you very much
Hi Ivan,
Yes, you can.
There is an error in app\code\core\Mage\Downloadable\sql\downloadable_setup\upgrade-1.6.0.0.2.1.1-1.6.0.0.2.1.2.php of SUPEE-10570v2-1.9.2.2
Line 29 is:
connection = $installer->getConnection();
must be:
$connection = $installer->getConnection();
You are right. Thank you for pointing that out. We’ve fixed it.
I have to install the 10570 patch on Magento 1.7.0.2. Do I have to install other patches first? If yes, which ones? If I install the patch without ssh, will the “applied.patches.list” file be generated? Thanks
Hi Carlo,
I recommend installing patch SUPEE-9652v2 before installing 10570v2. If you missed installing earlier patches, here’s the list of patches which should be installed for your Magento version.
No, applied.patches.list won’t get recorded if you have installed patches without SSH.
Thanks, Is there a list of downloads of all the patches I need on your site?
Yes, we do. Click Here to get the list of the patches we have covered. You can also download the Pre-Patched files from Github.
Thanks again. In these Pre-Patched files, these patches are missing: APPSEC-212 and SUPEE-10415. Can I find them on the site?
We do have SUPEE-10415 but not APPSEC-212.
Last question. If I do not install the APPSEC-212 patch, which is the first one, I can not proceed with the others patches, right?
No, you can install other patches without installing APPSEC-212. Others are not dependable on this patch. If any patch is dependable, Magento mentions when they release.
I have activated teh patch SUPEE-10570 without SSH using ftp.
Then cleared the cache. But still shows the aert message.
How fix it?
Hi Rupam,
The Alert doesn’t check if the patch has been installed or now. You have to remove the message if you doesn’t want it to show every time you login into your admin.
Hello,
for magento 1.9.0.1 I must use patch for magento 1.9.1.0 or 1.8.1.0 ?
Thanks
Hi,
Here’s the PrePatch file for CE 1.9.0.1
You’ll also able to download the same from our Github repo as well.
if Patch applied via files without ssh access. but we have ssh access also then how we can verify patch
You can use this extension to know the patches installed in your Magento.
Have a nice day
Please, you can PATCH 10570 without SSH, for version 1.9.2.1
Will it be available?
Thank you very much.
Best regards.
Ivan
Hey Ivan, we have uploaded the patch for 1.9.2.2. Don’t forget to take a look at the Note we have added on the top of the article. If you face such issue, revert back the patch as mentioned. Magento Guys are working to find a solution for this. ?
Hi, Friend
Very, very Thanks.
Sorry for My English.
I looked at Patch, possible issues.
I’ll wait for Magento to update Patch 10570.
If not, I will try this version.
If there are any errors, I will try to fix them.
https://magento.stackexchange.com/questions/215292/security-patch-supee-10570-possible-issues?noredirect=1&lq=1
I want to thank you for your willingness.
I really appreciate it.
Best Regards.
Ivan Fencl
Hi Ivan,
SUPEE 10570 V2 has been launched. So you can patch your store now.
Thanks,
Hello, at the top of this article you suggest to not patch due to many bugs. You still suggest to wait? Thank you very much
Yes Evan, as per the tweet by Piotr Kaminski – https://twitter.com/piotrekkaminski/status/973242175000596481, you should wait for a day or two for the hotfix. We will also update the blog once the hotfix is released, stay tuned for updates..
Thank you very much
What about 1.9.2.2 my dear?
Hey Kasi, we have uploaded the patch for 1.9.2.2, you can now download and install in your Magento. 🙂
Cant thank you enough 🙂
for 1.9.2.3 + 1.9.1.0 ?
Here you go. PrePatched Files for 1.9.1.0 & 1.9.2.3
I’ve also updated the PrePatched Files section.
1.9.2.3 is no more ? can you upload again
CE-1.9.2.3 is uploaded now. Please check. Make sure you uninstall V1 before installing V2 version of this patch.
My magento version is ver. 1.9.1.0.
I installed PATCH_SUPEE-10570_CE_v1.9.1.1_v1-2018-02-28-04-54-16 success.
but get 500 error when add to cart and no error in php_error_log or error_log file.
can someone help me, thanks.
Install all the previous patches and try again.
after apply patch it shows error like Fatal error: Call to undefined method Mage_Log_Helper_Data::isLogFileExtensionValid() in \app\Mage.php on line 811
Which Magento Version are you using?
Make sure you have applied SUPEE 10415 prior installing SUPEE 10570.
Actually i am using magneto 1.8.1.0 , yes i have not applied SUPEE 10415 , i did not find patch SUPEE 10415 witout SSH command zip.
please suggest me for my magneto version 1.8.1.0 patch SUPEE 10415 witout SSH command zip.
You can download the PrePatched file for Magento 1.8.10 from here. You can also find it on our blog post: How to Install Magento SUPEE 10415 With or Without SSH