How to Install Magento SUPEE 11155 [With or Without SSH]
Security is of the utmost importance when it comes to the Magento stores. Owing to this, today Magento released Magento SUPEE 11155 along with the Magento 1.9.4.2 version which provides resolution to multiple critical security issues and functional fixes. These security enhancements help secure your Magento stores from cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues.
We recommend all the Magento 1.x users to upgrade to the latest Magento 1.9.4.2 or install the patch Magento SUPEE 11155 to secure your Magento stores from potential threats.
With nearing of Magento 1 end of life, it is strongly recommended to migrate to the latest Magento 2.4.6 rather than installing Magento SUPEE-11155.
Fixed issues and enhancements:
- The error in Magento logging after installing SUPEE 11086 is fixed.
- Magento 1.14.4.0 and the PHP7.2 support patch now include the same files as expected. The previous version of the patch did not include the following three files, which were included in Magento 1.14.4.0. Magento 1.14.4.0: lib/phpseclib/PHP/Compat/Function/array_fill.php, lib/phpseclib/PHP/Compat/Function/bcpowmod.php, and lib/phpseclib/PHP/Compat/Function/str_split.php.
Known Issues:
Due to security enhancements, the following changes are noted in the Magento behavior:
- Cannot upload files with .swf extension to the WYSIWYG editor.
- Third-party checkout extensions and closed security cases will either not work securely or will not work at all.
- Improved Authorize.net Direct Post module to support the replacement of Authorize.net’s MD5-based hash with an (SHA-512) signature key.
- Inability to preview JavaScript in a newsletter template in the Admin.
- Sitemap names cannot exceed 32 characters.
Methods to Install Magento SUPEE 11155:
Each method in detail,
Contact your hosting provider for help with setting up SSH.
Download Magento SUPEE 11155 Patches files for your Magento Version from here.
Upload the patch into your Magento root directory and run the appropriate SSH command:
For .sh file extension:
|
1 |
sh patch_file_name.sh |
Example:
|
1 |
sh PATCH_SUPEE-11155_CE_1.9.4.0_v3-2019-06-18-08-34-01.sh |
For .patch file extension:
|
1 |
patch —p0 < patch_file_name.patch |
For Linux OS or Ubuntu derived machines:
On Linux OS or Ubuntu derived machines, using sh will throw an error as sh is supposed to be used only with purely POSIX compliant scripts and Magento scripts are not 100% POSIX compliant. Instead, on Ubuntu and derived OSes such as Linux Mint, you should use
|
1 |
bash patch.sh |
Note: Once executed the command, refresh the cache in the Admin under “System > Cache Management” so that the changes can be reflected. We strongly recommend that you test all patches in a test environment before taking them live.
Download the zip file for your Magento version. You can also download these PrePatched files from Github. Once you download these files, just upload it to your Magento root folder.
|
|
|||
|---|---|---|---|
| Magento version | SUPEE-11155 | ||
| Magento 1.9.4.1 | Click to Download | ||
| Magento 1.9.4.0 | Click to Download | ||
| Magento 1.9.3.10 | Click to Download | ||
| Magento 1.9.3.9 | Click to Download | ||
| Magento 1.9.3.8 | Click to Download | ||
| Magento 1.9.3.7 | Click to Download | ||
| Magento 1.9.3.6 | Click to Download | ||
| Magento 1.9.3.4 | Click to Download | ||
| Magento 1.9.3.3 | Click to Download | ||
| Magento 1.9.3.2 | Click to Download | ||
| Magento 1.9.3.1 | Click to Download | ||
| Magento 1.9.3.0 | Click to Download | ||
| Magento 1.9.2.4 | Click to Download | ||
| Magento 1.9.2.3 | Click to Download | ||
| Magento 1.9.2.2 | Click to Download | ||
| Magento 1.9.2.1 | Click to Download | ||
| Magento 1.9.2.0 | Click to Download | ||
| Magento 1.9.1.1 | Click to Download | ||
| Magento 1.9.1.0 | Click to Download | ||
| Magento 1.9.0.1 | Click to Download | ||
| Magento 1.9.0.0 | Click to Download | ||
| Magento 1.8.1.0 | Click to Download | ||
| Magento 1.8.0.0 | Click to Download | ||
| Magento 1.7.0.2 | Click to Download | ||
How to check if Magento SUPEE 11155 has been installed correctly?
Check if the steps to install Magento SUPEE 11155 has been implemented correctly or not using magereport.com
Another way to check for the patches installed is, using SSH. Every installed patch can be found in your store content specifically logged in to app/etc/applied.patches.list.
So you can use the ‘grep’ command to access the list:
|
1 |
grep ‘|' app/etc/applied.patches.list |
You’ll get output like this:
|
1 |
SUPEE-11155_CE_v1.9.4.0 | CE_1.9.4.0 | v3 | a7bbf3ed17e3cf723cbc5e01720856190d22c71b | Wen Jun 26 04:41:14 2019 +0300 | ce-1.9.4.0-dev |
How to revert a patch if you are facing any issue?
Run the following SSH Command to revert your patch.
|
1 |
sh patch-file-name.sh -R |
For both the above methods, if you face any difficulties in the Magento SUPEE patch installation, feel free to post them in the Comments section below. I’ll help you out. Don’t forget to comment down your Magento version along with issue to help you out quicker and better.
Follow Magento StackExchange to find the possible issues related to Magento SUPEE 11155 and their solutions.
Moreover, you may face an issue like:
|
1 2 3 |
checking file js/tiny_mce/plugins/media/js/media.js Hunk #1 FAILED at 483 (different line endings). 1 out of 1 hunk FAILED |
It is probably due to Git replacing Windows line endings (\r\n) with the widely used (\n).
Tiny MCE media.js file uses Windows line endings and the patch expects it to be like this. However, often Git systems are configured to convert line endings and thus the patch installation fails.
The solution to this issue is to use vim.
Open patch file with vim and find the diff used to update media.js.
To do it type:
|
1 |
/media.js |
Once there enter:
|
1 |
:set list |
This command enables the displaying of whitespace characters. You see that the media.js rows in patch file end with ^M (Carriage Return). Remove those, save and run the patch again. It will resolve the error.
Note: Previously, I had given the solution to Magento Logging Failed After Installing SUPEE 11086 Patch. Now, with the installation of Magento SUPEE 11155, you do not need to apply that solution, as the patch comes with this fix itself.
Also, no need to update Authorize.Net direct post from MD5 to SHA-512 in Magento with Magento SUPEE 11155 installation!
We highly recommend upgrading your Magento to the latest version Magento 1.9.4.5 which includes all the security patches including SUPEE 11155. If you need any help regarding Magento Version Upgrade, Checkout our Magento Upgrade Service.
We can also help you install Magento SUPEE 11155 professionally, visit our Magento Security Patches Installation Service.
With nearing of Magento 1 end of life, we recommend you to migrate your older Magento 1.x stores to the latest Magento 2.3.2 version and enjoy the latest features such as Page Builder, PWA Studio, and much more. If you are not much a Magento 2 guy, have a look at our Magento 2 Migration Service to get our professional help in the Magento 1 to Magento 2 migration.
Related Blogs:
Keep the security of your Magento store updated to the highest level using our Magento Security Patches Installation Service.
![How to Install Magento SUPEE 11155 [With or Without SSH]](png/sanjay-jethva.png){kind=avatar}
23 Comments
Hi Sanjay,
Thank you for uploading the patch for 1.9.3.10.
We are currently undergoing PC DSS checks on our magento store and need to prove that this patch has been installed. Do you know of any method we can prove this when installing without SSH?
Hi Dan,
Please check the applied patch status at https://www.magereport.com/
Hi,
Thank you for your speedy reply.
You can see the patch for 1.9.3.10 in your screenshot. It is at the bottom under 1.9.4.1
Oops! My bad
Thank you for drawing my attention.
I have added the patch file in the post 🙂
Hi, I can see that magento have released the patch for 1.9.3.10 for SSH. When do you expect it to be available for without SSH? Thanks.
Hello,
I checked and still the patch for 1.9.3.10 is not available.
https://drops.meetanshi.com/3wysAD
Magento has not released it.
Please give the screenshot where you saw that Magento has released the patch for 1.9.3.10.
Thanks
Version 4 of the patch SUPEE-11155 was released 3 days ago (July 31) for 1.9.4.1 users with PHP 7.2
Is it possible to replace the patch you have on GitHub with the new version 4 patch? Thanks!
OK, we know that Magento has not released the patch for the version Magento 1.9.3.10.
But, can you help us? What PATCH can be applyied in this case if I have a Magento 1.9.3.10? (VIA FTP)
Have one that can be aplyied?
OK, but what the best option in the list that you’ve posted?
Best option for what?
Do you mean between SSH or Pre-Patched files?
If you are familiar with SSH, I recommend going with SSH.
Our version is 1.9.3.6 but couldn’t apply PATCH supee-11155
Are you trying to install the patch using .sh file? If yes, make sure you have applied previous patches and there is no file error.
And what patch in this list we can apply for magento 1.9.3.10 ?
Magento has not released the patch for the version Magento 1.9.3.10
https://drops.meetanshi.com/i/U3zIzN
NB in your 1.9.3.4 download version – there are 2 app directories (one with a leading space). NB thanks for all these patch files
Thank you for pointing out my mistake. I have resolved it in the blog.
thanks so much !
Please, give me the package for magento 1.7.0.2 without SSH
I have added the package for you in the blog. Please download it and secure your Magento store.
Is there also a package without ssh for 1.8.1.0?
Thanks
Yes, I have added it in the blog. Please download it for your Magento 1.8.1.0
Please, give me the package for magento 1.9.3.10 without SSH
Magento has not released the patch for the version Magento 1.9.3.10
https://drops.meetanshi.com/CXRO8j