SECURITY PATCH SUPEE-10975 RELEASED FOR MAGENTO CE 1.X
It is very important to keep your Magento webshop updated with all latest security patches. Not doing so can make your webshop vulnerable to attacks and leaks.
Magento has released a new security patch (SUPEE-10975) on 28th November, 2018! This new security patch contains some security enhancements that can help you close vulnerabilities like remote code execution (RCE), cross-site request forgery (CSRF) and cross-site scripting (XSS). It also adds some more security enhancements to the CE build. You can read more about it here.
This patch is applicable to all webshops developed on Magento CE versions lower than 184.108.40.206. We recommend that you get this patch implemented on your Magento CE 1.X webshop(s) right away.
Hungersoft team can help you with implementing this latest security patch on your Magento webshop at nominal costs.
We have an extensive experience in implementing security patches flawlessly and we follow standard protocol for implementing security patches on live sites.
We first analyze the security patch and check all Magento sections that is going to affect.
Once we know all about the patch, we implement the patch on a staging copy (as recommended even by Magento) and test the site for any issues. If we come across any issue(s) then we try to fix them. If we do not find any issue on staging site then we move on to implementing the patch on live site. The live site is also tested for any new issues and then we monitor it for days to be sure that everything is working correctly on frontend and backend.
You can also upgrade your Magento CE 1.X webshop to Open source 220.127.116.11 to get all advantages of the latest security patch SUPEE-10975.
Major reasons for upgrading to this latest version are:
1. Magento OS 18.104.22.168 supports PHP 7.2
2. We’ve removed the CC module was remove so third-party extensions and themes that depend upon either the ccsave method or the xmlconnect method will not work correctly.
3. The Continue button on checkout page for PayPal payment method was fixed
4. Sales information logging in GA via GTM was fixed
5. The product export CSV file now contains columns for super attributes.
6. Fix added for the error message: `Notice: Undefined variable: freePackageValue in /var/www/dev/htdocs/app/code/core/Mage/Shipping/Model/Carrier/Tablerate.php on line 130`. This used to be displayed when a customer accesses their shopping cart which was emptied automatically due to time-out.
7. Fix was added for display of updates product price when selecting a configurable product’s swatch on PLP.
8. Fix was added for the error where customers could not add a grouped product to their shopping cart when category permissions were enabled.
9. Fix added for indexing locking mechanism that used to cause exception after completing indexing.
10. Fixes added to sales tax mechanism for orders to US
...and some more fixes and improvements.
Feel free to contact Hungersoft for all your Magento security patch and update related queries and tasks.