How to Patch the Magento Zend Platform Vulnerability

created July 12, 2012, last updated July 12, 2012.

.
closeThis post was last updated 11 years 8 months 9 days ago, some of the information contained here may no longer be actual and any referenced software versions may have been updated!

Magento announced a new Zend Platform vulnerability on July 5th 2012.

To patch the vulnerability from the command line simply use the patch command as show below, replacing the url to the Magento patch file with the appropriate link to the patch for your Magento version. More info and direct links to already patched files here.

If you are using a pre 1.4 version of Magento, i.e. v1.3.3 then follow the workaround option detailed in the Magento announcement to disable the XMLRPC index method in app/code/core/Mage/Api/controllers/XmlrpcController.php –  “any integrations that rely on the XMLRPC API functionality will no longer work after this workaround is implemented.”

 

me@www:/home/www/dev/magento# wget -qO - http://www.magentocommerce.com/downloads/assets/1.7.0.2/CE_1.5.0.0-1.7.0.1.patch | patch -p0
patching file lib/Zend/XmlRpc/Response.php
patching file lib/Zend/XmlRpc/Request.php

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.