Faʻafefea ona faʻapipiʻi le Magento 2 Security Patch PRODSECBUG-2198

O le 26 Mati 2019, Magento ua tuʻuina atu le patch security PRODSECBUG-2198 mo le faʻapipiʻiina o se faʻaletonu o SQL. Talu ai ona o lenei tulaga vaivai, e mafai e se tagata e le faʻamaonia ona faʻatino le faʻailoga SQL, faʻatasi ai ma le ono le maua o faʻamatalaga maaleale. Matou te fautuaina malosi oe ia e faʻapipiʻiina nei pateni atoatoa i se taimi vave e mafai ai.

• Faamatalaga PRODSECBUG-2198
• CVSSv3 Faʻamalosi: 9 (Faʻatau)
• Manuaga iloga: leai
• Faʻamatalaga: e mafai e se tagata e le faʻamaonia ona faʻatino se tulafono faʻamaonia e ala i se faʻafitauli vaivai SQL, lea e mafua ai le leiloa o faʻamatalaga maaleale.
• Mea na aʻafia ai: Magento Open Source pre-1.9.4.1 ma Magento Commerce i luma o le 1.14.4.1, Magento 2.1 ao leʻi oʻo i le 2.1.17, Magento 2.2 ao leʻi oʻo i le 2.2.8, Magento 2.3 ao lei oʻo i le 2.3.1
• Faʻamau i: Magento Open Source 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.1.17, Magento 2.2.8, Magento 2.3.1
• Le tusitala: faʻamaonia

Atonu foi e te manao i ai: Faʻataʻitaʻiga taʻiala i le puleaina o mea e lua i Magento

Ina ia faʻapipiʻi le patipatu PRODSECBUG-2198, faigofie ona faʻasolo i le 6 mea nei:

• Faʻasolosolo o lau pisinisi e Magento-based ecommerce: O se laasaga poto e toe faʻaleleia ai le Magento Faleoloa aʻo leʻi faʻaaogaina soʻo se pusa malupuipuia aua o lau faleoloa atonu ei ai ni feteʻenaʻiga ma faila Patch;
• Faʻapipiʻi le patch mai le nofoaga o Magento: Talia le patch PRODSECBUG-2198 mai o, filifilia le saʻo saʻo o lau faleoloa Magento ma lafoina i lau faila laupepa Magento.
• Faaaoga le patch: Avanoa i le server e ala i le shell (ssh) ma ulu i le lisi o le aʻa. Taumafai le poloaiga lenei:

• • igoa Patch

• Faʻamalamalama lau Magento Cache: Matou te fautuaina le faʻamamaina o le Magento o loʻo i lalo o le faʻaogaina o le patch. E mafai ona e faʻamaonia ma manino le Magento admin cache pe faʻatino nei SSH poloaiga nei:

• • php bin / magento cache: faʻafefiloi
  • php bin / magento cache: mama

• Faamautu le faaputuga faapipii: Faʻamasino le poloaiga lea e iloa ai pe saʻo le faʻaogaina o le patch:

• • grep '|' polokalama / etc / applied.patches.lis

• Aveese le faila Patch: A maeʻa le faʻatulagaina o le patch installation, e mafai ona e aveesea le file faila mai le Magento aʻa. Faʻasalai le poloaiga lea e aveese ai e ala ile SSH:

• • Rm Patch igoa
•  

Atonu foi e te manao i ai: Auala e faʻapipiʻiina ai le faʻatagaina o le ulufale mai o le Magento 2 com

Mafaufau i lena mea:

Faatasi ai ma le auala o loo i luga i le Magento 2.2 CE version e ono i ai sau mea sese e pei ona taua i lalo:

sh PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
diff: filifiliga e le amanaʻia "-git"
eseese: taumafai "eseese" mo nisi faʻamatalaga.
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: laina 2: index: poloaiga e le maua
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: laina 3: -: o le poloaiga e leʻi maua

Ina ia aloese mai lenei mea sese, mulimuli i laasaga nei:

• Afai e te faʻaaogaina:
  git apply PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
• faʻaaoga le patch
  Aveese le / eb / i luma o auala.
  Faʻaliliu le faila patch i le Magento aʻa ma tamoe le patch -p0 <PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch

Ercole Palmeri

Pule Faʻafouina Faʻavaitaimi