26 March 2019, Magento e lokolotse patch ea ts'ireletso ea PRODSECBUG-2198 bakeng sa ho lokisa ts'enyeho ea SQL. Ka lebaka la ts'oaetso ena, mosebelisi ea sa netefatsoang a ka etsa khoutu ea SQL, ka tahlehelo e ka bang teng ea data e tebileng. Re khothaletsa ka matla hore o kenye li-patches tsena tse phethahetseng kapele kamoo ho ka khonehang.
- Tlhahisoleseling ea PRODSECBUG-2198
- CVSSv3 botebo: 9 (E nyelisang)
- Litlhaselo tse tsebahalang: ha li eo
- Tlhaloso: mosebelisi ea sa netefatsoang a ka etsa khoutu ea ho qhekella ka ho ba kotsing ea SQL, e bakang tahlehelo ea data e hlokolosi.
- Sehlahisoa se amehang: Magento Open Source pele ho 1.9.4.1 le Magento Commerce pele ho 1.14.4.1, Magento 2.1 pele ho 2.1.17, Magento 2.2 pele ho 2.2.8, Magento 2.3 pele ho 2.3.1
- E tsitsitseng: Magento Open Source 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.1.17, Magento 2.2.8, Magento 2.3.1
- Motlalehi: cfreal
Ho kenya patch ea PRODSECBUG-2198, tsamaisa lintlha tse latelang tsa 6:
- Backup ecommerce ea hau ea Magento: Ke bohato bo bohlale ba ho boloka polokelo ea Magento pele u sebelisa patch efe kapa efe ea ts'ireletso hobane lebenkele la hau le kanna la ba le likhohlano le lifaele tsa Patch;
- Khoasolla patch e tsoang sebakeng sa Magento: Jarolla patch ea PRODSECBUG-2198 ho qui, u khetha mofuta o nepahetseng oa lebenkele la hau la Magento 'me u o kenye ho foldareng ea hau ea Magento.
- Kenya kopo: Fiela seva ka khetla (ssh) ebe u kenya mots'ebetso oa motso. Matha taelo e latelang:
- Hlakisa Cage ea hau ea Magento: Re khothaletsa ho hloekisa cache ea Magento kamora ho sebelisa patch. O ka hlakola le ho hlakola cache ea admin ea Magento kapa oa phetha litaelo tse latelang tsa SSH:
-
- php bin / magento cache: mofufutso
- php bin / magento cache: Hloekile
- Netefatsa ts'ebetso ea patch: Matha taelo e latelang ho tseba hore na patch e kentsoe ka nepo:
-
- grep '| app e / jj / applied.patches.lis
- Tlosa file ea PatchKamora ho kenya patch e atlehileng, o ka tlosa file ea .patch ho tloha motso oa Magento. Matha taelo e latelang ho e tlosa u sebelisa SSH:
Nahana ka seo:
Ka mokhoa o kaholimo ho mofuta oa Magento 2.2 CE u ka ba le phoso ka tsela e latelang:
sh PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
fapana: khetho ha e amoheloe "-git"
lis: leka “diff -help” ho fumana leseli le eketsehileng.
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: mola 2: index: taelo ha e fumanoe
PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch: mola 3: -: taelo ha e fumanoe
Ho qoba phoso ena, latela mehato e latelang:
- Haeba u sebelisa git:
git apply PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
- sebelisa setsiba
Tlosa a / eb / pele ho litsela.
Tsamaisa faele ea patch ho motso oa Magento ebe u tsamaisa patch -p0 <PRODSECBUG-2198-2.2-CE.composer-2019-03-27-06-12-19.patch
Ercole Palmeri
Motsamaisi oa Ntlo ea Nakoana