Magento 1.9.2.1 More Security Enhancements for Magento

/, News/Magento 1.9.2.1 More Security Enhancements for Magento

Magento 1.9.2.1 More Security Enhancements for Magento

With the recent release of Magento 1.9.2.1 are another group of security enhancements for Magento but sadly no fix to the Blocks_HTML Output Cache issue found in 1.9.2.0 however we have a new workaround that seems to cope incredibly well.

Whats in Magento 1.9.2.1 CE Release

Magento 1.9.2.1 SUPEE-6482

Magento 1.9.2.1 SUPEE-6482

The main part of the recent Magento 1.9.2.1 CE release is the inclusion of the SUPEE-6482 Security Patch Bundle, which can also be installed separately, although there are also a number of other minor fixes and improvements included.

Magento SUPEE-6482 Security Patch Bundle

This security patch bundle includes fixes for two potential threats to your Magento CE installation, and an additional patch that only applies to Magento EE.

  • Autoloaded File Inclusion in Magento SOAP API.
  • SSRF Vulnerability in WSDL File.

The full details of the patch contents and the Magento 1.9.2.1 release can be found in the Release Notes on Magento’s own site.

Blocks HTML Output Cache Issue

It would seem that this issue has been partially fixed in Magento 1.9.2.1 but not entirely with some users still reporting issues in resulting from Blocks HTML Output Cache especially those who are running mixed HTTP and HTTPS sites.

Whilst we are waiting for a full fix to this issue we have been experimenting with various solutions to the problem and one that we have found to be very effective is to use the Lesti_FPC – Simple Full Page Cache and totally switch off the Blocks HTML Output Cache, thus letting the Lesti_FPC take the strain whilst your main system is left free to deal with those pages that need to be generated (although cache page generation can be a little slower than a standard page load with the Blocks HTML Output Cache enabled, this will at least mean that even category pages that a significant amount of configurable products will alot quicker than they would without the Blacks HTML Output Cache in place.

The Lesti_FPC – Simple Full Page Cache should need little or no configuration on most installations and is very safe to deploy, the vast amount of standard blocks and attributes are already configured in Lesti_FPC for you, although there may be a couple you need to add.

 

By | 2019-06-04T08:55:37+01:00 August 27th, 2015|Magento, News|Comments Off on Magento 1.9.2.1 More Security Enhancements for Magento

About the Author:

Managing Director of APW Trading Ltd, with many years of experience in running Dropship and Mail Order companies, as well as within the IT and Logistics industries, Patrick has taken to his role as Managing Director of the group and loves the environment in which APW Trading operate. Patrick is also responsible for almost all of our Internet Developments, including our Magento Hosting solutions both for our customers and for our own platforms and stores. Patrick is particularly proud of our flagship internet retail site Latex, Leather and Lace as well as our Wholesale and Dropship platform APW Wholesale If you have any technical questions you would like to ask of Patrick then please drop him a mail or even a tweet to get his attention.