With the recent release of Magento 188.8.131.52 are another group of security enhancements for Magento but sadly no fix to the Blocks_HTML Output Cache issue found in 184.108.40.206 however we have a new workaround that seems to cope incredibly well.
Whats in Magento 220.127.116.11 CE Release
The main¬†part of the recent Magento 18.104.22.168 CE release is the inclusion of the SUPEE-6482 Security Patch Bundle, which can also be installed separately, although there are also a number of other minor fixes and improvements included.
Magento SUPEE-6482 Security Patch Bundle
This security patch bundle includes fixes for two potential threats to your Magento CE installation, and an additional patch that only applies to Magento EE.
- Autoloaded File Inclusion in Magento SOAP API.
- SSRF Vulnerability in WSDL File.
The full details of the patch contents and the Magento 22.214.171.124 release can be found in the Release Notes on Magento’s own site.
Blocks HTML Output Cache Issue
It would seem that this issue has been partially fixed in Magento 126.96.36.199 but not entirely with some users still reporting issues in resulting from Blocks HTML Output Cache especially those who are running mixed HTTP and HTTPS sites.
Whilst we are waiting for a full fix to this issue we have been experimenting with various solutions to the problem and one that we have found to be very effective is to use the Lesti_FPC – Simple Full Page Cache and totally switch off the Blocks HTML Output Cache, thus letting the Lesti_FPC take the strain whilst your main system is left free to deal with those pages that need to be generated (although cache page generation can be a little slower than a standard page load with the Blocks HTML Output Cache enabled, this will at least mean that even category pages that a significant amount of configurable products will alot quicker than they would without the Blacks HTML Output Cache in place.
The Lesti_FPC – Simple Full Page Cache should need little or no configuration on most installations and is very safe to deploy, the vast amount of standard blocks and attributes are already configured in Lesti_FPC for you, although there may be a couple you need to add.