Magento released SUPEE-10570 on 27th February 2018, which provides various security enhancements with the aim of closing remote code execution (RCE), cross-site scripting (XSS), and other issues.
(Read this Magento official Release notes to get more details regarding this security patch)
Note: If the patch fails at lib/Zend/Mail/Transport/Sendmail.php means your Magento installation was earlier patched with SUPEE-9652v1 instead of SUPEE-9652v2. It is recommended to revert SUPEE-9652v1 and re-patch with SUPEE-9652v2 prior to patching with SUPEE-10570.
There are 2 methods you can install SUPEE-10570: with SSH or without SSH (2 ways). Please follow the instruction strictly to install this patch on your store.
1. Install SUPEE-10570 with SSH
Firstly, if you don’t know how to set up SSH, please contact your hosting provider.
Secondly, upload the patch into your Magento root directory.
Thirdly, in the SSH console, run the following SSH command:
- For .sh file extension
- For .patch file extension:
patch —p0 < patch_file_name.patch
Note: Once you execute the command, remember to refresh the cache in the Admin Panel (System => Cache Management) so that the changes can be applied. We highly recommend that you test all patches in your test/ development environment before taking them live.
2. Install SUPEE-10570 without SSH
- 1st way:
Upload patch files in the root of Magento.
Make one file with the name of patch.php, write the following code in it, replace the file name in it, upload it in the root and run the file from the browser.
<?php print("<PRE>"); passthru("/bin/bash SUPEE-10570.sh"); print("</PRE>"); echo "Done"; ?>
The name should be PATCH_SUPEE-10570.sh
You should receive the following screen once you run patch.php from the browser
If you are getting errors like this,
“Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it(them).
That means system tools aren’t installed in your server to run the sh script, you can contact your hosting provider or follow another method.
We have updated the patch files for the older Magento versions. It is very much recommended to use these patches at your own risk, please take backup of your website prior to installation.
- 2nd way:
Download the zip file for the patch installation. After that, you just need to upload it to your Magento root folder.