1

After applying the official patch SUPEE-6788 for Magento EE 1.9 (PATCH_SUPEE-6788_EE_1.9.1.1_v1-2015-10-30-07-07-46.sh) I can see that 5 core modules are still using the old admin routing syntax (APPSEC-1034) :

  • Mage_GoogleOptimizer
  • Mage_GoogleBase
  • Mage_Bundle
  • Mage_Compiler
  • Mage_Downloadable

There's also wrong calls left to addFieldToFilter() in file app/code/core/Mage/Bundle/Model/Mysql4/Option/Collection.php (use of backquotes is forbidden; APPSEC-1063).

All previous security patches have been applied (I also tested it on a Magento EE 1.9.1.1 vanilla with the same results).

Does anyone know if I should worry for the security of this platform?

xiao
  • 19
  • 1
  • Did you contact EE support? As EE 1.9 is pretty old, you should ask them for assistance. – Anna Völkl Nov 04 '15 at 07:42
  • Not yet but it was my next action. They're just usually not really fast at replying... – xiao Nov 04 '15 at 11:36
  • Just for info, after contacting the support, Magento is currently working on a new version of the patch for EE 1.9 and CE 1.4. It should be released soon. – xiao Nov 13 '15 at 14:48

0 Answers0