Magento Patch SUPEE-11155
Magento Patch SUPEE-11155 fixes some security issues. There are currently no known attacks going on, but it is a good idea to update your shop systems before your summer holiday. Stop all issues for remote code execution to secure your shop today.
Magento Patch SUPEE-11155
A hotfix for hot summer days. Magento released a new security patch that fixes some code execution and PHP object insertion problems that have been detected. Your Magento 1 based system is upgraded to 1.9.4.2 and your Magento 2 installation to 2.3.2, 2.2.9 or 2.1.18.
Problems
Some users found problems installing this new patch with a PHP 7.2 support patch. If that occurs, you need to remove lines 1711 to 1761 from Patch 11155. Another possible problem can be:
1 2 | Hunk #1 FAILED at 483. 1 out of 1 hunk FAILED -- saving rejects to file js/tiny_mce/plugins/media/js/media.js |
Such errors can be fixed by removing mentioned lines from patch file. Be aware, that this can cause problems with following patches, so double check your source files and changes that are made by current patch.
Conclusion
As always: install this security patch as fast as possible. The fact, that there are currently no known attacks did not provide your shops from attacks! With realising this patch to public, the security issue is also made public, so there will be attacks soon.
It’s summer time, so I whish you all happy patching and a relaxing holiday.