SUPEE-10570v2

SUPEE-10570v2 is the second version of SUPEE-10570 patch. The second version was released on March 28, 2018 to fix issue that could result in the inability of customers to complete checkout when trying to register during checkout.

SUPEE-10570v2 no longer causes this issue. Note, however, that this new patch no longer protects against two low risk session handling-related security issues that patch SUPEE-10570 protected against. The protection is restored in the next patch, SUPEE-10752.

If you have not yet applied SUPEE-10570, do not apply it, but instead patch your store with SUPEE-10570v2. If you have already applied SUPEE-10570, please first uninstall SUPEE-10570, then install SUPEE-10570v2. All stores should be patched with SUPEE-10570v2 as Magento used this patch (SUPEE-10570v2) as a base for all newer patch versions and releases.

To install SUPEE-10570v2 please refer to the following articles:

or use our patch installation service to install all missing security patches at once or upgrade to OpenMage LTS with all these and newer patches included.

Note: There are some Known issues for this patch.

The difference between SUPEE-10570 and SUPEE-10570v2 is one line in app/code/core/Mage/Core/Model/Session/Abstract/Varien.php:

diff --git app/code/core/Mage/Core/Model/Session/Abstract/Varien.php app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
index 59b3ea8..35155f1 100644
--- app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
+++ app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
@@ -485,7 +485,7 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
             && isset($validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP])
             && isset($sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP])
             && $validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP]
-            > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] - $this->getCookie()->getLifetime()
+            > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP]
         ) {
             return false;
         }

This line of code is added back with a few other changes in SUPEE-10752 to restore protection against two low risk session handling-related security issues and to not break checkout when trying to register.

Download SUPEE-10570v2

Magento version	SUPEE-10570v2	MD5 checksum
Magento CE 1.5.1.0	SUPEE-10570 1.5.1.0	f61523f850955802728794f487fcefd3
Magento CE 1.6.2.0	SUPEE-10570 1.6.2.0	782ae70ce34639b2b371804e22418939
Magento CE 1.7.0.2	SUPEE-10570 1.7.0.2	4c58ec72639701155243610c3f407a41
Magento CE 1.8.0.0	SUPEE-10570 1.8.0.0	42d7a69c2441fd996a55896928bfa931
Magento CE 1.9.0.1	SUPEE-10570 1.9.0.1	4dffdd6a421a9f1a87eb949e836fbc70
Magento CE 1.9.1.1	SUPEE-10570 1.9.1.1	d53384498777e4031c9f94efe876a4ac
Magento CE 1.9.2.2	SUPEE-10570 1.9.2.2	6a92c09373c8d40da0c82541d0d73021
Magento CE 1.9.2.4	SUPEE-10570 1.9.2.4	38cbf6e92a6c03e3cb3c085d30d61af6
Magento CE 1.9.3.1	SUPEE-10570 1.9.3.1	ba4f149002d09438a98733bbafa807fb
Magento CE 1.9.3.7	SUPEE-10570 1.9.3.7	2abdc00afada998bc20e7c52db61bb4e
Magento CE 1.9.3.8	SUPEE-10570 1.9.3.8	15f5d1869b5518f384be6070585ae87b
Magento CE 1.9.3.9	already included
OpenMage v19.4.3	already included

4.64 / 5 5
1 / 5
2 / 5
3 / 5
4 / 5
5 / 5

37 votes, 4.64 avg. rating (92% score)

Magentary

Magento 1.x Maintenance

Download SUPEE-10570v2

Related Posts