SUPEE-10570v2 no longer causes this issue. Note, however, that this new patch no longer protects against two low risk session handling-related security issues that patch SUPEE-10570 protected against. The protection is restored in the next patch, SUPEE-10752.
If you have not yet applied SUPEE-10570, do not apply it, but instead patch your store with SUPEE-10570v2. If you have already applied SUPEE-10570, please first uninstall SUPEE-10570, then install SUPEE-10570v2. All stores should be patched with SUPEE-10570v2 as Magento used this patch (SUPEE-10570v2) as a base for all newer patch versions and releases.
To install SUPEE-10570v2 please refer to the following articles: or use our patch installation service to install all missing security patches at once or upgrade to OpenMage LTS with all these and newer patches included.
Note: There are some Known issues for this patch.
The difference between SUPEE-10570 and SUPEE-10570v2 is one line in app/code/core/Mage/Core/Model/Session/Abstract/Varien.php:
diff --git app/code/core/Mage/Core/Model/Session/Abstract/Varien.php app/code/core/Mage/Core/Model/Session/Abstract/Varien.php index 59b3ea8..35155f1 100644 --- app/code/core/Mage/Core/Model/Session/Abstract/Varien.php +++ app/code/core/Mage/Core/Model/Session/Abstract/Varien.php @@ -485,7 +485,7 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object && isset($validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP]) && isset($sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP]) && $validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP] - > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] - $this->getCookie()->getLifetime() + > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] ) { return false; }
This line of code is added back with a few other changes in SUPEE-10752 to restore protection against two low risk session handling-related security issues and to not break checkout when trying to register.
Download SUPEE-10570v2
Magento version | SUPEE-10570v2 | MD5 checksum |
---|---|---|
Magento CE 1.5.1.0 | SUPEE-10570 1.5.1.0 | f61523f850955802728794f487fcefd3 |
Magento CE 1.6.2.0 | SUPEE-10570 1.6.2.0 | 782ae70ce34639b2b371804e22418939 |
Magento CE 1.7.0.2 | SUPEE-10570 1.7.0.2 | 4c58ec72639701155243610c3f407a41 |
Magento CE 1.8.0.0 | SUPEE-10570 1.8.0.0 | 42d7a69c2441fd996a55896928bfa931 |
Magento CE 1.9.0.1 | SUPEE-10570 1.9.0.1 | 4dffdd6a421a9f1a87eb949e836fbc70 |
Magento CE 1.9.1.1 | SUPEE-10570 1.9.1.1 | d53384498777e4031c9f94efe876a4ac |
Magento CE 1.9.2.2 | SUPEE-10570 1.9.2.2 | 6a92c09373c8d40da0c82541d0d73021 |
Magento CE 1.9.2.4 | SUPEE-10570 1.9.2.4 | 38cbf6e92a6c03e3cb3c085d30d61af6 |
Magento CE 1.9.3.1 | SUPEE-10570 1.9.3.1 | ba4f149002d09438a98733bbafa807fb |
Magento CE 1.9.3.7 | SUPEE-10570 1.9.3.7 | 2abdc00afada998bc20e7c52db61bb4e |
Magento CE 1.9.3.8 | SUPEE-10570 1.9.3.8 | 15f5d1869b5518f384be6070585ae87b |
Magento CE 1.9.3.9 | already included | |
OpenMage v19.4.3 | already included |