SUPEE-10570 is a security patch released for Magento CE < 1.9.3.8 / EE < 1.14.3.8
SUPEE-10570, Magento Commerce 1.14.3.8 and Open Source 1.9.3.8 contain multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS, and other issues. These releases also include small functional fixes listed in the release notes.
Information on all the changes in 1.14.3.8 and 1.9.3.8 releases is available in the Magento Commerce and Magento Open Source release notes.
Patches and upgrades are available for the following Magento versions:
- Magento Commerce 1.9.0.0-1.14.3.7: SUPEE-10570 or upgrade to Magento Commerce 1.14.3.8
- Magento Open Source 1.5.0.0-1.9.3.7: SUPEE-10570 or upgrade to Magento Open Source 1.9.3.8
Known issues
These two known issues are associated with the use of HTML tags within a product’s SKU attribute:
- If you try to import products that contain HTML tags in the SKU attribute, Magento displays this error at the data validation stage (that is, when you click Check data):
Invalid value in SKU column. HTML tags are not allowed. - If you try to create or edit a product in the Admin panel and the product’s SKU attribute value contains HTML tags, Magento throws this error when you try to save the product:
HTML tags are not allowed in SKU attribute.
Note:
If the patch fails to apply while patching lib/Zend/Mail/Transport/Sendmail.php, it might mean your Magento installation was previously patched with SUPEE-9652v1 instead of SUPEE-9652v2. The recommended solution is to revert patch SUPEE-9652v1 and apply SUPEE-9652v2 prior to applying SUPEE-10570.