What to Watch For When Upgrading to Magento 1.9.1

Now that it has been a couple of months since Magento 1.9.1 was released we have had enough experience upgrading from older versions of Magento to 1.9.1 to discuss what we have found to be the important things to keep in mind when upgrading to that version. We have found that two major issues impact the upgrade:

Sending Emails Now Relies on the Magento Cron Job

One of the under the hood changes made in 1.9.1 is that most emails to be sent out are first placed in queue and then the queued emails are sent the next time the cron job for Magento is run. If you do not have a cron job configured or enabled (as was the case for one website we dealt with) then many emails, including order confirmation and transactional, will not been sent out.

If you are having a problem with emails not being sent in Magento 1.9.1 you can check if unsent queued emails are the problem by reviewing the core_email_queue table, which contains the emails that have been added to the queue. Once the cron job has run the “processed_at” value for emails will have the time that they were sent and if they have yet to be sent they will not have a value set for that.

During testing of the upgrade you will also need to make sure that the cron job is set up for the test installation as well.

PHP 5.3.0 or Newer Is Required

Up until version 1.9 the bare minimum version of PHP that Magento permitted was 5.2.0, in version 1.9.1 that has been increased to 5.3.0. For most part this isn’t an issue considering that PHP 5.3.0 was released in June of 2009 and the listed minimum PHP versions for Magento 1.9.1 is 5.4. Where it can cause an issue is if you are doing an upgrade from the very old Magento 1.3, which wasn’t designed to support PHP 5.3. If you are doing the test of the upgrade in the same server environment as the production website and you can’t use multiple versions of PHP at the same time you will need to either modify the existing Magneto installation to support at least PHP 5.3 or do the upgrade in two stages (first upgrading to 1.9, then changing the PHP version, and then doing the upgrade to 1.9.1).

Security Advisory for Adobe Flash Player

Original release date: January 26, 2015

Adobe has released Flash Player desktop version to address a critical vulnerability (CVE-2015-0311) in and earlier versions for Windows and Macintosh. This vulnerability could allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

The tooth gnashing you hear is from Flash users installing a new 0day patch

Adobe Systems is once again rolling out an emergency Flash update that patches a critical vulnerability under active attack to compromise the computers of unsuspecting users.

The latest Flash versions fix a remote code-execution bug that, as Ars reported last week, recently came under attack in the Angler exploit kit. Malware purveyors and other types of online crooks use such kits to seed compromised websites with attack code. Once people visit the sites with vulnerable computers, the booby-trapped pages surreptitiously exploit the vulnerabilities and install backdoors that can be used to log keystrokes, steal passwords, and install new pieces of malware at will.

An advisory Adobe published late last week warned that the bug resides in versions running on Windows, Macs, and Linux systems. So far, reports suggest that in-the-wild exploits are limited only to Windows systems. The vulnerability stems from a so-called use-after-free bug that allows attackers to corrupt the memory of affected computers. Trend Micro has additional technical details here.

Read 5 remaining paragraphs | Comments

OAT – Oracle Auditing Tools For Database Security

Oracle Auditing Tools is a tool kit that could be used to audit security within Oracle database servers. OAT uses CREATE LIBRARY to be able to access the WinExec function in the kernel32.dll in Windows or the system call in libc on Un*x. Having access to this function makes it possible to execute anything on [...] The post OAT – Oracle...

Read the full post at darknet.org.uk