20181106.1 – Run checks in batches, new patch check, updated Magento version check and new RCE check

  • Home / Changelog / 20181106.1 – Run checks in batches, new patch check, updated Magento version check and new RCE check
  •  in Changelog
  • , by Bono

Running checks in batches

Recently we received some information that under-powered servers could suffer performance loss when scanned by MageReport. This is due to the amount of requests MageReport has to make to determine your shop’s safety. This is of course not our intention, so to fix this we’ve added running checks in batches for all webshops. Instead of trying to fetch the results as fast as possible we now do 10 checks at a time, once those are done we continue with the next 10. Spreading out the load of the requests over a longer period of time should reduce stress on the website. Please note that this might cause MageReport checks to show up slower than you’re used to.

Thanks to @KernelCall for the notification.

More checks

Recently we’ve added two more checks to MageReport, mainly the long awaited Supee10888 patch and another RCE vulnerability found in the Webgility Module. We’ve also updated the latest Magento version check to be up-to-date with the latest Magento versions.

Supee10888

Due to some issues it was impossible for us to release the SUPEE-10888 check until now. Unfortunately the SUPEE-10888 check is not detectable from the outside, meaning that this will show up as unknown if you’ve applied the patch to an older version of Magento. However, if you’ve got the latest Magento version installed (that would be either 2.2.6, 2.1.15 CE/EE, 1.9.3.10 CE or 1.14.3.10 EE) it should show up as successfully patched. Note that we may not always be able to detect the Magento version you’re using, so if the SUPEE-10888 check shows up as unknown, that could very well be the reason (also see the “Outdated Magento Version?” check).

Webgility

Recently we got notified about a RCE vulnerability in the Webgility module. Along with Eric Seastrand and security researcher Willem de Groot (who wrote an article about the backdoor) we made a check to detect if you’re vulnerable.

Thanks to Eric Seastrand for notifying us.

Updated outdated magento version check

With the release of new Magento versions we’ve now also updated our “Outdated Magento version?” check. It will try to detect if you’re running the latest Magento installs.

Other

We’ve updated our React version to the latest stable version; making sure we’re staying up-to-date helps us to make changes quicker when needed.