Release 5041: Automated patch info updates fixed on tools.hypernode.com

  • Home / Changelog / Release 5041: Automated patch info updates fixed on tools.hypernode.com
  •  in Changelog
  • , by Rick

As part of the hypernode-magerun Magento plugin bundle there is a command that can list relevant patches for a Magento 1 installation and show whether or not they have been installed. The data of available patches used by this command is retrieved from tools.hypernode.com and originates from this excellent spreadsheet maintained by John Knowles.

The command can be executed in the webroot with magerun hypernode:patches:list

app@83f000-vdloo-magweb-do:~/public$ magerun hypernode:patches:list
+-------------+----------+---------+
| Patch       | Type     | Applied |
+-------------+----------+---------+
| SUPEE-10266 | required | No      |
| SUPEE-10415 | required | No      |
| SUPEE-10570 | required | No      |
+-------------+----------+---------+

Even though our Magento security scanning tool MageReport can detect if patches are installed on a shop as well, there are some patches that we can not detect from the outside. In MageReport those might show up as grey, so in some cases checking from the inside might give you some additional information.

To list the applied patches code from the Magento module Philwinkle_AppliedPatches by Phillip Jackson is used. It utilizes the applied.patches.list file to get information about installed patches, so if any installed patch is not listed in there, the hypernode:patches:list command might give you false positives. For more information about that see the hypernode-magerun README.

The endpoints on tools.hypernode.com which list the patches for different Magento versions are publicly available and you could integrate these into your own tools as well if you like. For example, to retrieve a list of patches of Magento 1.9.2.0 community edition you could perform a GET to this URL:

$ curl -s https://tools.hypernode.com/patches/community/1.9.2.0 | python -m json.tool
{
    "required": [
        "SUPEE-10266",
        "SUPEE-10415",
        "SUPEE-10570",
        "SUPEE-6482",
        "SUPEE-6788",
        "SUPEE-7405",
        "SUPEE-7405 v1.1",
        "SUPEE-8788",
        "SUPEE-8788 v2",
        "SUPEE-9652",
        "SUPEE-9767 v2"
    ]
}

Last Friday a bug was fixed where the list of patches would not be updated automatically anymore. Note that this means that for example patch SUPEE-10570 will now show up for Magento installations of version 1.9.3.7 even though that one has been out for a while already.

Big thanks to Raul E Watson for reporting this issue and to Willem de Groot for finding the root cause and implementing the fix.