Applying patches manually with no SSH access
You have a good point here. The patches are supplied as .sh
files and there is no solution offered by Magento for FTP only websites.
I suggest one would copy his website's code to a local environment through FTP (you would probably have that already). Then apply the patch by running the .sh
file.
Now you need to find out which files you need to upload again. If you would open the .sh
patch file, then you will see it consist of two sections:
- Bash shell code to apply the patch. This code is general for every patch.
- The actual patch in the form of a unified patch format. This indicates only the lines in files that were changed (including some context lines). This starts below the line
__PATCHFILE_FOLLOWS__
From the second section you could read which files were/are affected by the patch. You need to upload these files again to your FTP or... you could just upload everything.
Applying manually without bash/shell
- If you can't run
.sh
files (in Windows), then you could extract the second section of the patch (the unified patch) and apply it manually with a patching tool (or for example through PHPStorm).
- The website Magentary.com provides ZIP files for each Magento version containing the patched files only.
Patches in current & future releases?
The patches that are released right now apply to all versions that were already released. Of course, might Magento release a new version (major or minor). Then they will contain all security patches as Magento will also apply the patches to their development code base naturally (these patches even originate from that code base ;)).
UPDATE:
Every last patch Magento has also released new versions of Magento CE and EE already containing the specific latest patch. See the Release Archive tab on the Magento download page.
Check this sheet, maintained by JH, for which patches to install for which Magento CE and EE version: https://docs.google.com/spreadsheets/d/1MTbU9Bq130zrrsJwLIB9d8qnGfYZnkm4jBlfNaBF19M
Best Answer
Updated 3/9/2020 - scroll down for IE11 issue
This is an easy one for a change! I applied the full upgrade on both EE and CE (M1). Both upgrades went smoothly and no third-party extensions or other customizations were affected.
Fair warning if you're doing the full upgrade - the copyright year changed in nearly every single file! Here is a list of files I found with actual code changes:
CE 1.9.4.4
EE 1.14.4.4
IE11 bug discovered weeks after deployment
Add-to-cart functionality, navigation hover menus, or other JS things might be broken in IE11.
File:
/js/varien/js.js
New Method Added by Magento:
Patch for IE11 compatibility: