According to announce sent on July 7, 2015 to all Magento installations new security patch SUPEE-6285 should be installed in addition to three recent patches (SUPEE-5994, SUPEE-5344 and SUPEE-1533).
July 7, 2015: New Magento Security Patch (SUPEE-6285) – Install Immediately Today we are providing a new security patch (SUPEE-6285) that addresses critical security vulnerabilities. The patch is available for Community Edition 1.4.1 to 1.9.1.1 and is part of the core code of our latest release, Community Edition 1.9.2, available for download today. PLEASE NOTE: You must first implement SUPEE-5994 to ensure SUPEE-6285 works properly. Download Community Edition 1.9.2 or the patch from the Community Edition download page: https://magento.com/tech-resources/downloadNew SUPEE-6285 patch can be downloaded as usual from Downloads page: https://magento.com/tech-resources/download or installed as a regular Magento upgrade via Downloader (it is included in Magento 1.9.2.1 version). You can install it in the same way as previous patches or by upgrading to Magento 1.9.2.1. To apply the patches you need SSH access (shell access actually, SSH is just most used way to get shell access) to the server. To apply patches without SSH access please refer to this article. If you wish to save time and have us to install these patches for you, simply click here to order installation.
Step 0: Preparations
Make sure to Disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache.Step 1: Verify your Magento version
$ grep -A6 'static function getVersionInfo' app/Mage.php
public static function getVersionInfo()
{
return array(
'major' => '1',
'minor' => '9',
'revision' => '1',
'patch' => '1',
As you can see in the example, it is Magento 1.9.1.1
Step 2: Download corresponding patches
Patches are obtained from https://magento.com/tech-resources/download Make sure to get the right version.Step 3: Place patches into Magento Root directory
Upload your files into Magento root directory. It is important to place patch files directly into Magento root directory and execute it also directly in Magento root directory.$ ls -1 . PATCH_SUPEE-6285_CE_1.9.1.1_v1-2015-07-07-09-03-34.sh app cron.php downloader errors favicon.ico index.php js lib mage media pkginfo robots.txt shell skin var
Step 4: Run the patches
$ bash ./PATCH_SUPEE-6285_CE_1.9.1.1_v1-2015-07-07-09-03-34.sh Checking if patch can be applied/reverted successfully... Patch was applied/reverted successfully.
Step 5: Verification and flush of PHP opcode cache
Verify patch status at our patch tester page. Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches. Additionally, if your store still using default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to/downloader/.
If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.
Known issues / errors
Tool(s) “patch” is(are) missed, please install it
sh ./PATCH_SUPEE-6285_CE_1.9.1.1_v1-2015-07-07-09-03-34.sh Error! Some required system tools, that are utilized in this sh script, are not installed: Tool(s) "patch" is(are) missed, please install it(them).As it is stated in error message
patch utility needs to be installed on your system. Installation is usually done with superuser privileges, so make sure you have these. To install patch on Debian/Ubuntu use:
# apt-get install patchor
$ sudo apt-get install patchTo install patch on RedHat/CentOS/Fedora use:
# yum install patchor
$ sudo yum install patch
Hunk #1 FAILED at 33 on downloader/template/connect/packages_prepare.phtml
Checking if patch can be applied/reverted successfully... ERROR: Patch can't be applied/reverted successfully. patching file app/Mage.php patching file app/code/community/Phoenix/Moneybookers/controllers/MoneybookersController.php patching file app/code/core/Mage/Adminhtml/Controller/Action.php ... checking file downloader/template/connect/packages.phtml checking file downloader/template/connect/packages_prepare.phtml Hunk #1 FAILED at 33. 1 out of 1 hunk FAILED checking file downloader/template/login.phtml checking file downloader/template/settings.phtml checking file errors/processor.php DoneThe error says that downloader/template/connect/packages_prepare.phtml is not like expected. Most likely, SUPEE-5994 was not applied previously according to requirements. Make sure to apply SUPEE-5994 first.
can’t find file to patch at input line 894
Checking if patch can be applied/reverted successfully... ERROR: Patch can't be applied/reverted successfully. patching file app/Mage.php patching file app/code/community/Phoenix/Moneybookers/controllers/MoneybookersController.php patching file app/code/core/Mage/Adminhtml/Controller/Action.php patching file app/code/core/Mage/Adminhtml/controllers/AjaxController.php patching file app/code/core/Mage/Adminhtml/controllers/Catalog/Category/WidgetController.php ..... patching file app/design/frontend/base/default/template/rss/order/details.phtml patching file app/design/frontend/base/default/template/wishlist/email/rss.phtml can't find file to patch at input line 894 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff --git app/design/frontend/default/modern/template/checkout/cart.phtml app/design/frontend/default/modern/template/checkout/cart.phtml |index 43698c2..f4fe5ab 100644 |--- app/design/frontend/default/modern/template/checkout/cart.phtml |+++ app/design/frontend/default/modern/template/checkout/cart.phtml -------------------------- File to patch: Skip this patch? [y] Skipping patch. 1 out of 1 hunk ignored patching file downloader/Maged/.htaccess patching file downloader/Maged/Controller.php patching file downloader/Maged/Model/Session.php patching file downloader/lib/.htaccess patching file downloader/template/connect/packages.phtml patching file downloader/template/connect/packages_prepare.phtml patching file downloader/template/login.phtml patching file downloader/template/settings.phtml patching file errors/processor.phpAccording to the output app/design/frontend/default/modern/template/checkout/cart.phtml file missing on your installation. Simply upload it from corresponding Magento distribution and re-run the patch.
“Access Denied” errors on access to all custom modules for users with selective permissions
Posted in: Magento Maintenance