UPDATE: July 7, 2015: New Magento Security Patch (SUPEE-6285). Make sure to apply it after SUPEE-5994 installation. For details refer to How to install SUPEE-6285.According to announce sent on May 15, 2015 to all Magento installations new security patch SUPEE-5994 should be installed in addition to two recent shoplift patches (SUPEE-5344 and SUPEE-1533).
Important: New Magento Security Patch – Install it Now It is important for you to download and install a new security patch (SUPEE-5994) from the Magento Community Edition download page https://magento.com/tech-resources/download. Please apply this critical update immediately to help protect your site from exposure to multiple security vulnerabilities impacting all versions of the Magento Community Edition software. Please note that this patch should be installed in addition to the recent Shoplift patch (SUPEE-5344).New SUPEE-5994 patch can be downloaded as usual from Downloads page: https://magento.com/tech-resources/download You can install it in the same way as previous patches. To apply the patches you need SSH access (shell access actually, SSH is just most used way to get shell access) to the server. To apply patches without SSH access please refer to this article. If you wish to save time and have us to install these patches for you, simply click here to order installation.
Step 0: Preparations
Make sure to Disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache.Step 1: Verify your Magento version
$ grep -A6 'static function getVersionInfo' app/Mage.php public static function getVersionInfo() { return array( 'major' => '1', 'minor' => '9', 'revision' => '1', 'patch' => '0',As you can see in the example, it is Magento 1.9.1.0
Step 2: Download corresponding patches
Patches are obtained from https://magento.com/tech-resources/download Make sure to get the right version.Step 3: Place patches into Magento Root directory
Upload your files into Magento root directory. It is important to place patch files directly into Magento root directory and execute it also directly in Magento root directory.$ ls -1 . PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh app cron.php downloader errors favicon.ico index.php js lib mage media pkginfo robots.txt shell skin var
Step 4: Run the patches
$ bash ./PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh Checking if patch can be applied/reverted successfully... Patch was applied/reverted successfully.
Step 5: Verification and flush of PHP opcode cache
Verify patch status at our patch tester page. Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching, otherwise code will continue to run from caches. Additionally, if your store still using default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to/downloader/
.
If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.
Known issues / errors
Tool(s) “patch” is(are) missed, please install it
sh ./PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh Error! Some required system tools, that are utilized in this sh script, are not installed: Tool(s) "patch" is(are) missed, please install it(them).As it is stated in error message
patch
utility needs to be installed on your system. Installation is usually done with superuser privileges, so make sure you have these. To install patch on Debian/Ubuntu use:
# apt-get install patchor
$ sudo apt-get install patchTo install patch on RedHat/CentOS/Fedora use:
# yum install patchor
$ sudo yum install patch
can’t find file to patch at input line 334
$ bash ./PATCH_SUPEE-5994_EE_1.14.1.0_v1-2015-05-14-05-05-02.sh Checking if patch can be applied/reverted successfully... ERROR: Patch can't be applied/reverted successfully. patching file app/code/core/Mage/Authorizenet/controllers/Directpost/PaymentController.php patching file app/code/core/Mage/Core/Controller/Varien/Router/Admin.php patching file app/code/core/Mage/Core/Controller/Varien/Router/Standard.php patching file app/code/core/Mage/Customer/Model/Customer.php patching file app/code/core/Mage/Dataflow/Model/Convert/Parser/Csv.php patching file app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php patching file app/code/core/Mage/Install/Controller/Router/Install.php patching file app/code/core/Mage/Install/etc/config.xml patching file app/code/core/Mage/Sales/controllers/Recurring/ProfileController.php patching file downloader/Maged/Model/Connect.php patching file downloader/Maged/View.php patching file downloader/template/connect/packages_prepare.phtml patching file downloader/template/messages.phtml can't find file to patch at input line 334 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff --git get.php get.php |index a7fe802..71ab535 100644 |--- get.php |+++ get.php -------------------------- File to patch: Skip this patch? [y] Skipping patch. 1 out of 1 hunk ignored patching file lib/PEAR/PEAR/PEAR.php patching file lib/PEAR/PEAR/PEAR5.php patching file lib/Varien/Io/File.phpIn the output above it can not find file
get.php
. To solve it should be enough to place the get.php
file from Magento distribution into Magento root directory.Posted in: Magento Maintenance