UPDATE: July 7, 2015: New Magento Security Patch (SUPEE-6285), save time on installing both SUPEE-5994 and SUPEE-6285 at once as shown in SUPEE-6285 & SUPEE-5994 installation without SSH.According to announce sent on May 15, 2015 to all Magento installations new security patch SUPEE-5994 should be installed in addition to two recent shoplift patches (SUPEE-5344 and SUPEE-1533).
Important: New Magento Security Patch – Install it Now It is important for you to download and install a new security patch (SUPEE-5994) from the Magento Community Edition download page (https://www.magentocommerce.com/products/downloads/magento/). Please apply this critical update immediately to help protect your site from exposure to multiple security vulnerabilities impacting all versions of the Magento Community Edition software. Please note that this patch should be installed in addition to the recent Shoplift patch (SUPEE-5344).The only problem with these patches is SSH requirement, which some hosts do not provide. If you have SSH access, you can install patches as shown in How to install SUPEE-5994. It is still possible to apply the patch even without SSH via FTP/sFTP or direct execution via PHP as shown below in this article. If you wish to save time and have us to install all these patches for you, simply click here to order installation. If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together. Before patching make sure to Disable Magento Compiler if you use it at System > Configuration > Tools > Compilation and clear compiled cache.
Applying Magento patches via FTP/sFTP or FileManager / File UploadTo apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes. Patch SUPEE-5994 (Magento 1.6.x.x-184.108.40.206) applied to the following files:
get.phpfile into your Magento root directory.
Patch for other versionsOlder versions are patched in the same way, I am adding downloads for other versions into a single table on demand when I need to patch certain version:
VerificationVerify patch status at our patch tester page. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching, otherwise code will continue to run from caches. Additionally, if your store still using default
/admin/path, you may consider securing your Magento /admin/ by admin path change and restrict access to
/downloader/. Done. If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.
Posted in: Magento Maintenance