Before you proceed you will first need SSH Access, if you have not had it activated for your account please see Obtaining SSH Access.
Important Note: We highly recommend that you backup all your files first before proceeding with the patch. If possible, test all patches in a test environment first before taking them live.
Where to find Magento patches
1. Navigagte to Magento's Download Page.
2. Look for Magento Community Edition Patches.
3. Select and download the patch.
Installing the Magento patch
Transfer the patch .sh file to your Magento installation root directory.
Example: /public_html OR /public_html/magento
Via SSH enter the following command:-
You should receive a "Patch was applied/reverted successfully" message as confirmation. If you see any errors please contact our Technical Support Department.
Reverting a patch
- Change your Magento installation directory
- Via SSH enter the following command:-
sh patch-file-name.sh -R
Without SSH Access?
If you do not have SSH Access or have difficulty in obtaining it, we can help execute the command for you.
You need to first upload the appropriate patch file to your Magento installation, provide us with the path to it and we will execute the command for you.
We highly recommend that you backup all your files first before contacting our Technical Support Department.
Magento patches which are already installed
You can find out which Magento patches are already installed by looking at the following file under your Magento directory:-
If the file doesn't exist, that means no patches were ever installed in your Magento installation.
provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting
Fixes issues introduced with patch SUPEE-7405 February 23, 2016
A bundle of patches for Magento 1.x that resolve several security-related issues. January 20, 2016
Provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting. Oct 27, 2015
Addresses two issues related to APIs and two cross-site scripting risks. August 4th, 2015
Provides protection against several types of security-related issues, including information leaks, request forgeries, and cross-site scripting. July 7th, 2015
Addresses multiple vulnerabilities. May 14th, 2015
Addresses remote code execution vulnerability. Feb 9th, 2015
Fixes issue with product images. Nov 26th, 2014
Addresses 2 remote code execution vulnerabilities. Oct 3rd, 2014.