Wednesday, April 22, 2015

Security fix for Magento: 1.9.1.0-2 released

A critical vulnerability remote code execution vulnerability in Magento was recently published. You can view the SUPEE-5344 patch that addresses the flaws here, which was released on February 9, 2015.

We have released Bitnami Magento 1.9.1.0-2 installers, virtual machines and Amazon EC2, Google and Windows Azure cloud images that fix this issue. If you already have a running version of Bitnami Magento, you can apply the fix directly.

  1. Download the SUPEE-5344 patch
  2. Upload the patch to the server
  3. Copy the patch to "/opt/bitnami/apps/magento/htdocs"
  4. Execute the patch:
$ chmod 755 PATCH_SUPEE-5344_CE_1.8.0.0_v1-2015-02-10-08-10-38.sh
$ ./PATCH_SUPEE-5344_CE_1.8.0.0_v1-2015-02-10-08-10-38.sh

Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.

Once that is done, refresh the cache in the Admin under "System > Cache Management" so that the changes will be reflected.

If you have any questions, please post to our community forum and our team will help you there. 

5 comments:

  1. Any instructions for Windows Server based deployments of the Bitnami Magento setup?

    ReplyDelete
  2. I tried it on my version 1.9.1.0 and it failed
    How can I solve it?

    ReplyDelete
  3. Could you post more details about the exact error at https://community.bitnami.com ? We will try to help you there.

    ReplyDelete
  4. https://community.bitnami.com/t/security-fix-for-magento-1-9-1-0-2-not-working/31030/1

    ReplyDelete
  5. For Windows we recommend to install the new Bitnami Magento 1.9.1.0-2 version that it is already patched. Magento only released a bash script for patching the application. You can migrate your data to use the new Magento installation.

    ReplyDelete

Please use our community forum if you have any questions community.bitnami.com