Wednesday, April 22, 2015

Security fix for Magento: released

A critical vulnerability remote code execution vulnerability in Magento was recently published. You can view the SUPEE-5344 patch that addresses the flaws here, which was released on February 9, 2015.

We have released Bitnami Magento installers, virtual machines and Amazon EC2, Google and Windows Azure cloud images that fix this issue. If you already have a running version of Bitnami Magento, you can apply the fix directly.

  1. Download the SUPEE-5344 patch
  2. Upload the patch to the server
  3. Copy the patch to "/opt/bitnami/apps/magento/htdocs"
  4. Execute the patch:
$ chmod 755
$ ./

Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.

Once that is done, refresh the cache in the Admin under "System > Cache Management" so that the changes will be reflected.

If you have any questions, please post to our community forum and our team will help you there.