July 05, 2012

Important Magento Security Update

Magento recently posted an important security update that affects all versions prior to CE and EE The vulnerability is specifically in the Zend Framework’s Zend_XmlRpc module, which means that any application built on the Zend Framework is potentially vulnerable. See: ZF2012-01

Nexcess implements a Web Application Firewall that should offer protection from this vulnerability, however, it is imperative that you patch your Magento software immediately to be completely safe. Here is what you need to do to patch your Magento application:

1. Download the appropriate patch from Magento’s website for your version:

2. Upload the patch to your Magento root directory via FTP or Siteworx File Manager.
3. Log in to your SSH account, change to your Magento root directory, and run the patch command:

[bash]$ patch -b -p0 < CE_1.5.0.0-

patching file lib/Zend/XmlRpc/Response.php

patching file lib/Zend/XmlRpc/Request.php[/bash]

4. You may need to clear the Magento cache or re-compile if you are using the Mage_Compiler.

Note: The latest versions of Magento CE ( and EE ( have already been patched for this vulnerability.

If you have any questions or would like any assistance with this, please do not hesitate to contact us at support@nexcess.net.


Power up your sites and stores with custom-built technology designed to make every aspect of the digital commerce experience better. Make your digital commerce experience better with Nexcess.

We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.