Nexcess
Nexcess Blog Logo
July 05, 2012

Important Magento Security Update

Important Magento Security Update

Magento recently posted an important security update that affects all versions prior to CE 1.7.0.2 and EE 1.12.0.2. The vulnerability is specifically in the Zend Framework’s Zend_XmlRpc module, which means that any application built on the Zend Framework is potentially vulnerable. See: ZF2012-01

Nexcess implements a Web Application Firewall that should offer protection from this vulnerability, however, it is imperative that you patch your Magento software immediately to be completely safe. Here is what you need to do to patch your Magento application:

1. Download the appropriate patch from Magento’s website for your version:

2. Upload the patch to your Magento root directory via FTP or Siteworx File Manager.
3. Log in to your SSH account, change to your Magento root directory, and run the patch command:

[bash]$ patch -b -p0 < CE_1.5.0.0-1.7.0.1.patch

patching file lib/Zend/XmlRpc/Response.php

patching file lib/Zend/XmlRpc/Request.php[/bash]

4. You may need to clear the Magento cache or re-compile if you are using the Mage_Compiler.

Note: The latest versions of Magento CE (1.7.0.2) and EE (1.12.0.2) have already been patched for this vulnerability.

If you have any questions or would like any assistance with this, please do not hesitate to contact us at support@nexcess.net.

Avatar for Nexcess
Nexcess
Power up your sites and stores with custom-built technology designed to make every aspect of the digital commerce experience better. Make your digital commerce experience better with Nexcess. Visit Nexcess.net today and see how we can help.