I got the notification "It is critical for you to download and install 2 previously-released security patches (SUPEE-5344 and SUPEE-1533) from the Magento Community Edition download page (https://www.magentocommerce.com/products/downloads/magento/). Please do this immediately, as Check Point Software Technologies has published a technical description of how they discovered the issue, which we feel might serve as a tutorial for implementing an attack against your website.".
Actually I have installed them last week.
Can I ignore the notificaiton?
And how can I check if I installed successfully?
If I have installed successfully, will I still get the relative notifications?
Thanks.
Discussed in the following threads
http://community.magento.com/t5/Version-Upgrades/SUPEE-5344-reporting-issue/m-p/3754#M141
Hi @anita01021989, as @chiefair mentioned this has been discussed at great lengths in those threads. That being said, you can check your site at http://magento.com/security-patch to see if your site is vulnerable and also to read signs of a compromised site. The admin notifications can be cleared by reading them. They are there to tell you about the patch, but they are not based on whether or not you have already patched.
Hey @sherrie
So if my site passes the "bug check" dose that mean i do not have to worry about the patch?
Hi @dangousa! If the site shows you're not vulnerable then you should be good, but unless you're on 1.9.1.1 or 1.14.2 you should've needed to apply the patch. Double check the list of signs of a compromised site at magento.com/security-patch to be safe.
Thank you for your help! it was much appreciated!
I have another question, is the new (supee 6285) patch required for the Version 1.9.0.1?
Hi @dangousa, yes 6285 is needed for anything prior to 1.9.2. Glad to hear you were able to figure out your original question!
THanks for the info @sherrie is, do you know if there is a site to do a vulnerablity check for this update? similar to the one for the shoplift bug?
There is not.
You can check applied.patches.list
in the app/etc/
directory to see which patches have been successfully applied. Alternatively @philwinkle has built a free extension to display all applied patches in the admin: https://github.com/philwinkle/Philwinkle_AppliedPatches