Showing results for 
Search instead for 
Did you mean: 

SUPEE-6137 & SUPEE-2996


SUPEE-6137 & SUPEE-2996

I got an email about there being these two updates for an SQL injection issue. I was wondering if this was legit because of the email addresses they came from. 


The one for 6137 came from a


The one for 2996 came from a


I get the feeling that these two emails are not legit. Attached to them is a document called SUPEEFIX.doc and I am hesitant to download it. I am just wanting to know if either of these are legit and not an attempt at the ransomware stuff that has been going around.


Re: SUPEE-6137 & SUPEE-2996

It keeps happening with different numbers and a different "sender"

Re: SUPEE-6137 & SUPEE-2996

Hi @letssewllc


Do not download any attachment from these emails. These are for the fake patches which Magento did not  release. All Magento1 patches can be downloaded from under release archive section.

Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: SUPEE-6137 & SUPEE-2996



Thanks, that is what I figured but I just wanted to be 100% sure

Re: SUPEE-6137 & SUPEE-2996

Hi @letssewllc, what @muk_t said is correct. All the patches are available on the downloads page.


Community Manager, Magento
Problem solved? Click Accept as Solution!
Still stuck? Check out our documentation: