cancel
Showing results for 
Search instead for 
Did you mean: 

Security patches for my very very very old Magento 1.3.2.4

Security patches for my very very very old Magento 1.3.2.4

Hello,

 

I have seen today  that new security patches have been released.
None of them are available in the "select your format" list to my old version 1.3.2.4.
Does it mean that my version is not concerned (...and I haven't to care about the patches Smiley Happy... ) or should I worry a lot ???

 

Thanks

 

Bertrand

 

3 REPLIES

Re: Security patches for my very very very old Magento 1.3.2.4

Hi @payenb

 

1) You are not seeing any patch for your Magento 1.3.2.4 version as Magento has been releasing patches for the Magento  1.4+ versions.

 

2) I think you are not  serious about security. You are running an obsolete version of Magento. If you check Magento site for 

Download Magento ,in recent years Magento has  release a lot many patches related to security.

 

If you are not updated that means your customers data and other sensitive information is at higher risk. 

 

You can consider two things :

a) Upgrade your Magento installation to higher version. 

b) Develop your site from scratch on Magento 2.0.1 version (Latest release in 2.X version)

 

Do take e commerce site security as highest priority. 

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Security patches for my very very very old Magento 1.3.2.4

Hi,


Thanks for your reply.


I know I'm not serious about security, so I worry a lot :-{{


I'm considering to upgrade to 2.x, but it will take a long time before I succeed.


Regards

 

 

 

 

 

Re: Security patches for my very very very old Magento 1.3.2.4

1.3 is so old it won't run on current versions of PHP, MySQL so there are more deep underlying security issues than just the security patches due to running it on old, insecure, unsupported, unpatched server software.

 

Given that no security patches for the Shoplift bug, forward have been available from Magento, I'd be checking to see that this server hasn't already been compromised. It would be pretty amazing that it hasn't been knocked over already and that you haven't been bleeding customer credit card info through a card processor pass-through hack.

 

You will have to actively hunt down backported patches. There are some out there, such as the below link, finding enough of them to render the site safe will be highly difficult. The only other way is to work really hard on understanding ancient 1.3 coding enough to backport them all yourself.

 

https://www.nublue.co.uk/blog/magento-remote-code-execution-bug-patches-for-pre-1-6-versions/