There is an easy way to check if your Magento based store (both Enterprise or Community Editions) has all the security patches installed.
Just replace {domain} and {admin path} in URL below and load it in your browser:
https://magento.com/security-patch-check/{domain}/{admin path}/https
so, if your domain is “www.mysuperstore.com” and your Magento admin is “www.mysuperstore.com/super_admin”, URL will look like this:
ex: https://magento.com/security-patch-check/www.mysuperstore.com/super_admin/https
you want to see this response:
{“status”:”ok”,”message”:”SAFE: This site appears to be safe.”}
if any patches are missing, get your IT guys or hosting support to fix it as soon as possible.
You can find more details and more options to run above check here: http://magento.com/security-patch
Some latest articles on Magento security patches:
- http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability
- http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
To download security patches for Magento 1.x, go to https://www.magentocommerce.com/download
in Release Archive -> Magento Community Edition Patches – 1.x
Enterprise users can download patches from their accounts.
