Magento Open Source, 1.9.x

Magento 1.x Security Patch Notice
For Magento Open Source 1.5 to 1.9, Magento is providing software security patches through June 2020 to ensure those sites remain secure and compliant. Visit our information page for more details about our software maintenance policy and other considerations for your business.

Installing Patches with SSH

Whenever a patch is released to fix an issue in the code, a notice is sent directly to your Admin InboxInbox. If the update is security related, the incoming message is color-coded red, and marked as a “Critical Update.”

Make sure to stop by our Magento Security Center, and sign up for the Security Alert Registry to receive direct notification from our security team of any emerging issues and solutions.

The following instructions explain how to download and install a patch, starting with a notice that appears in your Admin Inbox. The example takes place on a Windows system, and uses the WinSCP utility to upload patch files to the server, and Putty to access the server from the command line. You can download both utilities at no charge. If you are a Mac user, you can access the command line with Terminal.

If this is the first time you have installed a patch, we recommend that you complete the optional steps to create a backup copy of your store and install a patch as a test run. If you have experience installing patches, you can take the fast track and skip the optional steps. For advanced instructions, see the following articles in the Magento developer documentation: 

How to Apply and Revert Magento Patches

Recommended File System Ownership and Privileges

Before you begin...

To install a patch, you must have a user name and password to access the server. In addition to your own login credentials, you might also need the apache password. If you don’t have these credentials, contact the person who set up your server.

If you have more than one server, make sure to install the patch on all Magento servers.