My server is always scanned and attackers are searching security vulnerabilities.
Today I have received an email from Magento about two security patches :
- SUPEE-5344 – Addresses a potential remote code execution exploit (Added Feb 9, 2015)
- SUPEE-1533 – Addresses two potential remote code execution exploits (Added Oct 3, 2014)
So this is important to verify that this patch is installed into your environment. The patches are available on the download page.
In my case, these patches were not installed. Just note that I recommend you to test on your development server first.
Update : A new patch is available : Extract of the Magento email :
All versions of Magento Community Edition software are impacted and we strongly recommend that you work with your Solution Partner or developer to immediately deploy this critical patch. Please note that this patch should be installed in addition to the recent Shoplift patch (SUPEE-5344). More information about the security issues is available in the Appendix of the Magento Community Edition user guide.
You can download the patch from the Community Edition download page.Look for the SUPEE-5994 patch. The patch is available for Community Edition 1.4.1– 220.127.116.11.