Sonassi Hosting


Magento has released a new security patch for versions 1.6 and newer, SUPEE-6285


The vulnerabilities

This bundle includes protection against the following security-related issues:
  • Customer Information Leak via RSS and Privilege Escalation
  • Request Forgery in Magento Connect Leads to Code Execution
  • Cross-site Scripting in Wishlist
  • Cross-site Scripting in Cart
  • Store Path Disclosure
  • Permissions on Log Files too Broad
  • Cross-site Scripting in Admin
  • Cross-site Scripting in Orders RSS

What you need to do

You must apply this new security patch as soon as possible. It can be downloaded from

You can either patch the store yourself using the instructions below, or submit a (chargeable) maintenance support ticket at where our support team can apply the patch on your behalf (est. 5-10 mins application time).


  1. Download the appropriate version of the patch for your store from
  2. After downloading the patch, upload it to your Magento document root
  3. Log in via SSH as www-data

  4. Change directory to your Magento installation (replace as necessary), Eg.

    cd /microcloud/domains/example/domains/
  5. Execute the patch by running `bash` followed by the patch filename, Eg.

  6. If the patch was applied successfully, you should see the following

    Checking if patch can be applied/reverted successfully...
    Patch was applied/reverted successfully.

  7. After patch application, thoroughly test your store including customer account registration and the full checkout process.

More information

You can find more information from the official notice here,

Copyright © 2015 Sonassi Ltd, All rights reserved.
Email Marketing Powered by Mailchimp