Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

1.5.0.1 deployment question
 
mrichardson
Jr. Member
 
Total Posts:  2
Joined:  2012-07-06
 

Hi, I hope this is the right forum for my question.

We have been working on a Magento implementation for about a year. We’re on version 1.5.1.0 rather than the latest and greatest, as that was the current release back when development started.

We’re ready to go live with 1.5.1.0, with a view to possibly upgrading at a later date, but first I wanted to make sure the current release of 1.5.1.0 does not have any known security vulnerabilities that were fixed in later editions. (My presumption is this is not the case)

Judging by the security blog (http://www.magentocommerce.com/blog/category/security-updates/), there has only been one security issue identified since 2009, and there is a patch available for it (although the patch does not seem to have made itself into the actual 1.5 download package, which I also grabbed today to compare with our version).

Assuming I apply this patch to our version of 1.5.1.0, are we good to go live with no risk of getting exploited?

Thanks

 
Magento Community Magento Community
Magento Community
Magento Community
 
kab8609
Enthusiast
 
Avatar
Total Posts:  821
Joined:  2009-04-07
Cleveland
 
mrichardson - 06 July 2012 07:17 AM

Hi, I hope this is the right forum for my question.

We have been working on a Magento implementation for about a year. We’re on version 1.5.1.0 rather than the latest and greatest, as that was the current release back when development started.

We’re ready to go live with 1.5.1.0, with a view to possibly upgrading at a later date, but first I wanted to make sure the current release of 1.5.1.0 does not have any known security vulnerabilities that were fixed in later editions. (My presumption is this is not the case)

Judging by the security blog (http://www.magentocommerce.com/blog/category/security-updates/), there has only been one security issue identified since 2009, and there is a patch available for it (although the patch does not seem to have made itself into the actual 1.5 download package, which I also grabbed today to compare with our version).

Assuming I apply this patch to our version of 1.5.1.0, are we good to go live with no risk of getting exploited?

Thanks

Every release since 1.5.0.1 has identified security issues. Please read the release notes http://www.magentocommerce.com/download/release_notes

Look for things like: Fixed: Several potential security vulnerabilities

So to answer your question, you are at risk of getting exploited. If you correctly coded your site, including best practices like not overriding core code, theming correct, etc. An upgrade to 1.7.0.2 would take 8-20 hours including debugging time.

Just from my experience, i’ve had upgrades take 80 hours (the sites were poorly coded, many overwrites, files missing, etc) and i’ve had upgrades take just 3 hours. I do them every week. However it is urgent that you create a update plan. You should never be more then 1-2 updates behind (your 7 updates behind).

 
Magento Community Magento Community
Magento Community
Magento Community
 
anhnongcuasao
Jr. Member
 
Total Posts:  2
Joined:  2012-07-11
 

Thank for share

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top