Hi, I hope this is the right forum for my question.
We have been working on a Magento implementation for about a year. We’re on version 1.5.1.0 rather than the latest and greatest, as that was the current release back when development started.
We’re ready to go live with 1.5.1.0, with a view to possibly upgrading at a later date, but first I wanted to make sure the current release of 1.5.1.0 does not have any known security vulnerabilities that were fixed in later editions. (My presumption is this is not the case)
Judging by the security blog (http://www.magentocommerce.com/blog/category/security-updates/), there has only been one security issue identified since 2009, and there is a patch available for it (although the patch does not seem to have made itself into the actual 1.5 download package, which I also grabbed today to compare with our version).
Assuming I apply this patch to our version of 1.5.1.0, are we good to go live with no risk of getting exploited?
Hi, I hope this is the right forum for my question.
We have been working on a Magento implementation for about a year. We’re on version 1.5.1.0 rather than the latest and greatest, as that was the current release back when development started.
We’re ready to go live with 1.5.1.0, with a view to possibly upgrading at a later date, but first I wanted to make sure the current release of 1.5.1.0 does not have any known security vulnerabilities that were fixed in later editions. (My presumption is this is not the case)
Judging by the security blog (http://www.magentocommerce.com/blog/category/security-updates/), there has only been one security issue identified since 2009, and there is a patch available for it (although the patch does not seem to have made itself into the actual 1.5 download package, which I also grabbed today to compare with our version).
Assuming I apply this patch to our version of 1.5.1.0, are we good to go live with no risk of getting exploited?
Thanks
Every release since 1.5.0.1 has identified security issues. Please read the release notes http://www.magentocommerce.com/download/release_notes
Look for things like: Fixed: Several potential security vulnerabilities
So to answer your question, you are at risk of getting exploited. If you correctly coded your site, including best practices like not overriding core code, theming correct, etc. An upgrade to 1.7.0.2 would take 8-20 hours including debugging time.
Just from my experience, i’ve had upgrades take 80 hours (the sites were poorly coded, many overwrites, files missing, etc) and i’ve had upgrades take just 3 hours. I do them every week. However it is urgent that you create a update plan. You should never be more then 1-2 updates behind (your 7 updates behind).
