Total Posts: 821
Hi, I hope this is the right forum for my question.
We have been working on a Magento implementation for about a year. We’re on version 220.127.116.11 rather than the latest and greatest, as that was the current release back when development started.
We’re ready to go live with 18.104.22.168, with a view to possibly upgrading at a later date, but first I wanted to make sure the current release of 22.214.171.124 does not have any known security vulnerabilities that were fixed in later editions. (My presumption is this is not the case)
Judging by the security blog (http://www.magentocommerce.com/blog/category/security-updates/), there has only been one security issue identified since 2009, and there is a patch available for it (although the patch does not seem to have made itself into the actual 1.5 download package, which I also grabbed today to compare with our version).
Assuming I apply this patch to our version of 126.96.36.199, are we good to go live with no risk of getting exploited?
Every release since 188.8.131.52 has identified security issues. Please read the release notes http://www.magentocommerce.com/download/release_notes
Look for things like: Fixed: Several potential security vulnerabilities
So to answer your question, you are at risk of getting exploited. If you correctly coded your site, including best practices like not overriding core code, theming correct, etc. An upgrade to 184.108.40.206 would take 8-20 hours including debugging time.
Just from my experience, i’ve had upgrades take 80 hours (the sites were poorly coded, many overwrites, files missing, etc) and i’ve had upgrades take just 3 hours. I do them every week. However it is urgent that you create a update plan. You should never be more then 1-2 updates behind (your 7 updates behind).