You are here: Operations > System > System Tools > Installing Magento Patches
Magento Open Source, 1.9.x

Magento 1.x Security Patch Notice
For Magento Open Source 1.5 to 1.9, Magento is providing software security patches through June 2020 to ensure those sites remain secure and compliant. Visit our information page for more details about our software maintenance policy and other considerations for your business.

Installing Magento Patches

Magento recently launched several patches to correct vulnerabilities in the system. It is recommended that you upgrade your store to the latest version of Magento, and install any security-related patches as soon as they become available.

Make sure to stop by our Magento Security Center, and sign up for the Security Alert Registry to receive direct notification from our security team of any emerging issues and solutions.

Because of the variation in hosting environments and access to the server, there is no “one size fits all” way to install a patch. This article describes three methods to install a patch, and also how to revert a patch.

If your hosting provider doesn’t provide SSH access to the server, try one of the other methods. Although the focus of this article is on security patches, the same methods can be used to install any Magento patch.

ClosedStep 1: Back Up Your Magento Installation

Always back up your Magento installation before installing a patch. To learn more, see: Creating a Backup

ClosedStep 2: Download the Patch

To download the recommended patches for your version of Magento Community Edition, visit the Magento download page.

ClosedStep 3: Disable the Compiler

If your store is compiled, make sure to disable compilation before installing a patch. After installing a patch, test the store thoroughly. Then, run the compiler again. Your store must be recompiled for the patch to take effect.

ClosedStep 4: Install the Patch
ClosedMethod 1: Use SSH

Secure Shell (SSH) is the recommended way to install a patch. If you don’t know how to set up SSH, contact your hosting provider. For detailed instructions, see: Installing Patches with SSH.

1. Upload the patch files to the root of your [magento] installation folder.
2. If the store is compiled, make sure the compiler is disabled.
3. In the SSH console, run the following commands according to the patch extension:
  • .sh extension 
    sh patch_file_name.sh
  • .patch extension 
    patch --p0<patch_file_name.patch
4. Use either of the following methods to verify that the patch was installed:
  • Download or view the file: app/etc/applied.patches.list.

  • applied.patches.list
  • From the command line, run the patch file with the --list argument for a report of all patch installations.

  • --list argument
ClosedMethod 2: Run a Script

The following example shows how to install the SUPEE_5344.sh patch. Make sure to replace the patch name in the example with the name of the patch file to be installed.

1. Upload the patch files to the root of your [magento] installation folder.
2. If the store is compiled, make sure the compiler is disabled.
3. From your desktop, do the following:
a. Use a text editor to create a file named patch.php that contains the following script. 
  • <?php
    print("<PRE>");
    passthru("/bin/bash PATCH_SUPEE-5344.sh");
    print("</PRE>");
    echo "Done";
    ?>
b. Upload the patch.php file to the root of your [magento] installation folder.
4. Run the script from your browser. 
  • http://www.[yourstore.com]/patch.php

Then, look for the following message:

  • Checking if patch can be applied/reverted successfully...

    Patch was applied/reverted successfully.

    Done
5. After the patch is successfully installed, delete the patch.php file from your server.

If you receive the following error, either ask your hosting provider to install the missing tools, or try one of the other methods.

  • “Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it(them).
6. Refresh your cache from the Magento Admin, Don’t forget to refresh your OPcode or APC cache as well.
7. If your store is compiled, rerun the compiler.
ClosedMethod 3: Upload Pre-Patched Files
1. Download your Magento installation to your local machine.
2. Apply the patch locally.
3. Upload the updated files to your server.
ClosedReverting an Installed Patch

Occasionally it is necessary to uninstall a patch. The command to revert a patch is essentially the same as the command that is used to install a patch, but with the addition of the -R flag.

1. Before you begin, make sure that you have appropriate permissions to the Magento installation directory on the server. If the directory is owned by a web server user such as apache or root, change to the appropriate user to ensure that you have the necessary permissions. For example: 
  • su - apache

Then when prompted, enter the password.

2. Change to your magento installation folder.
3. On the command line, enter the following command to revert the patch: 
  • sh patch_file_name.sh -R

Copyright © 2019Magento, Inc. All rights reserved.