Magento的有漏洞爆出或者更新补丁发布后,官方会在系统后台System-Notifications给出提醒消息。
其中需要注意的是“CRITICAL”的,这种补丁是高危漏洞,用户一定要更新这个补丁,否则会给程序运行带来非常大的风险。 我们根据提示,来到官方网站https://www.magentocommerce.com/products/downloads/magento/,如果您不知道您程序是什么版本,请登录您的magento程序的后台,底部会显示版本号。 找到对应版本的补丁,登录账号,下载。
下载后会得到一个以PATCH_SUPEE开头的sh文件,这是一个shell脚本。SHU88的Magento主机均提供空间的shell功能,因此请把补丁文件放到您的程序根目录(请注意是程序根目录,即跟index.php同一个目录),然后直接登录您空间的shell命令框(推荐您使用winscp和putty)。官方说明上也写的很清楚:
Please upload the patch into your Magento root directory and run the appropriate SSH command:
For patch files with the file extension .sh:
sh patch_file_name.sh
Example: sh PATCH_SUPEE-1868_CE_1.7.0.2_v1.sh
For patch files with the file extension .patch:
patch –p0 < patch_file_name.patch
Once that is done, refresh the cache in the Admin under "System > Cache Management" so that the changes will be reflected. We highly recommend you test all patches in a test environment before taking them live.
xxxx@xxx [~/public_html/demo]# sh PATCH_SUPEE-5345_CE_1.7.0.2_v1-2015-02-10-08-11-22.sh
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully. 此外您可以同时关注下官方的检查地址:http://magento.com/security-patch,来检查您的程序是否有安全漏洞。 (责任编辑:好模板) |