eCommerce Development

SUPEE-6285: What You Need to Know

Jul 09, 2015   •   2 Min Read

You have invested so much time into crafting your Magento eCommerce website so it can be an enjoyable experience for your customers, and the last thing you need is a possible security breach. Avoid the unnecessary risks by installing the latest Magento patch SUPEE-6285 and understanding what site security threats to watch for.

SUPEE-6285: Magento Security Patch

The newest patch SUPEE-6285 was released on July 7th and addresses a variety of security issues from injection attacks, to requesting forgeries and cross-site scripting, to ACL permissions for third-party extensions. This patch comes at an interesting time, following concerns brought to light by Sucuri over credit card scrapers. Magento’s Ben Marks promptly responded about the impact of these issues, and the timing is most likely just a coincidence.

Two of the larger issues that this patch addresses are template injection attacks and automatic logging file permissions.

Before this security patch, any theme file that overwrote these base template files was vulnerable to unescaped HTML injection attacks.

Magento Patch Supee-6285: What You Need To Know

Injection attacks allow undesirable code to be executed on your webserver, usually through a parameter value. This opens up the possibility for secure information to be displayed on these pages. If any of these templates have been customized, you’ll need to make sure the changes are included in your custom package/theme files.

File Permissions have been a standing issue in stores that have logging enabled. Magento automatically creates the log folders if they don’t exist. Originally, these folders were given full Read, Write and Execute permissions. With these changes, the folders are given more secure permissions from the get-go.

Magento Patch Supee-6285: What You Need To Know

Why you should take Magento security patches seriously

Version upgrades and patch releases are a core part of Magento’s ongoing commitment to excellence in security. Magento is constantly striving to improve their performance, and one important aspect towards developing a positive experience for Magento customers is providing top-of-the-line security. Although Magento provides security updates, the only way to guarantee the safety of your site is to utilize their resources and take the proper security measures.

If you are running a piece of web application software and you are doing eCommerce, it’s your responsibility to keep up to date with security measures not only to ensure safety of your website, but for the safety of your customers, too.

Additionally, you want to make sure you are PCI compliant, that there are no security holes in your server configuration and that your SSL Certificate encryption is up to date. These are all aspects that fall under your responsibility when running an eCommerce store. After all, you definitely don’t want to end up with the negative impacts of a site hack.

Where to go to learn more about Magento security

Magento has always been good about sending notifications to Admins to make them aware of updates, but they haven’t always been clear about the details in the updates. Moving forward, Magento is making it a priority to be as transparent as possible by disclosing all issues patched in every new security release or patch.

(If you for some reason aren’t getting Magento security patch alerts emailed to you, I highly suggest signing up for the security alert registry now.)

Interested in learning about other Magento software updates and the benefits of working with a Magento Gold Partner? Contact us today! Our Magento-certified Developers would love to help.

Related Content

You Also May Like

eCommerce Development

How This Nursery Increased Revenue 140% With HubSpot Email Marketing

Background Groove Commerce initially partnered with Caragh Nursery to migrate them...
Learn More
eCommerce Development

Rules & Requirements For Selling Food & Drinks Online

In recent years, consumer comfort in ordering perishable goods has exponentially...
Learn More
eCommerce Development

How Video Marketing Will Increase Your Business’s Conversions

Why Video Marketing? Video is something we consume everyday, multiple times a day....
Learn More
eCommerce Development

An eCommerce Merchant's Guide To Selling Consumer Packaged Goods

Introduction Because you’re reading this eBook, you’re likely an eCommerce retailer...
Learn More
eCommerce Development

The Best eCommerce Frameworks For Online Selling

What is an eCommerce Framework? The definition of the term eCommerce Framework is...
Learn More
eCommerce Development

Leveraging eCommerce for B2B Wholesale Operations

If you found this article on the web, you are likely a B2B Wholesale business that...
Learn More
20 Best Shopify Apps LP Background Small
eBook
E-BOOK

20 Best Shopify Apps For Your eCommerce Store

Download e-Book

Let's Grow Your eCommerce Business, Together.