Original release date: January 20, 2015
Oracle has released its Critical Patch Update for January 2015 to address 169 vulnerabilities across multiple products.
This update contains the following security fixes:
- 8 for Oracle Database Server
- 36 for Oracle Fusion Middleware
- 10 for Oracle Enterprise Manager Grid Control
- 10 for Oracle E-Business Suite
- 6 for Oracle Supply Chain Products Suite
- 7 for Oracle PeopleSoft Products
- 1 for Oracle JD Edwards Products
- 17 for Oracle Siebel CRM
- 2 for Oracle iLearning
- 2 for Oracle Communications Applications
- 1 for Oracle Retail Applications
- 1 for Oracle Health Sciences Applications
- 19 for Oracle Java SE
- 29 for Oracle Sun Systems Products Suite
- 11 for Oracle Linux and Virtualization
- 9 for Oracle MySQL
US-CERT encourages users and administrators to review the Oracle January 2015 Critical Patch Update and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
When discussing Magento upgrades with clients these days what is coming up more and more often is questions about changing the theme in use on the website and more specifically whether that should be done at the same time as the upgrade. Our current recommendation is to split up the upgrade and the theme change, for reasons we will get to in a moment, doing the upgrade first and then using the copy of the website used for testing the upgrade to test out the new theme before finally changing the theme on the production website.
Avoiding Additional Issues with the Upgrade
Upgrading Magento is almost never a process without issues, if you are lucky they are rather small, but in many cases they are rather large. To the extent possible you want to avoid making other changes at the same time as doing that as makes it harder to deal with the issues since you won’t know which change is the root of the issue when you start dealing with it. That advice applies not just to theme changes, but other major changes.
While new themes do not cause problems on the same level as an upgrade, they can sometime cause problems, with this being more likely if the new theme also adds new extensions to the website. Often times the new theme is going to go through a fair amount of customization, which can be accomplished without impacting the production website by using the copy of the website created for the upgrade to do that.
The downside to splitting up the upgrade and theme change is that often themes will need some minor changes made to them to make them compatible with versions of Magento released after the theme was released, with a new theme designed for the new version that shouldn’t be necessary. If you hire a professional to do the upgrade – which we would definitely recommend based having seen the many problems that can come up during an upgrade – they shouldn’t have a problem checking if changes need to be made and making those changes, so the advantage a new theme provides is limited based on that. Further limiting the advantage is that we often find that those changes need to be made in design files that come with an extension instead of a theme, so most of the work related to this still needs to be done if a new theme is used during an upgrade.