When you first log in to your Magento Admin Panel, you may be alerted to install the latest critical security patches.
Click Read Details, and you'll be taken to the Magento Community Edition (CE) downloads page.
In the Magento CE Patches box, select the version from the drop-down list and click Download for each patch you need for your app.
After downloading a patch, SSH or SFTP in to your app as the system user the app belongs to and upload the patch to your app's public folder.
Even if you used SFTP to upload the file to your app, you must use SSH to apply the patch.
SSH into your server. Navigate to your app's public folder using the cd command.
cd apps/APPNAME/public
Now, run one of the following commands, replacing PATCHFILENAME with the actual name of the patch.
For patches ending in .sh, run:
sh PATCHFILENAME.sh
For patches ending in .patch, run:
patch -p0 < PATCHFILENAME.patch
After applying all of the necessary patches, open your Magento Admin Panel and select Cache Management from the System menu.
Click Select All at the top of the cache type list. Then, select Refresh from the Action drop-down list to the right and click Submit.
You have just patched your Magento CE app.