January 20, 2016: New Magento Security Patch (SUPEE-7405) – Install ImmediatelyNew SUPEE-7405 patch can be downloaded as usual from Downloads page: https://www.magentocommerce.com/products/downloads/magento/ or installed as a regular Magento upgrade via Downloader (it is included in Magento 1.9.2.3 version). You can install it in the same way as previous patches or by upgrading to Magento 1.9.2.3. To apply the patch you need SSH access (shell access actually, SSH is just most used way to get shell access) to the server. If you have no SSH access, you can refer to How to apply SUPEE-7405 without SSH. If you wish to save time and have us to install these patches for you, simply click here to order installation.
Step 0: Preparations
Note: Make sure to Disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache.
Step 1: Verify your Magento version
$ grep -A6 'static function getVersionInfo' app/Mage.php public static function getVersionInfo() { return array( 'major' => '1', 'minor' => '9', 'revision' => '2', 'patch' => '2',As you can see in the example, it is Magento 1.9.2.2
Step 2: Download corresponding patches
Patches are obtained from https://www.magentocommerce.com/products/downloads/magento/ Make sure to get the right version.Step 3: Place patches into Magento Root directory
Upload your files into Magento root directory. It is important to place patch files directly into Magento root directory and execute it also directly in Magento root directory.$ ls -1 . PATCH_SUPEE-7405_CE_1.9.2.2_v1-2016-01-20-04-35-33.sh app cron.php downloader errors favicon.ico index.php js lib mage media pkginfo robots.txt shell skin var
Step 4: Run the patches
$ bash ./PATCH_SUPEE-7405_CE_1.9.2.2_v1-2016-01-20-04-35-33.sh Checking if patch can be applied/reverted successfully... Patch was applied/reverted successfully.
Step 5: Verification and flush of PHP opcode cache
Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches. Additionally, if your store still use default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to/downloader/
.
Known issues
If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.Posted in: Magento Maintenance