JAN 20 2016

How to install SUPEE-7405

January 20, 2016: New Magento Security Patch (SUPEE-7405) – Install Immediately

New SUPEE-7405 patch can be downloaded as usual from Downloads page:
https://www.magentocommerce.com/products/downloads/magento/ or installed as a regular Magento upgrade via Downloader (it is included in Magento version).

You can install it in the same way as previous patches or by upgrading to Magento

To apply the patch you need SSH access (shell access actually, SSH is just most used way to get shell access) to the server. If you have no SSH access, you can refer to How to apply SUPEE-7405 without SSH.

If you wish to save time and have us to install these patches for you, simply click here to order installation.

Step 0: Preparations

Note: Make sure to Disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache.

Step 1: Verify your Magento version

$ grep -A6 'static function getVersionInfo' app/Mage.php
    public static function getVersionInfo()
        return array(
            'major'     => '1',
            'minor'     => '9',
            'revision'  => '2',
            'patch'     => '2',

As you can see in the example, it is Magento

Step 2: Download corresponding patches

Patches are obtained from https://www.magentocommerce.com/products/downloads/magento/

Make sure to get the right version.

Step 3: Place patches into Magento Root directory

Upload your files into Magento root directory. It is important to place patch files directly into Magento root directory and execute it also directly in Magento root directory.

$ ls -1 .


Step 4: Run the patches

$ bash ./PATCH_SUPEE-7405_CE_1.9.2.2_v1-2016-01-20-04-35-33.sh
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.

Step 5: Verification and flush of PHP opcode cache

Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

Additionally, if your store still use default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to /downloader/.

Known issues

If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.


Posted in: Magento Maintenance

How to install SUPEE-7405
2 votes, 4.00 avg. rating (82% score)
  • Krishna

    my comment removed?

  • MD Rony

    I have Done as You Showed and Showed me that Patch Successfully Applied But When checking version Still showing .. My cached was Disable when i applied patch though i have cleaned catch and index But Still Same Issue

    • John Mocnik

      That’s right, only the core will be patched and not a upgrade of the whole store. If you want to upgrade the whole store, then you need to download the last version of the Magento files. But recommended to test it on a test site first if all installed extensions will work properly. By patching the core files you have none or very less problems with installed extensions. Last SUPEE’s there where some path changes and some extensions needed a little fix. So patching doesn’t change the version number op your shop!!

  • Vicky

    Getting a problem with my uploaded images since SUPEE-7405… they are not readable when I mouse over my image after uploading it in the admin portal. Any solution?

  • Vicky

    I think there is a missing step and that is with permission for image files. Some are saying to update lib/Varien/File/Uploader.php with permissions but I know this is core file and will go away with the next patch.

  • Thiago Teles

    Hi, when will be available the Supee 7405 v1.1 without ssh?