Magento 1.x Security Patch Notice
For Magento Open Source 1.5 to 1.9, Magento is providing software security patches through June 2020 to ensure those sites remain secure and compliant. Visit our information page for more details about our software maintenance policy and other considerations for your business.
Release Notes
Magento Community Edition 1.9.2.4
We are pleased to bring you Magento Community Edition 1.9.2.4, which bundles improvements for issues reported by our merchants after installing the latest patch SUPEE-7405, or Magento Community Edition Release 1.9.2.3.
Important! Use Magento Community 1.9.2.4 or later for all new installations and upgrades to ensure that you have the latest fixes, features, and security updates.
Patch Bundle (SUPEE-7405 v.1.1)
We highly recommend that all users of Magento Community Edition 1.9.0.x either install the SUPEE-7405 v 1.1 patch bundle, or upgrade to Magento Community Edition 1.9.2.4.
-
You must install the SUPEE-7405 v 1.0 patch before installing the SUPEE-7405 v 1.1 patch bundle if you are running a version of Magento Community Edition prior to 1.9.2.3.
-
You do not need to install the SUPEE-7405 v 1.0 patch if you are running Magento Community Edition 1.9.2.3, or have previously installed the SUPEE-7405 v 1.0 patch on an earlier version of Magento Community Edition.
The SUPEE-7405 v 1.1 patch bundle includes the following:
Cart Merge Patch (SUPEE-7978)
Carts with identical items now merge correctly. Previously, when a cart with one item was merged with another cart that contained the same item, Magento did not merge the cart totals correctly.The cart now includes only one item, and the total is correct.
SOAP API Patch (SUPEE-7822)
The Magento SOAP API now works as expected. Previously after installing the SUPEE-7405 v1.0 patch, an API request would cause a 500 error, and Magento would log an exception.
PHP 5.3 Compatibility (SUPEE-7882)
The patch was not compatible with PHP 5.3 for earlier versions of Magento that were still supporting this version. The issue experience by merchants was inability to view sales information in the Admin.
Upload File Permissions
The patch restores less restrictive file permissions (0666 for files and 0777 for directories) as more strict permissions introduced by the original SUPEE-7405 patch cause many merchants not to be able to view uploaded product images, depending on hosting provider configuration.
Patch Download and Installation
If you have not yet installed the previous patches, please do so now to bring your system up to date.
To download and install the patch:
| 1. | Go to the Magento Community Edition Download page, and click the Release Archive tab. |
| 2. | Scroll down to the Magento Community Edition Patches - 1.x section, and find the listings for the following patch bundle: |
- SUPEE-7405 v. 1.1
| 3. | Set Select your format to your current version of Community Edition. Then, click the Download button. |
| 4. | Follow the instructions to install the patch. |
To upgrade Magento:
| 1. | Go to the Magento Community Edition Download page, and click the Release Archive tab. |
| 2. | Under Full Release - ver 1.9.2.4, select a format for the download archive file. Then, click the Download button. |
| 3. | Follow the instructions to upgrade and verify your installation. To review the basic installation instructions, see: Installing Magento. |
Review Best Practices
- Read or review Magento’s Security Best Practices and make sure that all safeguards are in place to protect your system from compromise.
- Use this occasion to examine your system for indications of possible attack such as strange administrator accounts, unfamiliar files on the server, etc.
- To receive direct notification from our security team regarding any emerging issues and solutions, sign up for the Security Alert Registry.
See also: