Updated February 23, 2016

Updated versions of this release are now available. The updates add support for PHP 5.3 and address issues with upload file permissions, merging carts, and SOAP APIs experienced with the original release. They DO NOT address any new security issues.

RELEASE DETAILS

We highly recommend that all users either install the SUPEE-7405 v1.1 patch bundle, or upgrade to Magento Enterprise Edition 1.14.2.4 or Magento Community Edition 1.9.2.4.

You must install the SUPEE-7405 v 1.0 patch before installing the SUPEE-7405 v 1.1 patch bundle if you are running a version of Magento Enterprise Edition prior to 1.14.2.3 or Magento Community Edition prior to 1.9.2.3.

You do not need to install the SUPEE-7405 v 1.0 patch if you are running Magento Enterprise Edition 1.14.2.3, Magento Community Edition 1.9.2.3, or have previously installed the SUPEE-7405 v 1.0 patch on an earlier version of Magento Community Edition.

The SUPEE-7405 v 1.1 patch bundle includes the following:

Cart Merge Patch (SUPEE-7978)

Carts with identical items now merge correctly. Previously, when a cart with one item was merged with another cart that contained the same item, Magento did not merge the cart totals correctly. The cart now includes only one item, and the total is correct.

SOAP API Patch (SUPEE-7822)

The Magento SOAP API now works as expected. Previously after installing the SUPEE-7405 v1.0 patch, an API request would cause a 500 error, and Magento would log an exception.

PHP 5.3 Compatibility (SUPEE-7882)

The patch was not compatible with PHP 5.3 for earlier versions of Magento that were still supporting this version. Merchants experiencing this issue were unable to view sales information in the Admin.

Upload File Permissions

The patch restores less restrictive file permissions (0666 for files and 0777 for directories) as more strict permissions introduced by the original SUPEE-7405 patch caused many merchants not to be able to view uploaded product images, depending on hosting provider configuration.

DOWNLOADING THE UPDATES

Patches and upgrades are available for the following Magento versions:

Enterprise Edition 1.9.0.0-1.14.2.3: SUPEE-7405 v1.1 or upgrade to Enterprise Edition 1.14.2.4

Community Edition 1.5.0.0-1.9.2.3: SUPEE-7405 v1.1 or upgrade to Community Edition 1.9.2.4

To download a patch or release, choose from the following options:

Partners:

Enterprise Edition 1.14.2.4 Partner Portal > Magento Enterprise Edition > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Version 1.x Releases > Version 1.14.2.4 SUPEE-7405 v1.1 Partner Portal > Magento Enterprise Edition > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Support and Security Patches > Security Patches > Security Patches – February 2016

Enterprise Edition Merchants:

Enterprise Edition 1.14.2.4 My Account > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Version

1.x Releases > Version 1.14.2.4 SUPEE-7405 v1.1 My Account > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Support and Security Patches > Security Patches > Security Patches – February 2016

Community Edition Merchants:

Community Edition 1.9.2.4 Community Edition Download Page > Release Archive Tab SUPEE-7405 v1.1 Community Edition Download Page > Release Archive Tab > Magento Community Edition Patches - 1.x Section

January 20, 2016

SUPEE-7405 is a bundle of patches for Magento 1.x that resolve several security-related issues. You can find more details on the vulnerabilities address by this patch below: