Magento 220.127.116.11 is the new update for Magento 1 which includes Magento security patch bundle SUPEE-7405 and USPS patch SUPEE-7616.
We highly recommend our readers and all the magenticians to install the Magento security patches or upgrade your store to the latest version. SUPEE-7405 resolves several security-related issues. More details on vulnerabilities addressed by this patch are described below:
- Stored XSS via the email address
- Stored XSS in Order Comments
- Stored XSS in Order
- Guest order view protection code vulnerable to brute-force attack
- CSRF token not validated on backend login page
- Malicious files can be upload via backend
- CSRF leading to the execution of admin actions after login
- Excel Formula Injection via CSV/XML export
- Editing or Deleting Reviews without permission
- Disruption of email delivery
- CAPTCHA Bypass
- Reflected XSS in backend coupon entry
- Injected code can be stored in the database
SUPEE-7616 includes several updates in USPS API which includes services, rates, and package names. Previous versions of Magento are highly recommended to apply this patch as soon as possible. To install the Magento security patch, follow this easy guide and get your Magento store secured asap!
Apply Magento Security Patch
It is highly recommended that you first make a copy of your current store to avoid making changes in the production environment. After you are convinced that everything is in order on your staging environment only then proceed to replicate installation on your production environment.
However, if you are a Cloudways user, you can easily clone your Magento store to the staging using the clone application feature in the platform.
Downloading the Magento Security Patch
New security patches can be downloaded from the official downloads page of Magento Inc. Keep in mind that you should always download the Magento security patch for appropriate version of your store.
Uploading the Magento Security Patch via FTP
Now, upload the downloaded Magento security patch file to the root directory of your Magento installation using an FTP client like FileZilla.
Setting Executable Permissions
After uploading the Magento security patch, you are required to set the permission of the patch file to be executable. For this, log into your server via SSH terminal, navigate to the root directory of your Magento store and run the following command:
chmod +x PATCH_FILE_NAME.sh
Cloudways users can reset the permissions within the platform using 1-click Reset Permission button in the Application tab.
Applying the Magento Security Patch
Finally, to apply the patch run the following command to execute it.
You will see something like this:
Verifying Magento Security Patch
After applying the Magento security patch, visit MageReport to verify that whether the patch has been applied and your Magento store is secured. If your patch was installed correctly, you should see patch name with the green background color.
Delete Magento Cache
After the verification process, navigate to the var directory of your Magento store and just clear the Magento cache using the following CLI command:
rm -rf cache/*
You just upgraded your Magento store and now your store is safe to operate. Updating your Magento store with the latest Magento security patch and keep on enjoying seamless Magento Cloud Hosting on Cloudways and reap benefits from improved sales from your ecommerce store.
Boost Your Magento Store Performance by 5x Times & Maximize Your Sales
Our fastest Magento hosting can help you in growing your business revenue by 500%
Fayyaz is a Magento Community Manager at Cloudways - A Managed Magento Hosting Platform. His objective is to learn & share about PHP & Magento Development in Community. Fayyaz is a food lover and enjoys driving. You can email him at firstname.lastname@example.org