If you run Magento 1.9.0.0 or 1.9.0.1 version it is strongly recommended to apply SUPEE-3762 patch or upgrade to the latest Magento version.

If you wish to save time and have us to install these patches for you, simply click here to order installation.

If you have no SSH access to apply the patch, you can simply upgrade your installation to Magento 1.9.2.1 version which includes all the latest security patches (SUPEE-5344,SUPEE-5994,SUPEE-6285,SUPEE-6482). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article.

SUPEE-3762 patch can be installed independently, prior to or after installation of other security patches (SUPEE-1533,SUPEE-5344,SUPEE-5994 or SUPEE-6285).

The following files are changed by SUPEE-3762:

  • lib/Zend/Soap/Server.php
  • lib/Zend/Xml/Exception.php
  • lib/Zend/Xml/Security.php

Applying Magento patches via FTP/sFTP or FileManager / File Upload

To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.

Before patching make sure to clear compiled cache.

Patched version of these files for Magento 1.9.0.0 and 1.9.0.1 packed into single ZIP archive:

Magento version SUPEE-3762
Magento 1.9.0.0-1.9.0.1 SUPEE-3762-1.9.0.1

If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it (or restart webserver) after patching, otherwise code will continue to run from caches.

Additionally, if your store still using default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to /downloader/.

Done.