Magento Open Source, 1.9.x

Magento 1.x Security Patch Notice
For Magento Open Source 1.5 to 1.9, Magento is providing software security patches through June 2020 to ensure those sites remain secure and compliant. Visit our information page for more details about our software maintenance policy and other considerations for your business.

Release Notes

Magento Community Edition

We are pleased to bring to you Magento Community Edition,, which features a bundle of patches that improves the security of your Magento installation.

Important! Use Magento Community or later for all new installations and upgrades to ensure that you have the latest fixes, features, and security updates.

Security Patches

To receive direct notification from our security team regarding any emerging issues and solutions, stop by the Magento Security Center and sign up for the Security Alert Registry. To learn more, see:

SUPEE-6788 Patch Bundle

This patch bundle protects your Magento installation against several potential threats, and includes a new configuration setting that helps manage the backward compatibility of the patch for extensions and customizations. The first patch in the bundle was included in the Magento Community release. However, versions of Magento Community prior to need this critical patch.

Important! This patch breaks backward compatibility, and can impact extensions and customizations.

Admin Routing Compatibility Mode

To help manage the compatibility of extensions and customizations, the following setting has been added to the Admin > Security configuration:

  • Field



    Admin routing compatibility mode for extensions


    Allows you to verify that all extensions and customizations are compatible before the patch is enabled.


    (Default Setting) Partially enables an installed patch to allow extensions or customizations with older modules to continue working in an unsecured state while the code is updated. When all impacted extensions are updated, set Admin Routing to “Disable” to fully enable the security patch.


    Fully enables an installed security patch. Any extensions with older modules will not work correctly.

We recommend that you install the patch first in the test environment, and try disabling the compatibility mode. If you discover issues, set Admin Routing Compatibility back to “Enabled." If your extensions and customizations work correctly, you can deploy the fully-enabled patch to production. If you discover issues accessing extensions or customizations from the Admin, set Admin Routing Compatibility Mode to “Disabled” before deploying the patch to production. Then, update the impacted customizations and extensions as needed.

We urge you to enable Admin Routing Compatibility Mode as soon as possible to protect your installation from automated attacks. To learn more, see the technical details in the Security Center.