List of Security Patches To Apply for v1.3.x
IMPORTANT NOTE: v1.5.x is more secure than v1.3.x, and v1.5.0 and v1.5.4 are PA-DSS certified. Thus, upgrading to v1.5 is a much smarter move than merely patching old v1.3.x versions.
List of Security Patches For v1.3.x
NOTE: v1.3.9 already contains all the patches for all earlier versions. Upgrading is the recommended route.
The following are the patches that have been released for each v1.3.x version of Zen Cart. You will have to manually apply these patches against the official download zip of the indicated Zen Cart version. (Naturally, each patch is rolled INTO the *next* version, so upgrading to the next version already includes all PREVIOUS patches for prior versions.)
REMEMBER (In case it's not self-evident) ... WHEN APPLYING *ANY* PATCHES (or addons or customizations for that matter), ALWAYS DO A *FULL* BACKUP of your database data and your PHP/HTML/CSS/TEMPLATE/IMAGES files by downloading them to your computer and zipping and/or burning to a CD/DVD.
1.3.0
http://www.zen-cart.com/forum/showthread.php?t=43579
http://www.zen-cart.com/forum/showthread.php?t=48241
http://www.zen-cart.com/forum/showthread.php?t=69510
http://www.zen-cart.com/forum/showthread.php?t=102802
http://www.zen-cart.com/forum/showthread.php?t=108428
http://www.zen-cart.com/forum/showthread.php?t=130161 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142784 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142927
1.3.0.1
http://www.zen-cart.com/forum/showthread.php?t=43579
http://www.zen-cart.com/forum/showthread.php?t=48241
http://www.zen-cart.com/forum/showthread.php?t=69510
http://www.zen-cart.com/forum/showthread.php?t=102802
http://www.zen-cart.com/forum/showthread.php?t=108428
http://www.zen-cart.com/forum/showthread.php?t=130161 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142784 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142927
1.3.0.2
http://www.zen-cart.com/forum/showthread.php?t=43579
http://www.zen-cart.com/forum/showthread.php?t=48241
http://www.zen-cart.com/forum/showthread.php?t=69510
http://www.zen-cart.com/forum/showthread.php?t=102802
http://www.zen-cart.com/forum/showthread.php?t=108428
http://www.zen-cart.com/forum/showthread.php?t=130161 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142784 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142927
1.3.5
http://www.zen-cart.com/forum/showthread.php?t=47774
http://www.zen-cart.com/forum/showthread.php?t=48241
http://www.zen-cart.com/forum/showthread.php?t=69510
http://www.zen-cart.com/forum/showthread.php?t=102802
http://www.zen-cart.com/forum/showthread.php?t=108428
http://www.zen-cart.com/forum/showthread.php?t=130161 ** ESPECIALLY IMPORTANT
List of popular bugfixes for v1.3.5: http://www.zen-cart.com/forum/showthread.php?t=45377
http://www.zen-cart.com/forum/showthread.php?t=142784 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142927
1.3.6
http://www.zen-cart.com/forum/showthread.php?t=69510
http://www.zen-cart.com/forum/showthread.php?t=102802
http://www.zen-cart.com/forum/showthread.php?t=108428
http://www.zen-cart.com/forum/showthread.php?t=130161 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142784 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142927
1.3.7 / v1.3.7.1
http://www.zen-cart.com/forum/showthread.php?t=64115
http://www.zen-cart.com/forum/showthread.php?t=69510
http://www.zen-cart.com/forum/showthread.php?t=102802
http://www.zen-cart.com/forum/showthread.php?t=108428
http://www.zen-cart.com/forum/showthread.php?t=130161 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=130701
http://www.zen-cart.com/forum/showthread.php?t=142784 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142927
1.3.8 / v1.3.8a
The ONLY APPROPRIATE "PATCH" is to upgrade your site to the latest version of Zen Cart.
http://www.zen-cart.com/forum/showthread.php?t=102802
http://www.zen-cart.com/forum/showthread.php?t=108428
http://www.zen-cart.com/forum/showthread.php?t=130161 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=130701
http://www.zen-cart.com/forum/showthread.php?t=142784 ** ESPECIALLY IMPORTANT
http://www.zen-cart.com/forum/showthread.php?t=142927
List of popular bugfixes for v1.3.8: http://www.zen-cart.com/forum/showthread.php?t=82619
STRICTLY OPTIONAL: Patch for PHP 5.3 compatibility: http://www.zen-cart.com/forum/showthread.php?t=140960
1.3.9
See the 1.3.9 section below.
Other Patches
Additionally, if any of the following are posing problems for you, the applicable patch may help:
PCI Scan patch:
http://www.zen-cart.com/forum/showthread.php?t=130701
USPS Patch January 2012
See the updated module in the Addons section.
Discourage Hackers
https://www.zen-cart.com/tutorials/i...hp?article=320
https://www.zen-cart.com/tutorials/i...hp?article=398
http://www.zen-cart.com/forum/showthread.php?t=142784
1.3.9
UPDATE: v1.3.9g contains several XSS protection fixes, and some other security fixes not present in any prior 1.3.xx version. YOU SHOULD UPGRADE.
Yes, that means you should upgrade from ANY prior version.
v1.3.9h contains all the known fixes for all the known problems as of the time it was released.
See the comments at the top of this post, about the latest version.
Recovering from Hack Attempts
http://www.zen-cart.com/wiki/index.p...ing_From_Hacks
Securing Your Site Against Attack
https://www.zen-cart.com/tutorials/index.php?article=73
http://www.zen-cart.com/forum/showthread.php?t=142784
Announcements
Furthermore, there are other patches and news and announcements in the "News And Announcements" section of the forum: http://www.zen-cart.com/forum/forumdisplay.php?f=2 Be sure to subscribe yourself to this section of the forum if you wish to receive immediate notification of any updates posted here, including notification of new releases, etc.
*USPS January 4 2010 replaces USPS May 2008