After much community contribution, the v1.5.5. release is ready. Thanks to everybody for the feedback and help with testing and coding.

Download available here:

Minimum Requirements
Zen Cart v1.5.5 requires a minimum of the following:
  • Zen Cart v1.5.5 is compatible with PHP 5.2.10 through PHP 7.1, and MySQL 5.1 thru 5.7
    (Note: PHP versions older than 5.6 are deprecated and no longer supported by PHP ... You REALLY should be using PHP 5.6 as a minimum, for both security and speed benefits.)
  • MySQL 5.1 - 5.7
  • Apache 2.2 - 2.4
  • Apache configured with AllowOverride set to either 'All' or at least both 'Limit' and 'Indexes' parameters, and preferably the 'Options' parameter as well.
  • PHP configured to support CURL with OpenSSL
  • Server's CURL and OpenSSL configured to use the latest modern TLS capabilities (particularly TLS 1.2 is quickly becoming mandatory)

While Zen Cart can run on Windows/IIS servers, Linux/Apache servers are recommended for best results, superior performance, and easier use by shopowners.

CHANGELOG - List of Changed Files
For a list of files that have been changed since v1.5.4, see the changed_files-v1-5-5.html document, located online or in the /docs/ folder of the downloaded zip.

What's New In v1.5.5:
The most notable improvements and bugfixes in v1.5.5 since v1.5.4 include:
  • All known v1.5.4 bugfixes and security fixes are included in v1.5.5, including tighter control around XSS as well as clickjacking
  • Template: The default out-of-the-box template (called "Responsive Classic") is now a mobile-friendly responsive-design theme built for flexibility with tablets, mobile devices, and desktops.
  • Template: The core template_default files have been reviewed for HTML5 compliance, and a number of classes and IDs have been added to move older styling to CSS instead. Specific input-types like email/telephone for easier use on mobiles
  • Admin: Admin menu improvements to help it fit tablet screens better
  • Admin: Added customer-password reset via Admin
  • Admin: Products Price Manager: Added display of taxes into prices
  • Admin: Improvements to developers-toolkit and whos-online
  • SEO: Numerous updates to canonical-url handling
  • SEO: Added hreflang markup for better indexing of multilingual sites, and other HTML page-header metatag improvements
  • Checkout: Order Details added to Checkout-Success page
  • Payment: PayPal Express Checkout has numerous updated compatibilities added, including their latest InContext mobile support
  • Payment: Added SagePay Form payment module (for hosted offsite PCI compliant credit card processing)
  • Payment: Added First Data Hosted Checkout Payment Pages (Global Gateway e4) module (for hosted offsite PCI compliant credit card processing)
  • Payment: Retired obsolete Linkpoint_API payment module (replaced by the new Payeezy JS module)
  • Payment: Added Payeezy JS (First Data/Global Gateway e4) Payment module (for onsite PCI compliant credit card processing)
  • Core: Added PHP 7.0 compatibility
  • Core: Added MySQL 5.7 compatibility
  • Core: Improved error-logging for troubleshooting (included @lat9's debug-backtrace mod)
  • Core: Improved/simplified code for db query handling, allowing simple foreach() iterations instead of requiring while(!EOF) loops,
  • Core: Added hooks to allow for 3rd-party-handling of taxes, for plugin support with orders, attributes, and much more
  • Core: Fix some rounding errors
  • Core: Added cron code for automated currency-updating, and currency sources can be selected from Admin->Config->My Store menu, and plugins can auto-show in this list
  • Core: Fixed bug with a race condition causing database errors related to sessions
  • Core: Simplified the configure.php file contents significantly by retaining only the most-often-customized components, and added an automatic-converter as part of zc_install's initial inspection
  • Email: Integrated @lat9's "common CSS styling" for HTML emails
  • Email: Added newer phpMailer integration (better compatibility with more email services), and email-failure errors are logged to /logs/ for easier debugging if problems occur
  • Some language-file cleanups
  • Improved compatibility for payment/shipping modules and SSL/TLS to work with the 2016 SHA-256 Secure Server initiatives being embraced by modern hosting companies and PCI Compliance
  • Rewrote zc_install - fresh new look, will make future internal maintenance easier
  • Replaced phpBB integration with generic hooks to allow for various external forums
  • Security patches for alerts provided from various security watchdog sites
  • ... and numerous other small improvements to make things work faster, sleeker, smarter and be easier to use


How To Upgrade A Zen Cart Site
The way DrByte does upgrades is described in this blog post:

Important Note about CONFIGURE.PHP file changes for v155!

The contents of configure.php have changed (to be simplified) ... and they're MUCH SMALLER now!
The dist-configure.php shows the simplified contents, and zc_install will generate the leaner files (when doing fresh installs).
Also, zc_install will upgrade your configure.php files to the new format as long as the files are writable by your server's PHP.


While Zen Cart(R) v1.5.5 contains a newer "responsive_classic" template, we STRONGLY recommend that upgraders first upgrade the site using everything (including template_default) except the responsive_classic template contents.

Then once the upgraded site is working properly you can consider what changes you might want to make to your own active template.

(Important notes about template_default are shown below)

AGAIN: The responsive_classic template should NOT be implemented immediately as part of an upgrade; it should be a separate step ... if it is even used at all. IT IS NOT NECESSARY TO USE responsive_classic ON YOUR EXISTING SITE, AND YOU SHOULD UPGRADE THE REST OF YOUR SITE FIRST BEFORE ATTEMPTING TO CONVERT/ADAPT IT TO YOUR USE.

Notes about changes to TEMPLATE_DEFAULT


In Zen Cart the template_default directory contains the master copy of all storefront page templates. The normal procedure for customizing template files for use in your own personalized template is to make a copy of the corresponding file from template_default, put it into your own template folder (and matching folder structure), and make your customizations in that copy of the file. This way the only files you need in your personalized template folder are those that you have altered in some way from template_default.

With that explained, it is important that whenever you upgrade your site, you should also inspect ALL the template_default files to determine which changes in those files need to be replicated in your customized files.

Often a tool like Beyond Compare or Araxis Merge or GnuDiff can be helpful for this. The process is simple: compare the template_default directory files from your *old* version against the template_default files in the *new) version, and use those results as a reference to copy those updated changes into each of the files you've customized in your custom/personalized template in your store.
Then, and only after you've done all those comparisons and updated your customized files in your custom template folder, you will copy the template_default files from the new version into the template_default directory of your store. This way you'll be left with updated personalized files *and* updated template_default files.

Changes in template_default for v1.5.5

The template_default files previously had a lot of old <table> markup to specify widths, cell borders and padding and spacing. These have been removed in v1.5.5 and relevant styles added to the bottom of the main stylesheet.css file. You will want to add the updated CSS parts to your own stylesheet if your custom template still uses those tables. (A few 3rd-party templates have aggressively ripped out various tables and may not be affected by this change.)

A few CSS changes were made in template_default to change IDs of repeating elements to be classes instead. Of note #cartDisplay is now .cartDisplay, and #cartImage is .cartImage


Many people have asked about the "missing ?> at the end of some PHP files".
This is INTENTIONAL, and explained here:
It is NOT an error in the files or the download.

Also a huge thanks to Anne at Picaflor-Azul for preparing the new Responsive Classic template and for Raymond Barbour of for the DIY responsive components driving it.