Magento USPS First Class Mail Parcel Service Name Change

USPS’ First Class shipping service is commonly used by Magento merchants throughout the globe for shipping lightweight packages. This service was named as “First-Class Mail Parcel” by USPS. But recently they modified this naming convention from “First-Class Mail Parcel” to “First-Class Package Service – Retail.”

After this change in USPS service name, Magento 1.x and 2.x merchants are no longer able to see the first class shipping options on their checkout shipping methods’ area. Here Magento 1.x merchants include the users who are using any version of Magento Commerce 1.x and Magento Open source 1.x and Magento 2.x eCommerce merchants cover the users using Magento Open Source and Magento Commerce prior to Magento 2.1.9 or 2.0.16.

To avert these issues, Magento is offering different solutions for both Magento 1.x and 2.x eCommerce merchants:

Solutions for Magento 1.x eCommerce Merchants:

1.Temporary Workaround:

Magento 1.x users need to edit the Usps.php file to change this service name. This editing can be done by following this workaround:

a. Follow this path and navigate to Usps.php file:

app/code/core/Mage/Usa/Model/Shipping/Carrier/Usps.php

b. Find out the string “First-Class Mail Parcel” and its all occurrences throughout the file.

c. Modify all the occurrences of this string with “First-Class Package Service – Retail.”

d. Make sure to save these changes to Usps.php.

e. Now clear the Magento Cache.

2. SUPEE-10336 Patch

If you don’t want to implement this temporary workout, you can install a SUPEE-10336 patch for this issue. This patch is recently released by Magento in account for the same fix. To download this patch, navigate to MyAccount area and you can access this patch on the Magento Open Source Download Page. In a case, if you have already implemented above workaround, but want to install this SUPEE-10336 patch, please delete this workaround first before installing this patch.

Solutions for Magento 2.x eCommerce Merchants:

1. Temporary Workaround:

Magento 2.x users must edit the Carrier.php file to change this service name. This editing can be done by following this workaround:

a. Follow this path and navigate to Carrier.php file:

vendor/magento/module-usps/Model/Carrier.php

b. Find out the string “First-Class Mail Parcel” and its all occurrences throughout the file.

c. Modify all the occurrences of this string with “First-Class Package Service – Retail.”

d. Make sure to save these changes to Carrier.php.

e. Now clear the Magento Cache.

2. Magento 2.1.9 and 2.0.16 Releases

In addition to this temporary workaround, Magento 2.x merchants can upgrade to or install Magento 2.1.9 and 2.0.16 releases (just released yesterday by Magento – https://magento.com/security/patches/magento-2016-and-219-security-update). However, if you have already implemented this workaround, you should delete it first before applying these releases.

Our Verdict

These solutions will help Magento eCommerce merchants to bring back their USPS First Class options during the checkout process. If you also belong to such merchants and facing difficulty in implementing these solutions (workarounds, SUPEE-10266 patch or Magento 2.1.9 & 2.0.16) on your Magento store, contact us today. Our Certified Magento developers will implement these solutions in no time!

SUPEE-10266 Patch – A New Magento Security Advisory

Magento has just released a new security patch, i.e. SUPEE-10266 on its official website. This newest security patch addresses some critical security vulnerabilities affecting Magento Commerce prior to 1.14.3.6 and Open Source prior to 1.9.3.6. These vulnerabilities cover unauthorized data leak, cross-site request forgery (CSRF), authenticated Admin user remote code execution and many others.

We highly recommend all Magento store owners to upgrade to the latest Magento versions (Magento Commerce 1.14.3.6 and Magento Open Source 1.9.3.6) to address these vulnerabilities. Those who do not want to upgrade to these versions of Magento must apply the SUPEE-10266 patch to fix these same vulnerabilities. This release also provides fixes for issues regarding image reloading and payments via one-step checkout.

We at Envision Ecommerce have always been keen about the security updates and consider it as utmost required for your store. In a case, you find it a nightmare for you to apply to your Magento 1 store, we are here to make you apply the new SUPEE-10266 patch as soon as possible. We have already installed several security patches for over 200+ stores, and successfully done such security upgrades for many Magento sites earlier. Go ahead and let our Magento certified developers to maintain your store security with zero downtime.

For more details about the SUPEE-10266 patch, you can visit Magento’s official website. (https://magento.com/security/patches/supee-10266)

SUPEE-9767 V2 – A New Version of SUPEE-9767 is Out for Magento 1!

Yesterday, Magento released SUPEE-9767 V2, which fixes several security and functional issues reported in its initial patch i.e. SUPEE-9767. SUPEE-9767 V2 is an updated version of original SUPEE-9767 (explained in our previous blog on SUPEE-9767 on June 1st).

So if you have already applied first version of this patch, you are suggested to revert and then apply its second version. However, if you’re still planning to install SUPEE-9767, please stop as it has certain issues and just apply its recent second version.

General Issues with SUPEE-9767 V1 – That are Now Fixed…!

• strip_tags functionality in the checkout JavaScript was missing in initial patch – Fixed Now in SUPEE-9767 V2.

• Failure of customer registration during a standard checkout and when the form key authentication was enabled – Fixed Now.

• Issue with Allow-symlinks disabling option – Fixed Now (Allow symlinks option is now disabled at the time of installation or upgrade and Magento now shows Allow-symlinks message in the Admin message section as needed.)

• Background transparency of uploaded images was missing – Fixed Now.

• Issue with Multiple addresses checkout when checkout form validation was enabled – Fixed Now.

SUPEE-9767 V2 Secures Your Magento 1 Store Against:

• Remote Code Execution

• Information Leaks

• Cross-site Scripting

Installation Process:

• Revert SUPEE-9767 V1 if you have already applied it.

• Just Deploy SUPEE-9767 V2 if V1 hasn’t already been applied.

Where to Download:

It is best to download SUPEE-9767 V2 from Magento Tech Resources Download Section (https://magento.com/tech-resources/download#download2034) – however, you can also take help from our Magento Certified Developers.

If you need a helping hand to assist you with this security patch update or having any queries, our Magento Certified Solution Specialist & Certified Developers are here for you! They have successfully installed, such Magento security patches for over 80+ stores earlier and are experienced to ensure your store security. Feel free to contact us at [email protected] or connect with our Magento services to do it fast & safe for you.

Upgrade to 1.9.3.3 or Apply SUPEE-8167 – Latest PayPal IPN Upgrade Notification for Magento Merchants

If you’re a Magento merchant who has been using PayPal IPN (Instant Payment Notification) service, you have possibly received an email alerting you to upgrade to 1.9.3.3 or Apply SUPEE-8167….

If you’re a Magento merchant who has been using PayPal IPN (Instant Payment Notification) service, you have possibly received an email alerting you to upgrade to 1.9.3.3 or Apply SUPEE-8167 in order to avoid this service disruption.

This upgrade will last till the end of June, i.e. June 30, 2017. And, from June 30, 2017, PayPal IPN service will no longer permit merchants to utilize HTTP while posting messages back to PayPal for verification. As a merchant, you will only be allowed to use HTTPS for such postbacks.

If you’ve not made the essential changes, we urge you to do the followings before this service disruption starts affecting your Magento store:

• Enterprise Edition 1.14.3.3 or apply the SUPEE-8167 patch     
• Community Edition 1.9.3.3 or apply the SUPEE-8187 patch     
• Magento 2.0.15 when it becomes accessible (probably the next week of June)

Note: If you’re running Magento 2.1.x, there is no need of any update as all Magento 2.1.x versions already comply with this change.

Full technical details can be found at https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1916&viewlocale=en_US. Besides, Community Edition Download Page (https://magento.com/tech-resources/download) includes the patch to download it.

Because this security upgrade is too technical in nature, we suggest you consult with professional developers to apply such changes to your online store. Moreover, our certified Magento developers are ready to help you as they have successfully upgraded or applied such security patches for over 80+ stores earlier. Connect today with our Magento services to apply this upgrade or patch fast & safe for you.

Magento SUPEE-9767 and Other New Security Updates

Yesterday, Magento officially announced two security updates on its website which were crucial to get to the attention of our audience. These updates include:

  • Magento Enterprise Edition and Community Edition 2.0.14 and 2.1.7.
  • SUPEE-9767, Enterprise Edition 1.14.3.3 and Community Edition 1.9.3.3

Magento 2.0.14 and 2.1.7 Security Update

Magento 2.0.14 and 2.1.7 is a security update for Magento 2 that includes several security enhancements. Therefore, the merchants who have not downloaded a Magento 2.0 release yet should directly go for Magento Enterprise Edition or Community Edition 2.1.7 because this version is more secure as a result of security related enhancements. It includes:

  • APPSEC-1686: Remote Code Execution in the Admin panel
  • APPSEC-1626: RCE in video upload
  • APPSEC-1746: Zend Mail vulnerability – continued
  • APPSEC-1565: Customer password hash exposed in admin
  • APPSEC-1559: Possible remote code execution in email reminders
  • APPSEC-1752: Stored XSS in admin panel
  • APPSEC-1699: API tokens not invalidated after disabling admin user
  • APPSEC-1632: Password shown in action log (EE only)
  • APPSEC-1663: Mass actions do not follow ACL
  • APPSEC-1661: UI controllers do not follow ACL
  • APPSEC-1679: APIs vulnerable to CSRF
  • APPSEC-1610: Custom admin path disclosure
  • APPSEC-1666: Information leak
  • APPSEC-1659: Vulnerabilities in JavaScript libraries
  • APPSEC-1622: Incorrect routing of requests

For full details you can read the Magento’s official release notes Magento 2.0.14 and 2.1.7 Security Update.

Security Patch SUPEE-9767

SUPEE-9767 is a new security patch for Magento 1, especially for the following Magento 1 versions:

  • Enterprise Edition 1.9.0.0-1.14.3.2
  • Community Edition 1.5.0.1-1.9.3.2

Therefore, the merchants with Enterprise Edition 1.9.0.0-1.14.3.2 should apply SUPEE-9767 security patch or upgrade to Enterprise Edition 1.14.3.3, and the merchants with Community Edition 1.5.0.1-1.9.3.2 should go for SUPEE-9767 security patch or upgrade to Community Edition 1.9.3.3. This security patch covers:

  • APPSEC-1281: Remote code execution through symlinks
  • APPSEC-1777: Remote Code Execution in DataFlow
  • APPSEC-1686: Remote Code Execution in the Admin panel
  • APPSEC-1320: SQL injection in Visual Merchandiser (Enterprise Edition)
  • APPSEC-1634: XSS in data fields
  • APPSEC-1759: XSS in Admin panel configuration
  • APPSEC-1549: CSRF after logout – form key not invalidated
  • APPSEC-1693: Bypassing ACLs in store configuration permissions
  • APPSEC-1677: Local File Disclosure for admin users with access to dataflow
  • APPSEC-1546: CSRF Vulnerability in Checkout feature
  • APPSEC-1597: Potential for user name enumeration
  • APPSEC-1695: CSRF cache management
  • APPSEC-1324: Customer passwords exposed in logs
  • APPSEC-1675: Cross-site Request Forgery Vulnerability in Enterprise Edition (EE) Invites
  • APPSEC-1659: Vulnerabilities in JavaScript libraries
  • APPSEC-1622: Incorrect routing of requests

To find out more about this new security patch of Magento, you can follow SUPEE-9767. So what are you waiting for? Update your Magento store with the latest upgrades or apply the latest security patch to make it more robust and secure.

For more information or need help regarding installation, you can contact us at [email protected]. We at Envision Ecommerce have successfully installed the security patches for over 80+ stores earlier. So, we are well aware to ensure your store security, and you can connect with our Magento services to do it fast & safe for you.

Easter Sale is Now Live at Our Revamped Envision Store. Get 30% OFF Storewide!

Envision Ecommerce store has been revamped. The store is upgraded to Magento 2 (the platform of the future) and with great new UI.

While the store’s functionality remains largely the same, we have just upgraded it to Magento 2 and redesigned with fresh layouts for a much cleaner look for our customers. Our store now showcases all that we do which was missing in our earlier store layout. We tried our best to improvise existing store structure to match with customers’ touch points. We are sure, you are going to love it.

Envision Revamped store

Another notable update we expect you love is – “Easter 30% OFF Storewide”. In the spirit of upcoming Easter, you can avail the benefit of this 30% discounts on any of our products (Magento extensions, Magento 2 extensions, WooCommerce Plugins, Hybrid Mobile apps, etc.) & other services.

Meet our new revamped store and let us know if you have more suggestions and feedback. We enjoy making your shopping experience more pleasant and smooth! We’re glad to welcome you at our revamped store: http://demo.envisionecommerce.com/category/ecommerce/envision-store/

Get Upto 50% discount on All Envision Ecommerce Products!

The festive season is here! It’s time for freebies! So get ahead and leverage your E-commerce business with our superior Christmas & New Year offers!

On the occasion of Xmas and New Year, we bring up to 50% discount on almost all of our products. To pump up the enthusiasm of our clients, we offer a huge discount on all Magento 1 & 2 Extensions, Ionic Apps and much more.

So just get up and catch our exciting Christmas & New Year offers to add a special zing to this festive mood.

A Brief Glimpse of Our Xmas & New Year Discount Offer

  • Offer available for both existing and potential customers

  • No Coupon code required.

Hurry! This amazing offer valid till 31st December 2016.

In addition to this, we also facilitate you to create your Ecommerce store at just $229. These exciting offers allow you to groom your e-commerce venture, make money through giant profits. Just keep in mind that these special offers are valid from today to December 31, 2016.

To make your festival even more special, we are also offering Christmas Party Invitations Cards at free of cost. These cards are available in 3 different colors.

The Envision Family wish you all very Merry Christmas and Joyful New Year!

Community Edition 1.9.3 and SUPEE-8788 – Provide Critical Security & Functional

Eventually, Magento has released the newest Magento 1.x security patch called “SUPEE-8788”. This powerful patch contains a number of security and functional fixes which are magnificent for “Enterprise Edition 1.14.3” and “Community Edition 1.9.3”.

Both “Patches and Upgrades” are available for the following versions of Magento:

  • Enterprise Edition 1.9.0.0-1.14.2.4: SUPEE-8788 or upgrade to Enterprise Edition 1.14.3
  • Community Edition 1.5.0.1-1.9.2.4: SUPEE-8788 or upgrade to Community Edition 1.9.3

Enterprise Edition 1.14.3 and Community Edition 1.9.3 address Zend framework and payment vulnerabilities, ensure users to keep your data safe and sessions are invalidated after the log out.

In a case, if you are getting error while installing this patch or don’t know how to install this update. We can help you with our patch installation & security update services. We have already installed the patches (like SUPEE-6285, SUPEE-5994, SUPEE 7405 –our recently installed patches) for over 80+ stores, and successfully done such security updates for many sites earlier. So, we are well aware to ensure your store security, and you can connect with our Magento services to do it fast & safe for you.

Importance of Installing Magento SUPEE Security Patches

As Magento is one of the most prevailing eCommerce platforms, so it comes under greatest possible hackers attack. These attacks result in spamming customers, carrying out phishing campaigns and stealing of customers’ personal data & other credit card details.

Even though Magento is already equipped with a good amount of built-in security related features, but these security features are not just enough to bulletproof the security of your Magento store. There is always more that can be completed to make your Magento store highly secure from hackers & other security breaches. Magento regularly releases new security patches to keep your e-store & its data safe. And it’s vital to do timely installation of such Magento patches to attain security related benefits.

The benefits of installing Magento patches encompass the followings:

  • Resolving Security Vulnerabilities like Credit Card Hijack, Cacheleak vulnerability, Guru Inc Javascript Hack, etc
  • Bug Fixes within the Store
  • Security Hole Fixes
  • Enhancing the Ease-of-Execution of Magento Store
  • Producing a Safe Environment for Merchant
  • Surpass Hidden Security Threats
  • Upgrade Your Magento Store
  • Addresses Stores Stability Issues & Much More

As a focused eCommerce consultant, we have successfully covered the installation of the following patches:

SUPEE-7405, SUPEE-6788, SUPEE-6482, SUPEE-6285, SUPEE-5994, SUPEE-5344 – Shoplift Bug Patch and much more.

So, we also encourage you to go with Magento security patch installation and keep your Magento store & customers safe.

If you are confronting any related issue with your Magento patch installation, you can contact us as we have already installed Magento patches for over 80+ stores, and successfully done such security upgrades for many websites earlier. So, we are well aware to maintain your store security without a single minute of downtime.

Magento SUPEE 7405 V1.1 Released

Magento releases another version of its previously released SUPEE 7405 security update. The new SUPEE 7405 V1.1 add support for PHP 5.3 and address issues with upload file permissions, merging carts, and SOAP APIs experienced with the original release.

We recommend all store owners to get their store updated with this new release ASAP. One can simply install SUPEE 7405 V1.1 or upgrade to Magento Enterprise Edition 1.14.2.4 or Magento Community Edition 1.9.2.4.

The new SUPEE-7405 v 1.1 patch bundle includes the following:

  1. Cart Merge Patch (SUPEE-7978)
  2. SOAP API Patch (SUPEE-7822)
  3. PHP 5.3 Compatibility (SUPEE-7882)

As an eCommerce consultant company, we recommend you to be particularly careful while deploying this new update to your store.

In a case, where you are not sure about the new releases & updates, and also don’t know how it is done, we can help you with our patch installation & security update services. We have already installed the patches (like SUPEE-6285, SUPEE-5994, SUPEE 7405 –our recently installed patches) for over 80+ stores, and successfully done such security updates for many sites earlier. So, we are well aware to ensure your store security, and you can connect with our Magento services to do it fast & safe for you.