Magento has released a new security patch SUPEE-8788. This patch is of high priority and merchants have to apply it immediately.
The patch addresses
- Zend framework and payment vulnerabilities
- Ensure sessions are invalidated after a user logs out and
- Makes several other security enhancements
The release notes are available in the links below –
Be sure to test the patch in a development environment first, as it can affect extensions and customizations.
Installing Magento Security Patch SUPEE-8788 – Lessons Learnt
Before Installing the Patch:
Before installing the patch check if the old patches have been installed correctly. Some patches depend on other patches to be installed already. You can use Magereport to check the patches installed in your site.
Installing the patch:
If you have SSH access, it would be simpler to install the patch. Before installing the patch make sure to disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache (if compiler is used). To apply and revert the Magento security patch, please refer the link below.
After installing the patch:
After the patch has been installed successfully, check whether all CMS, Shipping, Payment and landing pages are loading correctly without any issues. Magento security patch SUPEE 8788 affects the page sessions, CMS, file upload, admin pages and downloadable products.
- If you are running a version of PHP older than 5.6, you will no longer be able to log into Magento Admin. This is due to the use of function hash_equals() which was introduced with PHP 5.6
- If you’ve previously applied SUPEE-1533 then the patch will fail on app/code/core/Mage/Adminhtml/controllers/DashboardController.php.
For more information, please follow the link.
Hope this blog was useful. Please get back to us if you have any queries.