Magento has released a new security patch SUPEE-8788. This patch is of high priority and merchants have to apply it immediately.

The patch addresses

  • Zend framework and payment vulnerabilities
  • Ensure sessions are invalidated after a user logs out and
  • Makes several other security enhancements

The release notes are available in the links below –

Enterprise edition

Community edition

Be sure to test the patch in a development environment first, as it can affect extensions and customizations.

Installing Magento Security Patch SUPEE-8788 – Lessons Learnt

Before Installing the Patch:

Before installing the patch check if the old patches have been installed correctly. Some patches depend on other patches to be installed already. You can use Magereport to check the patches installed in your site.

Installing the patch:

If you have SSH access, it would be simpler to install the patch. Before installing the patch make sure to disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache (if compiler is used). To apply and revert the Magento security patch, please refer the link below.

http://devdocs.magento.com/guides/m1x/other/ht_install-patches.html#apply

After installing the patch:

After the patch has been installed successfully, check whether all CMS, Shipping, Payment and landing pages are loading correctly without any issues. Magento security patch SUPEE 8788 affects the page sessions, CMS, file upload, admin pages and downloadable products.

Challenges:

  • If you are running a version of PHP older than 5.6, you will no longer be able to log into Magento Admin. This is due to the use of function hash_equals() which was introduced with PHP 5.6
  • If you’ve previously applied SUPEE-1533 then the patch will fail on app/code/core/Mage/Adminhtml/controllers/DashboardController.php.

For more information, please follow the link.

http://magento.stackexchange.com/questions/140550/security-patch-supee-8788-possible-problems

Hope this blog was useful. Please get back to us if you have any queries.

 

References

 

Be the first to Know

Subscribe to our blog to get the latest articles directly to your inbox.

READY TO DRIVE SALES?

Ready to drive online revenue

Get In Touch

7 thoughts on “Installing Magento Security Patch SUPEE-8788 – Lessons Learnt

  1. We are running Magento 1.8.1.0, as far as I was aware it isn’t compatible with PHP 5.6. There is SUPEE-8788 patch available for 1.8.1.0 after installing will this patch upgrade Magento to work with PHP 5.6?

      1. Hi Jacob,

        Hi

        October 14th: v2 of the patch has been released As of October 13th, the patches for 1.5.x to 1.8.x have been taken down from the Magento website because of the incompatibility with previous patches.

        https://community.magento.com/t5/Security-Patches/SUPEE-8788-AND-SUPEE-1533-Incompatible-Hunk-error/td-p/50434/highlight/false/page/2

        Also please follow the instruction
        Apply the V2:

        revert SUPEE 8788 v1
        revert SUPEE 1533 (if installed)
        install SUPEE 3941 (if not installed)
        install SUPEE 8788 v2
        for download old patches see below link
        https://github.com/DemacMedia/magento-SUPEE8788-patcher/tree/master/var/patches/8788

        also follow this link if any issue appears, after applying patches http://magento.stackexchange.com/questions/140550/security-patch-supee-8788-possible-problems.

        Please let us know if this resolved your issue. Thanks.

        1. Hi, thanks for your response!

          I’m wondering about your comment: “If you are running a version of PHP older than 5.6, you will no longer be able to log into Magento Admin. This is due to the use of function hash_equals() which was introduced with PHP 5.6”

          I am on PHP 5.5 due to Magento 1.9.1 incompatibility with 5.6. If I apply this patch, you state I will not be able to access the admin? Will this patch allow Magento 1.9.1 to run PHP 5.6?

    1. Hi Aidy,

      October 14th: v2 of the patch has been released As of October 13th, the patches for 1.5.x to 1.8.x have been taken down from the Magento website because of the incompatibility with previous patches.

      https://community.magento.com/t5/Security-Patches/SUPEE-8788-AND-SUPEE-1533-Incompatible-Hunk-error/td-p/50434/highlight/false/page/2

      Also please follow the instruction
      Apply the V2:

      revert SUPEE 8788 v1
      revert SUPEE 1533 (if installed)
      install SUPEE 3941 (if not installed)
      install SUPEE 8788 v2
      for download old patches see below link
      https://github.com/DemacMedia/magento-SUPEE8788-patcher/tree/master/var/patches/8788

      also follow this link if any issue appears, after applying patches http://magento.stackexchange.com/questions/140550/security-patch-supee-8788-possible-problems.

      Please let us know if this resolved your query. Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *