Skip to main content
Blog Magento patch

Installing Magento Security Patch SUPEE-8788 – Lessons Learnt

Chandran
October 13, 2016 |

A better online store comes with improved security patches in Magento 2. Make your eCommerce website secure now. Magento 1 to Magento 2 migration is just a click away.

Magento has released a new security patch SUPEE-8788. This patch is of high priority and merchants have to apply it immediately.

The patch addresses

  • Zend framework and payment vulnerabilities
  • Ensure sessions are invalidated after a user logs out and
  • Makes several other security enhancements

The release notes are available in the links below –

Enterprise edition

Community edition

Be sure to test the patch in a development environment first, as it can affect extensions and customizations.

Installing Magento Security Patch SUPEE-8788 – Lessons Learnt

Before Installing the Patch:

Before installing the patch check if the old patches have been installed correctly. Some patches depend on other patches to be installed already. You can use Magereport to check the patches installed in your site.

Installing the patch:

If you have SSH access, it would be simpler to install the patch. Before installing the patch make sure to disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache (if compiler is used). To apply and revert the Magento security patch, please refer the link below.

http://devdocs.magento.com/guides/m1x/other/ht_install-patches.html#apply

After installing the patch:

After the patch has been installed successfully, check whether all CMS, Shipping, Payment and landing pages are loading correctly without any issues. Magento security patch SUPEE 8788 affects the page sessions, CMS, file upload, admin pages and downloadable products.

Challenges:

  • If you are running a version of PHP older than 5.6, you will no longer be able to log into Magento Admin. This is due to the use of function hash_equals() which was introduced with PHP 5.6
  • If you’ve previously applied SUPEE-1533 then the patch will fail on app/code/core/Mage/Adminhtml/controllers/DashboardController.php.

For more information, please follow the link.

http://magento.stackexchange.com/questions/140550/security-patch-supee-8788-possible-problems

Hope this blog was useful. Please get back to us if you have any queries.

 

References

 

Chandran

Ramachandran, known for his expertise in developing numerous eCommerce projects at DCKAP for over a decade. Currently handling DCKAP's product suite as a product manager and is now heading towards marking new milestones in his upcoming journey.

More posts by Chandran