Magento has released a new security patch SUPEE-8788. This patch is of high priority and merchants have to apply it immediately.

The patch addresses

  • Zend framework and payment vulnerabilities
  • Ensure sessions are invalidated after a user logs out and
  • Makes several other security enhancements

The release notes are available in the links below –

Enterprise edition

Community edition

Be sure to test the patch in a development environment first, as it can affect extensions and customizations.

Installing Magento Security Patch SUPEE-8788 – Lessons Learnt

Before Installing the Patch:

Before installing the patch check if the old patches have been installed correctly. Some patches depend on other patches to be installed already. You can use Magereport to check the patches installed in your site.

Installing the patch:

If you have SSH access, it would be simpler to install the patch. Before installing the patch make sure to disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache (if compiler is used). To apply and revert the Magento security patch, please refer the link below.

http://devdocs.magento.com/guides/m1x/other/ht_install-patches.html#apply

After installing the patch:

After the patch has been installed successfully, check whether all CMS, Shipping, Payment and landing pages are loading correctly without any issues. Magento security patch SUPEE 8788 affects the page sessions, CMS, file upload, admin pages and downloadable products.

Challenges:

  • If you are running a version of PHP older than 5.6, you will no longer be able to log into Magento Admin. This is due to the use of function hash_equals() which was introduced with PHP 5.6
  • If you’ve previously applied SUPEE-1533 then the patch will fail on app/code/core/Mage/Adminhtml/controllers/DashboardController.php.

For more information, please follow the link.

http://magento.stackexchange.com/questions/140550/security-patch-supee-8788-possible-problems

Hope this blog was useful. Please get back to us if you have any queries.

 

References

 

Be the first to Know

Subscribe to our blog to get the latest articles directly to your inbox.

READY TO DRIVE SALES?

Request a Quote Today

Request a Quote

Leave a Reply

8 Comments on "Installing Magento Security Patch SUPEE-8788 – Lessons Learnt"


Guest
dorsey
2 years 20 days ago

We are running Magento 1.9.2.0 .
After apply SUPEE-8788 v2 We got error Hunk #1 FAILED at 91
Any idea on this issue?

admin
Admin
2 years 15 days ago

Hi Dorsey,
Please see the link below
https://www.dckap.com/blog/installing-magento-security-patch-supee-8788-follow/
Hope this is helpful. Thanks.

Guest
Aidy
2 years 29 days ago

We are running Magento 1.8.1.0, as far as I was aware it isn’t compatible with PHP 5.6. There is SUPEE-8788 patch available for 1.8.1.0 after installing will this patch upgrade Magento to work with PHP 5.6?

admin
Admin
2 years 21 days ago

Hi Aidy,

October 14th: v2 of the patch has been released As of October 13th, the patches for 1.5.x to 1.8.x have been taken down from the Magento website because of the incompatibility with previous patches.

https://community.magento.com/t5/Security-Patches/SUPEE-8788-AND-SUPEE-1533-Incompatible-Hunk-error/td-p/50434/highlight/false/page/2

Also please follow the instruction
Apply the V2:

revert SUPEE 8788 v1
revert SUPEE 1533 (if installed)
install SUPEE 3941 (if not installed)
install SUPEE 8788 v2
for download old patches see below link
https://github.com/DemacMedia/magento-SUPEE8788-patcher/tree/master/var/patches/8788

also follow this link if any issue appears, after applying patches http://magento.stackexchange.com/questions/140550/security-patch-supee-8788-possible-problems.

Please let us know if this resolved your query. Thanks

Guest
jacob
2 years 22 days ago

I have the same issue with Magento 1.9.1.0. Interested if you get your answer!

admin
Admin
2 years 21 days ago

Hi Jacob,

Hi

October 14th: v2 of the patch has been released As of October 13th, the patches for 1.5.x to 1.8.x have been taken down from the Magento website because of the incompatibility with previous patches.

https://community.magento.com/t5/Security-Patches/SUPEE-8788-AND-SUPEE-1533-Incompatible-Hunk-error/td-p/50434/highlight/false/page/2

Also please follow the instruction
Apply the V2:

revert SUPEE 8788 v1
revert SUPEE 1533 (if installed)
install SUPEE 3941 (if not installed)
install SUPEE 8788 v2
for download old patches see below link
https://github.com/DemacMedia/magento-SUPEE8788-patcher/tree/master/var/patches/8788

also follow this link if any issue appears, after applying patches http://magento.stackexchange.com/questions/140550/security-patch-supee-8788-possible-problems.

Please let us know if this resolved your issue. Thanks.

Guest
Jacob
2 years 19 days ago

Hi, thanks for your response!

I’m wondering about your comment: “If you are running a version of PHP older than 5.6, you will no longer be able to log into Magento Admin. This is due to the use of function hash_equals() which was introduced with PHP 5.6”

I am on PHP 5.5 due to Magento 1.9.1 incompatibility with 5.6. If I apply this patch, you state I will not be able to access the admin? Will this patch allow Magento 1.9.1 to run PHP 5.6?

Guest
Dorsey
2 years 17 days ago

Hi Jacob,

I have also the same issue. It is worked on 5.5 version SUPEE- 8788 v2.
I overwrite the core hash_quals() in app/code/local/Mage/Core/functions.php.

ah another blog he wrote for solution

https://www.dckap.com/blog/installing-magento-security-patch-supee-8788-follow/