Magento Security Patch SUPEE-6788 Installation Guide

2

Magento has just released Security Patch SUPEE-6788 for Community and Enterprise customers. This patch fixes over 10 security issues in Magento including remote code execution and information leak vulnerabilities. It is a very important patch that every store owner should install.

This patch is a bit different than other patches, as it will most likely break one or more of your extensions. Where previous patches were installed and done for with a simple SSH command, this patch requires a bit more attention from Developers. The reason for this is that the patch fixes over 10 different security issues that are deep rooted in the Magento CMS. They required structural changes to the CMS which, unfortunately, will have a big impact on the functionality of your extensions.

Before implementing this new security patch (SUPEE-6788), you must first implement all previous security patches. This will ensure that the patch works properly. After you’ve made sure all previous patches have been installed you can continue the installation process of SUPEE-6788.

We have compiled a list of technical details of SUPEE-6788 where you can check which changes may impact your code. It’s highly recommended to let a developer check your site if you don’t know where you need to look for these bits of code. Skipping this step may result in a crash of your store and can leave your store offline until it is fixed.

For your convenience, we have compiled a list of extensions that will break with SUPEE-6788. As you can see, this includes extensions from major developers and you’ll most likely have a few of them installed.

If you have changed the code outlined in the document we linked to, you may proceed to install the patch. You can download the patch on the Magento Downloads Page. Look for the SUPEE-6788. If you don’t want to install the patch that way, you can also upgrade to Enterprise Edition 1.14.2.2 or Community Edition 1.9.2.2 and receive the security update as part of the core code.

After you have downloaded the correct patch for your version of Magento, you can upload the .sh file to the root directory of your installation. Log in on SHH and execute the following command:

You need to replace the X’s with your current Magento version. The command basically needs to be the complete .sh filename. After the patch has been applied successfully you’ll see the following message:

If you get a “Bash: Hunk Failed” error, we recommend you to check this article to solve the problem.

After you have successfully installed SUPEE-6788, you’ll need to enable it in the Magento admin panel to apply the security fixes. You can do this by navigating to System > Configuration > Advanced > Admin. Open the tab security and disable the “Admin routing compatibility mode for extensions” as seen in the screenshot below.

Magento SUPEE-6788 Admin enable

Patches are available for Magento Enterprise Edition 1.7 and later releases and Magento Community Edition 1.4 and later releases.

Share.

2 Comments

  1. Dear Codingbasics,

    how can I patch a Magento 1.5.01. ? I find this patch only for magento 1.7 and newer.

    Regards,
    Monika

    • Hi Monika,

      Yes, as of now, the patch is only available for Magento version 1.7 and up. The patch for 1.5 and 1.6 will be released next week.

Leave A Reply