How To Install Magento Security Patch SUPEE-8788

Security patch SUPEE-8788 addresses issues related to payment vulnerabilities, Zend framework, and other security aspects of the website. It makes sure that the sessions are invalidated after user log out. If you want to install the Magento Security Patch SUPEE-8788 with or without SSH, we have you covered. Go through the detailed installation guide and get ready to make your website safe.

The patch addresses following:

  1. Zend framework and payment vulnerabilities
  2. Ensures sessions are invalidated after a user logs out
  3. Makes several other security enhancements


First of all you need to check out that old patches had been installed correctly or not. In magento patches depend on the other older patches, so you need to check which patches have been install in your site using any of the following methods.

  1. Scan your site at : MageReport
  2. Scan your site at :MageScan
  3. Following file lists off all currently applied patches which are applied using ssh.

    Open <your Magento install dir> < Magento Root >/app/etc/applied.patches.

Installation Process :

  1. Please Disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache.
  2. NOTE: if you have installed 8788v1 of the patch, it is recommended to do the following:

    Before Apply 8788v2 Patch:

    • Revert SUPEE 8788 v1 (if installed)
    • Revert SUPEE 1533 (if installed)
    • install SUPEE 3941 (if not installed)
    • install SUPEE 8788 v2

 



Using SSH :

Step 1: Please make sure to download the patch according to your magento verstion , download patches from https://www.magentocommerce.com/products/downloads/magento/ .

Step 2: Upload downloaded file at your magento root directory using FTP/Cpanel.

Step 3: Now Login in the SSH server then go to magento root directory.

Step 4: Run Patch in your ssh terminal using following command from your magento root directory.

For Apply Patch:

SH PATCH_SUPEE-8788_CE_1.9.2.4_v2-2016-10-14-09-42-47.sh

Revert Patch:

SH PATCH_SUPEE-8788_CE_1.9.2.4_v2-2016-10-14-09-42-47.sh -R;

Step 5: Now, clear the cache and enable compilation.

Possible Issues :

  1. Make sure you haven’t deleted or renamed the “Downloader” directory else the patch installation will fail as it patches a file within the downloader directory. The best solution is to restore the directory, apply patch and rename Downloader folder again.
  2. Skipping patch.

    1 out of 1 hunk ignored -- saving rejects to file skin/adminhtml/default/default/media/flex.swf.rej

    patching file skin/adminhtml/default/default/media/uploader.swf

    Reversed (or previously applied) patch detected! Assume -R? [n]

    Apply anyway? [n]

    Skipping patch.

    1 out of 1 hunk ignored -- saving rejects to file skin/adminhtml/default/default/media/uploader.swf.rej

    patching file skin/adminhtml/default/default/media/uploaderSingle.swf

    Reversed (or previously applied) patch detected! Assume -R? [n]

    Apply anyway? [n]

    Skipping patch. 1 out of 1 hunk ignored -- saving rejects to file skin/adminhtml/default/default/media/uploaderSingle.swf.rej

    The 8788 patch contains binary content. As Magento does not provide any direct download links, you have to download the patch to your computer and upload it with an file-transfer application to your server.

    Solution: We need to set transfer type to binary when using FileZilla to upload the .sh patch file to your Magento root.




With Out SSH

Download the zip file for the patch installation and then upload that files at your magento root directory.

Magento version SUPEE-8788
Magento 1.9.2.4 patch_supee-8788_ce_1-9-2-4_v2
Magento 1.9.2.3 patch_supee-8788_ce_1-9-2-3_v2
Magento 1.9.2.1 patch_supee-8788_ce_1-9-2-1_v2
Magento 1.9.1.1 patch_supee-8788_ce_1-9-1-1_v2
Magento 1.9.0.1 patch_supee-8788_ce_1-9-0-1_v2
Magento 1.8.0.1 patch_supee-8788_ce_1-8-1-0_v2
Magento 1.7.0.2 patch_supee-8788_ce_1-7-0-2_v2

 

Delete all files under media skin\adminhtml\default\default\media

  1. < Magento Root >/skin/adminhtml/default/default/media/flex.swf
  2. < Magento Root >/skin/adminhtml/default/default/media/uploader.swf
  3. < Magento Root >/skin/adminhtml/default/default/media/uploaderSingle.swf


Also checks for the following files that have been modified:

  1. < Magento Root >/js/mage/adminhtml/uploader/instance.js
  2. < Magento Root >/skin/adminhtml/default/default/boxes.css



Check following after install patch:

  • Check all CMS, Shipping, Payment and landing pages are loading correctly without any issues.
  • Magento security patch SUPEE 8788 affects the page sessions, CMS, file upload, admin pages and downloadable products.
Leave a Reply