Hello, Magento Friends!
Magento recently released SUPEE 8788 to safeguard stores against potential threats. In order to keep your stores secure, it is recommended to install this patch as soon as possible.
Here, I have come up with a complete guide on how to install Magento SUPEE 8788 with and without SSH. Let’s Get Started:
Feature-set of Magento SUPEE 8788
- This newly-released patch provides security against potential threats such as remote code execution, information leaks, and cross-site scripting.
- Possibility of SQL injections due to Zend Framework library vulnerabilities.
- Resolved improper session invalidation issue when an Admin user logs out.
- Denied the ability to back up Magento files or databases by unauthorized users.
- Resolves a compatibility issue with SUPEE patches 1533 and 3941 faced earlier by merchants using EE 1.13 and CE 1.8 and earlier versions.
- Resolves issues with some third-party payment methods during checkout.
Installation process:
- Revert SUPEE-8788 if you have already installed it.
- Revert SUPEE-1533 if you have already installed it.
- Deploy SUPEE-3941 if it hasn’t already been installed.
- Install the new SUPEE-8788 v2 patch. This patch includes SUPEE-1533, so you don’t need to worry about re-installing it.
I have explained the installation of patches in both ways here:
Methods to install the patch on your store
Method 1:
- Upload patch files in the root of Magento.
- Create a file named patch.php and append the following code into it:
<?php
print("<PRE>");
passthru("/bin/bash PATCH_SUPEE-8788.sh");
print("</PRE>");
echo "Done";
?>
Replace the file name in it, upload it in the root, and run the file from the browser.
The name should be PATCH_SUPEE-8788.sh
You should receive the following screen once you run patch.php from the browser,
If you are getting errors like this,
“Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it(them).
That means system tools aren’t installed in your server to run the sh script, you can contact your hosting provider or follow another method.
We have updated the patch files for the older Magento versions. It is very much recommended to use these patches at your own risk, please take backup of your website prior to installation.
Method 2:
You can install a patch with SSH as well. You will need SSH, if you don’t know how to set up SSH, contact your hosting provider.
- Upload the patch files in the root,
- In the ssh console, run the following command.
For .sh file extension
Sh PATCH_SUPEE-8788.sh
For .patch file extension:
patch —p0 < patch_file_name.patch
Method 3:
Download the zip file for the patch installation. You can also download these Pre Patched files from GitHub. After downloading the files, simply upload them to your Magento root folder.
| Magento version | SUPEE-8788 |
| Magento 1.9.2.4 | SUPEE_8788_Magento_1.9.2.4 V2 |
| Magento 1.9.2.3 | SUPEE_8788_Magento_1.9.2.3 V2 |
| Magento 1.9.2.1 | SUPEE_8788_Magento_1.9.2.1 V2 |
| Magento 1.9.1.1 | SUPEE_8788_Magento_1.9.1.1 V2 |
| Magento 1.9.0.1 | SUPEE_8788_Magento_1.9.0.1 V2 |
| Magento 1.8.1.0 | SUPEE_8788_Magento_1.8.1.0 V2 |
| Magento 1.7.0.2 | SUPEE_8788_Magento_1.7.0.2 V2 |
Delete all files under media skin\adminhtml\default\default\media
Possible Issues with Solutions:
- Make sure you haven’t deleted or renamed the “Downloader” directory else the patch installation will fail as it patches a file within the downloader. The best solution is to restore the directory, apply the patch and delete it again. Or you can also remove the instructions for downloader/lib/Mage/HTTP/Client/Curl.php from the patch.
- If you get a “Hunk Failed” error message, it is generally because of either a changed core file or missing earlier patches. Make sure you have installed all the previous patches and haven’t made any changes in the Magento core.
- Another most common issue is that the patch fails to delete .sfw files because of their binary content. to overcome this error, check the answer here:
Conclusion:
It is highly recommended to get your Magento version upgraded to 1.9.3 which includes all the security patches including SUPEE 8788.
If you need any help regarding Magento version Upgrade, Checkout our Magento Upgrade Service. If you face any challenges during the installation of Magento SUPEE 8788 With or Without SSH, catch us at any time through the comment box below.
Happy Reading!
