Magento 1.x Knowledge Base » Magento Maintenance » How to install SUPEE-8788
Published: October 13, 2016
Last updated:

How to install SUPEE-8788

Tags: ,
SUPEE-8788 resolve multiple security issues, including critical vulnerabilities with certain payment methods and Zend Framework libraries, support for HTML5 image upload (no flash).
SUPEE-8788v2 patch (shell version) can be downloaded from Downloads section. To apply the patch you need SSH access (shell access actually, SSH is just most used way to get shell access) to the server. If you have no SSH access, you can refer to How to apply SUPEE-8788 via FTP/Filemanager/cPanel or any other file upload.

If you wish to save time and have us to apply the slightest set of changes with minimal impact to your store, simply order our Magento Security Patching service.

Step 0: Preparations

Note: Make sure to Disable Magento Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache.



Step 1: Verify your Magento version

$ grep -A6 'static function getVersionInfo' app/Mage.php
    public static function getVersionInfo()
    {
        return array(
            'major'     => '1',
            'minor'     => '9',
            'revision'  => '2',
            'patch'     => '4',


As you can see in the example, it is Magento 1.9.2.4

Step 2: Download corresponding patches

Patches are obtained from Downloads section.

Make sure to get the right version.

Step 3: Place patches into Magento Root directory

Upload your files into Magento root directory. It is important to place patch files directly into Magento root directory and execute it also directly in Magento root directory. 

$ ls -1 .
PATCH_SUPEE-8788_CE_1.9.2.4_v2-2016-10-14-09-42-47.sh
app
cron.php
downloader
errors
favicon.ico
index.php
js
lib
mage
media
pkginfo
robots.txt
shell
skin
var


 

Step 4: Run the patches

$ bash PATCH_SUPEE-8788_CE_1.9.2.4_v1-2016-10-11-07-03-46.sh
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.


Step 5: Verification and flush of PHP opcode cache

Test that your store is working. If you use PHP opcode caches (OPCache/APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

Additionally, if your store still use default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to /downloader/.

Known issues

There are several known issues with SUPEE-8788 reported, please check this list for details.



If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.

 

Posted in: Magento Maintenance

Related Posts

42 votes, 5.00 avg. rating (99% score)