Magento SUPEE-6788 Patch: Important Things to Know

Magento released a patch, SUPEE-6788, on October 27, 2015. This patch addresses protection against security related issues such as information leaks and remote code execution. These types of threads can compromise a site in many ways such as potentially having malware scripts running on your server or having sensitive information stolen. This patch allows Magento store owners to protect against these security compromises. Although, unlike most patches, Magento SUPEE-6788 Patch can be a little confusing to implement. Before implementing this patch, here are a few things you need to know.

Magento SUPEE-6788 Patch

1. The Version of Magento You Are Currently Using

Log into your Magento admin panel and the Magento version is on the footer/bottom of the page. If you are on Community (Free) Edition (1.9.0.0) and happen to have version 1.9.2.2 installed, then your site is patched. Any version before this requires an upgrade of the Magento software.

2. Which Modules Require an Upgrade

It is important to know which modules require an upgrade. This patch impacts most of the 3rd party modules. Many of these extensions have updates that are applied to their software which require you to upgrade to be fully compatible with the patch. Make note of all of the 3rd party extensions you have purchased, if you have not already done so.

3. Pay Attention to Your Theme

There has also be some conflicts with themes and the patch. Make sure you have a custom theme to request an updated version that will work with this patch.

Other Important Things to Know

An issue that occurs with this patch upgrade is modules. It occurs when you try to view their settings in the Magento admin area, either do not load or cause errors. This is because those modules require upgrades through a new setting. You can find the settings in System → Config → System → Admin and under ‘Security’ tab you will seen an option:

“Admin routing compatibility mode” → when set to ‘enabled’ can provide against one of the noted exploits. Applying this update to some of the modules will allow this setting to not interfere with functionality of the module. Most key modules our clients depend on have the necessary updates, but each module requires testing when upgrading to ensure that when logged into the admin you can edit the settings of those newly updated modules when the setting is ‘enabled’. You can usually something is wrong when you click on the module settings  and instead of seeing the form fields/tabs/settings, you see a white blank page or an error output.

To test the security level of your store click here.

 

Feel free to contact Centennial Arts with the link below if you are having an concerns or questions regarding Magento SUPEE-6788 Patch.