Magento SUPEE-6788 Patch Information

It’s a bird… It’s a plane…. It’s SUPEE-6788!

The 5th Magento security patch of 2015 has arrived, much to the chagrin of Magento developers and website owners. We’re of course glad to see Magento providing protection against vulnerabilities that have been discovered and are still huge fans of Magento Community & Enterprise. While the first four security patches of the year were certainly disruptive, they were relatively easy to integrate, and caused relatively minimal disruption to websites and to our production flow as an agency.

SUPEE-6788 may not be from Krypton, but it’s not like most other security patches either. It comes with a warning from Magento: “Important! This patch breaks backward compatibility, and can impact extensions and customizations.” It also comes right before the holiday shopping season.

For website owners, this means that in order to protect your site against these now published and known vulnerabilities, you will likely need to perform other upgrades, including updating Magento Extensions to be compatible. In a best-case scenario, this patch should be applied to a development / staging copy of your site once relevant softwares have been brought up to date, and then this extra copy of your site should be tested, before going live with the changes. Applying the patch directly to a live website with incompatible software and extensions can easily cause noticeable problems and failures in a Magento site.

Some extension developers, like Amasty, have offered free patches for their extensions, posting “PLEASE NOTE THAT UPDATES FOR SUPEE-6788 COMPATIBILITY ARE DELIVERED FOR FREE” on their website. Some extension developers may charge for the updates, or in some cases, may not have an update to make an extension compatible with the SUPEE-6788 patch at all.

Hosts that are used to automatically patch sites in order to protect their overall hosting servers and infrastructure, may need a change of course as well. Patching live sites without proper preparation can create problems that will hurt or stop sales.

For agencies like Rand Marketing, this means that we’ll be reaching out to our active retainer customers individually regarding addressing this upgrade in the busiest time of year, and scheduling accordingly. Between the holiday rush, and SUPEE-6788, we expect our production queue to be booked to capacity for weeks to come. New development requests may be delayed accordingly, such as any new requests to add extensions or customizations to existing Magento websites.

In addition to this patcg, we do recommend bringing on a 3rd party security platform to watch your site for intrusion, and help with any security issues that may arise, such as Sucuri.net or Sitelock. This is a general recommendation to all Rand customers, whether on Magento, WordPress, or other popular website platforms. Much like an alarm system, or a business insurance policy, an extra layer of security can be extremely valuable.

– Robert Rand


Recent Posts

brightpearl-headshot
Fix your supply chain so you can focus on growth!
November 16th, 2016

Magento SUPEE-8788 Patch and Magento Upgrade Information
October 26th, 2016

mega-menu
Rand Marketing’s Favorite Menu Extension for Magento
October 13th, 2016

online-shopping-01
DDP v DDU and Why You Need to Know before Selling Internationally
September 29th, 2016

migrating-ecommerce-platforms
What to Watch Out for When Migrating eCommerce Platforms
September 21st, 2016

Accept Credit Cards