Originally released on Oct. 11th, 2016, Magento’s SUPEE-8788 addressed several highly critical security issues including:

  • Payment vulnerabilities
  • Zend framework SQL Injection vulnerabilities
  • Cross-Site Scripting (XSS) vulnerabilities to malicious Javascript insertions (Enterprise Edition)
  • Ensuring session invalidation on a user logs out
  • Remote Code Execution (RCE) during checkout
  • Additional security enhancements

Shortly after release however, Magento identified a few issues with the SUPEE-8788 Patch and has provided updated versions and instructions on deployment. Continue reading for details on affected versions and suggested actions.
For Enterprise Edition 1.14.2 Users
Previous versions of the SUPEE-8788 Patch supplied from Magento included a PHP file (test_oauth.php) in the root directory that should not have been there.

 

 

What Should You Do?
Either delete the file from your Magento installation or revert to an older patch and apply the new version of SUPEE-8788 provided in Magento’s merchant and partner portals.

For Enterprise Edition 1.13 and Earlier and Community Edition 1.8 and Earlier Release Users
Magento has discovered that the SUPEE-8788 patch will fail for stores that have previously applied the SUPEE-1533 or SUPEE-3941 security patches. An updated version of the patch – SUPEE-8788 v3 has been released that addresses missing files and should be applied. This updated patch will require users who have installed SUPEE-1533 on their sites to revert it first.

What Should You Do?
Revert the SUPEE-1533 patch if it’s already installed and apply the updated Magento Patch SUPEE-8788 v3 which includes SUPEE-1533.

For more information on Magento News, Updates, and Security, visit the resources:

Having Trouble Keeping Up With Magento Updates?
Forix can help. Get in touch and see how our Magento Managed Support Services can keep your site running and secure.