Magento Patches: How to Apply and Revert

Magento Patches are the package of the modified core file which targets at fixing certain security problems that were found in Magento. Latest Magento version already includes all the security fixes which are available at the date of release. Consequently, if you are using the latest version of Magento presently, most probably your site is not susceptible and you do not have to install any patches. Nevertheless, if it is not the latest version which you can run and have not applied all of the patches, you are probably having critical security vulnerabilities.

Although new vulnerabilities are visible all the time and patches are issued to help keep your online store safe. For example, there were 3 versions of SUPEE-8788 issued in the past few weeks.

Magento Patches: How to Get?

Magento support provides some patch for Magento CE and EE on Magentocommerce.com. In this section, we will elaborate to you, how to get those patches.

Getting Magento CE Patches:

  • Log-in to your Magento Account by visiting Magentocommerce.com/download. Or you can create an account for free if you do not have.
  • Click on My Account at the top right corner of the page.
  • In the Magento Community Edition Patches section, find the patch to install.
  • Choose your CE version from the list besides to the patch.
  • Click Download option and wait till it downloads successfully.

(Note: we will show you, how to apply Magento Patch after the “Getting Magento EE Patches” section. So please keep reading)

Getting Magento EE Patches:

  • Log-in to magentocommerce.com
  • Click on My Account at the top right corner of the page and click on Downloads option.
  • After clicking on the Downloads option, you will see a new pane having multiple options. Now, click on Magento Enterprise Edition.
  • Afterward, click on Support Patches.
  • Now, find the patch to download.
  • Click on Download parallel to the patch for the version of EE which you are using.
  • Once the download completes successfully, follow the new section.

(Note: In next section, we will show you how to apply Magento patch which applies on both “Getting Magento CE Patches” and “Getting Magento EE Patches” sections.)

Magento Patch: How to Apply?

  1. To apply Magento Patch, follow the below-given instructions carefully.[Note: In this article, we are assuming your patch file name ends with (.sh). If your file’s name ends with (.patch) or apart from (.sh), contact Our Support for assistance before proceeding]

    Paste the patch (.sh) file that you have downloaded recently to the root directory of your Magento Installation. For example: var/www/html/Magento.

  2. Write the following command as the user with adequate rights to write Magento files (usually, a web server user or root)
chmod +x <patch-file-name>.sh
 ./<patch-file-name>.sh

You will see the messages like following displays to confirm successfully installed patches:

Patch was applied/reverted successfully
  1. To re-apply ownership of files swapped by patches:

    Find the web server user: ps -o “user group command” -C httpd, apache2
    The value that is in the USER column, is the web server username.Usually, the Apache web server user on CentOS is “apache”, and the Apache web server user on the Ubuntu is “www-data”.

    2. As the user with root rights, write the backing command from the Magento installation directory.
     chown -R web-server-user-nameFor example, on Ubuntu, Apache basically runs as www-data, enter the following command

    chown -R www-data.

    3. Do as instructed by Our Support.

Magento Patch: Apply the SUPEE-8788 Patch

The Magento has released a security patch in October 2016 that might cause for some users. If any of these are true then this section applies to you:

  • You have not yet implemented the SUPEE-8788 patches and your Magento version is EE 1.14.1.0 or CE 1.9.1.0.
  • You implemented the version 1 of the SUPEE-8788 patch. (The Patch name includes PATCH_SUPEE-8788_<magento version>_v1.)
  • You implemented the SUPEE-1533 patch previously and you want to implement the SUPEE-8788 patch.
  • You are implementing the SUPEE-8788 patch as a part of an upgrade from an earlier Magento version.

Our recommendation is as the following:

  • If you have implemented SUPEE-8788 version 1.0, then retrograde that patch, retrograde the SUPEE-1533 (version restrictions applies), apply SUPEE-3941 (version restriction applies), then apply SUPEE-8788 version 2 or later.
  • If you have not implemented SUPEE-8788, retrograde SUPEE-1533 (version restrictions applies), apply SUPEE-3941 (version restrictions apply), then apply SUPEE-8788.

 

SUPEE-8788 version 1.0? Replace with version 2.0 or later

For replacing the SUPEE-7877 version 1 with version 2  or later, follow the instructions as mentioned below:

  1. Log-in to your Magento server.
  2. In text editor, open <your Magento install dir>/app/etc/applied.patches.list
  3. Provoke which patches are pre-applied. The version SUPEE-8788 includes PATCH_SUPEE-8788_<magento version>_v1 in the name.
  4. If EE 1.14.1.0 or CE 1.9.1.0 is you Magento Version, and the patch SUPEE-1533 is applied, retrograde SUPEE-1533.
  5. If your version is outdated or earlier than EE 1.14.1.0 or CE 1.9.1.0 and SUPEE-3941 is not implemented, apply SUPEE-3941.
  6. Download version 2 or above of SUPEE-8788.
  7. Apply version 2 or above of SUPEE-8788.
  8. For Magento EE 1.14.2 only. After implementing the SUPEE-8788 patch, remove test_oauth.php from your Magento root directory.
  9. If you are upgraded to Magento CE 1.9.3 or Magento EE 1.14.3 after implementing the SUPEE-8788 patch, be sure that the below-written files have been deleted completely:
skin/adminhtml/default/default/media/flex.swf
skin/adminhtml/default/default/media/uploader.swf
skin/adminhtml/default/default/media/uploaderSingle.swf

If these files exist, delete them to evade potential security exploit. As Magento no longer distribute (.swf) files for CE 1.9.0.0 and Magento EE 1.14.0.0 with the software.

 

Magento Patch: Apply SUPEE-8788

For applying SUPEE-8788 Patch, follow the instructions as mentioned below.

  1. In text editor, open <your Magento install dir>/app/etc/applied.patches.list
    (This file will show the list of all patches that are applied currently.)
  2. Verify that SUPEE-8788 is applied or not. If it is applied already and its version 1, scroll up to SUPEE-8788 version 1.0? Replace with version 2.0 or later
  3. Verify that SUPEE-1533 patch is applied or not. If it is already applied, and your Magento version is older than EE 1.14.1.0 or CE 1.9.1.0, retrograde SUPEE-1533.
  4. If your Magento version is earlier or not updated, than EE 1.14.1.0 or CE 1.9.1.0, and SUPEE-3941 is not applied, apply SUPEE-3941.
  5. Upgrade to version 2 or posterior of SUPEE-8788.
  6. Implement version 2 or posterior of SUPEE-8788.
  7. For Magento EE 1.14.2 only. After implementing the SUPEE-8788 patch, remove test_oauth.php from your Magento root directory.
  8. After applying the SUPEE-8788 patch, if you are upgraded to Magento CE 1.9.3 or Magento EE 1.14.3, confirm that the below-mentioned files have been deleted properly:
skin/adminhtml/default/default/media/flex.swf
skin/adminhtml/default/default/media/uploader.swf
skin/adminhtml/default/default/media/uploaderSingle.swf

If these files exist, delete them to evade potential security exploit. As Magento no longer distribute (.swf) files for CE 1.9.0.0 and Magento EE 1.14.0.0 with the software.

Magento Patch: Listing Installed Patches

If you have doubt that which patches are already applied, just open <your Magento install dir>/app/etc/applied.patches.list

Magento Patch: How to Revert?

If you have doubt that which patches are already applied, just open <your Magento install dir>/app/etc/applied.patches.list

  1. Change the Magento Installation Directory
  2. Enter the command as written-below a user with adequate rights to write to Magento files
sh patch-file-name.sh -R

Magento Patches: Troubleshooting

If you are getting errors while running patch, use our following suggestions:

  • Verify that the patches are located in your Magento installation root directory.
  • Ubuntu example: /var/www/magento
  • CentOS example: /var/www/html/magento
  • Verify that you are running the patch with adequate rights.
  • Usually, this means running it as the web server user or as a user with root privileges.
  • Try running the patch again.
  • If problems occurs, contact Our Support.

If you still find any problem or need any assistance, feel free to call on our support number +1 844 897 0441. We are here to provide you the best solution



Leave a Reply