Skip to content
AtlanticBT Monogram
Article

The Magento Security Patch You Can’t Afford to Ignore

If your online store is not secure, it doesn’t matter how much revenue it brings in—the right cyberattack could cripple your ability to run online transactions.

This in mind, it’s critical for users of both Magento Enterprise and Community to install a critical security update called SUPEE-8788. In this blog post, I’ll go through the details of this patch and what my team at ABT learned from this process.

Who Is Affected?

If you use a version of Magento Enterprise older than 1.14.2.4 or a version of Magento Community older than 1.9.2.4, you need to apply this update.

What Exactly Does This Update Do?

SUPEE-8788 addresses 17 different APPSEC vulnerabilities in Magento, including ones found in the payments system, user sessions, the Flash-based media uploader, and within the Zend Framework itself (which Magento has assumed maintenance of since ZF1 passed end-of-life).

In addition to the security updates in the SUPEE-8788, Magento versions 1.9.3 (CE) and 1.14.3 (EE) also provide several dozen other fixes and updates, including:

      • Tax calculation fixes
      • Shopping cart and checkout fixes
      • Catalog fixes
      • Price rule fixes
      • Configurable swatches fixes
      • Import/export fixes
      • Indexer fixes
      • Visual Merchandiser fixes (EE-only)

How Do I Apply This Update?

Visit Magento’s Security Patches page and follow the instructions to either update your version of Magento or download and install a patch alleviating these security issues. Because the patch can be applied quicker and with less complication than the version upgrade, we recommend installing the patch immediately if you don’t have the time or resources to perform a full Magento upgrade.

Wait, Why Do I Need More Time to Perform This Magento Upgrade?

Magento upgrades take a lot more than clicking a button and waiting a few minutes. Your developers will need to ensure the new version installs correctly and works with your existing design and customizations. We also recommend a thorough QA process across all areas of your online store when you install the upgrade. Making matters more complex, the new versions of Magento differ greatly in quality based on whether you’re using Community or Enterprise.

How Should Magento Community and Enterprise Users Handle the Upgrade?

Magento CE 1.9 users, especially those on 1.9.2, should review the fixes and features in the 1.9.3 upgrade to determine if it’s worth extra time to upgrade rather than install the patch. Spend some time reviewing the Magento forums, StackOverflow, and subreddit to see what kinds of issues people are reporting with the upgrade. This will help you anticipate and resolve any common issues or conflicts you’re likely to encounter with the upgrade.

Magento Enterprise users should be more cautious regarding the upgrade. While it’s always preferable to be on the latest version whenever possible, we’ve been disappointed in the lack of quality control in this release. Our Magento developers have already identified multiple bugs in the EE-specific changes which required hotfixes. There’s also currently little public discussion around 1.14.3, so it’s difficult to find solutions by comparing notes with other users. While this update does fix some long-standing bugs and the aforementioned security issue, the update trades these problems for new ones without proven fixes. This makes it easier to just install the patch if you use Magento Enterprise.

What If I Need Help or Have More Questions?

Feel free to post any questions or thoughts in the comments section below. If you’re interested in getting Atlantic BT’s help in handling your upgrade, contact us today to get started.

capabilities covered
Magento eCommerce Integrations Shopify CISO as a Service

The Atlantic BT Manifesto

The Ultimate Guide To Planning A Complex Web Project

Insights

Atlantic BT's Insights

We’re sharing the latest concepts in tech, design, and software development. Learn more about our findings.

Questions & Answers

How much does custom eCommerce cost?
A custom eCommerce store could cost anywhere from $12,000/year to millions. Variable factors include the amount of custom features, the complexity of design, setup investments, training, and maintenance. Check out how to determine the cost of a custom eCommerce store.
Learn More
What is the best web development framework?
Many people commonly ask “what is a framework in web development?” Web development frameworks can easily be confused with web development tools, languages, or parts of the web development stack (like PHP, Ruby, or Javascript).
Learn More
What is the best programming language for web development?
If there was one “best” programming language, then everything else would be obsolete. The reality is that there are so many different programming languages because there is no “best” language for any situation.
Learn More
How much does web development cost?
Web development can vary from a few hundred to millions of dollars depending on what is needed. You may simply need some changes to something that already exists, or you'd like to build a large or complex application.
Learn More
What is the best way to become a web developer?
We get lots of questions from university students working on projects -- How do I get into web development? How long does it take to learn? How much do web developers make?
Learn More
What is front end vs. back end development?
As web development evolved, it separated into logical specialization: front end web development and back end development. While back end development involves the server-side development, front end is the final rendering.
Learn More
What is full stack web development?
Full stack web development as a term evolved due to the separation of roles between front end and back end developers. A “full stack” developer is a developer that can work in both front end and back end technologies.
Learn More