Magento Security Announcement – New Security Patch (SUPEE-6788)

Screen Shot 2015-10-27 at 7.01.56 PM

***Please note that this patch may interfere with certain Magento extensions and should be applied by your developer.***

Today, we are releasing a new security patch (SUPEE-6788), Enterprise Edition 1.14.2.2 and Community Edition 1.9.2.2 to address over 10 issues identified through our comprehensive security program, including remote code execution and information leak vulnerabilities. This patch is unrelated to the recent Guruincsite malware issue. There are no confirmed reports of attacks related to these issues to-date, but it is important that you work with your clients to deploy the patch in order to protect their stores. More information about the patch is provided in the Magento Security Center and in the Magento Enterprise Edition and Magento Community Edition release notes.

BACKWARD COMPATIBILITY

This patch breaks backward compatibility in ways that can affect your client’s extensions or customizations (see notes for details). For example, an update to admin routing can make improperly coded extensions and customizations inaccessible from the admin panel. We expect that many extensions and customizations will be affected by this change, so we are releasing the patch with it included, but turned off. This lets merchants immediately benefit from the rest of the patch, while also giving them time to update their code before turning on the admin routing change.

We recommend that you and your clients first test the code in a non-production environment with the admin routing change turned on. If it works, deploy the fully-enabled patch to production. If you discover issues with accessing extensions or customizations from the admin panel, deploy the patch with the admin routing change disabled. Then work with your clients and their extension providers to update impacted customizations and extensions. We urge you to turn on the admin routing change as soon as possible to help protect your clients from automated attacks, like the malware issue we recently experienced.

DOWNLOADING THE SECURITY PATCH

Patches are available for Magento Enterprise Edition 1.7 and later releases and Magento Community Edition 1.4 and later releases. Before implementing this new security patch (SUPEE-6788), your clients must first implement all previous security patches. This will ensure that the patch works properly.

To download the patch, choose from the following options:

Enterprise Edition Merchants: Go to My Account, select the Downloads tab, and then navigate to Magento Enterprise Edition > Support Patches. Look for the folder titled “Security Patches – October 2015.” Merchants can also upgrade to Enterprise Edition 1.14.2.2 and receive the security update as part of the core code.
Community Edition Merchants: Patches for earlier versions of Community Edition can be found on the Community Edition download page (look for SUPEE-6788). Merchants can also upgrade to Community Edition 1.9.2.2 and receive the security update as part of the core code.

Information about installing patches for Magento Enterprise Edition and Magento Community Edition is available online.

Thank you for your attention and continued support.

Best regards,

The Magento Team

Screen Shot 2015-10-27 at 7.02.07 PM

Tom P October 27, 2015

Read This Next:

Magento Releases SUPEE-10975 Patch, Magento Commerce 1.14.4, Open Source 1.9.4, and 2.3.0

Magento PHP 7.2 Patch Release

New Magento Releases and Security Patch Update

Magento 2.2.5 and 2.1.14 Security Update

Fast, reliable, full of features... Over the years, I have used more than a dozen hosts, both the big ones and smaller ones; eBoundHost.com is by far my favorite.

Dries J

1) Their technical support people are always available to help with questions. 2)Server and network speed excellent. 3)Everything works great. 4)I highly recommend them!!!Thank you.

Jindrich Radic

SUPER SUPPORT - even during "off hours" - Sundays & holidays. Responses have always been within minutes of the initial call or email. The BEST vendor I have ever used in my 10 plus years as a webhosting services consumer.

EG Pursley

There is not a place on this Planet that you can get better service, support or hosting!

Pat

eBoundHost.com has been a dream to work with. My questions are answered in minutes, the price is very reasonable, the interface is great, I am very happy with how smooth everything works.

Paul

eBoundHost.com has the best customer service in ANY industry. Their support staff answers phone calls and emails immediately and they have time and time again gone over and above their responsibilities to make sure I am taken care of and that my clients are happy. I have many websites hosted here from small business to corporate level and have dealt with many hosting companies in the industry and eBoundHost.com is by far the BEST hosting provider there is. Great prices, great service, great hosting packages, and a killer reseller program! THANK YOU AGAIN :)

Shannon

eBoundHost is the best. I have dealt with many hosting providers over the last 10 years. eBoundHost surpasses them all. Absolutely the highest level of quality service anywhere. Do yourself a big favor and sign on with eBoundHost.

Dave "Infodave" Beightol

GREAT customer service and tech support, with professional, yet personable service.

J. Bitner

Excellent response to questions and issues. Fabulous uptimes. Personable tech support.

Lisa Cowan

Cost, technical support and promptness of return calls are of paramount importance to me since most of my work is done on the road and waiting for a reply is frustrating. eBoundHost has been a pleasure to work with friendly, courteous and professional.

Steve Berry

Great customer service. After looking around for a while we signed up with eBoundHost. And I can assure you that we made right decision. Customer service is so good that I don't have words to explain. I would recommend this service to everyone.

Keval

eBoundHost provides the very best service I've experienced in hosting. It takes less than 24h to get an answer to any question. They're great.

Fabien Papleux

I'm Stan Bogdashin, a customer of your hosting company for the past 2 years. Our company provides web design, development and Search Engine Optimization (SEO) services. Want to thank you for helping us by providing great hosting seamless support - this is why I continue to recommend you and don't use anyone else for hosting!

Stan Bogdashin

eBoundHost is really the best hosting service in today's marketplace. Fast and efficient customer service with excellent IT knowledge. Good price and many bundled extra options. Highly recommended!

Goran Paunovic
Artversion Creative Agency

From using your hosting services for dozens of web clients and appreciating your wonderful customer service (all the while enjoying spending my meaty affiliate checks), I look forward to growing with you and watching you evolve surely and steadily into a powerhouse of a force to be reckoned with for your competitors. In an overcrowded abyss of hosting providers it is an absolute MUST to stand out above the crowd if you want to claim your stake and play with the big boys. Period. All I can say is this...Look Out World - GAME ON!!!

S. Gino

Awesome Service And Excellent Customer Service!

Cory Farbman

I have worked with many hosting companies over the course of my years in the website building and design business. I can say with certainty that eBoundHost.com is among the elite companies. I would and have recommended them to anyone.

Jim Nickerson

Over the years, I've dealt with many companies. None come close to equaling the service and price offered by eBoundHost.

Jerry Stark

I was just looking over our emails and adding up how much time you guys have taken to get me squared away with my new eboundhost account. I can't tell you what a relief it is to have fast, dependable hosting and the kind of immediate support I've gotten from you, after having struggled with a sub-standard host for years. eboundhost has, in the short time I've been with you, already saved me hundreds of dollars of billable time. My thanks.

Bart W

EXCELLENT across the board, super quick reply to questions (about 15-30min). Outstanding! Loads of features, excellent price! Loads of space and bandwidth!

Beau B.