Install New Security Patch Immediately

Magento has released security patch SUPEE-6788 for Enterprise Edition 1.14.2.2 and Community Edition 1.9.2.2 to address over 10 issues identified through their comprehensive security program, including remote code execution and information leak vulnerabilities. Tenzing is recommending all Magento clients immediately review the changes and plan for the expected compatibility issues.

BACKWARD COMPATIBILITY

This patch breaks backward compatibility in ways that can affect your extensions or customizations (see notes for details). For example, certain updates to admin routing can make improperly coded extensions and customizations inaccessible from the admin panel. We expect that many extensions and customizations will be affected by this change, so we are releasing the patch with it included, but turned off. This lets you immediately benefit from the rest of the patch, while also giving you time to update your code before turning on the admin routing change.

We recommend that you first test the code in a non-production environment with the admin routing change turned on. If it works, deploy the fully-enabled patch to production. If you discover issues with accessing extensions or customizations from the admin panel, deploy the patch with the admin routing change disabled. Then work with your developer and extension providers to update impacted customizations and extensions. We urge you to turn on the admin routing change as soon as possible to protect your site from automated attacks, like the malware issue we recently experienced.

Aisling McCaffrey

Demand Marketing Specialist at Thinkwrap
Aisling is our Demand Marketing Specialist at Thinkwrap, and loves working with both technology and humans. She studied International Business (concentrating in Marketing) and has spent several years living and working in China, mostly in Shanghai, where she became passionate about global innovation and how the use of social media changes in different cultures. Aisling likes to keep up on internet trends - from business to memes - and is always looking for new ways to learn or entertain herself.