Magento Update: Magento has announced a new patch available for Magento Community versions older than 184.108.40.206 and Magento Enterprise versions older than 220.127.116.11.
What does this Magento Patch address?
This patch is designed to tackle multiple Magento security issues and vulnerabilities, and is in fact made up of a number of smaller patches. Some of these include:
- Cross site scripting vulnerabilities
- Information disclosure vulnerabilities
- Addressing possible SQL Injections
What do I need to do?
If you own or run a Magento installation, we recommend that you install this patch as soon as possible in order to prevent any possible exploits.
- Magento Enterprise Clients: Log in to your Magento account to access the EE version of the patch.
- Magento Community: Access the Primary Download Page
Magento has stated that in order to address some of these security issues, this patch may affect performance or access to some 3rd party extensions and plugins. Many developers are aware of this and are amending their plugins accordingly, but as a precaution there is a compatibility mode within SUPEE-6788 that limits the effectiveness of this patch. This is called the 'Admin Routing Compatibility Mode', which is turned 'on' by default.
You must turn off 'Admin Routing Compatibility Mode' under 'Admin > Security' to enable all features of this patch.
If you have any questions or are concerned with the security of your website, please contact our expert security team.