Magento 1.9.3 : Security patch SUPEE-8788

Magento has released a new patch SUPEE-8788 for Magento which fixes Zend framework and payment vulnerabilities.

I am testing in CLI mode :

chmod 755 mage
sudo -u www-data ./mage list-upgrades
sudo -u www-data ./mage upgrade-all

Note: I recommend you to perform the upgrade on a test environment first.

You may have the following conflict errors :

Starting to download Vhaldecode_CookieLaw-1.4.1.tgz ...
...done: 11,782 bytes
Installing package community/Vhaldecode_CookieLaw 1.4.1
Package community/Vhaldecode_CookieLaw 1.4.1 installed successfully
Starting to download Mage_All_Latest-1.9.3.0.tgz ...
...done: 725 bytes
Error: 
upgrade-all: Failed to delete files: /home/data/www/magento_dev/./pkginfo/Mage_All_Latest.txt 
 Check permissions
Error: 
upgrade-all: Package community/Interface_Adminhtml_Default 1.9.3.0 conflicts with: community/Mage_All_Latest 1.9.2.4
Error: 
upgrade-all: Package community/Interface_Frontend_Default 1.9.3.0 conflicts with: community/Mage_All_Latest 1.9.2.4
Error: 
upgrade-all: Package community/Interface_Install_Default 1.9.3.0 conflicts with: community/Mage_All_Latest 1.9.2.4
Error: 
...

If you have the above error, try these steps :

# cd pkginfo
# rm -Rf Mage_All_Latest.txt Mage_All.txt 
# cd ..
# sudo -u www-data ./mage upgrade-all
Installing package community/Mage_All_Latest 1.9.2.2
Package community/Mage_All_Latest 1.9.2.2 installed successfully
Starting to download Interface_Adminhtml_Default-1.9.2.2.tgz ...
...done: 1,014,275 bytes
Installing package community/Interface_Adminhtml_Default 1.9.2.2
Package community/Interface_Adminhtml_Default 1.9.2.2 installed successfully
Starting to download Interface_Frontend_Default-1.9.2.2.tgz ...
...done: 747,738 bytes
Installing package community/Interface_Frontend_Default 1.9.2.2
...

I have got also an exception :

SQLSTATE[42S22]: Column not found: 1054 Unknown column 'sales_bestsellers_aggregated_yearly.product_type_id' in 'field list', query was: SELECT COUNT(*) FROM (SELECT MAX(DATE_FORMAT(period, '%Y-%m-%d')) AS `period`, SUM(qty_ordered) AS `qty_ordered`, `sales_bestsellers_aggregated_yearly`.`product_id`, MAX(product_name) AS `product_name`, MAX(product_price) AS `product_price`, `sales_bestsellers_aggregated_yearly`.`product_type_id` FROM `sales_bestsellers_aggregated_yearly` WHERE (EXISTS (SELECT 1 FROM `catalog_product_entity` AS `existed_products` WHERE (sales_bestsellers_aggregated_yearly.product_id = existed_products.entity_id))) AND (store_id IN(0)) GROUP BY `product_id` LIMIT 5) AS `t`

Trace:
#0 /www/magento_dev/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array)
#1 //www/magento_dev/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array)
#2 /www/magento_dev/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)

This error disappeared after clearing the cache.

And don’t forget to remove  the maintenance.flag file 😀 !

The clear the cache, rebuild the indexes and run the compilation.

My production server is now updated and it is working 🙂

Nicolas Portais
Author Photographer
http://www.mystockphoto.fr/
http://photos-art.pro/