Magento 1.9.3 : Security patch SUPEE-8788

Magento has released a new patch SUPEE-8788 for Magento which fixes Zend framework and payment vulnerabilities.

I am testing in CLI mode :

chmod 755 mage
sudo -u www-data ./mage list-upgrades
sudo -u www-data ./mage upgrade-all

Note: I recommend you to perform the upgrade on a test environment first.

You may have the following conflict errors :

Starting to download Vhaldecode_CookieLaw-1.4.1.tgz ...
...done: 11,782 bytes
Installing package community/Vhaldecode_CookieLaw 1.4.1
Package community/Vhaldecode_CookieLaw 1.4.1 installed successfully
Starting to download Mage_All_Latest- ...
...done: 725 bytes
upgrade-all: Failed to delete files: /home/data/www/magento_dev/./pkginfo/Mage_All_Latest.txt 
 Check permissions
upgrade-all: Package community/Interface_Adminhtml_Default conflicts with: community/Mage_All_Latest
upgrade-all: Package community/Interface_Frontend_Default conflicts with: community/Mage_All_Latest
upgrade-all: Package community/Interface_Install_Default conflicts with: community/Mage_All_Latest

If you have the above error, try these steps :

# cd pkginfo
# rm -Rf Mage_All_Latest.txt Mage_All.txt 
# cd ..
# sudo -u www-data ./mage upgrade-all
Installing package community/Mage_All_Latest
Package community/Mage_All_Latest installed successfully
Starting to download Interface_Adminhtml_Default- ...
...done: 1,014,275 bytes
Installing package community/Interface_Adminhtml_Default
Package community/Interface_Adminhtml_Default installed successfully
Starting to download Interface_Frontend_Default- ...
...done: 747,738 bytes
Installing package community/Interface_Frontend_Default

I have got also an exception :

SQLSTATE[42S22]: Column not found: 1054 Unknown column 'sales_bestsellers_aggregated_yearly.product_type_id' in 'field list', query was: SELECT COUNT(*) FROM (SELECT MAX(DATE_FORMAT(period, '%Y-%m-%d')) AS `period`, SUM(qty_ordered) AS `qty_ordered`, `sales_bestsellers_aggregated_yearly`.`product_id`, MAX(product_name) AS `product_name`, MAX(product_price) AS `product_price`, `sales_bestsellers_aggregated_yearly`.`product_type_id` FROM `sales_bestsellers_aggregated_yearly` WHERE (EXISTS (SELECT 1 FROM `catalog_product_entity` AS `existed_products` WHERE (sales_bestsellers_aggregated_yearly.product_id = existed_products.entity_id))) AND (store_id IN(0)) GROUP BY `product_id` LIMIT 5) AS `t`

#0 /www/magento_dev/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array)
#1 //www/magento_dev/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array)
#2 /www/magento_dev/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)

This error disappeared after clearing the cache.

And don’t forget to remove  the maintenance.flag file 😀 !

The clear the cache, rebuild the indexes and run the compilation.

My production server is now updated and it is working 🙂

Nicolas Portais
Author Photographer

Ce contenu a été publié dans Magento, avec comme mot(s)-clé(s) , , , , , . Vous pouvez le mettre en favoris avec ce permalien.

3 réponses à Magento 1.9.3 : Security patch SUPEE-8788

  1. Ping : Magento SUPEE-9652 Resolve Zend Framework Security Issue – 2/7/2017 | My Magento Blog

  2. Ping : Upgrade to or SUPEE-8167 by June 30, 2017 | My Magento Blog

  3. Ping : removed

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Captcha (solve the arithmetic equation) * Time limit is exhausted. Please reload CAPTCHA.