SUPEE-8788, Enterprise Edition 1.14.3 and Community Edition 1.9.3 address Zend framework and payment vulnerabilities, ensure sessions are invalidated after a user logs out, and make several other security enhancements that are detailed below.

 

 
 

Updated versions of the SUPEE-8788 patch for Enterprise Edition and Community Edition are now available. The Enterprise Edition patch is in the “Security Patches – October 2016” folder in MyAccount. The Community Edition patch is available in the Release Archive of the Community Edition Download Page.

The new patch addresses two issues:

  • Removes compatibility issues with SUPEE-1533 and SUPEE-3941 security patches experienced by merchants using Enterprise Edition 1.13 and earlier and Community Edition 1.8 and earlier releases.
  • Resolves issues with some 3rd party payment methods during checkout.

Installation process:

  • Revert SUPEE-8788 if you have already installed it.
  • Revert SUPEE-1533 if you have already installed it.
  • Deploy SUPEE-3941 if it hasn’t already been installed.
  • Install the new SUPEE-8788 v2 patch. This patch includes SUPEE-1533, so you don’t need to worry about re-installing it.

You can find SUPEE-1533 in the “Security Patches – October 2014” folder and SUPEE-3941 in the “Security Patches – August 2014” folder in MyAccount and in the Release Archive of the Community Edition Download Page.

[By Magento Team]