SUPEE-6788: Q&A about extensions and security patch compatibility [Important]

SUPEE-6788 security patch Q&A: extensions compatibility

Our customers are asking a lot of questions about the latest security patch and its influence on performance of some extensions. We’ve compiled the most popular questions about the issue and answered them for your convenience.

What is SUPEE-6788?

It’s a security patch, mainly targeted to get rid of the vulnerability, which is connected with non-default admin URLs automated attacks.

Is the patch live now?

Yes, it is.

I heard that some of my extensions are vulnerable.

No, this is a Magento vulnerability. Extensions could be only affected by the security patch.

I heard that I will experience issues with my extensions after the security patch installation.

Some extensions don’t use admin routing at all, and their performance won’t be affected by the patch.

Some extensions are using admin routing, and there are two ways of handling it.

For now thanks to the docs that Magento guys provided us with, we know that the first way of handling admin routing is perfectly okay, and the second one will cause compatibility issues with some extensions.

To ensure the correct performance of all extensions that use the second way of handling admin routing, right now we are working on updates and changing this mechanism so the extensions will work perfectly well with SUPEE-6788 (as of 27 Oct, 2015).

Amasty team is doing its best to update all the extensions within 24 hours.

Will all my extensions from Amasty be affected?

No. Since not all the extensions are using admin routing, many extensions won’t be affected by the patch and will be working as expected.

What should I do?

1. Please install the security patch: this is a crucial step to protect your store from automated attacks.

2. Please update your Amasty extensions after the patch installation. You can easily download the updated extensions in your account if your support period is valid. To know if you need to update, just look into the changelog. If there’s an update about security patch compatibility, you’ll see it right away:

Changelog

Here’s the final list of extensions you should update:

  • Abandoned Cart Email
  • Admin Actions Log
  • Advanced Customer Segments
  • Advanced Permissions
  • AJAX Image Uploader
  • Blog Pro
  • Custom Address Fields
  • Customer Attributes
  • Customer Group Catalog
  • Detect Missing Pages
  • Duplicate Categories
  • Efficient Order Export
  • Email to Customers
  • Errors Log
  • Extended Order Grid
  • Extended Product Grid with Editor
  • Favorite Products
  • Follow Up Email
  • Full Page Cache
  • Generate and Import Coupons
  • GeoIP Data
  • Gift Wrap
  • Import Product Tags
  • Improved Layered Navigation
  • Mass Order Actions
  • Meta Tags Templates
  • One Step Checkout
  • Order Manager Toolkit
  • Order Memos and Attachments
  • Order Status
  • Out of Stock Notification
  • Payment Restrictions
  • Product Attachments
  • Product Feed
  • Product Manager Toolkit
  • Promo Banners
  • Promotions Manager
  • RMA
  • SEO Toolkit
  • Shipping & Payment By Customer Groups
  • Shipping Restrictions
  • Shipping Rules
  • Shipping Table Rates
  • Smart Review Reminder
  • Store Locator
  • Tier Price
  • Two-Factor Authentication
  • XML Google Sitemap

3. If you are still experiencing any issues or have questions on the case, don’t hesitate to submit a ticket for our support team.

Please note that updates for SUPEE-6788 compatibility are delivered for free.
Ksenia Dobreva

Ksenia Dobreva

Ksenia is a devoted marketer with special love to blogging. She believes that content with several pinches of SEO and social can be a brilliant daily special. When she’s not working on Amasty updates and blog posts, Ksenia runs a blog on movies and books and helps animal shelters.

You may also like...

33 Responses

  1. Petri says:

    In the article you have a note that the SUPEE-6788 compatibility updates are delivered free of charge, but where do I find them? In my ordered items I can only renew some of the expired extensions, but I cannot find any link to update the compatibility.

  2. Jonathan says:

    Do I need to renew the extensions that have been updated for the new security patch?
    When I look at my downloads, I only see the old versions that I have installed.

    • Ksenia Dobreva Ksenia Dobreva says:

      Hey Jonathan,

      thanks for asking. Unfortunately from here I can’t see your account details and what’s happening there, could you please shoot an email to support@amasty.com with your order ID or the email you have ordered your extensions from, and the support team will be happy to give you the answer. Thanks!

  3. Francis Kim says:

    Thanks for making the effort to let your users know!

    • Ksenia Dobreva Ksenia Dobreva says:

      Thanks Francis, we understand that this can cause many issues on live shops, so we’re doing our best to eliminate them. Have a nice weekend!

  4. Willie says:

    Hey guys, I just wanted to say thank you that you updated most of your extensions so fast. I wasn’t even aware of the reasons everything was broken. I hope your support team has enough coffee these days. Tipping the hat to you for a great crisis reaction

    • Ksenia Dobreva Ksenia Dobreva says:

      Hey Willie,

      thanks so much for your kind words. Your feedback is very important to us! We understand this is a tough situation for all community members and we’re working hard to eliminate all the issues. Have a nice Halloween and weekend!

  5. Michael says:

    Hello,

    We have these extension
    Amasty/Base
    Amasty/SeoRichData
    Amasty/ToolKit

    Do we to update these base on the SUPEE-6788 magento update?

  6. Rafael Kassner says:

    What about Amasty_Base? I have some modules that are NOT in the list, but they have Amasty_Base as dependency (os just came within the package).

  7. Mads says:

    Already sent an email to support about this along with order ID. I also cannot see update on security patch.

    • Ksenia Dobreva Ksenia Dobreva says:

      Hi Mads, thanks, our support guys will deal with your ticket soon. You haven’t been able to see any updates, because your support period is over now. Hope that helps. But you will receive a security patch update for free.

  8. Rich says:

    If my support period has run out, do I need to renew it in order to download the latest version that will work with the new security patch?

  9. Manock says:

    Hi,

    I’m just wondering what if I never install the new patch since I am too lazy.

    • Ksenia Dobreva Ksenia Dobreva says:

      Hey Manock,

      well, it is always recommended to install security patches, because they protect your store. For example, SUPEE-6788 protects non-default admin URLs against automated attacks, SQL injections, and stuff. Please remember that your Magento store vulnerability means that your customers’ personal data can also be dangered.

      • Manock says:

        But still, Magento has been safe all the time so far?

        • Ksenia Dobreva Ksenia Dobreva says:

          Manock, the initial system was built to be safe, but the thing is that the progress does not stop (and you can’t predict all the cases with such a complicated platform). People identify new and new vulnerabilities, hackers look for new ways, so because we want Magento to stay safe even now, we need to apply patches that were developed according to the latest findings.

  10. Mafrieger says:

    many thanks for providing these updates!

    Just one question:
    are the latest versions of your extensions all FULLY compatible to supee-6788
    without using any compatibility settings?

    Here is a great overview what have to be considered:
    sonassi.com/blog/patching-supee-6788

    • Ksenia Dobreva Ksenia Dobreva says:

      Hey Mafrieger,

      thanks for asking, yes, all the versions are fully compatible with the patch, and our customers don’t need to do anything additional.

      Thanks for sharing the info!

  11. sankar says:

    hi, i was running the patch, but initially shows patch can’t be applied in version 1.7.0.2 CE, but executes by patching file i don’t whether it is successful or not.. what is about.. could you please explain. Thanks.

    • Ksenia Dobreva Ksenia Dobreva says:

      Hey Sankar,

      First of all, please check – are you absolutely sure you downloaded the patch for your Magento version?

  12. Ronnie says:

    how much time it takes ?

    • Ksenia Dobreva Ksenia Dobreva says:

      Hey Ronnie,

      could you please specify what you are asking about? Thanks.

      • Ronnie says:

        I want to update this on my Magento ver. 1.8.1.0
        So can u please tell how much time it takes?

        • Ksenia Dobreva Ksenia Dobreva says:

          Oh, I see, thanks for clarification.

          The initial installation of the patch is very simple and takes no more than 5 minutes. The troubles may come from your extensions, if they are not updated. And here you may need to have time for updating your extensions or for talking to your extensions providers if you face any trouble.

          • Ronnie says:

            okay nice. but at max, 2 hours ? and if i upgrade my magento ver. 1.8.1.0 to 2.0 then how much time?

            • Ksenia Dobreva Ksenia Dobreva says:

              Ronnie,

              it’s hard to say as I don’t know exactly how many and which extensions are installed on your store.

              When it comes to Magento 2.0, it also depends on what functionality you have on your store. You can’t just simply upgrade to 2.0 as you do with patch installations. In fact, it’s a completely new platform, and there are no tools that let you upgrade in a few clicks. The extensions also can’t be upgraded for Magento 2.0, they should be developed from scratch, and you’ll need to code all your customizations again as well.

              Hope that helps.

  13. babiesandfools says:

    Amasty – thanks for the patch. I installed it but the shipping restriction rules are no longer working after patch is installed. Can you help?

Leave a Reply

Your email address will not be published. Required fields are marked *