Supee-6788 – A Critical Security Patch Magento Update to Install Immediately
The next big release of Magento “Supee-6788” has just come to the attention of Magento community. Supee-6788 is Magento’s next most powerful security patch as it is a bundle of patches & helps in resolving several security-related issues. It may possibly require many extensions/customizations changes and as a result will affect your Magento store. Thus, it seems to be different one from other Magento security patches released before and will surely make some waves in the Magento community.
So, you should first make sure that you have installed all previous security patches before proceeding with Supee-6788 installation, which further ensures about its proper installation. The followings are some security related issues addressed by Supee-6788:
- Error Reporting in Setup Exposes Configuration – APPSEC-1102
- Filter Directives Can Allow Access to Protected Data – APPSEC-1057
- XXE/XEE attack on Zend XML functionality using multi-byte payloads
- Potential SQL Injection in Magento Core Model Based Classes – APPSEC-1063
- Potential remote code execution using Cron – APPSEC-1037
- Remote Code Execution/Information Leak Using File Custom Option – APPSEC-1079
- Cross site scripting with error messages – APPSEC-1039
- Potential remote code execution using error reports and downloadable products – APPSEC-1032
- Admin Path Disclosure – APPSEC-1034
- Insufficient Protection of Password Reset Process – APPSEC-1027
- Dev Folder Not Protected – APPSEC-1124
- Cross-site Scripting/Cache Poisoning – APPSEC-1030
Therefore, if you really don’t want that your customers see any above mentioned issues at your store or find your store to break on the front-end or exposing their any protected information, just remember to update your Magento store by installing Supee-6788 immediately.