Table of Contents
- Overview
- Need More Detail?
- How to Get Magento Patches
- How to Apply a Magento Patch
- How to Apply the SUPEE-8788 Patch
- Listing Patches You Have Installed
- How to Revert a Magento Patch
- Troubleshooting
Overview
This article discusses how to apply and revert Magento patches you get in any of the following ways:
- Magento Support
- Magento Enterprise Edition (EE) support portal
- (Magento partners) from the partner portal
If you don't already have a patch, contact Magento Support.
.sh
. If your patch file name ends in .patch
or something else, contact Magento Support before proceeding.Need More Detail?
For more step-by-step details that are provided here, see one of the following:
How to Get Magento Patches
Magento Support provides some patches for Magento CE and EE on magentocommerce.com. This section discusses how to get those patches.
If Magento Support provided a patch to you, skip this section and continue with How to Apply a Magento Patch.
See one of the following sections for specific information about Magento CE or EE:
Getting Magento CE Patches
To get patches for Magento CE:
- Log in to magentocommerce.com/download.
(Click My Account in the upper right corner of the page.)
If you don't have an account, you can register for one; the account is free. - In the Magento Community Edition Patches section, locate the patch to install.
- From the list next to the patch, choose your CE version.
- Click Download.
- After the patch downloads, continue with How to Apply a Magento Patch.
Getting Magento EE Patches
To get patches for Magento EE:
- Log in to magentocommerce.com.
(Click My Account in the upper right corner of the page.) - Click Downloads in the left pane.
- Click Magento Enterprise Edition in the right pane.
The following figure shows an example.
- Click Support Patches.
- Locate the patch to download.
- Click Download corresponding to the patch for the version of EE you're using.
- After the download completes, continue with the next section.
How to Apply a Magento Patch
To apply a Magento patch:
- Transfer the patch
.sh
file to your Magento installation root directory.
Note: This article assumes your patch file name ends inFor example,.sh
. If your patch file name ends in.patch
or something else, contact Magento Support before proceeding./var/www/html/magento
. - Enter the following commands as a user with sufficient privileges to write to Magento files (typically, the web server user or
root
):chmod +x <patch-file-name>.sh ./<patch-file-name>.sh
A message such as the following displays to confirm the patch installed successfully:Patch was applied/reverted successfully.
- To reapply ownership to the files changed by the patch:
- Find the web server user:
ps -o "user group command" -C httpd,apache2
The value in the USER column is the web server username.
Typically, the Apache web server user on CentOS isapache
and the Apache web server user on Ubuntu iswww-data
. - As a user with
root
privileges, enter the following command from the Magento installation directory:chown -R web-server-user-name .
For example, on Ubuntu where Apache usually runs aswww-data
, enterchown -R www-data .
- Find the web server user:
- Perform any other tasks as instructed by Magento Support.
(For example, some patches require you to stop external services, such as the Solr search engine.)
How to Apply the SUPEE-8788 Patch
We released a security patch in October, 2016 that might cause issues for some users. This section applies to you if any of the following is true:
- You haven't yet applied the SUPEE-8788 patch and your Magento version is earlier than EE 1.14.1.0 or CE 1.9.1.0.
- You applied version 1 of the SUPEE-8788 patch. (The patch name includes
PATCH_SUPEE-8788_<magento version>_v1
.) - You previously applied the SUPEE-1533 patch and you want to apply the SUPEE-8788 patch.
- You're applying the SUPEE-8788 patch as part of an upgrade from an earlier Magento version.
We recommend the following:
- If you applied SUPEE-8788 version 1, revert that patch, revert SUPEE-1533 (version restrictions apply), apply SUPEE-3941 (version restrictions apply), then apply SUPEE-8788 version 2 or later.
- If you haven't applied SUPEE-8788, revert SUPEE-1533 (version restrictions apply), apply SUPEE-3941 (version restrictions apply), then apply SUPEE-8788.
Replace SUPEE-8788 version 1 with version 2 or later
To replace SUPEE-7877 version 1 with version 2 or later:
- Log in to your Magento server.
- Open
<your Magento install dir>/app/etc/applied.patches.list
in a text editor.
This file lists all currently applied patches. - Determine which patches are already applied. Version 1 of SUPEE-8788 includes
PATCH_SUPEE-8788_<magento version>_v1
in the name. - If your Magento version is EE 1.14.1.0 or CE 1.9.1.0, and patch SUPEE-1533 is applied, revert SUPEE-1533.
- If your Magento version is earlier than EE 1.14.1.0 or CE 1.9.1.0, and SUPEE-3941 is not applied, apply SUPEE-3941.
- Get version 2 or later of SUPEE-8788.
- Apply version 2 or later of SUPEE-8788.
- Magento EE 1.14.2 only. After applying the SUPEE-8788 patch, remove
test_oauth.php
from your Magento base directory. - If you upgraded to Magento CE 1.9.3 or Magento EE 1.14.3 after applying the SUPEE-8788 patch, make sure the following files have been deleted:
skin/adminhtml/default/default/media/flex.swf skin/adminhtml/default/default/media/uploader.swf skin/adminhtml/default/default/media/uploaderSingle.swf
If the files are present, delete them to avoid a potential security exploit. As of Magento CE 1.9.0.0 and Magento EE 1.14.0.0, we no longer distribute.swf
files with the Magento software.
Apply SUPEE-8788
To apply patch SUPEE-8788:
- Open
<your Magento install dir>/app/etc/applied.patches.list
in a text editor.
This file lists all currently applied patches. - Verify SUPEE-8788 is not applied. If it is, and it's version 1, see Replace SUPEE-8788 version 1 with version 2 or later.
- Verify whether or not patch SUPEE-1533 is applied. If it is, and your Magento version is earlier than EE 1.14.1.0 or CE 1.9.1.0, revert SUPEE-1533.
- If your Magento version is earlier than EE 1.14.1.0 or CE 1.9.1.0, and SUPEE-3941 is not applied, apply SUPEE-3941.
- Get version 2 or later of SUPEE-8788.
- Apply version 2 or later of SUPEE-8788.
- Magento EE 1.14.2 only. After applying the SUPEE-8788 patch, remove
test_oauth.php
from your Magento base directory. - If you upgraded to Magento CE 1.9.3 or Magento EE 1.14.3 after applying the SUPEE-8788 patch, make sure the following files have been deleted:
skin/adminhtml/default/default/media/flex.swf skin/adminhtml/default/default/media/uploader.swf skin/adminhtml/default/default/media/uploaderSingle.swf
If the files are present, delete them to avoid a potential security exploit. As of Magento CE 1.9.0.0 and Magento EE 1.14.0.0, we no longer distribute.swf
files with the Magento software.
Listing Patches You Have Installed
If you're not sure which patches are already applied, open <your Magento install dir>/app/etc/applied.patches.list
.
How to Revert a Magento Patch
If applying the patch results in errors, contact Magento Support. If you are instructed to do so, revert the patch:
- Change to your Magento installation directory.
- Enter the following command as a user with sufficient privileges to write to Magento files (typically, the web server user or
root
):
sh patch-file-name.sh -R
Troubleshooting
If you get an error when you run the patch, use the following suggestions:
- Verify the patch is located in your Magento installation root directory.
Ubuntu example:/var/www/magento
CentOS example:/var/www/html/magento
- Verify you're running the patch with sufficient privileges.
Typically, this means running it as the web server user or as a user withroot
privileges. - Try running the patch again.
If problems persist, contact Magento Support.