Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct Process #8

Open
CNSam opened this issue Oct 29, 2015 · 2 comments
Open

Correct Process #8

CNSam opened this issue Oct 29, 2015 · 2 comments

Comments

@CNSam
Copy link

CNSam commented Oct 29, 2015

Hi folks,

I just wondered if it would be worth mentioning the correct process for upgrading to the new patch alongside using the toolbox.

IE: do you recommend upgrading to the latest release of modules etc first?
@jay-saint
Copy link

From everything that I have read it should be safe to upgrade first, as the patch defaults to compatibility mode related to APPSEC-1034.
"Enable Admin routing compatibility mode" under System > Configuration > Admin > Security - See more at: http://magento.com/security/patches/supee-6788-technical-details#sthash.qUeALrYY.dpuf

Installing the patch and leaving compatibility mode on will fix all of the remaining security vulnerabilities. I would think that installing updated modules and themes from vendors prior to running this script would be best practice, as it would allow the 3rd party developers the chance to make the fixes in a way that they feel is best and then script here will fix anything they miss.

@rhoerr
Copy link
Owner

rhoerr commented Oct 30, 2015

@CNSam, I'd recommend checking this out if you haven't already finished the patch. It goes through a full patching procedure. https://gist.github.com/mroffice/e6bda952a6165d00f1c1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@CNSam @jay-saint @rhoerr