Magento Patch 9767
A new Magento patch 9767 called SUPEE-9767 is out. It addresses several security issues. It is important to install it as soon as possible. Some dangerous remote code execution issues are reported, one of them with known attacks. Looks like a long friday, because it is important to fix that before weekend…
Magento Patch 9767
This patch closes 15 dangerous remote code execution leaks and vulnerabilities for example in Javascript, cache or logs. It is again one of main security patches, which need to be installed quickly. One high risk issue has already known attacks, so time to hurry!
Magento 1
Installing this patch is quite easy. I had only one issue with a *.csv translation file. It seems as if an extension has changed it, so it has more lines than expected. After installing SUPEE-9767, you recognize a new message in backend:
It is save to change “Enable Form Key Validation On Checkout” value:
But as always: test it first on your development systems. Form key validation may result in blank pages if you have overwritten some checkout *.phtml files and form keys are missing. In that case, take a look at your base folder and add this lines if necessary.
Magento 2
As for each patch, Magento released new version of Magento. Magento 2.1.7 is out now and it is a good idea to update your Magento 2. Why? Because it is really easy. I already showed you how to update Magento 2. For our Magento 2 projects, that worked without any further issues: congratulation Magento. Updating shops is now easy.
Conclusion
Magento Patch 9767 is again one very important security enhancement for your shops. There are already known attacks which can be prevented by installing this patch. Be aware, that it is not a good idea to wait. Attackers may uploading malicious code and without protection, your shop may be already infiltrated.