Patching Magento SUPEE-10888
SUPEE-10888 is an important security update for Magento to address remote code execution and SQL injection vulnerabilities.
Where to download
Its best downloading the patch from the Magento.com download section - or via MDA - the Magento download tool (this is what this guide will use).
Dependencies
- SUPEE-10888
Applying the patch
The application of this patch is relatively straightforward. I'd recommend doing this in staging/development before attempting on live (if you don't have a dev. site follow this guide to create one).
-
Change directory to your Magento document root and fetch
mda.phar
(the Magento downloader tool), if using Enterprise, refer to the documentation here to provide your id/token.cd /microcloud/data/domains/example/domains/example.com/http wget -O mda.phar --no-check-certificate https://raw.githubusercontent.com/sonassi/magento-download-archive/master/bin/mda.phar php mda.phar
-
Select either CE/EE patch as appropriate,
1: Ce-patch 3: Ee-patch
-
Select the auto detected version of Magento,
0: 1.7.0.2 (auto detected)
-
Select the SUPEE-10888 patch (or press
m
to download all missing patches),0: SUPEE-10888 for CE 1.7.0.0-1.7.0.2 (PATCH_SUPEE-10888_CE_v1.7.0.2_v1.sh/SUPEE-10888)
-
Copy the patch to your Magento document root and apply it,
cp ./downloads/PATCH_SUPEE-10888 . bash PATCH_SUPEE-10888
-
Clean your Magento cache using MageRun,
mr_examplecom cache:clean
Known issues
None.