Everything You Should Know About SUPEE-9767 v2 Magento Security Patch

Reading Time: 2 minutes

Magento has just released a new SUPEE-9767 v2 security patch.

It is a second version of the patch released at the beginning of July. Basically, it addresses the issues triggered by the initial version (click here to learn more about that).

Also, this patch allows you to avoid some security-related issues, including remote code execution, information leaks, and cross-site scripting.


What is new?

This is what the new patch comes with:

  • restored missing strip_tags functionality in the checkout JavaScript;
  • the changed approach to the way Magento validates form keys during the generic five-step checkout process. Earlier, if form key authentication was enabled, customer registration failed during the standard checkout processing;
  • the Allow_symlinks message is now displayed in the Admin message area;
  • now, you can use the Checkout with Multiple Addresses when checkout form validation is enabled;
  • with this patch, Magento preserves the background transparency of uploaded images as before. This ability was lost with the previous patch version. After an image was uploaded, that resulted in an unusable or blurred image with indented borders.
  • With this patch version, it’s possible to install an extension as part of installing a package.

And last but not least, the Allow symlinks option is disabled during installation or upgrade processes. In the previous version, when one changed the Allow symlinks setting to true in the database before upgrading and then installing the patch, this option remained enabled, but you could no longer access it from the Admin panel.

How to Apply?

If you have already applied SUPEE-9767, you should revert. When done, apply V2.

You can download a second version of this patch from the official Magento site.

Follow this link to get it.

If you haven’t patched yet, simply apply V2, and most of the issues brought up here will be automatically resolved.

Not Sure How to Proceed?  

Contact us to discuss optimizing and maintaining your site, including installation of the current security patches.

NOTE  By the way, our Magento Upgrade service comes with FREE installation of all the up-to-date platform patches.

I strongly believe that 90% of your problems can be solved by marketing. Solving the other 10% just requires good procrastination skills. Love cats, blogging, design, photography and...yummy burgers with bacon. Guilty pleasure - Japanese Anime (... and burgers).


Please enter your comment!
Please enter your name here