IMPORTANT: Issues with New Security Patch!

Today, Magento has released new security patch called SUPEE-6788, available as a part of Enterprise Edition 1.14.2.2 and Community Edition 1.9.2.2. The patch fixes a number of store security issues, which is why it is highly recommended you install it. But, at the same time, it has a routing issue that breaks backward compatibility, which may impact your extensions and customizations.

SUPEE-6788

For the purposes of compatibility, the new routing piece is disabled upon installation. You can enable it manually by changing the routing compatibility mode under System > Configuration > Admin > Security.

How do you know there is an issue?

Once new routing is enabled, you may encounter a “404 Not Found” page when visiting some of your extensions. In this case, you may go back to configuration and change the routing settings until your extension provider has those compatibility issues fixed.

Alternatively, you may simply take a look at the current extension url to know if it’s going to work properly:

shop.com/extension – will not work
shop.com/admin/extension – will work

Which extensions have been affected?

There are some compilations online that list all affected extensions from different developers. There is no way of knowing if they are up to date, so the link we provide will not necessarily reflect the current situation.

What about aheadWorks extensions?

A number of our extensions has been affected, but all of them are already fixed and tested by our team.

How will you get the fixed version?

We will notify you via both email and admin feed that the extension is fixed. Once you receive the message, you’ll have access to a free patch together with the latest version of our extension, also free. Please note that it will not reactivate your support period, which means that for any arising issues you’ll have to have an active support period.

Which AW extensions are fixed up to date?

Add Free Product to Cart 1.1.12
Admin Product Grid 1.0.3
Advanced Newsletter 2.4.7
Advanced Reports 2.6.4
Reports Extended Pack – all units
Advanced Reviews 2.3.9
Affiliate 1.1.2
Age Verification 1.0.1
AJAX Cart Pro 3.2.11
Auction Pro 1.0.4
Automatic Related Products 2 2.4.9
Better Thank You Page 1.1.2
Blog 1.3.15
Booking and Reservations 1.4.5
Checkout Promo 1.2.5
Cloud Backup 2.1.3
Countdown 1.1.5
Custom Form Builder 1.2.1
Custom SMTP 1.0.10
Custom Stock Status 1.2.5
Customer Attributes 1.0.6
Event Based Discounts 1.0.4
Event Tickets 1.1.3
Extra Downloads 1.0.3
Featured Products 3 3.6.3
Follow Up Email 3.6.4
Gift Card / Certificate 1.0.13
Help Desk Ultimate 3.3.6
Images Slider 2.0.4
Knowledge Base 1.3.5
Layered Navigation 1.3.2
Market Segmentation Suite 2.1.2
Mass Product Actions 1.1.2
On Sale 2.5.4
Order Tags 1.5.1
Photo Gallery Pro 1.0.1
Points and Rewards 1.8.4
Pop-Up + 1.3.3
Price Match 2.1.5
Product Color Swatches 1.1.2
Product Questions 2.1.4
Quick Coupon Generator 1.0.2
Quick View 1.1.1
Random Product Price 1.0.4
Refer a Friend 2.1.9
RMA 1.5.6
Sociable 1.3.4
Store Credit 1.0.4
Subscriptions & Recurring Payments 2 2.2.1
Z-Blocks 2.5.2

26 Comments

Frank

about 1 year ago

Can you please let me know which extensions need updating? Thanks

Reply

Dmitry Shatkov

about 1 year ago

There are already some compilations of all broken extensions online: http://codingbasics.net/magento-extensions-that-will-break-with-supee-6788/ You may check which ones you got both from aheadWorks and other developers. Unfortunately, there is no convenient way of knowing whether your store is all set or not. The only strategy is to periodically flip the routing option on and off until you see all of your extensions working properly.

Reply

Johan Drakenboeg

about 1 year ago

Great find! Could you include that link in the original post? Was looking for that myself and don't really read comments on blogs. Would've found it earlier if it was included in the post. Thanks

Reply

Dmitry Shatkov

about 1 year ago

Good suggestion, added the info. Just keep in mind that the list is losing relevance quickly as developers issue new patches daily.

Reply

Vlad

about 1 year ago

Don't you think that two weeks is just too much? Many vendors have already upgraded their extensions or updated the majority of extensions with only a couple left. Your prices are quite high and your customers have to wait for one or two weeks. Insane.

Reply

Dmitry Shatkov

about 1 year ago

We actually do think that two weeks is too much. The fact is that, contrary to our initial estimate, the fixing is less complex and we expect to finish much sooner. As to other vendors, you'll note that there are very few who have half as many extensions as we do. We fully realize the inconvenience of the current situation and thank our clients for their patience.

Reply

B. Moore

about 1 year ago

Just to be clear, you are providing a free patch to everyone who bought your extensions? So we bought AJAX Cart Pro almost 2 years ago... we should be expecting an email about a patch for it some time soon, correct?

Reply

Dmitry Shatkov

about 1 year ago

AJAX Cart Pro has been fixed already and is available for download from your account. The fix comes as a part of latest extension version - 3.2.11.

Reply

Paula

about 1 year ago

It is great)

Reply

Dmitry Shatkov

about 1 year ago

Thank you very much!

Reply

Alex

about 1 year ago

Lets make it simple. I have purchased about 7 extensions from you. Now I need to pay for support in order to download the fix?

Reply

Dmitry Shatkov

about 1 year ago

No, they are available for free regardless of whether your support is active or not. Support will only have to be activated for any further assistance.

Reply

stenkate

about 1 year ago

This is a great service Dmitry Shatkov, thanks!

Reply

Dmitry Shatkov

about 1 year ago

Thank you!

Reply

Matthijs

about 1 year ago

This blog post says you have updated your AW_Blog module to version 1.3.15. However I'm unable to download it. Not in Magento Connect and also not in My Account for your store. Version 1.3.14, which is not compatible with Magento CE 1.9.2.2 and Patch SUPEE-6788, is the latest available version. When and how can I obtain AW_Blog 1.3.15?

Reply

Dmitry Shatkov

about 1 year ago

Please try it once again. It should be available in your account area.

Reply

Chris

about 1 year ago

Thank you for your hard work Dmitry. Trying to install aw blog 1.3.15 via connect and it is flagged as 'devel' so will not install.

Reply

Dmitry Shatkov

about 1 year ago

Hi Chris, Thank you very much for you kind words. Regarding the issue. We've just successfully installed the extension for Magento CE 1.9.2.0. and it shows no errors. Please check the process and try again.

Reply

Ana Virginia Berrido

about 1 year ago

I have not received an email or seen update message in admin feed. How do I find the download link for the fixed extensions. We are using Automatic Related Products 2 2.4.3 Please advice. Regards,

Reply

Dmitry Shatkov

about 1 year ago

Hi Ana, Please visit your personal account in our store. The latest version of the extension is available for you in the My Account area. Just checked.

Reply

Loughlan Burnett

about 1 year ago

Hi Guys, I submitted a ticket asking whether other users were having display issues on main product page idems in the Vespa theme (as a result of this update). I was advised that the 3rd party developer would be contacted however I have not heard back. Any progress on this?

Reply

Dmitry Shatkov

about 1 year ago

Hi, Sorry for that delay. Our guys have just answered your question in the help desk. So, please check it in your account or email inbox.

Reply

daniele

about 1 year ago

Hello, is AW_Ascurl 1.2 compatible with the security patch? If not, there is a compatible update?

Reply

Dmitry Shatkov

about 1 year ago

Hi, Daniele. Yes, it is compatible.

Reply

Julian

about 1 year ago

Just updated via composer (http://packages.firegento.com/#!/aw_blog) but I can't really see any changes. Still got stuff like: admin in the config.xml, where it says 1.3.5, I had 1.3.4 before, so the update took place but maybe I just got the wrong files. Anybody else experiencing these issues or got a hint for me? Thanks in advance, really looking forward to a fix!

Reply

Julian

about 1 year ago

Just in case someone's looking for a modman-file, I've created one here: https://github.com/magento-hackathon/composer-repository/commit/72fdbc25d25950cd066e55ccc5a29f85144e45f6#commitcomment-14742166

Reply

Leave a Comment

Please be polite. We appreciate that.
Your email address will not be published and required fields are marked