New SUPEE-6788 patch can be downloaded as usual from Downloads page:

https://www.magentocommerce.com/products/downloads/magento/

or installed as a regular Magento upgrade via Downloader (it is included in Magento 1.9.2.2 version).

You can install it in the same way as previous patches or by upgrading to Magento 1.9.2.2.

To apply the patch you need SSH access (shell access actually, SSH is just most used way to get shell access) to the server.

If you wish to save time and have us to install these patches for you, simply click here to order installation.

Step 0: Preparations

Update all third-party extensions, disable and uninstall any unused extensions.

Step 1: Verify your Magento version

$ grep -A6 'static function getVersionInfo' app/Mage.php
    public static function getVersionInfo()
    {
        return array(
            'major'     => '1',
            'minor'     => '9',
            'revision'  => '1',
            'patch'     => '1',

As you can see in the example, it is Magento 1.9.1.1

Step 2: Download corresponding patches

Patches are obtained from https://www.magentocommerce.com/products/downloads/magento/

Make sure to get the right version.

Step 3: Place patches into Magento Root directory

Upload your files into Magento root directory. It is important to place patch files directly into Magento root directory and execute it also directly in Magento root directory.

$ ls -1 .
PATCH_SUPEE-6788_CE_1.9.1.0_v1-2015-10-27-09-06-11.sh
app
cron.php
downloader
errors
favicon.ico
index.php
js
lib
mage
media
pkginfo
robots.txt
shell
skin
var

 

Step 4: Run the patches

$ bash ./PATCH_SUPEE-6285_CE_1.9.1.1_v1-2015-07-07-09-03-34.sh
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.

Step 5: Verification and flush of PHP opcode cache

Verify patch status at our patch tester page.
Test that your store is working. If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it after patching (or restart webserver), otherwise code will continue to run from caches.

Post-installation

You can disable it as shown below:

Disabling Secure Admin Routing compatibility mode for extensions

Additionally, if your store still use default /admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to /downloader/.

Known issues

  • CMS pages and transactional emails broken after SUPEE-6788 patch to Magento
  • Reset Password page is blank after SUPEE-6788
  • Magento registration form does not work after SUPEE-6788

Rollback

If you need to rollback the patch due to some reason, you can use –revert option, Just execute it again in the same Magento root directory by appending –revert option:

$ bash ./PATCH_SUPEE-6285_CE_1.9.1.1_v1-2015-07-07-09-03-34.sh --revert
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.