Patch 8788 - Average Time to Deploy
https://magento.stackexchange.com/questions/143824
-
04-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What is a reasonable amount of time to expect for the proper live deployment of a patch including testing on a dev site assuming there are no conflicts?
Solution
Not really at technical question with a definite answer, but it's entirely dependent on how custom your magento build is. It sounds like your developer needs to be a bit more clear with you as to what is taking so long.
There are a bunch of things that can stop a patch from applying successfully (read: Security Patch SUPEE-8788 - Possible Problems?), these can be conflicting old patches, local overrides to core code, rewrites of core files, overrides of core templates, and anything you can really imagine.
Even if a patch successfully applies you have to go through the patch file-by-file and look for things which may extend a patched file so that they are compatible with the new changes. I've seen classes extend a class which extended a class which was patched, thus causing a breakage in a custom uploader from SUPEE-8788.
In short, there's a bunch of different ways of rewriting and modifying magneto1 that makes it difficult to verify that a patch is installed correctly. You can spend a lot of time and gain a lot of confidence by validating each file in the patch is not affected by
- Local overrides (check
app/code/community,app/code/local, etc) - Magento rewrites
- Theme overrides (check all fallbacks, particularly needed for things with form keys. Don't forget to check mobile if you have a different theme for that!)
- Classes extending a patched file. This can be nearly impossible if the patched file is core, but can be easily gauged for classes like the recent uploader changes. Or the changes in the previous patch to
Mage_Core_Model_Configwhich invalidated the Bronto modules config tester validator thing.
That's just assuming that its "your code" you're dealing with, that's not even mentioning community modules which have varying degrees of all the above.
- You installed a community module like Pimgento? Welp, you've gotta wait for them to patch their code.
- You installed an old unsupported community module? You're on your own.
- You installed a module encrypted with ioncube etc? May god have mercy on your soul.
You can spend as long as you need, a lot of the sites that say "We can install SUPEE-8788 in 30 minutes" may be telling the truth for your particular instance, but if your instance is heavily custom then that patch will go live and you'll have problems with the uploader or any other areas of the site patched by 8788, then you'll be going back to them pressuring them for urgent fixes.
How long is a piece of string? In my opinion, 3 or 4 days full time should let someone go in with reasonable confidence that your site will continue to function without issue. Add an extra day for each new frontend theme if there's formkeys and varnish caching to play with.
Or, if your site is vanilla, you can just run your patch and hope magento hasn't introduced any regressions.
¯\_(ツ)_/¯
