Today, Magento released a new critical security patch – SUPEE-10415- solely for Magento 1 stores.
SUPEE-10415, Magento Commerce 220.127.116.11 and Open Source 18.104.22.168 contain multiple security enhancements that help close cross-site request forgery (CSRF), Denial-of-Service (DoS) and authenticated Admin user remote code execution (RCE) vulnerabilities. These releases also include a fix for prior customers that had experienced issues patching caused by SOAP v1 interactions in WSDL.
Patches and upgrades are available for the following Magento versions:
- Magento Commerce 22.214.171.124-126.96.36.199: SUPEE-10415 or upgrade to Magento Commerce 188.8.131.52.
- Magento Open Source 184.108.40.206-220.127.116.11: SUPEE-10415 or upgrade to Magento Open Source 18.104.22.168.
For full details of SUPEE-10415, please click here.
There have also been several patches released for Magento 2 stores this month – for full details on these, please click here.
If you require any further information regarding this patch update, or assistance with installing – please get in touch with one of our team on 0113 833 0411, 0207 078 9084 or send us an email.