Today, Magento released a new critical security patch – SUPEE-10415- solely for Magento 1 stores.
SUPEE-10415, Magento Commerce 126.96.36.199 and Open Source 188.8.131.52 contain multiple security enhancements that help close cross-site request forgery (CSRF), Denial-of-Service (DoS) and authenticated Admin user remote code execution (RCE) vulnerabilities. These releases also include a fix for prior customers that had experienced issues patching caused by SOAP v1 interactions in WSDL.
Patches and upgrades are available for the following Magento versions:
- Magento Commerce 184.108.40.206-220.127.116.11: SUPEE-10415 or upgrade to Magento Commerce 18.104.22.168.
- Magento Open Source 22.214.171.124-126.96.36.199: SUPEE-10415 or upgrade to Magento Open Source 188.8.131.52.
For full details of SUPEE-10415, please click here.
There have also been several patches released for Magento 2 stores this month – for full details on these, please click here.