Today, Magento released a new critical security patch – SUPEE-10415- solely for Magento 1 stores.
SUPEE-10415, Magento Commerce 184.108.40.206 and Open Source 220.127.116.11 contain multiple security enhancements that help close cross-site request forgery (CSRF), Denial-of-Service (DoS) and authenticated Admin user remote code execution (RCE) vulnerabilities. These releases also include a fix for prior customers that had experienced issues patching caused by SOAP v1 interactions in WSDL.
Patches and upgrades are available for the following Magento versions:
- Magento Commerce 18.104.22.168-22.214.171.124: SUPEE-10415 or upgrade to Magento Commerce 126.96.36.199.
- Magento Open Source 188.8.131.52-184.108.40.206: SUPEE-10415 or upgrade to Magento Open Source 220.127.116.11.
For full details of SUPEE-10415, please click here.
There have also been several patches released for Magento 2 stores this month – for full details on these, please click here.