Today, Magento released a new critical security patch – SUPEE-10415- solely for Magento 1 stores.
SUPEE-10415, Magento Commerce 18.104.22.168 and Open Source 22.214.171.124 contain multiple security enhancements that help close cross-site request forgery (CSRF), Denial-of-Service (DoS) and authenticated Admin user remote code execution (RCE) vulnerabilities. These releases also include a fix for prior customers that had experienced issues patching caused by SOAP v1 interactions in WSDL.
Patches and upgrades are available for the following Magento versions:
- Magento Commerce 126.96.36.199-188.8.131.52: SUPEE-10415 or upgrade to Magento Commerce 184.108.40.206.
- Magento Open Source 220.127.116.11-18.104.22.168: SUPEE-10415 or upgrade to Magento Open Source 22.214.171.124.
For full details of SUPEE-10415, please click here.
There have also been several patches released for Magento 2 stores this month – for full details on these, please click here.