A new security patch (SUPEE-10497) is now available for merchants using Magento Open Source 126.96.36.199. It has been released with some urgency to deal with new security flaws detected by their team.
Do I need to patch?
This issue affects users of Magento Open Source 188.8.131.52 only. Users of Magento Commerce, or any other version of Magento Open Source, are not affected.
SUPEE-10415, Magento Commerce 184.108.40.206 and Open Source 220.127.116.11 contain multiple security enhancements that help close cross-site request forgery (CSRF), Denial-of-Service (DoS) and authenticated Admin user remote code execution (RCE) vulnerabilities. These releases also include a fix for a prior customers that had experienced issues patching caused by SOAP v1 interactions in WSDL.
What do I need to do?
Based on information received from Magento themselves, you need to perform the following tasks with some urgency;
|Most recent patch installed||Action required|
|SUPEE-10266||Remove this patch, and install SUPEE-10497.|
|SUPEE-10415||Remove this patch and SUPEE-10266, and install SUPEE-10497.|
|SUPEE-9767||No need to remove this patch. Just install patch bundle
In order to maintain the security of your online shop, we strongly recommend that all merchants upgrade their patches as soon as is reasonably possible. If we host your site directly, we may have already upgraded your system however you are always advised to contact us to check.
If you are not currently one of our customers, and would like to talk to us – then please get in touch. We offer a range of web hosting and design services for the smallest to the largest online retailers…