Tuesday 7th July 2015

Network Magento patch required


Magento has released a new security patch for versions 1.6 and newer, SUPEE-6285

The vulnerabilities

This bundle includes protection against the following security-related issues:

  • Customer Information Leak via RSS and Privilege Escalation
  • Request Forgery in Magento Connect Leads to Code Execution
  • Cross-site Scripting in Wishlist
  • Cross-site Scripting in Cart
  • Store Path Disclosure
  • Permissions on Log Files too Broad
  • Cross-site Scripting in Admin
  • Cross-site Scripting in Orders RSS

What you need to do

You must apply this new security patch as soon as possible. It can be downloaded from https://www.magentocommerce.com/download

You can either patch the store yourself using the instructions below, or submit a (chargeable) maintenance support ticket at https://www.theclientarea.info where our support team can apply the patch on your behalf (est. 5-10 mins application time).

More information

Read more about the patch here, http://us5.campaign-archive1.com/?u=34ff0d4b547cfa0a6a6901212&id=d47fcf1c6d