SUPEE-6482
Magento has released a new security patch for versions 1.4 and newer, SUPEE-6482
The vulnerabilities
This bundle includes protection against the following security-related issues:
- Cross-site Scripting Using Unvalidated Headers
- Autoloaded File Inclusion in Magento SOAP API
- XSS in Gift Registry Search
- SSRF Vulnerability in WSDL File
What you need to do
You must apply this new security patch as soon as possible. It can be downloaded from https://www.magentocommerce.com/download
You can either patch the store yourself using the instructions below, or submit a (chargeable) maintenance support ticket at https://www.theclientarea.info where our support team can apply the patch on your behalf (est. 5-60 mins application time).
More information
Read more about the patch here, http://us5.campaign-archive1.com/?u=34ff0d4b547cfa0a6a6901212&id=90740291cb
