SUPEE-6482

Magento has released a new security patch for versions 1.4 and newer, SUPEE-6482

 

The vulnerabilities

This bundle includes protection against the following security-related issues:

• Cross-site Scripting Using Unvalidated Headers
• Autoloaded File Inclusion in Magento SOAP API
• XSS in Gift Registry Search
• SSRF Vulnerability in WSDL File

 

What you need to do

You must apply this new security patch as soon as possible. It can be downloaded from https://www.magentocommerce.com/download

You can either patch the store yourself using the instructions below, or submit a (chargeable) maintenance support ticket at https://www.theclientarea.info where our support team can apply the patch on your behalf (est. 5-60 mins application time).
 

Instructions

1. Download the appropriate version of the patch for your store from https://www.magentocommerce.com/download
    
2. After downloading the patch, upload it to your Magento document root
    
3. Log in via SSH as www-data
   
   ssh www-data@acc.magestack.com
    
4. Change directory to your Magento installation (replace as necessary), Eg.
   
   cd /microcloud/domains/example/domains/example.com/http
    
5. Execute the patch by running `bash` followed by the patch filename, Eg.
   
   bash PATCH_xxx.sh
    
6. If the patch was applied successfully, you should see the following
   
   Checking if patch can be applied/reverted successfully...
   Patch was applied/reverted successfully.
    
7. After patch application, thoroughly test your store including customer account registration and the full checkout process.

 

More information

You can find more information from the official notice here, http://merch.docs.magento.com/ce/user_guide/Magento_Community_Edition_User_Guide.html#magento/patch-releases-2015.html