Magento Commerce Community Edition (CE) Version 1.9.2.1 is now available for download and upgrade.
Magento CE 1.9.2.1 is a security release which includes the latest Magento Security Patch, SUPEE-6482.
SUPEE-6482 addresses two security issues identified through Magento’s comprehensive security program and resolves two issues related to APIs and two cross-site scripting risks.
There are no confirmed reports of attacks related to these issues to-date, but it is important that you either upgrade to Magento 1.9.2.1 or deploy the patch immediately in order to protect your store.
The four security issues covered by SUPEE-6482 are:-
- Autoloaded File Inclusion in Magento SOAP API: Incorrect validation of a SOAP API request makes it possible to autoload code. The exploit requires the attacker to first log in with API credentials. Depending on the PHP version and/or configuration settings, code can then be loaded from a remote location.
- SSRF Vulnerability in WSDL File: Incorrect encoding of API password can lead to probing internal network resources or remote file inclusion.
Magento CE 1.9.2.1 also includes these Magento Security Patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285
For more technical information about Magento CE 1.9.2.1, please visit the release notes.
Please Note: We do NOT recommend upgrading a production installation of Magento directly. Please backup database and all files before upgrading. Please make sure to check for compatibility of your plugins and themes before you upgrade.