Magento CE 1.9.2.1 Security Release

Magento Hosting

Magento Commerce Community Edition (CE) Version 1.9.2.1 is now available for download and upgrade.

Magento CE 1.9.2.1 is a security release which includes the latest Magento Security Patch, SUPEE-6482.

SUPEE-6482 addresses two security issues identified through Magento’s comprehensive security program and resolves two issues related to APIs and two cross-site scripting risks.

There are no confirmed reports of attacks related to these issues to-date, but it is important that you either upgrade to Magento 1.9.2.1 or deploy the patch immediately in order to protect your store.

The four security issues covered by SUPEE-6482 are:-

  • Autoloaded File Inclusion in Magento SOAP API: Incorrect validation of a SOAP API request makes it possible to autoload code. The exploit requires the attacker to first log in with API credentials. Depending on the PHP version and/or configuration settings, code can then be loaded from a remote location.
  • SSRF Vulnerability in WSDL File: Incorrect encoding of API password can lead to probing internal network resources or remote file inclusion.

Magento CE 1.9.2.1 also includes these Magento Security Patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285

For more technical information about Magento CE 1.9.2.1, please visit the release notes.

Please Note: We do NOT recommend upgrading a production installation of Magento directly. Please backup database and all files before upgrading. Please make sure to check for compatibility of your plugins and themes before you upgrade.