The latest Magento Security Patch, SUPEE-6788 is now available for Magento Community Edition 1.7 and later releases.
Magento also released Magento Community Edition 22.214.171.124 and Magento Enterprise Edition 126.96.36.199 which includes SUPEE-6788.
SUPEE-6788 addresses over 10 security issues identified through Magento’s comprehensive security program, including remote code execution and information leak vulnerabilities unrelated to the recent malware issue.
There are no confirmed reports of attacks related to these issues to-date, but it is important that you either upgrade to Magento Community Edition 188.8.131.52 and Magento Enterprise Edition 184.108.40.206 or deploy the patch in order to protect your store.
This patch breaks backward compatibility in three ways that can affect extensions and customizations. For example, changes to admin routing can make extensions and customizations inaccessible from the admin panel if they are not using proper routing.
To help address concerns about the admin routing changes, these changes in the patch are turned off by default. This means that the patch will include the fix, but that it will be disabled when installed.
The Magento community compiled an unofficial list of Magento extensions that will break with admin routing enabled. You can look into the list to see if you have any of the extensions installed and whether there are newer versions which resolved the compatibility issue.
For more details, please refer to the SUPEE-6788 Technical Details page and the Magento Community Edition 220.127.116.11 Release Notes.
Please Note: We do NOT recommend upgrading a production installation of Magento directly. Please backup database and all files before upgrading. Please make sure to check for compatibility of your plugins and themes before you upgrade.