A new patch (SUPEE-10497) is available for merchants using Magento Open Source 1.9. 1.1. This patch replaces SUPEE-10266 (released September 14, 2017) and SUPEE-10415 (released November 28, 2017).
Do I need to patch?
This issue affects users of Magento Open Source 220.127.116.11 only. Users of Magento Commerce, or any other version of Magento Open Source, are not affected.
Consult the following table for the recommended action.
Most recent patch installed
Remove this patch, and install SUPEE-10497.
Remove this patch and SUPEE-10266, and install SUPEE-10497.
No need to remove this patch. Just install patch bundle SUPEE-10497.
Magento Open Source software is available from the Open Source download page.
More information about these security changes is available on the Magento Security Center.
Thank you for taking prompt action to deploy this update.