Yesterday, Magento released a new security patch for Community Edition and Enterprise Edition (SUPEE-6482). In our release note and announcement, we incorrectly stated that the patch addresses 4 issues with both products. Instead, the patch addresses 2 issues with Community Edition and 4 issues with Enterprise Edition.
Version: |
Issues Addressed with Patch: |
Magento Community Edition |
Autoloaded File Inclusion in Magento SOAP API SSRF Vulnerability in WSDL File |
Magento Enterprise Edition |
Autoloaded File Inclusion in Magento SOAP API SSRF Vulnerability in WSDL File Cross-site Scripting Using Unvalidated Headers XSS in Gift Registry Search |
We have corrected our release note and apologize for any confusion this may have created. The patch and Community Edition 1.9.2.1 are fully tested, complete and ready for you to deploy. We strongly encourage you to implement the patch or upgrade to the new version as soon as possible.
As a reminder, you can access the patch in following ways:
Once again, we apologize for the confusion this has created. We are reviewing our internal processes to ensure that we do not repeat this error in the future.