Magento has released a security bundle that resolves several security related issues, including a vulnerability in the Zend Framework.

As usual, if you are on a maintenance plan, this will have been installed for you automatically. If you are unsure, please contact us and we can confirm.

Issues:

  • Addresses possible custom admin patch bypasing
  • Addresses possible SQL injection attack
  • Template processing method allows access to private information
  • Addresses potential exploit with custom option file types
  • Resolves a cross site scripting error / session fixation
  • Insifficient protection of password reset process

Full patch notes can be found here