Magento has released a security bundle that resolves several security related issues, including a vulnerability in the Zend Framework.
As usual, if you are on a maintenance plan, this will have been installed for you automatically. If you are unsure, please contact us and we can confirm.
Issues:
- Addresses possible custom admin patch bypasing
- Addresses possible SQL injection attack
- Template processing method allows access to private information
- Addresses potential exploit with custom option file types
- Resolves a cross site scripting error / session fixation
- Insifficient protection of password reset process
Full patch notes can be found here
