THIS PATCH ADDRESSES THE SECURITY ISSUES BELOW:
- Customer Information Leak via RSS and Privilege Escalation Closed
- Request Forgery in Magento Connect Leads to Code Execution Closed
- Cross-site Scripting in Wishlist Closed
- Cross-site Scripting in Cart ClosedStore Path Disclosure Closed
- Permissions on Log Files too Broad Closed
- Cross-site Scripting in Admin ClosedCross-site Scripting in Orders RSS
More information about these issues can be found on the Magento Security Center and in the Appendix of Magento Community Edition user guides.
DOWLOAD THE SECURITY PATCH:
- Before implementing this new security patch (SUPEE-6285), you should implement SUPEE-5994 (issued May 14, 2015) to ensure that the patch works properly.
- Patches for Community Edition 1.6.0 to 1.9.1.1 can also be found on the Community Edition download page (look for SUPEE-6285).
- Implement and test the patches in a development environment first to confirm that they work as expected before taking it to your production site. Installing patches for Magento Community Edition is available here.
OUR PRODUCTS:
You can update this Magento security patch on all our Magento Themes and Magento Extensions easily. If you are in need of further assistance, please feel free to contact our support team.
Thanks for reading!
