According to announce sent on new security patch SUPEE-6482
is available for installation to cover several potential threats, one of which is critical:
New Magento Security Patch (SUPEE-6482 – Install Immediately
Today we are providing a new security patch
(SUPEE-6482) that addresses 4 security issues; two issues related to APIs and two cross-site scripting risks. The patch is available for Community Edition 1.4 and later releases and is part of the core code of Community Edition 188.8.131.52, which is available for download today. Before implementing this new security patch, you must first implement all previous security patches. Download Community Edition 184.108.40.206 or the patch from the Community Edition download page at https://www.magentocommerce.com/products/downloads/magento/
If you have no SSH access to apply the patch, you can simply upgrade your installation to
version which includes all the latest security patches (SUPEE-5344,SUPEE-5994,SUPEE-6285,SUPEE-6482). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article.
If you wish to save time and have us to install all these patches for you, simply click here
patch is not related to previous patches in any way and can be installed
prior to or after installation of other security patches (SUPEE-1533, SUPEE-5344,SUPEE-5994 or SUPEE-6285).
The following files are changed by SUPEE-6482:
Applying Magento patches via FTP/sFTP or FileManager / File Upload
To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.
Before patching make sure to Disable Magento Compiler if you use it at System > Configuration > Tools > Compilation and clear compiled cache.
Patched version of these files for Magento 220.127.116.11 packed into single ZIP archive: SUPEE-6482-18.104.22.168. Simply unpack it and replace files on your store by uploading app/ folder into your Magento root directory.
Patch for other versions
Older versions are patched in the same way, I am adding downloads for other versions into a single table on demand when I need to patch certain version:
Verify patch status at our patch tester page.
If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it (or restart webserver) after patching, otherwise code will continue to run from caches.
Additionally, if your store still using default
/admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to