Magento has released a security update.
To further secure the Magento platform from potential attacks, we are releasing a new patch (SUPEE-5994) with multiple critical security fixes today. The patch addresses a range of issues, including scenarios where attackers can gain access to customer information. These vulnerabilities were gathered through our multi-point security program, and we have received no reports of merchants or their customers being impacted by these issues.
All versions of Magento Community Edition software are impacted and we strongly recommend that you work with your Solution Partner or developer to immediately deploy this critical patch. Please note that this patch should be installed in addition to the recent Shoplift patch (SUPEE-5344). More information about the security issues is available in the Appendix of the Magento Community Edition user guide.
More information about Magento releases can be found here:
Patch Releases (merch.docs.magento.com)
Our Website Maintenance Department has already been in contact with our clients regarding these upgrades.
If you haven't signed up for automatic upgrades for Magento - please do that here:
Upgrade Program (webstix.com)