The security patch that we intended to release last week,
SUPEE-6788, will be released tomorrow along with Enterprise
Edition 1.14.2.2 and Community Edition 1.9.2.2. The content
below provides information about these releases so you can
evaluate the impact these changes may have on your extensions
and support your clients. This information should
be kept confidential and should not be shared or discussed
publicly until the release date.

The patch (SUPEE-6788) addresses over 10 security issues
identified through our comprehensive security program,
including remote code execution and information leak
vulnerabilities unrelated to the recent malware issue. There
are no confirmed reports of attacks related to these issues
to-date, but it is important that merchants deploy the patch in
order to protect their stores. 

BACKWARD COMPATIBILITY
This patch breaks backward compatibility in three ways
that can affect extensions and
customizations.
 For example, changes to admin
routing can make extensions and customizations inaccessible
from the admin panel if they are not using proper routing.

To help address concerns about the admin routing changes, we
have modified the patch so that these changes are turned off by
default. This means that the patch will include the fix, but
that it will be disabled when installed. We also delayed the
release to give you more time to make updates to your code. We
urge you to update your extensions as soon as possible so that
merchants can fully-enable the patch and protect their admin
panels from automated attacks.

You can learn more about how the security patch breaks backward
compatibility and potential changes you may need to make to
your code in this document. More information will be provided in
the Magento Security Center and in theMagento Enterprise Edition and Magento Community Edition release notes when
the patch is released tomorrow

Patches are available for Magento Enterprise Edition 1.7 and
later releases and Magento Community Edition 1.4 and later
releases. Merchants can also upgrade to Magento Enterprise
Edition 1.14.2.2 or Community Edition 1.9.2.2.

DOWNLOADING THE SECURITY PATCH
Before implementing this new security patch (SUPEE-6788), you
must first implement all previous security patches. This will
ensure that the patch works properly.

To download the patch, choose from the following options:

  • Partners: Go to the Partner Portal, select Technical Resources and
    then select Download from the Enterprise Edition panel. Next,
    navigate to Magento Enterprise Edition > Patches &
    Support and look for the folder titled “Security Patches –
    October 2015.” 
  • Enterprise Edition Merchants: Go
    to My Account, select the Downloads tab, and then
    navigate to Magento Enterprise Edition > Support Patches.
    Look for the folder titled “Security Patches – October 2015.”
    Merchants can also upgrade to Enterprise Edition 1.14.2.2 and
    receive the security update as part of the core code. 
  • Community Edition Merchants: Patches for
    earlier versions of Community Edition can be found on the
    Community Edition download page (look for SUPEE-6788).
    Merchants can also upgrade to Community Edition 1.9.2.2 and
    receive the security update as part of the core code. 

Information about installing patches for Magento Enterprise Edition andMagento Community Edition is available
online.

Thank you for your attention and continued support. 

Best regards,
The Magento Team