Recently Magento announced new security patch SUPEE-6285 that was created in order to provide protection against several types of security-related issues, including information leaks, request forgeries, and cross-site scripting. More information about these issues can be found on the Magento documentation. SUPEE-6285 patch is available directly from Magento site for both CE and EE Magento editions. Same time Magento team also released Magento Community Edition 1.9.2. We do strongly recommend to all our clients to either apply patch or upgrade to recent Magento version.
In order to test if your store protected against that security problem you can use our Magento site scanner that now provide audit for possible threats that are solved by next security issues: SUPEE-5344, SUPEE-5994, SUPEE-6285 & XML XXE vuln 2012.
Unfortunately after applying that changes you may encounter some problems with backend permissions for admin users with limited access rights because of the changes in permission code. We already published compatibility updates on our site so feel free to download them or contact our support team immediately.
