We are pleased to bring to you Magento Community Edition 1.9.2.3, which includes an update to the USPS API, and a bundle of patches to improve the security of your Magento installation. While there are no confirmed attacks related to these issues to date, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions.

Important! Use Magento Community 1.9.2.3 or later for all new installations and upgrades to ensure that you have the latest fixes, features, and security updates.

Security Patch Bundle (SUPEE-7405)

We highly recommend all users of Magento Community Edition, versions 1.4.0.0 - 1.9.2.2 to either install the SUPEE-7405 patch bundle, or upgrade to Community Edition 1.9.2.3. Visit the Magento Security Center for detailed information about the SUPEE-7405 patch bundle.

• If you have not yet installed previous patches, please do so now to bring your system up to date.
• Read or review Magento’s Security Best Practices and make sure that all safeguards are in place to protect your system from compromise.
• Use this occasion to examine your system for indications of possible attack, such as strange administrator accounts, unfamiliar files on the server, etc.
• To receive direct notification from our security team regarding any emerging issues and solutions, sign up for the Security Alert Registry.

USPS Patch (SUPEE-7616)

On January 17, 2016, USPS made several changes to their services, rates, and package names. The updates are reflected in this release, and include the following changes:

• Standard Post renamed “Retail Ground”
• Flat Rate Box for Priority Mail Express Eliminated

Because the USPS changes are not included in the security patch, earlier versions of Magento must be updated by installing the SUPEE-7616 patch. The patch is available for download in the same location as the security patch bundle.

See also:

• Magento Security Best Practices
• Installing Magento Patches
• Magento Forums