On Oct 27, 2015 the magento team released a patch that provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting.

This patch bundle protects your Magento installation against several potential threats, and includes a new configuration setting that helps manage the backward compatibility of the patch for extensions and customizations. The first patch in the bundle was included in the Magento Community release. However, versions of Magento Community prior to need this critical patch.

Important! This patch breaks backward compatibility, and can impact extensions and customizations.

More information about the individual issues addressed by this patch is available in the patch release notes.