On Jan 20, 2016 the magento team released a patch that provides protection against several types of security-related issues, including information leaks and cross-site scripting.

More information about the individual issues addressed by this patch is available in the patch release notes.