As of Wednesday September 23, 2009, Varien have released a security update covering XSS vulnerabilities. We recommend all users upgrade to the latest version to protect their stores - but please remember to backup prior to an upgrade!.
Backing up your store is extremely quick and easy, there are two methods, manually via Sonassi domain backup tool and SSH or using Magento's built-in backup tool. We would recommend the manual option.
Generating a manual Magento backup
Step 1) Log into the client area, select "Disk" from the menu, and scroll to the lower portion of the page to select the domain you wish to backup A visual guide can be found here https://www.sonassi.com/blog/2009/06/03/client-area-how-to-generate-a-domain-backup/
Step 2) Log into your SSH account A visual guide can be found here https://www.sonassi.com/blog/2009/06/03/ssh-how-to-connect-using-windows-with-putty/
Step 3) Enter the following commands, modifying database, username, password and database_host with your own information.
$# cd /backups/ $# database="DATABASE_NAME" $# username="USERNAME" $# password="PASSWORD" $# database_host="db.DOMAIN.COM" $# filename=`date +%F-%H_%M-%S`".sql.gz" $# myqsldump -h $database_host -u $username -p$password $database | gzip > $filename
Step 4) If it is a production site, please attempt an upgrade late at night or during off-peak hours - you don't want to upset your customers.
Magento Version 126.96.36.199 is now available. This version includes a security updates for Magento 1.3.x that solves possible XSS vulnerability issue on customer registration page and is available through SVN, Download Page and through the Magento Connect Manager. If you are using Magento Version 1.3.x we highly recommend upgrading as soon as possible to Magento 188.8.131.52 If you are using the Magento Connect Manager to upgrade, you should only upgrade Mage_All_Latest package. This package will upgrade all the needed packages.