SUPEE-10266 security enhancements patch was released on september 14th of 2017. SUPEE-10266 patch can be downloaded from Downloads page here: Magento Open Source Patches - 1.x
You can install it in the same way as previous patches or by upgrading to version 184.108.40.206.
SUPEE-10266 can cause issues in the checkout process. It will shield your eCommerce store from either of safety related problems, disturb remote code execution and prevent information leak and newsletter templates cross site scripting.
Here are your Magento Open Source upgrade options:
- Upgrade to version 220.127.116.11. SUPEE-9767 version 2 is already included in the Open Source 18.104.22.168 release.
- Revert SUPEE-9767 version 1, then install SUPEE-9767 version 2
- Install SUPEE-9767 version 2
Be sure to install and aprobate the patch in a dev site first to verify that it works as expected before introducing it to a production site. Don't forget to test that your store is working and also test the checkout process.
- Disable Compiler at System > Configuration > Tools > Magento Compiler and clear compiled cache
- Download SUPEE-10266 patch from https://magento.com/tech-resources/download#download2073
- Place patch files into Root directory
- Run the patch
- Flush the cache and CSS/JS caches at System > Cache Management
SUPEE-10266 Open Source version 22.214.171.124 contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. These releases also include fixes for issues with image reloading and payments using one-step checkout.
If you tried to update with Downloader to latest 126.96.36.199 and It doesn't work. SUPEE-10266 contains all changes from 188.8.131.52 and installing SUPEE-10266 on top of 184.108.40.206 or upgrade of 220.127.116.11 to 18.104.22.168 will lead to the same results.
Magento CE version 1.8
The patch can give error message like "Not valid template file" on Magento CE version 1.8.
If your site has not been patched with latest security patches before SUPEE-10266 then it's possible the issue you are encountering is because of that. SUPEE 8788 patch makes changes to which template is pulled make sure you have that applied and then test your upload again.