v1.9.3.6

This patch (SUPEE-10266) provides resolution of multiple critical security issues and several functional fixes. These critical security issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version. See Magento Security Center for a comprehensive discussion of these issues.

This release also provides support for the following functional issues:

General fixes

• We’ve fixed an issue where uploaded images were twice their original size after you applied SUPEE-9767 v2.
• We’ve added an informative message to the payment information section of the one-page checkout to alert customers that no payment is due for orders that total 0.0.