Magento Released two updates today to address some security concerns with Magento 1.x installations. While 2.x received some recent security updates, this is the first 1.x in some time.
As always with patches and updates, if you are running Magento and this is your busy season, you want to be careful with updating your software.
Security updates are important, but they may also create other unexpected problems with custom installations or extensions.
If you decide to update now, the best choice would be a parallel installation first. Your host provider might be able to help you with that.
Otherwise, make a full backup of your site, then install the update and check the site for any problems. Your best bet is to do this sometime in the middle of the night on your slowest day.
However, as important as security updates are, and we urge you to read through them here, you probably should wait until late January to make any updates to your Magento installation. Realistically, you want extension providers to test the new version and let other users find the problems first.
Here is the complete information about the security update for each 1.x version of Magento. Remember, most Magento users run Open Source 1.9.x.x.
If you are updating, let us know how it went. Drop us a line in the comments section below.