Matomo Response to Zend Framework Security Advisory ZF2009-01

Contents

ZF2009-01: LFI vector in Zend_View::setScriptPath() and render()

Matomo (Piwik) 0.2.31 (released Feb 18, 2009) and earlier versions are not affected by this security advisory (disclosed Feb. 17, 2009) because Matomo uses a subset of ZF which does not include Zend_View.

Matomo users are, however, encouraged to upgrade to take advantage of new features and bug fixes.

Reference: Local file inclusion vector in Zend_View

Recommended for you
Enjoyed this post?
Join the 160,000+ subscribers who receive the Matomo Newsletter straight to their inbox every month
Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

Try Cloud for free
Download On-Premise

No credit card required.

Free forever.

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

Try Cloud for free

No credit card required.

Download On-Premise

Free forever.