ZF2009-02: XSS vector in Zend_Filter_StripTags

Piwik 0.2.33 (released Mar. 2, 2009) and earlier versions are not affected by this security advisory (disclosed Mar. 2, 2009) because Piwik uses a subset of ZF which does not include Zend_Filter.

Piwik users are, however, encouraged to upgrade to take advantage of new features and bug fixes.

Reference: Cross-site scripting vector in Zend_Filter_StripTags


Anthon Pang

- active contributor for years, Anthon has designed some some major features in Piwik such as the first version of the Javascript tracker. He still regularly advises the team.