February '10

11

Posted by

in Security

Piwik Response to Zend Framework Security Advisory ZF2010-01

Piwik 0.5.4 (released Dec. 18, 2009) and earlier versions are not affected by this security advisory to Zend_Log (disclosed Jan. 11, 2010) because Piwik uses UTF-8.

Furthermore, Piwik is not affected by security advisories ZF2010-02 through ZF2010-06 because Piwik uses a subset of ZF which does not include Zend_Form, Zend_View, Zend_Dojo, Zend_Filter, Zend_File, Zend_Service, or Zend_Json.

Piwik users are, however, encouraged to upgrade to the latest version to take advantage of new features and bug fixes.

Reference: Potential XSS vectors due to inconsistent encodings

About author
piwik team member

Anthon Pang

Anthon is a Software Developer from Canada and an active Piwik team member since 2007. He has contributed some of the earliest and most critical code in Piwik, such as the Javascript Tracker. Anthon also built and maintains our QA infrastructure.

Like what you read?

Subscribe to our rss feed: Posts or you can Suggest a topic to write about in the blog or See list of Features