June '12

27

Posted by

in Security

Comments: Leave a Reply

Piwik Response to ZF2012-01 Security Advisory

The current version of Piwik (1.8.2) is not affected by this vulnerability. Piwik neither uses nor includes the XmlRpc component from Zend Framework.

Piwik users are, however, encouraged to upgrade to the latest versions of Piwik and PHP to take advantage of new features and bug fixes.

References:

  • ZF2011-01: Local file disclosure via XXE injection in Zend_XmlRpc
  • CVE-2012-3363
About author
piwik team member

Anthon Pang

Anthon is a Software Developer from Canada and an active Piwik team member since 2007. He has contributed some of the earliest and most critical code in Piwik, such as the Javascript Tracker. Anthon also built and maintains our QA infrastructure.

Like what you read?

Subscribe to our rss feed: Posts or you can Suggest a topic to write about in the blog or See list of Features

    No comments have been added yet...

Leave a Reply

Post Comment