Piwik 0.5.4 (released Dec. 18, 2009) and earlier versions are not affected by this security advisory to Zend_Log (disclosed Jan. 11, 2010) because Piwik uses UTF-8.

Furthermore, Piwik is not affected by security advisories ZF2010-02 through ZF2010-06 because Piwik uses a subset of ZF which does not include Zend_Form, Zend_View, Zend_Dojo, Zend_Filter, Zend_File, Zend_Service, or Zend_Json.

Piwik users are, however, encouraged to upgrade to the latest version to take advantage of new features and bug fixes.

Reference: Potential XSS vectors due to inconsistent encodings


Anthon Pang

- active contributor for years, Anthon has designed some some major features in Piwik such as the first version of the Javascript tracker. He still regularly advises the team.


Any questions?

Many answers and more information about Piwik You can find here:

We are social

Follow us: