Piwik Response to ZF2012-01 Security Advisory

The current version of Piwik (1.8.2) is not affected by this vulnerability. Piwik neither uses nor includes the XmlRpc component from Zend Framework. Piwik users are, however, encouraged to upgrade to the latest versions of Piwik and PHP to take … Read More

Marketing Guru Wanted for Piwik!

The Piwik team invites interested individuals to apply for the volunteer position of Marketing Guru. Growing Open Source Project Looking for a Marketing Leader! If you are an active Piwik user, if you have a flair for communications, marketing, and/or … Read More

Piwik Response to ZF2011-02 Security Advisory

The current version of Piwik is not affected by this vulnerability. Since version 0.5 (released December 2009), Piwik checks (and sets, if required) the MySQL connection charset to UTF-8. Piwik users are, however, encouraged to upgrade to the latest versions … Read More

Piwik Response to CVE-2011-3791

The path disclosure weakness described in CVE-2011-3791 does not affect Piwik 1.1. Beginning with Piwik 0.6.3 (released June 2010), the installer creates Apache .htaccess and IIS web.config files to prevent direct access to .php files. Users upgrading from an earlier … Read More

Piwik 1.5 – Security Advisory

The Piwik 1.5 release addresses a critical security vulnerability, which affect all Piwik users that have let granted some access to the “anonymous” user. Users should upgrade immediately. Description Piwik 1.5 contains a remotely exploitable vulnerabiliy that could allow a … Read More

Piwik 1.1 – Security Advisory

Multiple XSS vulnerabilties are fixed by the Piwik 1.1 release. Description: CVE-2011-004. Piwik versions prior to 1.1 are vulnerable to multiple XSS vulnerabilities, both persistent and reflected. This security update is rated critical, and Piwik users are strongly encouraged to … Read More

Piwik added to Windows Web App Gallery

Piwik is now available on the Windows Web App Gallery, joining the ranks of WordPress, Acquia Drupal, Moodle, Joomla, and phpBB! IIS users can install these (and dozens of other web apps) using Web Platform Installer (aka Web PI or … Read More

Piwik Response to ZF2010-07 Security Advisory

No Piwik releases up to and including Piwik 0.6.4 are affected by this advisory as the Dojo bundle is not included in the Piwik distribution (or svn). Piwik users are, however, encouraged to upgrade to the latest version to take … Read More

Piwik 0.6.4 Security Advisory CVE-2010-2786

An arbitrary file inclusion vulnerability is fixed by the latest Piwik 0.6.4 release. Description: Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern in a crafted request for a data renderer. This … Read More