CRITICAL security update : SPIP 3.2.4 & SPIP 3.1.10 released

A critical security flaw in SPIP was recently brought to our attention letting any identified visitors execute random code.

It affects versions SPIP 3.1 prior to 3.1.10 and versions SPIP 3.2 priori to 3.2.4 and every websites running those versions.
Versions 3.0 and prior are not affected by this issue

It’s highly recommanded to perform an update as soon as possible.

SPIP team would like to thank Guillaume Fahrner who identified the flaw and alerted us.
If you can’t perform the update right now, the safety_screen version 1.3.11 blocks any attempt to exploit that flaw.

Updating the safety_screen is a patch and does not come as a replacement for any needed SPIP upgrade. You should perform it as soon as possible.

Complete announcement & details

Download SPIP

updated on 2 October 2019


Aucune discussion

Ajouter un commentaire

Who are you?
[Log in]

To show your avatar with your message, register it first on (free et painless) and don’t forget to indicate your Email addresse here.

Enter your comment here

This form accepts SPIP shortcuts {{bold}} {italic} -*list [text->url] <quote> <code> and HTML code <q> <del> <ins>. To create paragraphs, just leave empty lines.

Add a document

Follow the comments: RSS 2.0 | Atom