CRITICAL security update : SPIP 3.2.4 & SPIP 3.1.10 released

A critical security flaw in SPIP was recently brought to our attention letting any identified visitors execute random code.

It affects versions SPIP 3.1 prior to 3.1.10 and versions SPIP 3.2 priori to 3.2.4 and every websites running those versions.
Versions 3.0 and prior are not affected by this issue

It’s highly recommanded to perform an update as soon as possible.

SPIP team would like to thank Guillaume Fahrner who identified the flaw and alerted us.
If you can’t perform the update right now, the safety_screen version 1.3.11 blocks any attempt to exploit that flaw.
https://www.spip.net/en_article4201.html

Updating the safety_screen is a patch and does not come as a replacement for any needed SPIP upgrade. You should perform it as soon as possible.

Complete announcement & details
https://blog.spip.net/834

Download SPIP
https://www.spip.net/en_download

updated on 27 May 2019

Discussion

Aucune discussion

Comment on this article

Who are you?
  • [Log in]

To show your avatar with your message, register it first on gravatar.com (free et painless) and don’t forget to indicate your Email addresse here.

Enter your comment here

This form accepts SPIP shortcuts {{bold}} {italic} -*list [text->url] <quote> <code> and HTML code <q> <del> <ins>. To create paragraphs, just leave empty lines.

Add a document

Follow the comments: RSS 2.0 | Atom