Matomo Response to ZF2012-01 Security Advisory

The current version of Matomo (Piwik) (1.8.2) is not affected by this vulnerability. Matomo neither uses nor includes the XmlRpc component from Zend Framework.

Matomo users are, however, encouraged to upgrade to the latest versions of Matomo and PHP to take advantage of new features and bug fixes.

References:

  • ZF2011-01: Local file disclosure via XXE injection in Zend_XmlRpc
  • CVE-2012-3363

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email