Matomo Response to ZF2012-01 Security Advisory

Contents

The current version of Matomo (Piwik) (1.8.2) is not affected by this vulnerability. Matomo neither uses nor includes the XmlRpc component from Zend Framework.

Matomo users are, however, encouraged to upgrade to the latest versions of Matomo and PHP to take advantage of new features and bug fixes.

References:

  • ZF2011-01: Local file disclosure via XXE injection in Zend_XmlRpc
  • CVE-2012-3363
Enjoyed this post?
Join the 160,000+ subscribers who receive the Matomo Newsletter straight to their inbox every month
Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

No credit card required.

Free forever.

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

No credit card required.

Free forever.