Matomo Response to Zend Framework Security Advisory ZF2009-01

Contents

ZF2009-01: LFI vector in Zend_View::setScriptPath() and render()

Matomo (Piwik) 0.2.31 (released Feb 18, 2009) and earlier versions are not affected by this security advisory (disclosed Feb. 17, 2009) because Matomo uses a subset of ZF which does not include Zend_View.

Matomo users are, however, encouraged to upgrade to take advantage of new features and bug fixes.

Reference: Local file inclusion vector in Zend_View

Recommended for you
Enjoyed this post?
Join the 160,000+ subscribers who receive the Matomo Newsletter straight to their inbox every month

Subscribe to our newsletter to receive regular information about Matomo. You can unsubscribe at any time from it. This service uses MadMimi. Learn more about it within our privacy Policy page.

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

Try Cloud for free
Download On-Premise

No credit card required.

Free forever.

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

Try Cloud for free

No credit card required.

Download On-Premise

Free forever.