Matomo Response to Zend Framework Security Advisory ZF2010-01

Contents

Matomo (Piwik) 0.5.4 (released Dec. 18, 2009) and earlier versions are not affected by this security advisory to Zend_Log (disclosed Jan. 11, 2010) because Matomo uses UTF-8.

Furthermore, Matomo is not affected by security advisories ZF2010-02 through ZF2010-06 because Matomo uses a subset of ZF which does not include Zend_Form, Zend_View, Zend_Dojo, Zend_Filter, Zend_File, Zend_Service, or Zend_Json.

Matomo users are, however, encouraged to upgrade to the latest version to take advantage of new features and bug fixes.

Reference: Potential XSS vectors due to inconsistent encodings

Recommended for you
Enjoyed this post?
Join the 160,000+ subscribers who receive the Matomo Newsletter straight to their inbox every month

Subscribe to our newsletter to receive regular information about Matomo. You can unsubscribe at any time from it. This service uses MadMimi. Learn more about it within our privacy Policy page.

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

Try Cloud for free
Download On-Premise

No credit card required.

Free forever.

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

Try Cloud for free

No credit card required.

Download On-Premise

Free forever.