← Back to team overview

dhis2-devs team mailing list archive

Re: [Dhis2-users] security issue - upgrade action required for 2.28 and older versions

 

Noted with thanks

On Thu, Nov 15, 2018 at 3:06 PM Lars Helge Øverland <lars@xxxxxxxxx> wrote:

> Hi all,
>
> a potential serious security issue has been discovered with one of the
> libraries used by DHIS 2. The issue can potentially allow attackers to
> write or copy files to disk in arbitrary locations. The attacker needs to
> be logged in to DHIS 2 (authenticated) to do this.
>
> The affected versions are *DHIS 2.28 and older*.
>
> We have patched the following versions: 2.25, 2.26, 2.27, 2.28.
>
> We recommend that you upgrade to the latest build of the mentioned
> releases if you are affected. We won't disclose more info about this issue
> on the public mailing list.
>
>
> best,
>
> Lars
>
>
> --
>
> Lars Helge Øverland
> Technical lead, DHIS 2
> University of Oslo
> lars@xxxxxxxxx
> https://www.dhis2.org
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>

References