Save the date!
Please save the date for this year's Xerte Conference - Wednesday 18 November 2026. The Xerte Project team are looking forward to another exciting event later in the year and invite you to get involved.
- Blog
- 74
The xerte project blog
News, Articles and Resources
Xerte vulnerabilities – fixes available in v3.15.5 and v3.14.6
The Xerte development team have recently liaised with a separate security researcher who reported a vulnerability and potential exploit when the setup code used for new Xerte installations has been left in place. They will make public disclosure of this in due course.
Background:
Part of the guidance since the very first release of Xerte Online Toolkits many years ago has been to remove the setup folder after initial installation and also following upgrades, which means this vulnerability should not exist in public facing installations. However we haven’t until these new updates (see versions below) triggered automatic removal of the setup folder. We have also fixed and removed the potential for exploit in these new releases for even if the setup folder were to be left in place or not able to be removed by the upgrade script.
Immediate actions for whoever looks after your installation:
Step 1 Important: Ensure that your public facing installations do not include the \setup\ folder e.g. manually delete it.
Note: this does not apply to the other folders with setup in the folder name only the \setup\ folder used for initial installation.
Step 2 Optional: you could also upgrade to Xerte 3.15.5 or Xerte 3.14.6 and run upgrade.php which will update the version of your install and confirm automatic removal of the setup folder. If removal fails for any reason (e.g. permissions), the upgrade will still include the fixed setup code protecting from the potential exploit.
Please post any questions regarding this email in the Bugs and Issues section on the community forum.
- Blog
- 58
Xerte vulnerabilities – fixes available in v3.15.4-36 and v3.14.5-11
The Xerte development team has recently liaised with a security researcher who reported potential security vulnerabilities in earlier Xerte versions. Fixes for these vulnerabilities have now been released. As the public disclosure of vulnerabilities and reproduction steps will clearly increase the risk of exploit, we strongly recommend upgrading your Xerte installation as soon as possible.
Please upgrade to one of the following versions or later of either 3.14 or 3.15:
• Xerte 3.15.4-32
• Xerte 3.14.5-11
Both versions are available from the downloads section of the Xerte community website and include the relevant security fixes.
- Blog
- 662
Celebrating Xerte
Have you ever paused to appreciate just how remarkable Xerte is, not only for what it does, but for the fact that it’s open‑source? And have you ever wondered why that really matters?
- Blog
- 957
We’re pleased to announce that the newest version of Xerte, version 3.15, is now available for AI in Xerte
Let’s talk about AI. It’s a topic that’s become difficult to ignore in education as it’s use has become so widespread. Soon the next version of Xerte, the widely used open source tool for creating interactive learning resources, is introducing AI-powered functionality. This exciting development aims to help educators design online learning content more efficiently, without compromising quality or creativity.
- Blog
- 1936