Xerte vulnerabilities – fixes available in v3.15.4-36 and v3.14.5-11

The Xerte development team has recently liaised with a security researcher who reported potential security vulnerabilities in earlier Xerte versions. Fixes for these vulnerabilities have now been released. As the public disclosure of vulnerabilities and reproduction steps will clearly increase the risk of exploit, we strongly recommend upgrading your Xerte installation as soon as possible.

Please upgrade to one of the following versions or later of either 3.14 or 3.15:
• Xerte 3.15.4-32
• Xerte 3.14.5-11
Both versions are available from the downloads section of the Xerte community website and include the relevant security fixes.

Additional information:

• The fixes affect only a small number of files (three in total).
• One of these files is only used during initial setup and will not be present in most installations.

Please note that depending on the version you are upgrading from, 3.15.4-36 and 3.14.5-11 may also include other fixes and enhancements that are not security related but are part of our continual developments between full releases. Please see the release notes for further information of new features included in each version.

We also sent this notification and recommendation to direct contacts and registered admins – please make any relevant colleagues aware of the need to update your installations as soon as possible.

Please post any questions regarding this email in the Bugs and Issues section on the community forum.