Xerte vulnerabilities – fixes available in v3.14.2 and v3.13.9

We are sending this important message to registered users with Xerte installations as notification of recent releases of versions 3.14.2 and 3.13.9. These latest releases and revisions fix some potential vulnarabilities. We therefore recommend that you upgrade your installations (regardless of current version or revision) to at least 3.13.9 (although preferably 3.14.2) as a matter of urgency.

Download updates from https://xerte.org.uk 

We recommend upgrading to version 3.14.2 as this includes the same security fixes as version 3.13.9, as well as many other improvements and new features. However, if your usual workflow is that you would upgrade a test installation first and then allow for user testing, you should not delay the upgrade of your production server and should upgrade that to at least 3.13.9 as soon as possible.

Last week the Xerte development team was alerted by a security professional about potential security vulnerabilities in some parts of the Xerte code. These were quickly investigated and fixed/prevented and an update released via our Xerte community site namely V3.14.2 and V3.13.9.

These are highly technical vulnerabilities, and the potential risks will also vary according to the exact server configuration. Also, the potential exploits in these cases have seemingly existed for some time without any known exploit. We from the Xerte Project do not plan to release the exact details of these vulnerabilities, but the security professional indicated he will request CVE's for these vulnerabilities, so the exact nature will be made public in the near future. So, it is of the utmost importance to upgrade to version 3.14.2 or version 3.13.9 as a matter of urgency.

Please post any questions regarding this email in the Bugs and Issues section on the community forum.