NB: These advisories are being moved to https://ezplatform.com/security-advisories
For a while you will find them in both places, but eventually they will be removed from here.
If you come across a security issue in our products, here is how you can report it to us: https://doc.ezplatform.com/en/latest/guide/reporting_issues/
Security Advisories
EZSA-2020-001: Remote code execution in file uploads
Wednesday 19 February 2020 09:20
EZSA-2019-008: Remote code execution in PHP-FPM
Thursday 07 November 2019 12:18
EZSA-2019-007: Prevent accepting app.php in URL in Platform.sh
Monday 02 September 2019 03:10
EZSA-2019-006: Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
Friday 23 August 2019 01:02
EZSA-2019-005: Bundled jQuery affected by CVE-2019-11358
Friday 05 July 2019 10:22
EZSA-2019-004: CSRF token in login form is disabled by default
Thursday 27 June 2019 12:43
EZSA-2019-003: XSS in eZFind spellcheck
Thursday 23 May 2019 10:43
EZSA-2019-002: Password reset vulnerability
Tuesday 02 April 2019 02:34
EZSA-2019-001: XSS in Admin UI
Tuesday 12 March 2019 04:23
EZSA-2018-010: Symfony security advisories
Monday 10 December 2018 04:42
EZSA-2018-009: Do not interpret PHP/PHAR uploads
Wednesday 21 November 2018 01:11
EZSA-2018-008: REST API returns list of all SiteAccesses
Tuesday 20 November 2018 03:20
EZSA-2018-007: User data disclosure
Tuesday 20 November 2018 02:49
EZSA-2018-006: XSS vulnerability in 'disabled module' error template
Thursday 01 November 2018 11:21
EZSA-2018-005: Passwordless login for LDAP users
Wednesday 31 October 2018 01:31
EZSA-2018-004: Symfony security advisories
Thursday 31 May 2018 11:05
EZSA-2018-003: 4-byte UTF-8 in MySQL/MariaDB
Thursday 24 May 2018 04:14
EZSA-2018-002: The files uploaded via packages component are executable
Monday 26 February 2018 04:40
EZSA-2017-006: Information disclosure in backend content tree menu
Thursday 07 September 2017 01:48
Proudly Developed with
from
from