DataTables
Security advisory - DataTables 1.9.4- sever-side processing
-
Hello all,
It has been brought to my attention that DataTables 1.9.4's demo PHP server-side processing scripts have an SQL injection vulnerability in them. This issue has been present in all releases of DataTables since v1.5 which introduced server-side processing. It does not effect DataTables' core Javascript file - only the demonstration server-side processing scripts.
If you are using the example PHP server-side processing scripts I would strongly recommend you update your scripts. The DataTables 1.9.4 package has been rebuilt and includes the required fixes ( http://datatables.net/download ). Likewise all scripts available on this site now contain the required fixes.
Further details of the fix can be found in the git commit that addresses this issue:
https://github.com/DataTables/DataTables/commit/86cc702
If you have any questions about this issue, please post a reply and I'll attempt to answer them as thoroughly as possibly. Obviously security is of paramount importance and I appreciate this issue being brought to light so it can be addressed.
Regards,
Allan
This discussion has been closed.
← All Discussions Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Support
Get useful and friendly help straight from the source.
Categories
- All Discussions15,875
- Announcements120
- General10,150
- DataTables 1.91,625
- DataTables 1.8754
- Bug reports1,106
- Plug-ins637
- Blog28
- Feature requests140
- Editor333
- FixedHeader119
- KeyTable61
- TableTools802