DataTables logo DataTables

Security advisory - DataTables 1.9.4- sever-side processing
  • Hello all,

    It has been brought to my attention that DataTables 1.9.4's demo PHP server-side processing scripts have an SQL injection vulnerability in them. This issue has been present in all releases of DataTables since v1.5 which introduced server-side processing. It does not effect DataTables' core Javascript file - only the demonstration server-side processing scripts.

    If you are using the example PHP server-side processing scripts I would strongly recommend you update your scripts. The DataTables 1.9.4 package has been rebuilt and includes the required fixes ( http://datatables.net/download ). Likewise all scripts available on this site now contain the required fixes.

    Further details of the fix can be found in the git commit that addresses this issue:
    https://github.com/DataTables/DataTables/commit/86cc702

    If you have any questions about this issue, please post a reply and I'll attempt to answer them as thoroughly as possibly. Obviously security is of paramount importance and I appreciate this issue being brought to light so it can be addressed.

    Regards,
    Allan
This discussion has been closed.
All Discussions