Security advisory - DataTables 1.9.4- sever-side processing

Security advisory - DataTables 1.9.4- sever-side processing

allanallan Posts: 63,691Questions: 1Answers: 10,500 Site admin
edited December 2012 in Announcements
Hello all,

It has been brought to my attention that DataTables 1.9.4's demo PHP server-side processing scripts have an SQL injection vulnerability in them. This issue has been present in all releases of DataTables since v1.5 which introduced server-side processing. It does not effect DataTables' core Javascript file - only the demonstration server-side processing scripts.

If you are using the example PHP server-side processing scripts I would strongly recommend you update your scripts. The DataTables 1.9.4 package has been rebuilt and includes the required fixes ( http://datatables.net/download ). Likewise all scripts available on this site now contain the required fixes.

Further details of the fix can be found in the git commit that addresses this issue:
https://github.com/DataTables/DataTables/commit/86cc702

If you have any questions about this issue, please post a reply and I'll attempt to answer them as thoroughly as possibly. Obviously security is of paramount importance and I appreciate this issue being brought to light so it can be addressed.

Regards,
Allan
This discussion has been closed.