Security advisory - DataTables 1.9.4- sever-side processing
Security advisory - DataTables 1.9.4- sever-side processing
allan
Posts: 63,602Questions: 1Answers: 10,486 Site admin
Hello all,
It has been brought to my attention that DataTables 1.9.4's demo PHP server-side processing scripts have an SQL injection vulnerability in them. This issue has been present in all releases of DataTables since v1.5 which introduced server-side processing. It does not effect DataTables' core Javascript file - only the demonstration server-side processing scripts.
If you are using the example PHP server-side processing scripts I would strongly recommend you update your scripts. The DataTables 1.9.4 package has been rebuilt and includes the required fixes ( http://datatables.net/download ). Likewise all scripts available on this site now contain the required fixes.
Further details of the fix can be found in the git commit that addresses this issue:
https://github.com/DataTables/DataTables/commit/86cc702
If you have any questions about this issue, please post a reply and I'll attempt to answer them as thoroughly as possibly. Obviously security is of paramount importance and I appreciate this issue being brought to light so it can be addressed.
Regards,
Allan
It has been brought to my attention that DataTables 1.9.4's demo PHP server-side processing scripts have an SQL injection vulnerability in them. This issue has been present in all releases of DataTables since v1.5 which introduced server-side processing. It does not effect DataTables' core Javascript file - only the demonstration server-side processing scripts.
If you are using the example PHP server-side processing scripts I would strongly recommend you update your scripts. The DataTables 1.9.4 package has been rebuilt and includes the required fixes ( http://datatables.net/download ). Likewise all scripts available on this site now contain the required fixes.
Further details of the fix can be found in the git commit that addresses this issue:
https://github.com/DataTables/DataTables/commit/86cc702
If you have any questions about this issue, please post a reply and I'll attempt to answer them as thoroughly as possibly. Obviously security is of paramount importance and I appreciate this issue being brought to light so it can be addressed.
Regards,
Allan
This discussion has been closed.