Security advisory - DataTables 1.9.4- sever-side processing
Security advisory - DataTables 1.9.4- sever-side processing
![allan](https://secure.gravatar.com/avatar/5e2528412f84f2db0280e04c7ed120a5/?default=https%3A%2F%2Fvanillicon.com%2F5e2528412f84f2db0280e04c7ed120a5_200.png&rating=g&size=120)
Hello all,
It has been brought to my attention that DataTables 1.9.4's demo PHP server-side processing scripts have an SQL injection vulnerability in them. This issue has been present in all releases of DataTables since v1.5 which introduced server-side processing. It does not effect DataTables' core Javascript file - only the demonstration server-side processing scripts.
If you are using the example PHP server-side processing scripts I would strongly recommend you update your scripts. The DataTables 1.9.4 package has been rebuilt and includes the required fixes ( http://datatables.net/download ). Likewise all scripts available on this site now contain the required fixes.
Further details of the fix can be found in the git commit that addresses this issue:
https://github.com/DataTables/DataTables/commit/86cc702
If you have any questions about this issue, please post a reply and I'll attempt to answer them as thoroughly as possibly. Obviously security is of paramount importance and I appreciate this issue being brought to light so it can be addressed.
Regards,
Allan
It has been brought to my attention that DataTables 1.9.4's demo PHP server-side processing scripts have an SQL injection vulnerability in them. This issue has been present in all releases of DataTables since v1.5 which introduced server-side processing. It does not effect DataTables' core Javascript file - only the demonstration server-side processing scripts.
If you are using the example PHP server-side processing scripts I would strongly recommend you update your scripts. The DataTables 1.9.4 package has been rebuilt and includes the required fixes ( http://datatables.net/download ). Likewise all scripts available on this site now contain the required fixes.
Further details of the fix can be found in the git commit that addresses this issue:
https://github.com/DataTables/DataTables/commit/86cc702
If you have any questions about this issue, please post a reply and I'll attempt to answer them as thoroughly as possibly. Obviously security is of paramount importance and I appreciate this issue being brought to light so it can be addressed.
Regards,
Allan
This discussion has been closed.