##OpenMRS Security Advisory##
Severity: Critical Exploit: allows Remote Code Execution and Directory Traversal without needing to log in
##What versions are affected##
- Reporting module (all versions prior to 0.9.8.1)
- OpenMRS Reference Application 2.0, 2.1, 2.2, 2.3
##Recommendations##
Anyone running the Reporting Module (included in the Reference Application) should immediately upgrade to the latest released version of the module, which is available here.
This includes anyone running any version of the OpenMRS Reference Application released so far (2.0-2.3), as well as anyone who has installed the Reporting module on top of an OpenMRS Platform release.