Critical Security Advisory: 2015-11-25

##OpenMRS Security Advisory##

Severity: Critical Exploit: allows Remote Code Execution and Directory Traversal without needing to log in

##What versions are affected##

  • Reporting module (all versions prior to
  • OpenMRS Reference Application 2.0, 2.1, 2.2, 2.3


Anyone running the Reporting Module (included in the Reference Application) should immediately upgrade to the latest released version of the module, which is available here.

This includes anyone running any version of the OpenMRS Reference Application released so far (2.0-2.3), as well as anyone who has installed the Reporting module on top of an OpenMRS Platform release.


A post was split to a new topic: OpenMRS Security Advisories: 2015-11-30

This topic was automatically closed after 61 minutes. New replies are no longer allowed.