Dear all,
DHIS2 version 39.9.1 is out as a HOTFIX release to address a critical vulnerability in v39:
- DHIS2-17321: ZipSlip vulnerability in app installation leads to RCE (Cure53: UIO-01-020)
Note: this issue can only be exploited by authenticated users.
This is the latest stable release for version 39, and supersedes release 39.9.0.
The release note for this patch can be found here: Patch 39.9.1 Release Note.
Thanks!
DHIS2 Release Team
| Release Information | Links |
|---|---|
| Release Note | Patch 39.9.1 Release Note |
| Upgrade notes | 2.39 Upgrade notes |
| Download release and sample database | Downloads - DHIS2 1 |
| Documentation | Home - DHIS2 Documentation |
| Source code on Github | tag/2.39.9.1 |
| Demo instance | Login app | DHIS2 1 |
| Docker | docker pull dhis2/core:2.39.9.1 for more docker image variants see dockerhub |