Dear all,
DHIS2 version 40.7.1 is out as a HOTFIX release to address a critical vulnerability in v40:
- DHIS2-17321: ZipSlip vulnerability in app installation leads to RCE (Cure53: UIO-01-020)
Note: this issue can only be exploited by authenticated users.
This is the latest stable release for version 40, and supersedes release 40.7.0.
The release note for this patch can be found here: Patch 40.7.1 Release Note.
Thanks!
DHIS2 Release Team
| Release Information | Links |
|---|---|
| Release Note | Patch 40.7.1 Release Note |
| Upgrade notes | 2.40 Upgrade notes |
| Download release and sample database | Downloads - DHIS2 1 |
| Documentation | Home - DHIS2 Documentation |
| Source code on Github | tag/2.40.7.1 |
| Demo instance | Login app | DHIS2 1 |
| Docker | docker pull dhis2/core:2.40.7.1 for more docker image variants see dockerhub |