DHIS2 patch release 2.41.4.1 is now available - [SECURITY HOTFIX]

Dear all,

DHIS2 version 41.4.1 is out as a HOTFIX release to address a critical vulnerability in v41. This was fixed in version 41.3.1, but unfortunately exposed again in version 41.4:

  • DHIS2-17321: ZipSlip vulnerability in app installation leads to RCE (Cure53: UIO-01-020)

Note: this issue can only be exploited by authenticated users.

This is the latest stable release for version 41, and supersedes release 41.4.0.

The release note for this patch can be found here: Patch 41.4.1 Release Note.

Thanks!

DHIS2 Release Team

Release Information Links
Release Note Patch 41.4.1 Release Note
Upgrade notes 2.41 Upgrade notes
Download release and sample database Downloads - DHIS2
Documentation Home - DHIS2 Documentation
Source code on Github tag/2.41.4.1
Demo instance Login app | DHIS2
Docker docker pull dhis2/core:2.41.4.1
for more docker image variants see dockerhub
2 Likes

Dear Philip Larsen Donnelly,

Thank you very much for your kind reply.
I would greatly appreciate it if you could provide detailed instructions on how to create an account in Trainingland and Customization to conclude module 2 and proceed with the next step (Fundamental DHIS2).

Thank you in advance for your assistance.

With kind regards,

Paulo Rabna

1 Like