DHIS2 patch release 2.41.4.1 is now available - [SECURITY HOTFIX]

phil · 1 July 2025 15:40

Dear all,

DHIS2 version 41.4.1 is out as a HOTFIX release to address a critical vulnerability in v41. This was fixed in version 41.3.1, but unfortunately exposed again in version 41.4:

DHIS2-17321: ZipSlip vulnerability in app installation leads to RCE (Cure53: UIO-01-020)

Note: this issue can only be exploited by authenticated users.

This is the latest stable release for version 41, and supersedes release 41.4.0.

The release note for this patch can be found here: Patch 41.4.1 Release Note.

Thanks!

DHIS2 Release Team

Release Information	Links
Release Note	Patch 41.4.1 Release Note
Upgrade notes	2.41 Upgrade notes
Download release and sample database	Downloads - DHIS2
Documentation	Home - DHIS2 Documentation
Source code on Github	tag/2.41.4.1
Demo instance	Login app \| DHIS2
Docker	`docker pull dhis2/core:2.41.4.1` for more docker image variants see dockerhub

paulo.rabna · 1 July 2025 16:56

Dear Philip Larsen Donnelly,

Thank you very much for your kind reply.
I would greatly appreciate it if you could provide detailed instructions on how to create an account in Trainingland and Customization to conclude module 2 and proceed with the next step (Fundamental DHIS2).

Thank you in advance for your assistance.

With kind regards,

Paulo Rabna