Ushahidi Security Bulletin

A critical security vulnerability was discovered in the 2.1 release of Ushahidi. A fix had been posted but we were recently notified that this fix was not reflected in the version of the Ushahidi platform available for download at download.ushahidi.com. This vulnerability allows for unapproved reports to be viewable via search. A patch has been posted and we recommend that you update your files immediately. We would like to extend our thanks to community members George Chamales and Rob Munro for their assistance.

Advisory ID: USHAHIDI-SA-WEB-2011-002

Project: Ushahidi-Web
Version: 2.1
Date: 2012-12-12
Security Risk: Critical
Vulnerability: Unapproved reports show up in search
Fix/Patch:
Replace /application/controllers/search.php with this file.

To see all security alerts, please see: http://security.ushahidi.com/

This information will also be shared on our Ushahidi Developer mailing list, skype chat and social media channels.