Critical RCE in dotCMS

[Will Ezell]

I wanted to share with the dotCMS community that there has been a critical security issue / RCE discovered in dotCMS versions 4.0 to 22.02.  The issue has been fixed in our latest LTS versions,  v22.03, v5.3.8.10 and v21.06.7 and hotfixes are available on our github repo for other affected versions.   A CVE has been filed, though it has not been made public yet.

The issue has already been communicated and remediated for dotCMS Cloud and Enterprise supported customers.

For more information about this issue and steps on how to remediate it, please details on our site at:  https://www.dotcms.com/security/SI-62

 

Thank you,

Will Ezell

--

382 NE 191st St #92150

Miami, Florida 33179-3899

Main: 305-900-2001 | Direct: 978.294.9429

wi...@dotcms.com | dotcms.com