Security Update v1.1 for Piwik web analysis software
The Piwik developers strongly recommend updating to version 1.1 of their PHP-based software as it fixes a number of critical vulnerabilities. Piwik is a free alternative to web analysis solutions like Google Analytics.
According to the developers the update is the result of a five-day code review by a team from security consultants SektionEins lead by the PHP security specialist Stefan Esser. This produced much valuable information on problems and possible improvements for Piwik, improvements which are now incorporated into the latest version.
The update corrects 112 errors and now supports asynchronous tracking. Based on their experience of the audit the developers strongly recommend other projects to also perform periodic code reviews.
Further details of the vulnerabilities can be found in the change log for the new version. Piwik 1.1 is available for download (direct download) from the Piwik web site and is released under the GPLv3 licence.