Dear XWiki users/admins,
We have found and fixed an important security issue. It’s referenced as CVE-2020-11057. See https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmp6-jjg8-9424 for details of the attack and the risks.
We urge you to upgrade your XWiki instance to versions later than 11.10.3 & 12.0:
- if you’re on the LTS, please upgrade to the latest, which is 11.10.5.
- If you’re on the 12.x cycle, please upgrade to 12.3.
Checking https://www.xwiki.org/xwiki/bin/view/ActiveInstalls/XWikiVersions we can see that we have a lot of XWiki instances still using versions older than 11.10.3 (3777 instances to be exact).
We apologize for the inconvenience.
The XWiki Development Team