Dear XWiki users/admins,
We have found and fixed an important security issue. It’s referenced as CVE-2020-11057. See Authenticated server side code execution without programming rights on User Dashboards · Advisory · xwiki/xwiki-platform · GitHub for details of the attack and the risks.
We urge you to upgrade your XWiki instance to versions later than 11.10.3 & 12.0:
- if you’re on the LTS, please upgrade to the latest, which is 11.10.5.
- If you’re on the 12.x cycle, please upgrade to 12.3.
Checking https://www.xwiki.org/xwiki/bin/view/ActiveInstalls/XWikiVersions we can see that we have a lot of XWiki instances still using versions older than 11.10.3 (3777 instances to be exact).
We apologize for the inconvenience.
The XWiki Development Team