Recently, A security vulnerability was discovered in Zend FrameWork which poses a security threat.
Zend has released an advisory that there is a serious security vulnerability in their FrameWork product, which InterWorx utilizes. The framework is used to provide XMLRPC access to the InterWorx API. Information regarding the vulnerability can be found in the security advisory at http://framework.zend.com/security/advisory/ZF2012-01.
In response, we have released an emergency hotfix to patch our integration of Zend FrameWork. It is highly recommended all our hosts update their version of InterWorx as soon as possible. This can be done by running:
yum update interworx
from command-line. By default, InterWorx also checks for updates once a day and thus most InterWorx servers should be updated within 24 hours. We are not aware of any instances of this issue being exploited on InterWorx servers, but we take the security of our product and our client’s data extremely seriously. Thus, we pushed the patch live as soon as we were made aware of this issue.
Questions or Concerns
Please feel free to contact InterWorx support if you have any questions regarding this update.