During a routine code review, we have discovered a critical vulnerability in OpenFISMA.

We are simultaneously releasing patches today for OpenFISMA versions 2.12.0 and 2.13.1. We recommend for all users to upgrade immediately.

If you are using a version of OpenFISMA prior to 2.12.0, then we recommend that you upgrade to the 2.12 or 2.13 series as soon as possible to take advantage of the security patch.

Information for 2.12.0 users:

Notes

Download

Information for 2.13.1 users:

Notes

Download

If you have questions or concerns about this vulnerability or patch, please contact us using the "Contact Us" link on our website.