|Kirby Version||Support Status|
||✅ Latest Kirby release, actively supported|
||✅ No known vulnerabilities|
||❌ Not supported (end of life) since January 1, 2021|
||❌ Not supported (end of life) since February 1, 2016|
|Affected versions||Description||Fixed in|
||Registration block: .dev domains and some reverse proxy setups were treated as local CVE-2020-26253 CVE Entry GitHub||3.3.6|
||PHP Phar archives could be uploaded by Panel users as content files and executed CVE-2020-26255 CVE Entry GitHub||3.4.5|
Please follow our security guide to keep your Kirby installation secure.
If you have spotted a vulnerability in Kirby's core or the Panel, please make sure to let us know immediately. We take any report very seriously and we will react as soon as possible.
Please do not write to us publicly, e.g. in the forum, as making security vulnerabilities public before they are fixed can give attackers valuable time to exploit the issue. By letting us know directly, you can protect other Kirby users from such attacks.