Kirby 2.1.1 — Security Update

Hey everyone,

I got a report from an independent security researcher today, who unfortunately found two vulnerabilities in Kirby 2.1.0. I instantly fixed both issues and released a new version just a couple minutes ago. You can read more about it here:

I take security very serious and even though it hurts to admit that there are those vulnerabilities, I’m very glad that they have been reported and I was able to fix them quickly.

I can only encourage you to update your sites immediately!

Please let me know if you got any questions or concerns!


Perhaps this post should be pinned on top. Maybe it would be a good idea to have some sort of specific post for critical updates, and to act as a more “live” changelog.

1 Like

You can now find a row of additional security tipps here:

1 Like

I know Kirby 1 is no longer supported, but is it vulnerable as well?

On re-reading the bulletin, both seem to concern pretty specific panel settings with either panel or FTP access. I suspect the panel module wasn’t as widely used in Kirby 1 than Kirby 2.

FYI: Kirby 2.1.1 seems to be incompatible with the kirbycms-extension-image plugin. I get this error:

Parse error: syntax error, unexpected '[' in /Users/xxx/Sites/xxx/site/plugins/kirbycms-extension-image/kirbycms-extension-image-lib-block-object.php on line 88

I filed an issue on github. Hope this can be fixed soon…

Update: The problem does occur only on PHP 5.3. On PHP 5.6 it works fine.

If you downloaded that plugin from github kirbycms, then it is not compatible with Kirby 2.

Plugins for Kirby 2 can be found here: and here:

Edit: ok, I realized you were referring to the plugin by @fanningert. Could you a link to the extensions you are referring to next time? Thanks.

Her the issue for the problem. I already create a workaround a pushed it into the master branch. But need some tests.


Regards Thomas