Download Latest Version
v3.2.1 source code.tar.gz (2.5 MB)
Get an email when there's a new version of Plausible Analytics
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-05-15 | 1.5 kB | |
| v3.2.1 source code.tar.gz | 2026-05-15 | 2.5 MB | |
| v3.2.1 source code.zip | 2026-05-15 | 3.4 MB | |
| Totals: 3 Items | 6.0 MB | 0 | |
Security related update
This patch release fixes a security vulnerability affecting the following versions of Plausible Community Edition (image: ghcr.io/plausible/community-edition): Tags:
- v3.2
- v3.2.0
- v3
- v3.2.0-rc.0
- v3.1
- v3.1.0
- v3.1.0-rc.1
- v3.1.0-rc.0
- v3.0.1
- v3.0
- v3.0.0
- v3.0.0-rc.6
- v3.0.0-rc.5
- v3.0.0-rc.4
- v3.0.0-rc.3
- v3.0.0-rc.2
- v3.0.0-rc.1
- v3.0.0-rc.0
The affected versions expose a HTTP "/storybook" endpoint which, under certain conditions, allows remote code execution with privileges of system user running the application.
This release v3.2.1 of Plausible Community Edition completely removes that endpoint.
Who is affected?
All deployments of Plausible Community Edition running the following versions:
- v3.2
- v3.2.0
- v3
- v3.2.0-rc.0
- v3.1
- v3.1.0
- v3.1.0-rc.1
- v3.1.0-rc.0
- v3.0.1
- v3.0
- v3.0.0
- v3.0.0-rc.6
- v3.0.0-rc.5
- v3.0.0-rc.4
- v3.0.0-rc.3
- v3.0.0-rc.2
- v3.0.0-rc.1
- v3.0.0-rc.0
where HTTP "/storybook" endpoint is exposed to a public or other untrusted network.
Mitigation
All affected versions of Plausible Community Edition should be updated to v3.2.1 as soon as possible.
As an immediate mitigation, it is recommended to block access to HTTP "/storybook" endpoint in your reverse proxy configuration or via other applicable means.
Changes in this release
- Remove
HTTP "/storybook"endpoint along with the associated logic
No other changes are included in this release.