Uwazi is a free, open-source solution for organising, analysing and publishing your documents.
Subgraph performed a security audit of the Uwazi application. This audit consisted of the following:
-Automated and manual testing of the application deployed natively and in Docker
-Code auditing of the application, with a focus on issues such input validation vulnerabilities, file upload safety, authentication, and access control
The audit covered version 1.4 of the application as well as more recent versions from the master branch from January/February of 2019.
Subgraph discovered two security findings as a result of the audit.