10-31-2015, 01:09 PM
CodeIgniter 2.2.6 has been released today, and is a security release for the 2.x branch.
You can download v2.2.6 now, and we encourage you to read the full changelog.
This is the last planned update for CodeIgniter 2, which has reached end-of-life.
- Fixed an XSS attack vector in Security Library method xss_clean().
- Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.
- Changed CAPTCHA Helper to try to use the operating system's PRNG first.
You can download v2.2.6 now, and we encourage you to read the full changelog.
This is the last planned update for CodeIgniter 2, which has reached end-of-life.
James Parry
Project Lead
Project Lead