• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CodeIgniter 2.2.6 Released

#1
CodeIgniter 2.2.6 has been released today, and is a security release for the 2.x branch.
  • Fixed an XSS attack vector in Security Library method xss_clean().
  • Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.
  • Changed CAPTCHA Helper to try to use the operating system's PRNG first.
Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version.We felt that sites who were still running 2.x and potentially impacted by the vulnerability warranted an update so the release available for that version line is secure.

You can download v2.2.6 now, and we encourage you to read the full changelog.

This is the last planned update for CodeIgniter 2, which has reached end-of-life.
James Parry
Project Lead
Reply

#2
Hello,

Did you plan to update the page http://www.codeigniter.com/user_guide/in...ading.html with :
. Upgrading from 2.2.5 to 2.2.6
. Upgrading from 2.2.4 to 2.2.5
. Upgrading from 2.2.3 to 2.2.4

...?

Thanks,
Régis
Reply

#3
See http://www.codeigniter.com/userguide2/in...ading.html
The upgrading page you reference is from the user guide for version 3 Undecided
Reply

#4
Oups... thanks a lot !
Reply

#5
(10-31-2015, 02:09 PM)jlp Wrote: CodeIgniter 2.2.6 has been released today, and is a security release for the 2.x branch.
  • Fixed an XSS attack vector in Security Library method xss_clean().
  • Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.
  • Changed CAPTCHA Helper to try to use the operating system's PRNG first.
Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version.We felt that sites who were still running 2.x and potentially impacted by the vulnerability warranted an update so the release available for that version line is secure.

You can download v2.2.6 now, and we encourage you to read the full changelog.

This is the last planned update for CodeIgniter 2, which has reached end-of-life.

Thank you all for the great work on CodeIgniter 2. It's been a very great framework! I'm sure this will continue on to version 3.
Reply

#6
Appreciate This.
I sure that this helps to improve the usability of this PHP framework.
AmarInfotech is a PHP Development Company that offers a variety of frameworks like Zend, CakePHP, CodeIgniter to the global clients.
Reply

#7
Many thanks also benefited
o24
Reply

#8
(08-31-2016, 05:00 AM)ilejesthe Wrote: Many thanks also benefited

It's a little late for that, you should be using 3.x already.
Reply

#9
Thumbs Up 
Thanks
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.