CodeIgniter Forums

Full Version: CodeIgniter 2.2.6 Released
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
CodeIgniter 2.2.6 has been released today, and is a security release for the 2.x branch.
  • Fixed an XSS attack vector in Security Library method xss_clean().
  • Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.
  • Changed CAPTCHA Helper to try to use the operating system's PRNG first.
Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version.We felt that sites who were still running 2.x and potentially impacted by the vulnerability warranted an update so the release available for that version line is secure.

You can download v2.2.6 now, and we encourage you to read the full changelog.

This is the last planned update for CodeIgniter 2, which has reached end-of-life.
Hello,

Did you plan to update the page http://www.codeigniter.com/user_guide/in...ading.html with :
. Upgrading from 2.2.5 to 2.2.6
. Upgrading from 2.2.4 to 2.2.5
. Upgrading from 2.2.3 to 2.2.4

...?

Thanks,
RĂ©gis
See http://www.codeigniter.com/userguide2/in...ading.html
The upgrading page you reference is from the user guide for version 3 Undecided
Oups... thanks a lot !
(10-31-2015, 01:09 PM)jlp Wrote: [ -> ]CodeIgniter 2.2.6 has been released today, and is a security release for the 2.x branch.
  • Fixed an XSS attack vector in Security Library method xss_clean().
  • Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.
  • Changed CAPTCHA Helper to try to use the operating system's PRNG first.
Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version.We felt that sites who were still running 2.x and potentially impacted by the vulnerability warranted an update so the release available for that version line is secure.

You can download v2.2.6 now, and we encourage you to read the full changelog.

This is the last planned update for CodeIgniter 2, which has reached end-of-life.

Thank you all for the great work on CodeIgniter 2. It's been a very great framework! I'm sure this will continue on to version 3.
Appreciate This.
I sure that this helps to improve the usability of this PHP framework.
Many thanks also benefited
(08-31-2016, 04:00 AM)ilejesthe Wrote: [ -> ]Many thanks also benefited

It's a little late for that, you should be using 3.x already.
Thanks