+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: General (https://forum.codeigniter.com/forumdisplay.php?fid=1)
+--- Forum: News & Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=2)
+--- Thread: CodeIgniter 2.2.3 Released (/showthread.php?tid=62431)
Pages:
1
2
CodeIgniter 2.2.3 Released - jlp - 07-14-2015
CodeIgniter 2.2.3 has been released today, and is a security release for the 2.x branch.
Removed a fallback to mysql_escape_string() in the 'mysql' database driver (escape_str() method) when there's no active database connection.
Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version. Sites running the development version of 3.x are unaffected as they have already been addressed in that version line. We felt that sites who were still running 2.x and potentially impacted by the vulnerability warranted an update so the release available for that version line is secure.
You can download v2.2.3 now, and we encourage you to read the full changelog.
RE: CodeIgniter 2.2.3 Released - Georde Henrique - 07-14-2015
When will launched the next version of Codeigniter?
RE: CodeIgniter 2.2.3 Released - andreabielle - 07-15-2015
Thank you James. We have still many websites running under CI 2.x and it's good to know that we're still covered against potential vulnerabilities.
We appreciate it a lot. Thank you very much again.
RE: CodeIgniter 2.2.3 Released - codeigniter1932 - 07-15-2015
I really appreciate your efforts
RE: CodeIgniter 2.2.3 Released - Hobbes - 07-15-2015
give them some time with the next version, they just recently released 3.0.
RE: CodeIgniter 2.2.3 Released - webcomfort - 07-15-2015
Thanks for release!
RE: CodeIgniter 2.2.3 Released - Alan - 07-16-2015
(07-14-2015, 07:16 AM)jlp Wrote: CodeIgniter 2.2.3 has been released today, and is a security release for the 2.x branch.
Removed a fallback to mysql_escape_string() in the 'mysql' database driver (escape_str() method) when there's no active database connection.
Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version. Sites running the development version of 3.x are unaffected as they have already been addressed in that version line. We felt that sites who were still running 2.x and potentially impacted by the vulnerability warranted an update so the release available for that version line is secure.
You can download v2.2.3 now, and we encourage you to read the full changelog.
Thank you so much, I have a few CI 2 sites which I have not had time to upgrade to CI 3 yet, this is great !
RE: CodeIgniter 2.2.3 Released - kevindeleon - 07-16-2015
Just a heads up, this update worked fine on our local dev machines, but when pushed to our live server hosed everything up. We are seeing the following error and not sure exactly why at the moment:
"Message: mysql_real_escape_string() expects parameter 2 to be resource, boolean given"
We are running the latest versions of HHVM and MariaDB on both our dev and live machines. If anyone has any ideas, I'm all ears...if we determine the problem, I will post back here.
RE: CodeIgniter 2.2.3 Released - Narf - 07-16-2015
(07-16-2015, 10:09 AM)kevindeleon Wrote: Just a heads up, this update worked fine on our local dev machines, but when pushed to our live server hosed everything up. We are seeing the following error and not sure exactly why at the moment:
"Message: mysql_real_escape_string() expects parameter 2 to be resource, boolean given"
We are running the latest versions of HHVM and MariaDB on both our dev and live machines. If anyone has any ideas, I'm all ears...if we determine the problem, I will post back here.
This means that your database connection is not yet initialized at the time you're escaping something.
In fact, the only change in the 2.2.3 release is to require an active connection while escaping variables with the 'mysql' driver. Getting that error message means that you were previously vulnerable to charset-based SQL injection attacks.
RE: CodeIgniter 2.2.3 Released - regis92 - 07-21-2015
Hello !
Is it possible to know what are the modified files only ?