CodeIgniter Forums
CodeIgniter 2.2.6 Released - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: General (https://forum.codeigniter.com/forum-1.html)
+--- Forum: News & Discussion (https://forum.codeigniter.com/forum-2.html)
+--- Thread: CodeIgniter 2.2.6 Released (/thread-63451.html)



CodeIgniter 2.2.6 Released - jlp - 10-31-2015

CodeIgniter 2.2.6 has been released today, and is a security release for the 2.x branch.
  • Fixed an XSS attack vector in Security Library method xss_clean().
  • Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.
  • Changed CAPTCHA Helper to try to use the operating system's PRNG first.
Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version.We felt that sites who were still running 2.x and potentially impacted by the vulnerability warranted an update so the release available for that version line is secure.

You can download v2.2.6 now, and we encourage you to read the full changelog.

This is the last planned update for CodeIgniter 2, which has reached end-of-life.


RE: CodeIgniter 2.2.6 Released - regis92 - 11-02-2015

Hello,

Did you plan to update the page http://www.codeigniter.com/user_guide/installation/upgrading.html with :
. Upgrading from 2.2.5 to 2.2.6
. Upgrading from 2.2.4 to 2.2.5
. Upgrading from 2.2.3 to 2.2.4

...?

Thanks,
RĂ©gis


RE: CodeIgniter 2.2.6 Released - ciadmin - 11-02-2015

See http://www.codeigniter.com/userguide2/installation/upgrading.html
The upgrading page you reference is from the user guide for version 3 Undecided


RE: CodeIgniter 2.2.6 Released - regis92 - 11-02-2015

Oups... thanks a lot !


RE: CodeIgniter 2.2.6 Released - iAmcR - 11-13-2015

(10-31-2015, 01:09 PM)jlp Wrote: CodeIgniter 2.2.6 has been released today, and is a security release for the 2.x branch.
  • Fixed an XSS attack vector in Security Library method xss_clean().
  • Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.
  • Changed CAPTCHA Helper to try to use the operating system's PRNG first.
Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version.We felt that sites who were still running 2.x and potentially impacted by the vulnerability warranted an update so the release available for that version line is secure.

You can download v2.2.6 now, and we encourage you to read the full changelog.

This is the last planned update for CodeIgniter 2, which has reached end-of-life.

Thank you all for the great work on CodeIgniter 2. It's been a very great framework! I'm sure this will continue on to version 3.


RE: CodeIgniter 2.2.6 Released - AmarInfotech - 08-24-2016

Appreciate This.
I sure that this helps to improve the usability of this PHP framework.


RE: CodeIgniter 2.2.6 Released - ilejesthe - 08-31-2016

Many thanks also benefited


RE: CodeIgniter 2.2.6 Released - Narf - 08-31-2016

(08-31-2016, 04:00 AM)ilejesthe Wrote: Many thanks also benefited

It's a little late for that, you should be using 3.x already.


RE: CodeIgniter 2.2.6 Released - Mehdi001 - 10-24-2016

Thanks