+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: General (https://forum.codeigniter.com/forumdisplay.php?fid=1)
+--- Forum: News & Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=2)
+--- Thread: CodeIgniter v4.5.8 security fix released (/showthread.php?tid=92342)
CodeIgniter v4.5.8 security fix released - paulbalandan - 01-19-2025
We are happy to announce the immediate availability of v4.5.8. This is a security fix and the last patch version for the v4.5 series.
- Users are strongly advised to upgrade to this version immediately. This patch fixes a security vulnerability where lack of proper validation of a header's name and value can lead to a possible Denial of Service (DoS) scenario. Please refer to the security advisory for more information.
- This will be the last patch release for the v4.5 series. We'll be releasing the next minor version in the next hour.
IMPORTANT FOR COMPOSER USERS: It is anticipated that v4.6.0 release will be bringing possible breaking changes in your applications. To ensure a smooth transition from v4.5 to v4.6, we highly suggest the following tweaks in your composer.json in the require field:
Code:"codeigniter4/framework": "~4.5.7"
With this change, it is ensured that you will only receive the patch updates. Once v4.6.0 is released and you have followed the upgrade guide, you can now safely change your composer.json back to its original form.
Changelog: https://github.com/codeigniter4/CodeIgniter4/blob/develop/user_guide_src/source/changelogs/v4.5.8.rst
Upgrading: https://github.com/codeigniter4/CodeIgniter4/blob/develop/user_guide_src/source/installation/upgrade_458.rst
RE: CodeIgniter v4.5.8 security fix released - michalsn - 01-19-2025
Thank you!