CodeIgniter 2.2.2 Released |
CodeIgniter 2.2.2 has been released today, and is a security release for the 2.x branch.
HTTP "Host" header character validation was added, to prevent cache poisoning attacks when base_url auto-detection is used. Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version. Sites running the development version of 3.x are unaffected as they have already been addressed in that version line. We felt that sites who were still running 2.x and potentially impacted by the vulnerability warranted an update so the release available for that version line is secure. You can download v2.2.2 now, and we encourage you to read the full changelog.
James Parry
Project Lead |
Messages In This Thread |
CodeIgniter 2.2.2 Released - by jlp - 04-15-2015, 09:10 AM
RE: CodeIgniter 2.2.2 Released - by Crenel - 04-15-2015, 11:05 AM
RE: CodeIgniter 2.2.2 Released - by mwhitney - 04-15-2015, 12:26 PM
RE: CodeIgniter 2.2.2 Released - by alkarim - 04-15-2015, 07:53 PM
RE: CodeIgniter 2.2.2 Released - by ronelb - 04-15-2015, 08:28 PM
RE: CodeIgniter 2.2.2 Released - by bhblacky - 05-01-2015, 02:27 AM
RE: CodeIgniter 2.2.2 Released - by mtvee - 05-18-2015, 10:53 AM
|