Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter 2.2.2 Released
#1

CodeIgniter 2.2.2 has been released today, and is a security release for the 2.x branch.

HTTP "Host" header character validation was added, to prevent cache poisoning attacks when base_url auto-detection is used.


Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version. Sites running the development version of 3.x are unaffected as they have already been addressed in that version line. We felt that sites who were still running 2.x and potentially impacted by the vulnerability warranted an update so the release available for that version line is secure.

You can download v2.2.2 now, and we encourage you to read the full changelog.
James Parry
Project Lead
Reply
#2

(04-15-2015, 09:10 AM)jlp Wrote: Since most have moved on to the development version of 3.0 from the GitHub repo, these fixes only affect sites powered by the legacy version.

I definitely appreciate security patches for the 2.x series. My existing CI sites are all on 2.x and I don't know when I will have time to upgrade them.

AFAIK, CI doesn't have a usage reporting feature, which prevents knowing just how many live 2.x sites are out there.  Is "most have moved on" basically a guess based on current input from those in active development? I didn't even know there was a 3.x until fairly recently, and I would guess there are others who still don't know. Not everyone is actively developing their sites, even if the sites are in production. If you're not actively developing and just letting the site run, it's (too) easy to be disconnected from what else is happening in the world of CodeIgniter.
Reply
#3

I've setup Bonfire to switch between 2.x and 3.x fairly easily, but there are still some bugs to workout in Bonfire's interaction with 3.x. Since my own site is running Bonfire (with CI 2.2.2 now), I'm definitely trying my best to track down every little issue I can and get it working with CI 3 before it reaches EOL in October.
Reply
#4

Great to hear that CI has released new version in the CI 2.X series. Hope it gets much secure than the older version's. Good going CI team :-)
Reply
#5

Downloading ...
Thanks for the security updates CI Dev Team! This is good news for those of us that still have legacy projects to maintain. Keep up the great work.
Share what you know,
Learn what you don't
Reply
#6

A lot of people forget that not every client wants to pay for updates on scripts.
i have a few codeigniter projects out there, with greedy clients and yeah, they are running on an old version
and nobody will update it, when they don't want to pay. That's the hard reality.

But still, good work for updating, much appreciate it.
Reply
#7

Just a thanks for keeping the 2 branch updated!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB