Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter v4.1.9 released
#1

Hi all- another quick note about a hotfix that just went live. Special thanks to @iRedds for discovering and disclosing this security issue; also thanks to the team as we deliberated over the resolution, and to @kenjis for preparing the release.

This hotfix addresses a security issue whereby CSRF could be bypassed in some situations. Please update any projects less than 4.1.9 immediately. To read more about the security advisory visit: https://github.com/codeigniter4/CodeIgni...-24gm-h554
Reply
#2

The hotfix fixes two vulnerabilities.
  • Remote CLI Command Execution Vulnerability
  • Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability
See Changelog: https://codeigniter4.github.io/userguide...4.1.9.html
Reply
#3

Thank you very much CodeIgniter Development Team.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#4

Just a note The CodeIgniter 4.1.9 CI_VERSION is still reporting CodeIgniter 4.1.8 needs to be fixed.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#5

@InsiteFX How do you install?
codeigniter4/framework is surely updated:
https://github.com/codeigniter4/framewor...120e0cL48v
Reply
#6

Thanks CI Team
Composer update

Learning CI4 from my works, from errors and how to fix bugs in the community

Love CI & Thanks CI Teams

Reply
#7

Excellent. Thank you.
Reply
#8

(02-26-2022, 03:07 AM)kenjis Wrote: @InsiteFX How do you install?
codeigniter4/framework is surely updated:
https://github.com/codeigniter4/framewor...120e0cL48v

It seems to me that it was about the development branch.
Reply
#9

The develop branch is not updated yet. Do not use in production.
There were merge conflicts, so now it is under review:
https://github.com/codeigniter4/CodeIgniter4/pull/5747
Reply
#10

I download the GitHub Download version extract it and move all files to the project folder so I end up with a structure
like this:

ci4test
-- app
-- system
-- public
-- Myth

In other words I copy the complete codeIgniter4-development all files are copied as is out of the folder to the ci4test folder

I then edited and changed the CI_VERSION in system/Codeigniter.php

PHP Code:
public const CI_VERSION '4.1.9'

That fixed the issue.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply




Theme © iAndrew 2016 - Forum software by © MyBB