Today, a new version (126.96.36.19963) of CakePHP has been released. It fixes a XSS (cross-site scripting) vulnerability in CakePHP, you find the details in ticket #1272. So it is strongly recommended to update. You find the release on CakeForge. This release contains also the SessionHelper I wrote about in the post “New core helper: SessionHelper”.
Security fix for XSS vulnerability
Published on and tagged with cakephp