Today, a new version (126.96.36.19963) of CakePHP has been released. It fixes a XSS (cross-site scripting) vulnerability in CakePHP, you find the details in ticket #1272. So it is strongly recommended to update. You find the release on CakeForge. This release contains also the SessionHelper I wrote about in the post “New core helper: SessionHelper”.
Security fix for XSS vulnerability
Published on and tagged with cakephp
- Open ID & OAUTH 2.0 – Tales of a White Robe on OpenID versus OAuth from the user’s perspective
- Using Google Sheet As Web App Data Source | Matt Develops on 2-legged vs. 3-legged OAuth
- Deepali on OpenID versus OAuth from the user’s perspective
- Nicholas on Building a DVD catalog application with CakePHP
- Varun Kapoor on Migrations – the CakePHP way(?)