The CakePHP core team is happy to announce the immediate availability of CakePHP 3.0.11 and 3.1.0-beta2. These releases are a maintenance releases that contain bugfixes and fixes for security issues.
Security Fixes
--------------
There are two issues that can impact the security of a CakePHP application:
* `Cake\ORM\Query::where()` would allow static methods to be invoked. This could create unintentional side effects, or undesired query manipulation.
* `Validation::compare()` and `Validation::range()` would allow specifically crafted data past certain criteria.
We'd like to thank 'Kurita Takashi' for contacting us through our [security issue](http://book.cakephp.org/3.0/en/contributing/tickets.html#reporting-security-issues) process about the CsrfComponent issue. We recommend that all users of CakePHP upgrade to 3.0.11 or 3.1.0-beta as soon as possible.
Bugfixes
--------
In addition to the security issues the following issues have been fixed on both branches:
* `Hash::insert()` and `Hash::remove()` now support attribute matchers at all depths.
* `Table::get()` supports a `finder` option that allows custom finders to be combined with get().
* Terminal colours are enabled for Windows users using the ConEmu terminal application.
* `Query::matching()` operations with no conditions no longer cause errors.
* `requestAction()` with array parameters includes all default routing parameters.
* `View::prepend()` now supports a capturing mode like `start()`.
* Typos in alias names used in `contain()` now trigger exceptions instead of generating incorrect result sets.
* `Http\Client` better supports complex multipart requests.
* `PaginatorHelper::numbers()` supports a modulus of 0 now.
* DateTime instances can be sorted by Collection now.
For a deeper insight of what changed, have a look at the [release notes](http://cakephp.org/changelogs/3.0.11).
-- Security Fixes
--------------
There are two issues that can impact the security of a CakePHP application:
* `Cake\ORM\Query::where()` would allow static methods to be invoked. This could create unintentional side effects, or undesired query manipulation.
* `Validation::compare()` and `Validation::range()` would allow specifically crafted data past certain criteria.
We'd like to thank 'Kurita Takashi' for contacting us through our [security issue](http://book.cakephp.org/3.0/en/contributing/tickets.html#reporting-security-issues) process about the CsrfComponent issue. We recommend that all users of CakePHP upgrade to 3.0.11 or 3.1.0-beta as soon as possible.
Bugfixes
--------
In addition to the security issues the following issues have been fixed on both branches:
* `Hash::insert()` and `Hash::remove()` now support attribute matchers at all depths.
* `Table::get()` supports a `finder` option that allows custom finders to be combined with get().
* Terminal colours are enabled for Windows users using the ConEmu terminal application.
* `Query::matching()` operations with no conditions no longer cause errors.
* `requestAction()` with array parameters includes all default routing parameters.
* `View::prepend()` now supports a capturing mode like `start()`.
* Typos in alias names used in `contain()` now trigger exceptions instead of generating incorrect result sets.
* `Http\Client` better supports complex multipart requests.
* `PaginatorHelper::numbers()` supports a modulus of 0 now.
* DateTime instances can be sorted by Collection now.
For a deeper insight of what changed, have a look at the [release notes](http://cakephp.org/changelogs/3.0.11).
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment