CakePHP

One event for everything CakePHPWe want to celebrate 8 years of CakePHP with you and the whole community, and how better than to host our annual conference in the awesome city of San Francisco! Don't miss out on this unique event dedicated to the ... [More] framework.WorkshopsThe 2 days of workshops at CakeFest are an ideal opportunity to learn the ins and outs of CakePHP, and a great way to get up to spe... [Less]

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.3.7 & 2.4.0-beta[1]. 2.3.7 is a bugfix release for the 2.3 branch, while 2.4.0-beta is the first release of the 2.4 branch. A short list of the changes you can ... [More] expect in 2.3.7 are:Cached views now contain their Content-Type header. It is recommended that you flush your view caches when upgrading.Return-Path is no... [Less]

CakePHP 1.3.17 has been released. This is an important update for all users of 1.3. It is recommended that all users of 1.3 should upgrade as soon as possible.In the previous release for 1.3.16 a mistake was made when creating the 1.3.16 tag. An ... [More] important fix was missed from the packaged release. We recommend that all applications using 1.3 upgrade to 1.3.17 immediately safeguard against the SQ... [Less]

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.3.6[1]. 2.3.6 is a bugfix release for the 2.3 release branch. Since the release of 2.3.5 there have been 64 commits and 17 tickets resolved. A short list of the ... [More] changes you can expect is:* Datetime comparisons in CakeTime are more accurate now.* FormHelper now correctly marks fields with error classes on forms th... [Less]

CakePHP 2.3.5 has just been released to fix a critical issue with how the webroot property in CakeRequest is handled that could potentially lead to XSS attacks on certain pages. In the following days we will offer a full description of the ... [More] vulnerability and how it can be exploited, after some reasonable time has passed for our users to upgrade.A huge thanks to Florian Krämer for conducting a fu... [Less]

CakePHP 1.2.12, 1.3.16, 2.2.8 and 2.3.4 have just been released to fix a critical issue with how pagination & PaginatorComponent handle sort criteria. When paginating without a sort column whitelist it was possible to execute arbitrary SQL by ... [More] manipulating the sort conditions. In the following days we will offer a full description of the vulnerability and how it can be exploited, after some reas... [Less]

CakePHP 1.2.12, 1.3.16, 2.2.8 and 2.3.4 have just been released to fix a critical issue with how pagination & PaginatorComponent handle sort criteria. When paginating without a sort column whitelist it was possible to execute arbitrary SQL by ... [More] manipulating the sort conditions. In the following days we will offer a full description of the vulnerability and how it can be exploited, after some reas... [Less]

The CakePHP core team pushed a maintenance release for 2.3 branch earlierthan planned for the 2.3 branch of the framework. We have found a severe securityissue that affects all applications running CakePHP version 2.3.0 and above thatare using user ... [More] authentication via forms with the AuthComponent without the Securitycomponent form tampering prevention.If you have a login form and are using the A... [Less]

The CakePHP core team pushed a maintenance release for 2.3 branch earlierthan planned for the 2.3 branch of the framework. We have found a severe securityissue that affects all applications running CakePHP version 2.3.0 and above thatare using user ... [More] authentication via forms with the AuthComponent without the Securitycomponent form tampering prevention.If you have a login form and are using the A... [Less]

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.3.2[1]. 2.3.2 is a bugfix release for the 2.3 release branch. Since the release of 2.3.1 there have been 60 commits and 17 tickets resolved. A short list of the ... [More] changes you can expect is:* API documentation has been improved for a number of methods.* Imported fixtures without a primary key no longer trigger notic... [Less]