Home » , » The CakePHP Core Team Released CakePHP 2.6.6 and 3.0.6

The CakePHP Core Team Released CakePHP 2.6.6 and 3.0.6

jaki watson | 02:23 | 0 comments
CakePHP Development India
A core team of the CakePHP is all ready to declare the immediate availability of CakePHP 2.6.6 and 3.0.6. These releases are maintenance releases, which contain important security fixes.

Security Fixes –

Last week, we all were educated that RequestHandlerComponent had a vulnerability, which enables well crafted requests to develop a refusal of service attack. When it comes to talking about the RequestHandlerComponent, it leverages Xml::build() that allows reading local files.

The company also suggests that all the applications are making use of RequestHandlerComponent upgrade, or disable parsing XML payloads. You can do the following in order to disable XML payload parsing.

// In a controller's beforeFilter
$this->RequestHandler->addInputType('xml', array(0 => function() { return array(); }));

With a no-op function, the above code will replace the built-in XML parsing. The team also thanked Takeshi Terada for informing them of this security issue using Security Issue Process.

Other Fixes in 2.6.6

For radio buttons, FormHelper::radio() now correctly generates ID attributes with multibyte values.

Inflector::humanize() and Inflector::underscore() work accurately with UTF8 characters now.

Some of the Other Fixes in 3.0.6
  • FormHelper::radio() now accurately generates ID attributes for radio buttons with multibyte values.
  • Inflector::humazie() and Inflector::underscore() work accurately with UTF8 characters now.
  • PaginatorHelper::numbers() now supports the URL option.
  • Now, Error.trace is respected when logging exceptions.
  • EntityTrait::getOriginal() and EntityTrait::extractOriginal() now return values that were originally null.
  • In 3.0.3, the Entity accessors cache introduced has been removed as it causes a lot of problems and did not greatly enhance performance.
  • In association query builders, empty query expressions no longer cause invalid SQL to be generated.
The core team of CakePHP has thanked to the community members, who have helped making this release possible by reporting problems and sending pull requests. To download a package release, visit github.


To get more information on CakePHP and its latest release, keep visiting our blog and get huge information on it.
Share this article :

0 comments:

Post a Comment

 
Design by: