CakePHP 2.3.5 has just been released to fix a critical issue with how the webroot property in CakeRequest is handled that could potentially lead to XSS attacks on certain pages. In the following days we will offer a full description of the vulnerability and how it can be exploited, after some reasonable time has passed for our users to upgrade.A huge thanks to Florian Krämer for conducting a fu...
Read moreCakePHP 1.2.12, 1.3.16, 2.2.8 and 2.3.4 have just been released to fix a critical issue with how pagination & PaginatorComponent handle sort criteria. When paginating without a sort column whitelist it was possible to execute arbitrary SQL by manipulating the sort conditions. In the following days we will offer a full description of the vulnerability and how it can be exploited, after some reas...
Read moreThe CakePHP core team pushed a maintenance release for 2.3 branch earlierthan planned for the 2.3 branch of the framework. We have found a severe securityissue that affects all applications running CakePHP version 2.3.0 and above thatare using user authentication via forms with the AuthComponent without the Securitycomponent form tampering prevention.If you have a login form and are using the A...
Read moreThe CakePHP core team is proud to announce the immediate availability of CakePHP 2.3.2[1]. 2.3.2 is a bugfix release for the 2.3 release branch. Since the release of 2.3.1 there have been 60 commits and 17 tickets resolved. A short list of the changes you can expect is:* API documentation has been improved for a number of methods.* Imported fixtures without a primary key no longer trigger notic...
Read moreCakeFest 2013 has a number of large communities around the world. Two of our largest, the USA and Japan, are up for selection for the next CakePHP conference. We'd like to empower you, the user, to input your own selection and help us decide where to take the next CakeFest conference.Visit the [CakeFest Website] for more information and to put forward your vote!
Read moreThe CakePHP core team is proud to announce the immediate availability of CakePHP 2.3.1[1]. 2.3.1 is a bugfix release for the 2.3 release branch. Since the release of 2.3.0 there have been 70 commits and 20 tickets resolved. A short list of the changes you can expect is:* The ServerShell now correctly handles plugin and theme assets.* FormHelper::inputs now correctly handles plugin models.* Back...
Read moreCakePHP 2.2.7 releasedThe CakePHP core team is happy to announce the immediate availability of CakePHP 2.2.7[1]. This is a bugfix release for the 2.2.x release branch. After the release of 2.2.6 last week a regression was reported for how select element and selected values were being handled. This issue is now resolved, and 2.2.7 should be the final 2.2.x release unless additional regressions a...
Read more<p>The CakePHP core team is proud to announce the immediate availability of CakePHP 2.3.0 and 2.2.6[1]. There have been a few small improvements and fixes since the release of 2.3.0-RC2.</p><h2><span class="mini-icon mini-icon-link"></span>CakePHP 2.3 is now marked as stable</h2><p>2.3.0 is a new version that is completely compatible with its 2.2.5 predecessor. If you get excited to upgrade your projects right away after reading this announcement, <strong>make sure...</strong></p>
Read moreThe CakePHP core team is proud to announce the immediate availability of CakePHP 2.3.0-RC2 and 2.2.5[1]. There have been a few small improvementsand fixes since the release of 2.3.0-RC1. If there are no serious issues reported 2.3.0 stable should be released within a few weeks.## Changes since 2.3.0-RC1Since the release fo 2.3.0-RC1 a few new improvements have been added. In addition, all chang...
Read more<h2>CakePHP: a framework built and shaped by the community</h2><p>2012 was an important year for CakePHP. Versions 2.1 and 2.2 of the framework were released, and work on the future 3.0 version began. We had over 7 million combined visits to the CakePHP sites, with over half of those being new visitors. More than 17 million page views were registered for the CookBook alone, with http://book.cakephp.org bei...</p>
Read moreThe CakePHP core team is proud to announce the immediate availability of CakePHP 2.3.0-RC1 and 2.2.4[1]. 2.3.0-RC1 marks the freezingof 2.3.0 API and it is jsut a matter of a few weeks to mark it as stable if no bugs are found in current codebase.## Changes since 2.3.0-beta* Added ConfigReaderInterface::dump and made all readers' dump method support 'Plugin.keyname' format for keys* Made View t...
Read more<article class="markdown-body entry-content" itemprop="mainContentOfPage"><p>The CakePHP core team is proud to announce the immediate availability of CakePHP 2.3.0-beta[1]. This release contains several new features that improves CakePHP performance, security and ease of use. When it is done, this new version is intended to be a replacement for the 2.2.x branch and will be completely backwards compatible. A migration guide is provided in the book [2] and we encourage yo...</p></article>
Read moreThe CakePHP core team is proud to announce the immediate availability of CakePHP 2.2.3[1]. This is a bugfix/maintenance release for the 2.2.x release branch. Since the release of 2.2.2, there have been 65 commits, and over 70 tickets closed.A short list of the changes you can expect are:* virtualField quoting around `-` was improved again.* Errors for SchemaShell and missing schema files/classe...
Read moreThe CakePHP core team is proud to announce the immediate availability of CakePHP 2.2.2[1]. This is a bugfix/maintenance release for the 2.2.x release branch. Since the release of 2.2.1, there have been over 80 commits, and 39 tickets closed.A short list of the changes you can expect are:* Configure::load and Configure::dump are now more consistent, and create a new PhpReader by default.* Error ...
Read moreOrganising CakeFest 2012 has been a thrilling experience. We've got plenty of interesting talks lined up, sponsors attending the event, and some kickass keynotes to be delivered.On top of that, the team have been designing a special CakePHP CakeFest 2012 T-Shirt that attendees will be able to get a peek at during the conference.I'm always excited by the leadup to CakeFest, and this year is no d...
Read moreCakeFest 2012 is getting closer every day. With only 45 days to go, now is the best time to jump in and grab your Conference and/or Workshop tickets before the end of the early-bird period.The schedule has been [posted online on the CakeFest Website]. Check it out for the latest information about the schedule and talks being given!The line up this year is spectacular! We have talent from around...
Read moreThe security issue was recently reported by [Paweł Wyleciał]. When accepting user provided XML it is possible to read arbitrary files using external entities. This is particularily dangerous for applications accepting XML data as part of a webservice. A possible exploit example would be:curl -X POST -H 'Content-Type: application/xml' locahost/posts -d '!DOCTYPE cakephp [!ENTITY payload SYSTEM "...
Read moreSince its creation, more than 7 years ago, CakePHP has grown with a life of its own. Its main goal has always been to empower developers with toolsthat are both easy to learn and use, leverage great libraries requiring low documentation and low dependencies too. We've had several big releasesalong these years and an ever growing community. Being one of the most popular frameworks out there and ...
Read more<p>The CakePHP team is proud to announce the immediate availability of CakePHP 2.2.0 stable. As mentioned in previous releases, 2.2 is a API compatible release with 2.1 and should be generally transparent when upgrading, except for a few additions you need to make in configuration files. In addition to this release we have also tagged version 2.1.4 which would be the last work we do on the 2.1.x s...</p>
Read moreA bit later than expected, but charged with new awesome features and stability, CakePHP 2.2.0-RC2 finally lands for a final test-drive before it's marked stable. As mentioned in previous releases, 2.2.x will be an API compatible release with 2.0.x, and 2.1.x and should be generally transparent when upgrading, except for a few additions you need to make in configuration files.We let a few new fe...
Read more