Its done now, sorry about that :) -Mark
On Sunday, 15 July 2012 02:09:25 UTC-4, Albert 'Tigr' wrote: > > Thank you. Could you update the links on the website? They all point to > 2.2.0. > > On Saturday, July 14, 2012 11:37:33 PM UTC+2, mark_story wrote: >> >> CakePHP 2.1.5 and 2.2.1 have just been released. If you are using >> CakePHP's `Xml` class, you should upgrade as soon as possible. >> >> The security issue was recently reported by Paweł Wyleciał. When >> accepting user provided XML it is possible to read arbitrary files using >> external entities. This is particularily dangerous for applications >> accepting XML data as part of a webservice. A possible exploit example >> would be: >> >> curl -X POST -H 'Content-Type: application/xml' http://locahost/posts-d >> '<!DOCTYPE cakephp [ >> <!ENTITY payload SYSTEM "file:///etc/passwd" >]> >> <Post> >> <body>&payload;</body> >> </Post>]' >> >> Once the XML has been processed `$this->request->data['Post']['body']` >> will contain the contents of `/etc/passwd`. This issue was [fixed]( >> http://github.com/cakephp/cakephp/commit/6c905411bac66caad5e220a70e3d561b8a648507) >> >> and packaged releases for 2.1 and 2.2 have been created. This issue does >> not affect the 1.3 or 1.2 release series. If you are unable to upgrade, >> you should apply the [patch]( >> http://github.com/cakephp/cakephp/commit/6c905411bac66caad5e220a70e3d561b8a648507) >> >> as soon as possible. >> >> ### Other fixes in 2.2.1 >> >> In addition to the security fix 2.2.1 contains fixes for the following >> issues: >> >> * Fixed missing urlencode on nested named parameters. >> * Fixed ANSI codes being output on windows terminals. >> * Fixed HtmlHelper::image() including the base directory twice when the >> fullBase option is used. >> * Console logging now respects the quiet flag for shells. >> * TranslateBehavior now saves records with only some translated fields >> correctly. >> * afterValidate() was made available on behaviors. This was an omission >> in 2.2.0. >> >> View the complete changelog for 2.2.1 and 2.1.5. Download a packaged >> release. >> >> CakeFest 2012 is around the corner and we already expect awesome talks >> and workshops during the best PHP conference out there. If you haven't >> booked [your tickets](http://cakefest.org/ticket-info) yet, it's about >> time you do. >> >> As always, thanks to the friendly CakePHP community for the patches, >> documentation changes and new tickets. Without you there would be no >> CakePHP! >> >> **Links** >> >> [1] http://cakephp.org/changelogs/2.2.1 >> [2] http://cakephp.org/changelogs/2.1.5 >> [3] http://github.com/cakephp/cakephp/tags >> [4] http://cakefest.org >> >> -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
